Your search keyword '"COMPUTER network protocols"' showing total 7 results

1. Secret handshake scheme with request-based-revealing

Author

Kawai, Yutaka and Kunihiro, Noboru

Subjects

*COMPUTER access control, *COMPUTER security, *COMPUTER network protocols, *MATHEMATICAL models, *MALWARE, *DATA protection

Abstract

Abstract: Secret handshake (SH) schemes enable two members who belong to the same group to authenticate each other in a way that hides their affiliation to that group from all others. In previous work on SH, the group authority (GA) of the group G has been shown to have the ability to reveal the identity (ID) of a handshake player who belongs to G. The capability to reveal a malicious player is important in SH systems. In this paper, we focus first on the classification of traceability of GA. We classify this feature as follows: (i) GA of G is able to reveal IDs of members belonging to G by using a transcript of a handshake protocol; and (ii) GA of G is able to confirm whether handshake players belong to G or not by using a transcript of a handshake protocol. Previous research in this field only considers the former capability. In some situations, only the latter capability is needed. Next, we consider a SH system that GA has only an ability to confirm whether a handshake player belongs to his own group without revealing his ID. The most naive method is that member IDs are eliminated and members have a common group ID. However, if member ID does not exist, one cannot reveal the handshake player’s ID in the event of disputes. Thus, we introduce a SH with request-based-revealing (SHRBR). In SHRBR schemes, GA can check whether handshake players belong to their own group, but cannot reveal member IDs alone. After a handshake player executes a handshake protocol with , if wants to reveal a handshake partner (in this case ), requests GA to reveal a handshake partner’s ID by bringing forth his own ID and secret information of . We define the security requirements for SHRBR schemes and propose two concrete SHRBR schemes, SHRBR-1 and SHRBR-2. We prove that the proposed SHRBR schemes satisfy security requirements in the random oracle model. [Copyright &y& Elsevier]

Published

2013

2. A hijacker’s guide to communication interfaces of the trusted platform module

Author

Winter, Johannes and Dietrich, Kurt

Subjects

*COMPUTER hackers, *COMPUTER interfaces, *COMPUTING platforms, *MODULES (Algebra), *COMPUTER network protocols, *COMPUTER security

Abstract

Abstract: In this paper, we analyze the communication of trusted platform modules and their interface to the hosting platforms. While trusted platform modules are considered to be tamper resistant, the communication channel between these modules and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted against TPMs and their bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We pursue the idea of an active attack and show how the communication protocol of the LPC bus can be actively manipulated with basic and inexpensive equipment. Moreover, we show how our manipulations can be used to circumvent the security mechanisms, e.g. the chain of trust, provided by modern trusted platforms. In addition, we demonstrate how the proposed attack can be extended to manipulate communication buses on embedded systems. [Copyright &y& Elsevier]

Published

2013

3. An efficient dynamic authenticated key exchange protocol with selectable identities

Author

Guo, Hua, Li, Zhoujun, Mu, Yi, Zhang, Fan, Wu, Chuankun, and Teng, Jikai

Subjects

*AUTHENTICATION (Law), *COMPUTER network protocols, *CRYPTOGRAPHY, *COMPUTER security, *MATHEMATICAL mappings, *DATA encryption

Abstract

Abstract: In the traditional identity-based cryptography, when a user holds multiple identities as its public keys, it has to manage an equal number of private keys. The recent advances of identity-based cryptography allow a single private key to map multiple public keys (identities) that are selectable by the user. This approach simplifies the private key management. Unfortunately, the existing schemes have a heavy computation overhead, since the private key generator has to authenticate all identities in order to generate a resultant private key. In particular, it has been considered as a drawback that the data size for a user is proportional to the number of associated identities. Moreover, these schemes do not allow dynamic changes of user identities. When a user upgrades its identities, the private key generator (PKG) has to authenticate the identities and generate a new private key. To overcome these problems, in this paper we present an efficient dynamic identity-based key exchange protocol with selectable identities, and prove its security under the bilinear Diffie–Hellman assumption in the random oracle model. [Copyright &y& Elsevier]

Published

2011

4. Provably secure server-aided verification signatures

Author

Wu, Wei, Mu, Yi, Susilo, Willy, and Huang, Xinyi

Subjects

*DIGITAL signatures, *COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *COMPUTER simulation, *VERIFICATION of computer systems

Abstract

Abstract: A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. With the server-aided verification protocol, some computational tasks for a signature verification are carried out by a server, which is generally untrusted; therefore, it is very useful for low-power computational devices. In this paper, we first define three security notions for server-aided verification signatures, i.e., existential unforgeability, security against collusion attacks and security against strong collusion attacks. The definition of existential unforgeability includes the existing security requirements in server-aided verification signatures. We then present, on the basis of existing signature schemes, two novel existentially unforgeable server-aided verification signature schemes. The existential unforgeability of our schemes can be formally proved both without the random oracle model and using the random oracle model. We also consider the security of server-aided verification signatures under collusion attacks and strong collusion attacks. For the first time, we formally define security models for capturing (strong) collusion attacks, and propose concrete server-aided verification signature schemes that are secure against such attacks. [Copyright &y& Elsevier]

Published

2011

5. IEEE 802.11 user fingerprinting and its applications for intrusion detection

Author

Takahashi, Daisuke, Xiao, Yang, Zhang, Yan, Chatzimisios, Periklis, and Chen, Hsiao-Hwa

Subjects

*INTRUSION detection systems (Computer security), *INTERNET, *COMPUTER network protocols, *IEEE 802.11 (Standard), *COMPUTER users, *COMPUTER security

Abstract

Abstract: Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors. [Copyright &y& Elsevier]

Published

2010

6. A universal access control method based on host identifiers for Future Internet

Author

Wang, Hongchao, Zhang, Hongke, Chang, Chi-Yuan, and Chao, Han-Chieh

Subjects

*INTERNET access control, *AUTHENTICATION (Law), *DIGITAL Object Identifiers, *COMPUTER security, *MALWARE, *COMPUTER network protocols, *COMPUTER users

Abstract

Abstract: There have been many security events in the Internet. Many of them are due to arbitrary access permissions to the network resources of the malicious users, especially their free sending packets to anywhere in the network. However, current existing solutions such as ingress filtering and network firewalls cannot solve the problem of malicious access to the network flexibly and effectively. In this paper, we present an efficient access control method based on host identifiers, in which a safe and bidirectional authentication process is introduced whenever the host begins to access the network. Meanwhile, all the succeeding information exchanges between the host and the network can be controlled through the encrypt scheme negotiated during the access authentication process. Through analysis and experiments, we find that the proposed method has the following merits. First, our method has the capability to support various end-nodes to access the Internet in a uniform way. Second, with our method, end-nodes and the core network can establish a mutual trustworthy relationship to avoid any spoof from the other side. Third, our method can support host mobility very well. [Copyright &y& Elsevier]

Published

2010

7. Revisiting WiMAX MBS security

Author

Kambourakis, Georgios, Konstantinou, Elisavet, and Gritzalis, Stefanos

Subjects

*IEEE 802.16 (Standard), *COMPUTER algorithms, *COMPUTER network protocols, *DATA encryption, *COMPUTER security, *SCALABILITY, *COMPUTER networks, *DATA transmission systems

Abstract

Abstract: IEEE 802.16 technology also well known as WiMax is poised to deliver the next step in the wireless evolution. This is further fostered by the 802.16e specification which, amongst other things, introduces support for mobility. The Multicast/Broadcast Service (MBS) is also an integral part of 802.16e destined to deliver next generation services to subscribers. In this paper we concentrate on the Multicast and Broadcast Rekeying Algorithm (MBRA) of 802.16e. This algorithm has been recently criticized for various vulnerabilities and security inefficiencies, as its designers are trying to balance wisely between performance and security. After surveying related work, we extensively discuss MBRA security issues and propose the use of a novel asymmetric group key agreement protocol based on the work in Wu et al. (2009) . Our scheme guarantees secure delivery of keys to all the members of a given group and mandates rekeying upon join and leave events. It can prevent insider attacks since only the Base Station possesses a secret encryption key while all other members in the network acquire the transmitted data by using their secret decryption keys. We compare our scheme with related work and demonstrate that although heavier in terms of computing costs, it compensates when scalability and security come to the foreground. [Copyright &y& Elsevier]

Published

2010