Your search keyword '"COMPUTER security research"' showing total 8 results

1. Automatic Verification for Secrecy of Cryptographic Protocols in First-Order Logic.

Author

Han, Jihong, Zhou, Zhiyong, and Wang, Yadi

Subjects

*CRYPTOGRAPHY research, *ALGORITHM research, *COMPUTER security research, *ANOMALY detection (Computer security), *FIRST-order logic

Abstract

In this article, we present a new formal approach for specification and automatic verification of cryptographic protocols. First, we use the first-order theory to formalize cryptographic protocols and intruders. Assuming that messages transmitted by each principal can be received by the intruder, and messages received by each principal can be known by the intruder, we test the security of cryptographic protocols at the standpoint of the intruder. The protocol representation includes three parts: initial knowledge of the intruder, message exchange of the protocol itself, and computation abilities of the intruder. After defining the term and its typeset, we give a first-order frame to formalizing the protocol based on roles, using axioms to depict the communicating actions of each role. The predicate corresponding to the role's message receiving can be affiliated to the axiom by logical connective ∧, and the predicate corresponding to the role's message transmitting can be the conclusion of the implication relation. The universal quantification ∀ is used to eliminate the limitation for protocol runs, and existential quantification ∃ is used to denote generating of the key or the nonce, and through renaming and consistency check, ensure the refreshness and boundlessness of the new value. In order to implement the automatic verification, we propose a normal approach to transform the axioms into Horn clauses. Following the Dolev-Yao Model, the computation abilities of the intruder are modeled in Horn clauses too. We adopt the deductive reasoning method to verify the secrecy property of cryptographic protocols. The secrecy property is considered as a goal, and based on a deductive algorithm we can check whether the goal can be inferred from the known rules. The known rules form a rule base B containing the Horn clauses of protocol description and the intruder's abilities and initial knowledge. If the goal can be inferred from the base, the sequence of rules applied will lead to the description of an attack scenario. This approach is fully automatic and terminable. The main contributions of the paper are: a general framework of formalizing cryptographic protocol and abilities of the intruder, a practical solving algorithm based on automatic reasoning, and a simple method to find the attack scenarios. [ABSTRACT FROM AUTHOR]

Published

2009

2. Anonymity Authentication and Measure in Ubiquitous Computing.

Author

Yajun, Guo, Huifang, Yan, and Rong, Li

Subjects

*UBIQUITOUS computing, *AUTHENTICATION (Law), *ANONYMITY, *COMPUTER security research, *COMPUTER users, *INTERNET service providers

Abstract

Authentication and anonymity usually are inconsistent. To obtain services, a user must be authenticated. Much of the sensitive information of the user will be exposed to service providers. In order to protect privacy, users must communicate with service providers in an anonymous way. But if the user does not show his true identity, how can the service provider believe that the user is true. This paper presents a secure anonymity authentication protocol for ubiquitous computing which allows service providers to authenticate anonymous users. Anonymity is achieved by separating the linkability of the user's identity information and the action of the user. By finding out objects linkability relationship, we also address an anonymity measure to analyze anonymity and detect the concealing security exposure. Anonymity Authentication There exist three principals in the anonymity authentication protocol: the user, the service discoverer, and the service provider. The anonymity authentication protocol contains two authentication stages. First, the authentication between the user and the service discoverer which determines the user whether he has the right to access the requested resource. And then the service discoverer makes use of blind signature on the user's public key as a ticket. Second, the service provider authenticates the user, in which the service provider judges the user whether is the genuine user. Anonymity Measure Linkability is the relation between objects (such as subjects, events, actions etc.) in a system before and after an action occurs. Unlinkability is the sufficient condition of anonymity. Definition 1 (function decision) Let R denote the object set, X and Y be subsets of R, and X≠Y. If Y can be known from X with probability p, then say X function decision Y, recorded as: X→Y(p). Definition 2 (function decision set) To the object set R, the function decision set is the set F of function decisions among the objects known by attackers. Definition 3 (function decision implication) If F is the function decision set known by attackers, let R denote the object set, X and Y be subsets of R, and X≠Y. If X→Y(p) can be deduced from F, then say F implication X→Y(p). Definition 4 (function decision closure) All the function decision sets implicated by F are called the closure of F, written as F+. Whether user anonymity is protected can be judged by seeing if there are relations between users' location/actions and users' identity in F+. [ABSTRACT FROM AUTHOR]

Published

2009

3. A Novel Identity-Based Multi-Signcryption Scheme.

Author

Zhang, Jianhong, Yang, Yixian, and Niu, Xinxin

Subjects

*CRYPTOGRAPHY research, *DIGITAL signatures, *PUBLIC key cryptography, *COMPUTER security research, *DATA encryption

Abstract

Message security and the sender's identity authentication for communication in the open channel is a basic and important technology of the internet. For keeping the message confidential and unforgeable, the sender can use a digital signature algorithm with his private key to sign the message, and then encrypts the signature on the message. Signcryption which was proposed by Zheng et. al in 1997 is a novel cryptographic primitive that simultaneously provides the authentication and encryption in a single logic step and at lower computational costs and communication overheads than the above sign-then-encrypt way. Since then, there are many signcryption schemes proposed. Only recently, a formal security proof model is formalized providing security proof for Zheng's signcryption in the random oracle model. In the ID-based cryptography, the complexity of the managing certificate is reduced. In this work, by combining a multisignature with an ID-based signcryption scheme, we build a security model of multi-signcryption to define confidentiality and unforgeability of the ID-based signcryption scheme and have proposed an ID-based multi-signcryption scheme based on the bilinear pairings to adapt to a multi-user setting. Given a message m, a receiver's identity IDB, and n sender's identities IDA1, IDA2, ... , IDAn, for each sender Ai, it executes the followings steps: randomly pick xi ε Zq to compute Ri = xiP and ωi = xiQIDB; send (Ri, ωi) to the other senders by a secure channel; (3)after receiving the other senders (Ri, ωi), Ai computes ω = e(Ppub, Σωj) to set c = H2(ω)≈m and R = ΣRj; compute Si = xiH4(m) + H3(R,ω)SIDAi, where SIDAi is the private key of sender Ai. Then the resulting ciphertext is (c,S,R). To unsigcrypt the ciphertext (c,S,R) in the sender list L = (IDA1, IDA2, ... , IDAn), the receiver with identity IDB can compute the following steps to recover and verify the message validity. compute ω = e(R,SIDB) and m = H2(ω)≈c, where SIDB is private key of the receiver; accept the message if and only if the following equation holds [image omitted] By security analysis, we show that our scheme satisfies the two important properties of signcryption: confidentiality and unforgeability, and is proven to have been secure in the random oracle model. The security of the scheme is closely related to the Decisional Bilinear Diffie-Hellman assumption and the computational Diffie-Hellman assumption. Finally, by analyzing the efficiency of the scheme, we show that our scheme is very efficient, and only one pairing computation is needed in the signcryption phase, three pairing operators are needed in the unsigncrytion phase, and the ciphertext size is about 420 bits. [ABSTRACT FROM AUTHOR]

Published

2009

4. Designated-Verifier Chameleon Proxy Signature.

Author

Zhang, Jianhong, Ji, Cheng, and Geng, Qin

Subjects

*HASHING, *CRYPTOGRAPHY research, *PUBLIC key cryptography, *COMPUTER security research, *DIGITAL signatures

Abstract

With the development of computer technology, the requirement of the methods to verify the authenticity, the validity, and the integrity of information is becoming much bigger. For this purpose, many methods have been generated, such as digital signature, digital watermarking, steganography, and so on. Digital signature is a hot topic in cryptography and it plays a very important role in many fields. A normal digital signature allows a signer to generate a signature of the message with his secret key and the generated signature can be verified by anyone with the signer's public key. Chameleon signature is a non-interactive signature based on the well-established hash-and-sign paradigm, in which the receiver cannot convince the third party of the identity of the signer. Designated-verifier signature is a very useful tool for protecting the privacy of the valid verifier. Motivated by above statements, we construct a new chameleon hash scheme and construct a new DVICPS scheme. Our chameleon hash scheme satisfies all the properties of the normal chameleon hash function. In our hash function the owner of a public key does not need to retrieve the associated secret key. We prove that our new chameleon hash scheme satisfies all the attributes defined in [1] and our chameleon hash scheme is secure assuming Weak Computational Diffie-Hellman (WCDH) assumption is difficult. And we show our chameleon hash scheme is secure based on the difficulty of solving WCDHP assumption. Moreover, we use the proposed chameleon hash function to design a designated-verifier ID-based chameleon proxy signature (DVICPS) scheme. Furthermore, we analyze the security of our DVICPS scheme and prove that our DVICPS scheme is secure in the random oracle model. In our signature scheme, only the receiver who owns the corresponding secret key can verify the validity of the signature which efficiently protects the benefit of the verifier. We also prove that our signature scheme is secure in random oracle model. The success probability of forging our DVICPS scheme is equivalent to solving Computational Diffie-Hellman Problem (CDHP). Thus, our DVICPS scheme is secure and efficient. [ABSTRACT FROM AUTHOR]

Published

2009

5. Network Anomaly Detection Based on Wavelet Fuzzy Neural Network with Modified QPSO.

Author

Ma, Ruhui, Liu, Yuan, and Lin, Xing

Subjects

*ANOMALY detection (Computer security), *SWARM intelligence, *FUZZY measure theory, *ARTIFICIAL neural networks, *ALGORITHM research, *COMPUTER security research, *WAVELETS (Mathematics)

Abstract

This paper proposes a novel network anomaly detection method employing wavelet fuzzy neural network (WFNN) to use modified Quantum-Behaved Particle Swarm Optimization (QPSO). In this paper, wavelet transform is applied to extract fault characteristics from the anomaly state. Fuzzy theory and neural network are employed to fuzzify the extracted information. Wavelet is then integrated with fuzzy neural network to form the wavelet fuzzy neural network (WFNN). The Quantum-Behaved Particle Swarm Optimization proposed by Jun Sun, which outperforms the other optimization algorithm considerably on its simple architecture and fast convergence, has previously applied to solve the optimum problem. However, the QPSO also has its own shortcomings. In QPSO if a particle flew off the boundary (the search area), the algorithm usually would regard the position value of the particle as the value of the boundary. If the boundary is at the position of local optimum, the particles were trapped into local optimum easily. It is impossible for them to arrive at the global optimum. With the increase of particle, the diversity of swam would be declined and the global search quality of the algorithm would be also declined. In the modified algorithm, it shows that the particles field off the boundary were distributed in the c*r and () search space. The diversity of swam and the global search quality would be enhanced. So there exists a modified QPSO which is employed to train WFNN in this paper. We have demonstrated performance comparisons to QPSO-WFNN, PSO-WFNN using the same data set extracts from the KDD99 Datasets, and the results have shown that the MQPSO-WFNN model exhibits superior performance with a higher attack detection rate and lower false positive rate. Experiments with KDD Cup 1999 connection traffic data have shown that this model is able to effectively detect intrusive behaviors. It also shows the remarkable ability of our IDS to detect new type of attacks. [ABSTRACT FROM AUTHOR]

Published

2009

6. Definition of the Constraint with Spatial Characters.

Author

Ju, Shiguang, Gu, Yi, Tang, Zhu, and Chen, Weihe

Subjects

*ACCESS control of computer networks, *COMPUTER security research, *SPATIAL data infrastructures, *DATABASE security, *COMPUTER users

Abstract

With the development of the RBAC applications, the spatial characters of those protected data objects have to be considered in many fields. In most cases, the permissions of the same user's access will be changed when the users' location changed. The roles played by the same user may be different since their spatial location is changing and then this user would have the different access authorizations in different spatial locations. Generally speaking, the permissions assigned to users depend on their position in a reference space: users often belong to well-defined categories; objects to which permissions must be granted are located in that space; access control policies must grant some privileges based on the positions of objects/users. Some considerable efforts have been recently devoted to the research of secure spatial database systems which guarantee high security and privacy. Especially the integration of the spatial dimension into RBAC-based models has been the hot topic as a consequence of the growing relevance of geo-spatial information in advanced GIS and mobile applications. In the context of mobile applications, spatial constraints are very important for supporting the definition and maintenance of access control policy. Constraint is an important matter of role-based access control policy. It is enforced on special roles in order to maintain the system security. There is only one constraint specified in the traditional RBAC, which is used to enforce the Separation of Duty (SoD) constraint. In this paper, according to the analysis of the spatial features of those protected spatial data object, combining the necessity of spatial constraints and the non-conflict conditions of spatial constraints with the satisfiability of spatial constraints sets and relevance between the different classes of constraints, the constraints with spatial characters are divided into three different classes: the constraints on spatial region, spatial separation of duty constraint, and constraints on cardinality of spatial role activation. We also present the relationship between the different constraints. [ABSTRACT FROM AUTHOR]

Published

2009

7. Architecture Support for Memory Confidentiality and Integrity in Embedded Systems.

Author

Zhang, Yuanyuan, Gu, Dawu, Hou, Fangyong, Zeng, Mengqi, and Cheng, Tao

Subjects

*EMBEDDED computer systems, *CENTRAL processing units, *DATA encryption, *COMPUTER security research, *COMPUTER network protocols, *CRYPTOGRAPHY research, *SECURITY systems

Abstract

1. IntroductionPhysical attacks can bypass cryptographic algorithms or protocols and get the sensitive data in memory directly, if they are stored in plaintext.Several secure processor architectures are proposed which provide both memory confidentiality and integrity. We propose a novel architecture for an embedded system to provide efficient memory protection.2. Main MethodCPU or SoC in the embedded system is considered the "trusted root," and all the other components are unauthentic. Secure engine (SE) is a component in CPU or SoC, whose duty is to provide data encryption and authentication when they go through SE.A novel and efficient SE is proposed in this abstract. It adopts OTP encryption and GCM as working mode when processing cryptographic issues. Each block is assigned a counter which is stored in memory. When the block is replaced out from the cache, its counter is added 1. For example, the ith block is indicated as blocki and its counter counteri. Blocki is divided into for sub-blocks. Using this counter, each block generates a unique seed as address||counter||EIV. By this seed, SE computes pad as Ekey(address||counter||EIV), where "key" indicates the system key which is a system-wide secret. Then, GCM mode will simultaneously output the encrypted block and its MAC. These methods will help to vault the system performance greatly, according to our simulation.Besides the basic architecture, we propose a counter cache structure to SE and an accelerated MAC verification to enhance the system efficiency. Counter cache adopts the locality feature of memory to expedite counter reading. The accelerated MAC helps each block to store its corresponding MAC value in a parallel MAC memory which hides MAC read latency by overlapping by main memory latency.3. Performance EvaluationWe simulate the architecture based on the SimpleScalar tool set with six SPEC2000 benchmarks. The simulation results of our system show benign performance which out-performs AEGIS by 33% averagely. [ABSTRACT FROM AUTHOR]

Published

2009

8. Analysis of Instant Messaging Group Worms.

Author

Wang, Wei, Xie, Ming, Luo, Daisheng, and Fang, Yong

Subjects

*COMPUTER worms, *COMPUTER security research, *COMPUTER virus prevention, *INSTANT messaging software

Abstract

Instant Messaging group is the new feature added into the IM system. In the IM group network, two IM users are considered connecting if they are in the same group, which is the essential difference from previous topology. We study worms under IM group topology for the first time. After analyzing the real data, we propose some new propagation approaches of worms and prove their efficiency. To prevent IM group worms, we propose some new defense methods and define some new items. Results can be greatly helpful to administrators of the IM service. [ABSTRACT FROM AUTHOR]

Published

2009