Your search keyword '"COMPUTER network protocols"' showing total 303 results

1. On the Origin of Kerberos.

Author

Saltzer, Jerome H. and Walden, David

Subjects

*COMPUTER network protocols, *TELEPHONE systems, *COMPUTER engineering, *TELECOMMUNICATION systems, *COMPUTER security, *DATA security

Abstract

For a second generation secure telephone system, Howard Rosenblum in 1967 proposed and patented a key distribution system that he called Bellfield. 2 When in the 1960s the NSA developed a secure telephone system these requirements presented a problem: since anyone with a phone capable of encryptionmightplaceacalltoanyothersuchphone, it seemed that there had to be an advance arrangement to share a unique encryption key between every potential pair of telephones. Thus, cryptographic communication requires advance planning to choose encryption and decryption keys and to distribute those keys to the sender and receiver using a secure communication method. The remainder of this discussion assumes use of symmetric encryption, which means that the encryption and decryption keys are either identical or derivable one from the other, so the secure communication of the keys must assure bothconfidentialityandintegrity. [Extracted from the article]

Published

2021

2. New design of lightweight authentication protocol in wearable technology.

Author

Galih Bangun Santosa and Setiyo Budiyanto

Subjects

*WEARABLE technology, *NEAR field communication, *IMPERSONATION, *ELECTRONIC authentication, *ONLINE identity theft, *COMPUTER network protocols, *COMPUTER security

Abstract

Today, the use of wearable devices is becoming a thing inherent in the daily activities of urban communities. In practice, wearable communications may contain sensitive information regarding a user's health record, so authentication and confidentiality of data exchanged must be guaranteed. In addition, the success of authentication between users, wearable devices and smartphones is very important because there are various threats of attack on the authentication process. Based on previous studies, it was found that the security functionality of user impersonation attack is not owned by lightweight authentication protocols in the current wearable communication environment. So this research undertakes the design of a lightweight authentication protocol to be immune to user impersonation attacks to supplement the lack of security functionality in previous protocols with the support of performing a formal analysis using the Scyther Tool. The research method used is a Research Library supported by conducting protocol security test experiment. The developed protocol utilizes a modified and customized S-NCI key establishment protocol scheme to meet all targeted security functionality. The research resulted that the lightweight authentication protocol generated was immune to the impersonation attacks of users, then was able to add two new functionalities that added wearable devices and added smartphones. [ABSTRACT FROM AUTHOR]

Published

2019

3. Experimental demonstration of the DPTS QKD protocol over a 170 km fiber link.

Author

Da Lio, B., Bacco, D., Cozzolino, D., Ding, Y., Dalgaard, K., Rottwitt, K., and Oxenløwe, L. K.

Subjects

*QUANTUM computing, *COMPUTER network protocols, *COMPUTER security, *COMPUTER performance, *QUBITS, *OPTICAL fibers

Abstract

Quantum key distribution (QKD) is a promising technology that aims to solve the security problem arising from the advent of quantum computers. While the main theoretical aspects are well developed today, limited performances, in terms of the achievable link distance and the secret key rate, are preventing the deployment of this technology on a large scale. More recent QKD protocols, which use multiple degrees of freedom for encoding of the quantum states, allow enhancement of the system performances. Here, we present the experimental demonstration of the differential phase-time shifting protocol up to 170 km of the fiber link. We compare its performance with the well-known coherent one-way and differential phase shifting protocols, demonstrating a higher secret key rate up to 100 km. Moreover, we propagate a classical signal in the same fiber, proving the compatibility of quantum and classical light. [ABSTRACT FROM AUTHOR]

Published

2019

4. Formally analyzed m-coupon protocol with confirmation code (MCWCC).

Author

YILDIRIM, Kerim, DALKILIÇ, Gökhan, and DURU, Nevcihan

Subjects

*ELECTRONIC coupons (Retail trade), *COMPUTER network protocols, *MOBILE apps, *CONSUMER behavior, *COMPUTER security

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers. [ABSTRACT FROM AUTHOR]

Published

2019

5. A PUF-based hardware mutual authentication protocol.

Author

Barbareschi, Mario, De Benedictis, Alessandra, and Mazzocca, Nicola

Subjects

*COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *UNIQUENESS (Mathematics), *COMPUTER architecture

Abstract

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. [ABSTRACT FROM AUTHOR]

Published

2018

6. An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment.

Author

Anandhi, S., Anitha, R., and Sureshkumar, Venkatasamy

Subjects

*RADIO frequency identification systems, *CLOUD computing, *COMPUTER security, *COMPUTER network protocols, *COMPUTER access control, *ELECTRONIC authentication, *DATA encryption

Abstract

Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost. [ABSTRACT FROM AUTHOR]

Published

2018

7. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

Author

Baig, Ahmed Fraz, Hassan, Khwaja Mansoor ul, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Khan, Imran, and Ashraf, Muhammad Usman

Subjects

*WIRELESS communications, *TELECOMMUNICATION systems, *COMPUTER network protocols, *COMPUTER networks, *BIOMETRIC identification

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. [ABSTRACT FROM AUTHOR]

Published

2018

8. An efficient anonymous authentication protocol in multiple server communication networks (EAAM).

Author

Braeken, An, Kumar, Pardeep, Liyanage, Madhusanka, and Hue, Ta Thi Kim

Subjects

*COMPUTER network protocols, *COMPUTER access control, *MULTI-factor authentication, *BIOMETRIC identification, *COMPUTER security, *CRYPTOGRAPHY

Abstract

In a multi-server authentication environment, a user only needs to register once at a central registration place before accessing the different services on the different registered servers. Both, from a user point of view as for the management and maintenance of the infrastructure, these types of environments become more and more popular. Smartcard- or smartphone-based approaches lead to more secure systems because they offer two- or three-factor authentication, based on the strict combination of the user’s password, the user’s biometrics and the possession of the device. In this paper, we propose an efficient anonymous authentication protocol in multiple server communication networks, called the EAAM protocol, which is able to establish user anonymity, mutual authentication, and resistance against known security attacks. The novelty of the proposed scheme is that it does not require a secure channel during the registration between the user and the registration center and is resistant to a curious but honest registration system. These features are established in a highly efficient way with the minimum amount of communication flows between user and server during the establishment of the secret shared key and by using light-weight cryptographic techniques such as Chebyshev chaotic map techniques and symmetric key cryptography. The performance and security of the protocol are analyzed and compared with the latest new proposals in this field. [ABSTRACT FROM AUTHOR]

Published

2018

9. The once and future internet: infrastructural tragedy and ambiguity in the case of IPv6.

Author

Dourish, Paul

Subjects

*TCP/IP, *COMPUTER network protocols, *FILE Transfer Protocol (Computer network protocol), *INTERNET security, *COMPUTER security

Abstract

The Internet as we currently recognise it was institutionally established in 1983 when all hosts connected to the then ARPANET were required to have adopted the relatively new Transmission Control Protocol/Internet Protocol (TCP/IP) technologies. Thirteen years later, in 1996, a replacement standard was established for the IP protocol, to resolve key anticipated technical problems. More than 20 years later, those technical problems have indeed arisen, and yet the "new" protocol, IPv6, is still not widely deployed. This paper explores technical and institutional aspects of this case in order to examine how the evolving contexts of infrastructure use may turn technological solutions into infrastructural problems. [ABSTRACT FROM AUTHOR]

Published

2018

10. Cryptanalysis of an identity-based authenticated key exchange protocol.

Author

Hatri, Younes, Otmani, Ayoub, and Guenda, Kenza

Subjects

*CRYPTOGRAPHY, *RESIDUE codes, *MATHEMATICAL proofs, *COMPUTER network protocols, *COMPUTER security

Abstract

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity-based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked. [ABSTRACT FROM AUTHOR]

Published

2018

11. Card-based protocols using unequal division shuffles.

Author

Nishimura, Akihiro, Nishida, Takuya, Hayashi, Yu-ichi, Mizuki, Takaaki, and Sone, Hideaki

Subjects

*CRYPTOGRAPHY, *BOOLEAN functions, *PROBABILITY theory, *COMPUTER network protocols, *COMPUTER security

Abstract

Card-based cryptographic protocols can perform secure computation of Boolean functions. In 2013, Cheung et al. presented a protocol that securely produces a hidden AND value using five cards; however, it fails with a probability of 1/2. The protocol uses an unconventional shuffle operation called an unequal division shuffle; after a sequence of five cards is divided into a two-card portion and a three-card portion, these two portions are randomly switched so that nobody knows which is which. In this paper, we first show that the protocol proposed by Cheung et al. securely produces not only a hidden AND value but also a hidden OR value (with a probability of 1/2). We then modify their protocol such that, even when it fails, we can still evaluate the AND value in the clear. Furthermore, we present two five-card copy protocols (which can duplicate a hidden value) using unequal division shuffle. Because the most efficient copy protocol currently known requires six cards, our new protocols improve upon the existing results. We also design a general copy protocol that produces multiple copies using an unequal division shuffle. Furthermore, we show feasible implementations of unequal division shuffles by the use of card cases. [ABSTRACT FROM AUTHOR]

Published

2018

12. Formal verification of a radio network random access protocol.

Author

Roumane, Ahmed, Kechar, Bouabdellah, and Kouninef, Belkacem

Subjects

*UNIVERSAL Mobile Telecommunications System, *RADIO networks, *COMPUTER network protocols, *MACHINE theory, *COMPUTER security

Abstract

In this paper, the random access procedure of Universal Mobile Telecommunications System network is investigated. We have proposed a model based on communicating timed automata that represents the main functions related to the random access procedure including the user equipment, the base station (node B or BTS), and the channel. Then, we have used computational tree logic formula to specify the proprieties to be verified. The model and the formulas serve as inputs to the model checker, which is used as a verification engine, ie, UPPAAL and SPIN. The formal verification approach shows that the protocol has several drawbacks that may not be detected by simulation. [ABSTRACT FROM AUTHOR]

Published

2017

13. Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Author

Wen, Shameng, Meng, Qingkun, Feng, Chao, and Tang, Chaojing

Subjects

*REVERSE engineering, *COMPUTER network protocols, *FUZZY logic, *PROTOTYPES, *COMPUTER security

Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. [ABSTRACT FROM AUTHOR]

Published

2017

14. Mutual authentications to parties with QR-code applications in mobile systems.

Author

Huang, Cheng-Ta, Zhang, Yu-Hong, Lin, Li-Chiun, Wang, Wei-Jen, and Wang, Shiuh-Jeng

Subjects

*TWO-dimensional bar codes, *CELL phone systems, *END users (Information technology), *COMPUTER access control, *COMPUTER security, *USER-centered system design, *INTERNET service providers, *COMPUTER network protocols

Abstract

User authentication over the Internet has long been an issue for Internet service providers and users. A good authentication protocol must provide high security and mutual authentication on both sides. In addition, it must balance security and usability, which has been shown in the literature to be a difficult problem. To solve this problem, we propose a novel mutual authentication protocol with high security and usability. The proposed protocol was developed for quick response code, a type of two-dimensional barcode that can be photographed and quickly decoded by smartphones. We implemented a prototype using the proposed mutual authentication protocol and demonstrated how the prototype improves usability in a mobile communication system. We also used the Gong-Needham-Yahalom logic with several well-known attack models to analyze the security of the proposed protocol, and we obtained satisfactory results. We expect that using the proposed protocol, Internet service providers will be able to provide a mutual authentication mechanism with high security and usability. [ABSTRACT FROM AUTHOR]

Published

2017

15. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

16. On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake.

Author

Tiloca, Marco, Gehrmann, Christian, and Seitz, Ludwig

Subjects

*DENIAL of service attacks, *CLIENT/SERVER computing, *COMPUTER network protocols, *COMPUTER security, *SCALABILITY

Abstract

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half-open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack. [ABSTRACT FROM AUTHOR]

Published

2017

17. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model.

Author

Wu, Zehui and Wei, Qiang

Subjects

*SOFTWARE-defined networking, *COMPUTER security, *PROGRAMMABLE controllers, *QUALITATIVE chemical analysis, *COMPUTER network protocols

Abstract

SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results. [ABSTRACT FROM AUTHOR]

Published

2017

18. An analysis of safety evidence management with the Structured Assurance Case Metamodel.

Author

de la Vara, Jose Luis, Génova, Gonzalo, Álvarez-Rodríguez, Jose María, and Llorens, Juan

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER science, *INDUSTRIAL safety, *COMPUTER security

Abstract

SACM (Structured Assurance Case Metamodel) is a standard for assurance case specification and exchange. It consists of an argumentation metamodel and an evidence metamodel for justifying that a system satisfies certain requirements. For assurance of safety-critical systems, SACM can be used to manage safety evidence and to specify safety cases. The standard is a promising initiative towards harmonizing and improving system assurance practices, but its suitability for safety evidence management needs to be further studied. To this end, this paper studies how SACM 1.1 supports this activity according to requirements from industry and from prior work. We have analysed the notion of evidence in SACM, its evidence lifecycle, the classes and associations of the evidence metamodel, and the link of this metamodel with the argumentation one. As a result, we have identified several improvement opportunities and extension possibilities in SACM. The notions of evidence and evidence assertion should be clarified, the overlaps between metamodel elements should be reduced, and a wider support to the lifecycle of the artefacts used as safety evidence could be provided. Addressing these aspects will allow SACM to better fit safety evidence management needs and practices, especially beyond the scope of a safety case. The results and the conclusions drawn are especially valuable for practitioners interested in SACM adoption and vendors interested in developing tool support for SACM-based safety evidence management. [ABSTRACT FROM AUTHOR]

Published

2017

19. An improved password-based authentication scheme for session initiation protocol using smart cards without verification table.

Author

Farash, Mohammad Sabsinejad

Subjects

*COMPUTER passwords, *COMPUTER access control, *COMPUTER network protocols, *VERIFICATION of computer systems, *COMPUTER security

Abstract

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2017

20. Comparison of group key establishment protocols.

Author

SŞAHİN, Serap and ASLANOĞLU, Rabia

Subjects

*COMPUTER network protocols, *KEY agreement protocols (Computer network protocols), *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *CRYPTOGRAPHY

Abstract

Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing-based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users. [ABSTRACT FROM AUTHOR]

Published

2017

21. An Efficient 3D Elliptic Curve Diffie–Hellman (ECDH) Based Two-Server Password-Only Authenticated Key Exchange Protocol with Provable Security.

Author

Kumari, K. Anitha, Sadasivam, G. Sudha, and Rohini, L.

Subjects

*COMPUTER network protocols, *CRYPTOGRAPHY, *ELLIPTIC curves, *COMPUTER security, *COMPUTER algorithms, *COMPUTER access control

Abstract

In large-scale distributed systems, where adversarial attacks have extensive impact, authentication provides fortification against threats involving impersonation of entities and tampering of data. Towards this, we introduce the first tetrahedron (three-dimensional (3D)) based two-server Password Authenticated and Key Exchange (PAKE) protocol to represent text passwords. A 3D PAKE protocol is a hybrid cryptographic algorithm that requires two servers for authentication; one server engages with users and the other is hidden from the clients. A remarkable aspect of the proposed 3D PAKE protocol is that reclaiming password from the stored credentials is not possible when either one/both the servers gets compromised. In this paper, we discuss the properties of tetrahedron that mesh well with Diffie–Hellman key exchange protocol and elliptic curve cryptography encryption scheme and proved that the protocol is resistant against cryptographic attacks without the involvement of public key infrastructure. The proposed protocol is the first provably secure two-server PAKE protocol against an offline dictionary attack. [ABSTRACT FROM PUBLISHER]

Published

2016

22. Design of optical fiber communication network monitoring and detection system based on address resolution protocol cheats.

Author

Zhang, Hao and Dai, GuangLong

Subjects

*OPTICAL fiber communication, *COMPUTER network protocols, *COMPUTER network security, *FIBER optics, *COMPUTER security

Abstract

Optical fiber communication network security is getting more and more prominent, while the optical fiber communication network monitoring is another challenges of the optical fiber communication network security. In order to Address Resolution Protocol key technology was used. In addition, design of optical fiber communication network detection system was also designed. [ABSTRACT FROM AUTHOR]

Published

2016

23. Fault-tolerant symmetrically-private information retrieval.

Author

Wang, Tian-Yin, Cai, Xiao-Qiu, and Zhang, Rui-Ling

Subjects

*FAULT-tolerant computing, *INFORMATION retrieval, *COMPUTER network protocols, *COMPUTER users, *COMPUTER security, *DATABASES, *QUANTUM information theory

Abstract

We propose two symmetrically-private information retrieval protocols based on quantum key distribution, which provide a good degree of database and user privacy while being flexible, loss-resistant and easily generalized to a large database similar to the precedent works. Furthermore, one protocol is robust to a collective-dephasing noise, and the other is robust to a collective-rotation noise. [ABSTRACT FROM AUTHOR]

Published

2016

24. Private and oblivious set and multiset operations.

Author

Blanton, Marina and Aguiar, Everaldo

Subjects

*DATA privacy, *COMPUTER network protocols, *COMPUTER security, *INFORMATION theory, *MATHEMATICAL optimization

Abstract

Privacy-preserving set operations are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and expect that each participant knows her input set in the clear. In this work, we put forward a new framework for secure multi-party set and multiset operations in which the inputs can be arbitrarily partitioned among the participants, knowledge of an input (multi)set is not required for any party, and the secure set operations can be composed and can also be securely outsourced to third-party computation providers. In this framework, we construct a comprehensive suite of secure protocols for set operations and their various extensions. Our protocols are secure in the information-theoretic sense and are designed to minimize the round complexity. We then also build support for multiset operations by providing (i) a generic conversion from a multiset to a set, which makes the protocols for set operations applicable to multisets and (ii) direct instantiations of multiset operations of improved performance. All of our protocols have communication and computation complexity of $$O(m \log m)$$ and logarithmic round complexity for sets or multisets of size m, which compares favorably with prior work. Practicality of our solutions is shown through experimental results, and novel optimizations based on set compaction allow us to improve performance of our protocols in practice. Our protocols are secure in both semi-honest and malicious security models. [ABSTRACT FROM AUTHOR]

Published

2016

25. Combinatorial Methods in Security Testing.

Author

Simos, Dimitris E., Kuhn, Rick, Voyiatzis, Artemios G., and Kacker, Raghu

Subjects

*COMPUTER security, *COMBINATORICS, *COMPUTER software security, *COMPUTER network protocols, *INTERNET of things

Abstract

Combinatorial methods can make software security testing much more efficient and effective than conventional approaches. [ABSTRACT FROM PUBLISHER]

Published

2016

26. Flow-Based Network Management: A Report from the IRTF NMRG Workshop.

Author

Schmidt, Ricardo de, Sadre, Ramin, and Hendriks, Luuk

Subjects

*COMPUTER network management, *OPENFLOW (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *INFORMATION networks

Abstract

This is the report on the Workshop on Flow-Based Network Management, held within the 37th IRTF NMRG meeting, during IETF 93, on 24th July 2015, in Prague, Czech Republic. Following the tradition of the IRTF NMRG, the workshop focused on technologies, developments, and challenges of using flow-level traffic measurements for network management. [ABSTRACT FROM AUTHOR]

Published

2016

27. Improvement of a quantum broadcasting multiple blind signature scheme based on quantum teleportation.

Author

Zhang, Wei, Qiu, Daowen, and Zou, Xiangfu

Subjects

*QUANTUM teleportation, *COMPUTER security, *COMPUTER network protocols, *PUBLIC key cryptography, *QUANTUM groups

Abstract

Recently, a broadcasting multiple blind signature scheme based on quantum teleportation has been proposed for the first time. It is claimed to have unconditional security and properties of quantum multiple signature and quantum blind signature. In this paper, we analyze the security of the protocol and show that each signatory can learn the signed message by a single-particle measurement and the signed message can be modified at random by any attacker according to the scheme. Furthermore, there are some participant attacks and external attacks existing in the scheme. Finally, we present an improved scheme and show that it can resist all of the mentioned attacks. Additionally, the secret keys can be used again and again, making it more efficient and practical. [ABSTRACT FROM AUTHOR]

Published

2016

28. Designing and Modeling of Covert Channels in Operating Systems.

Author

Lin, Yuqi, Malik, Saif U. R., Bilal, Kashif, Yang, Qiusong, Wang, Yongji, and Khan, Samee U.

Subjects

*COMPUTER operating systems, *COMPUTER security, *DATA security failures, *CLOUD computing, *FINITE state machines, *COMPUTER network protocols

Abstract

Covert channels are widely considered as a major risk of information leakage in various operating systems, such as desktop, cloud, and mobile systems. The existing works of modeling covert channels have mainly focused on using finite state machines (FSMs) and their transforms to describe the process of covert channel transmission. However, a FSM is rather an abstract model, where information about the shared resource, synchronization, and encoding/decoding cannot be presented in the model, making it difficult for researchers to realize and analyze the covert channels. In this paper, we use the high-level Petri Nets (HLPN) to model the structural and behavioral properties of covert channels. We use the HLPN to model the classic covert channel protocol. Moreover, the results from the analysis of the HLPN model are used to highlight the major shortcomings and interferences in the protocol. Furthermore, we propose two new covert channel models, namely: (a) two channel transmission protocol (TCTP) model and (b) self-adaptive protocol (SAP) model. The TCTP model circumvents the mutual inferences in encoding and synchronization operations; whereas the SAP model uses sleeping time and redundancy check to ensure correct transmission in an environment with strong noise. To demonstrate the correctness and usability of our proposed models in heterogeneous environments, we implement the TCTP and SAP in three different systems: (a) Linux, (b) Xen, and (c) Fiasco.OC. Our implementation also indicates the practicability of the models in heterogeneous, scalable and flexible environments. [ABSTRACT FROM AUTHOR]

Published

2016

29. Security of a semi-quantum protocol where reflections contribute to the secret key.

Author

Krawec, Walter

Subjects

*QUANTUM communication, *COMPUTER network protocols, *COMPUTER security, *ERROR analysis in mathematics, *QUANTUM information science

Abstract

In this paper, we provide a proof of unconditional security for a semi-quantum key distribution protocol introduced in a previous work. This particular protocol demonstrated the possibility of using X basis states to contribute to the raw key of the two users (as opposed to using only direct measurement results) even though a semi-quantum participant cannot directly manipulate such states. In this work, we provide a complete proof of security by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we are able to find an error threshold value such that for all error rates less than this threshold, it is guaranteed that A and B may distill a secure secret key; for error rates larger than this threshold, A and B should abort. We demonstrate that this error threshold compares favorably to several fully quantum protocols. We also comment on some interesting observations about the behavior of this protocol under certain noise scenarios. [ABSTRACT FROM AUTHOR]

Published

2016

30. Novel Duplicate Address Detection with Hash Function.

Author

Song, GuangJia and Ji, ZhenZhou

Subjects

*INTERNET protocol address, *COMPARATIVE studies, *COMPUTER network protocols, *COMPUTER security, *COMPUTER simulation

Abstract

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. [ABSTRACT FROM AUTHOR]

Published

2016

31. Cryptanalysis and improvement of an efficient authenticated key exchange protocol with tight security reduction.

Author

Lu, Siqi, Zhao, Jinhua, and Cheng, Qingfeng

Subjects

*CRYPTOGRAPHY, *COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *CYBERTERRORISM, *EXPONENTIATION

Abstract

The SMEN protocol, proposed by Wu and Ustaoglu in 2009, has been considered to be secure as the authors claimed, and numerous theories are proposed based on this protocol. This paper analyzes the SMEN protocol and finds that this protocol is not resistant to the session corruption attack and the key compromise impersonation attack. Then, we propose an improved protocol with tight security reduction. Our improved protocol not only avoids the above attacks but also embraces the same efficiency as the SMEN protocol in terms of exponentiation. Besides, formal analysis of the improved protocol is presented by using the formal automatic security analysis tool Scyther. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

32. Contributory Broadcast Encryption with Efficient Encryption and Short Ciphertexts.

Author

Wu, Qianhong, Qin, Bo, Zhang, Lei, Domingo-Ferrer, Josep, Farras, Oriol, and Manjon, Jesus A.

Subjects

*BROADCAST engineering, *DATA encryption, *CIPHERS, *SCHEME programming language, *COMPUTER network protocols, *COMPUTER security

Abstract

Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision $n$ -Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols. [ABSTRACT FROM AUTHOR]

Published

2016

33. Bioinspired Security Analysis of Wireless Protocols.

Author

Petrocchi, Marinella, Spognardi, Angelo, and Santi, Paolo

Subjects

*COMPUTER network protocols, *MAUDE (Computer program language), *RADIO frequency identification systems, *PROGRAMMING languages, *COMPUTER security

Abstract

Fraglets represent an execution model for communication protocols that resembles the chemical reactions in living organisms. The strong connection between their way of transforming and reacting and formal rewriting systems makes a fraglet program amenable to automatic verification. Grounded on past work, this paper investigates feasibility of adopting fraglets as model for specifying security protocols and analysing their properties. In particular, we give concrete sample analyses over a secure RFID protocol, showing evolution of the protocol run as chemical dynamics and simulating an adversary trying to circumvent the intended steps. The results of our analysis confirm the effectiveness of the cryptofraglets framework for the model and analysis of security properties and eventually show its potential to identify and uncover protocol flaws. [ABSTRACT FROM AUTHOR]

Published

2016

34. Toward secure large-scale machine-to-machine comm unications in 3GPP networks: chall enges and solutions.

Author

Lai, Chengzhe, Lu, Rongxing, Zheng, Dong, Li, Hui, and Shen, Xuemin (sherman)

Subjects

*MACHINE-to-machine communications, *LONG-Term Evolution (Telecommunications), *MOBILE computing, *COMPUTER network protocols, *COMPUTER security, *STANDARDS

Abstract

With trillions of machines connecting to mobile communication networks to provide a wide variety of applications, supporting a massive number of machine-to-machine (M2M) communications devices has been considered an essential requirement for mobile operators. Meanwhile, cyber security is of paramount importance in M2M as all applications involving M2M cannot be widely accepted without security guarantees. In this article we focus on the standardization activities of 3GPP, especially group-based security for largescale M2M communications in 3GPP networks. We first introduce the main components of the machine-type communication (MTC) security architecture. Then we discuss several major challenges for group-oriented secure M2M communications in 3GPP systems, i.e. authentication signalling congestion and overload, and group message protection. Specifically, we identify the performance issues of authentication signalling congestion and overload in no/low mobility scenarios, and propose three group access authentication and key agreement protocols. Moreover, several 3GPP candidate solutions for group message protection are introduced. Finally, we present key issues and research directions related to group-based secure M2M communications, including security, privacy, and efficiency in mobility scenarios of MTC, and flexible and efficient group key management. [ABSTRACT FROM AUTHOR]

Published

2015

35. Formal analysis of privacy in Direct Anonymous Attestation schemes.

Author

Smyth, Ben, Ryan, Mark D., and Chen, Liqun

Subjects

*MATHEMATICAL equivalence, *RSA algorithm, *COMPUTER security, *DATA privacy, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy. [ABSTRACT FROM AUTHOR]

Published

2015

36. A Quantum Single Sign-On Protocol Based on GHZ States.

Author

Ren, Xingtian, Wang, Yong, and Dai, Guiping

Subjects

*QUANTUM states, *QUANTUM cryptography, *QUANTUM mechanics, *COMPUTER security, *COMPUTER network protocols

Abstract

Single Sign-On (SSO) is an important cryptography mechanism in distributed systems. Quantum cryptography has gained great successes and makes great influence on traditional cryptography. In this paper, we combines the SSO mechanism and quantum cryptography together. A SSO protocol based on GHZ states is designed. Through security analysis, we show that this protocol has good security properties. [ABSTRACT FROM AUTHOR]

Published

2015

37. Vulnerability aware graphs for RFID protocol security benchmarking.

Author

Chang, Shan, Lu, Li, Liu, Xiaoqiang, Song, Hui, and Yao, Qingsong

Subjects

*GRAPH theory, *RADIO frequency identification systems, *COMPUTER network protocols, *COMPUTER security, *BENCHMARK problems (Computer science)

Abstract

Security and privacy issues in Radio Frequency Identification (RFID) systems mainly result from limited storage and computation resources of RFID tags and unpredictable communication environment. Although many security protocols for RFID system have been proposed, most of them have various flaws. We propose a random graph-based methodology enabling automated benchmarking of RFID security. First, we formalize the capability of adversaries by a set of atomic actions. Second, Vulnerability Aware Graphs (VAGs) were developed to elaborate the interactions between adversaries and RFID systems, which are used to discover the potential attacks of adversaries via some paths on the graphs. The quantitative analysis on VAGs can predict the probability that the adversary leverages the potential flaws to perform attacks. Moreover, a joint entropy-based method is provided to measure the indistinguishability of RFID tags under passive attacks. Analysis and simulation were conducted to show the validity and effectiveness of VAGs. [ABSTRACT FROM AUTHOR]

Published

2015

38. A lossy channel aware parameterisation of a novel security protocol for wireless IP-enabled sensors.

Author

Astorga, Jasone, Jacob, Eduardo, Toledo, Nerea, Aguado, Marina, and Higuero, Marivi

Subjects

*COMPUTER network protocols, *WIRELESS communications, *WIRELESS sensor networks, *INTERNET, *COMPUTER security, *DATA transmission systems

Abstract

IP-enabled sensors can be globally addressable by any Internet-connected entity, and therefore, their protection presents different challenges than that of traditional sensors, as they are subject to any potential attacker in the Internet. For this reason, specific security protocols must be developed to address the security requirements of IP-enabled sensors. An interesting approach to achieve this aim is the Ladon security protocol, which allows resource-deprived devices to efficiently implement end-to-end authentication, authorisation and key establishment mechanisms. However, in so limited environments such as sensor networks, not only efficient protocols must be defined, but they must also be optimally parameterised. This paper constitutes a step forward in this direction. First, a state transition model of the Ladon protocol is presented to analytically describe its behaviour. Then, this model is used to select the most effective parameterisation of the protocol in terms of message retransmissions and execution of cryptographic operations. The obtained results show that the selected parameterisation allows maximising the probability of a successful secure session establishment, while keeping the overhead introduced by the protocol low. Additionally, the performance comparison carried out shows that Ladon outperforms alternative approaches to achieve the same objective in terms of message transmission and reception operations. [ABSTRACT FROM AUTHOR]

Published

2015

39. Fireflies: A Secure and Scalable Membership and Gossip Service.

Author

JOHANSEN, HÅVARD D., VAN RENESSE, ROBBERT, VIGFUSSON, YMIR, and JOHANSEN, DAG

Subjects

*COMPUTER crime prevention, *COMPUTER security, *COMPUTER network protocols, *PSEUDONOISE sequences (Digital communications), *INTERPERSONAL communication

Abstract

An attacker who controls a computer in an overlay network can effectively control the entire overlay network if the mechanism managing membership information can successfully be targeted. This article describes Fireflies, an overlay network protocol that fights such attacks by organizing members in a verifiable pseudo-random structure so that an intruder cannot incorrectly modify the membership views of correct members. Fireflies provides each member with a view of the entire membership, and supports networks with moderate total churn. We evaluate Fireflies using both simulations and PlanetLab to show that Fireflies is a practical approach for secure membership maintenance in such networks. [ABSTRACT FROM AUTHOR]

Published

2015

40. The Internet Design Tension between Surveillance and Security.

Author

DeNardis, Laura

Subjects

*NATIONAL security, *COMPUTER network protocols, *INTERNET security

Abstract

The design tension between security and surveillance has existed for decades. This article specifically examines the protocol design tension between national security interests in surveillance versus network security in the early decades of the Internet and its predecessor networks. Using archival research and protocol-specific case studies, this article describes episodes in which the Internet Engineering Task Force (IETF) assessed whether to build wiretapping capability into protocols, made specific engineering decisions regarding security and surveillance, and entered broader global debates about encryption strength and government policies to institute cryptographic controls that facilitate surveillance. This study reveals that, even as protocol design has continuously evolved and adapted to changing political, socioeconomic, and technological contexts, the Internet engineering community has consistently staked out a consensus position pushing back against technologically based indiscriminate government surveillance. [ABSTRACT FROM PUBLISHER]

Published

2015

41. Safeguarding 5G wireless communication networks using physical layer security.

Author

Yang, Nan, Wang, Lifeng, Geraci, Giovanni, Elkashlan, Maged, Yuan, Jinhong, and Renzo, Marco

Subjects

*WIRELESS Application Protocol (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *COMPUTER engineering, *WIRELESS communications, *PHYSICAL layer security

Abstract

The fifth generation (5G) network will serve as a key enabler in meeting the continuously increasing demands for future wireless applications, including an ultra-high data rate, an ultrawide radio coverage, an ultra-large number of devices, and an ultra-low latency. This article examines security, a pivotal issue in the 5G network where wireless transmissions are inherently vulnerable to security breaches. Specifically, we focus on physical layer security, which safeguards data confidentiality by exploiting the intrinsic randomness of the communications medium and reaping the benefits offered by the disruptive technologies to 5G. Among various technologies, the three most promising ones are discussed: heterogenous networks, massive multiple-input multiple-output, and millimeter wave. On the basis of the key principles of each technology, we identify the rich opportunities and the outstanding challenges that security designers must tackle. Such an identification is expected to decisively advance the understanding of future physical layer security. [ABSTRACT FROM PUBLISHER]

Published

2015

42. Optimistic fair exchange in the enhanced chosen-key model.

Author

Wang, Yang, Au, Man Ho, and Susilo, Willy

Subjects

*COMPUTER security, *COMPUTER network protocols, *CYBERTERRORISM, *DIGITAL signatures, *SCHEME programming language

Abstract

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the existing chosen-key model through two concrete OFE schemes that serve as counterexamples. Finally, we revisit two existing generic constructions of optimistic fair exchange schemes, one based on verifiably encrypted signatures, and the other based on conventional signatures and ring signatures. Our result shows that the two generic approaches can still offer schemes secure in our enhanced model, which captures the real scenario that dishonest users may have access to the full signatures generated by the signer. [ABSTRACT FROM AUTHOR]

Published

2015

43. Orthogonal-state-based cryptography in quantum mechanics and local post-quantum theories.

Author

Aravinda, S., Banerjee, Anindita, Pathak, Anirban, and Srikanth, R.

Subjects

*CRYPTOGRAPHY, *QUANTUM mechanics, *QUANTUM theory, *COMPUTATIONAL complexity, *COMPUTER network protocols, *COMPUTER security

Abstract

We introduce the concept of cryptographic reduction, in analogy with a similar concept in computational complexity theory. In this framework, class A of crypto-protocols reduces to protocol class B in a scenario X, if for every instance a of A, there is an instance b of B and a secure transformation X that reproduces a given b, such that the security of b guarantees the security of a. Here we employ this reductive framework to study the relationship between security in quantum key distribution (QKD) and quantum secure direct communication (QSDC). We show that replacing the streaming of independent qubits in a QKD scheme by block encoding and transmission (permuting the order of particles block by block) of qubits, we can construct a QSDC scheme. This forms the basis for the block reduction from a QSDC class of protocols to a QKD class of protocols, whereby if the latter is secure, then so is the former. Conversely, given a secure QSDC protocol, we can of course construct a secure QKD scheme by transmitting a random key as the direct message. Then the QKD class of protocols is secure, assuming the security of the QSDC class which it is built from. We refer to this method of deduction of security for this class of QKD protocols, as key reduction. Finally, we propose an orthogonal-state-based deterministic key distribution (KD) protocol which is secure in some local post-quantum theories. Its security arises neither from geographic splitting of a code state nor from Heisenberg uncertainty, but from post-measurement disturbance. [ABSTRACT FROM AUTHOR]

Published

2014

44. An efficient client-client password-based authentication scheme with provable security.

Author

Farash, Mohammad and Attari, Mahmoud

Subjects

*CLIENT/SERVER computing, *COMPUTER passwords, *COMPUTER access control, *COMPUTER security, *COMPUTER network protocols

Abstract

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso's protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso's protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model. [ABSTRACT FROM AUTHOR]

Published

2014

45. Tuning a two-round group key agreement.

Author

Gao, Weizheng, Neupane, Kashi, and Steinwandt, Rainer

Subjects

*COMPUTER network protocols, *COMPUTER security, *COMPUTER access control, *CRYPTOGRAPHY, *SECURITY systems

Abstract

In 2007, Bohli et al. (Int J Inf Secur 6:243-254, ) proposed a two-round group key agreement protocol in the random oracle model, which in addition to semantic security offers strong entity authentication and a security guarantee against malicious insiders. We suggest a modification of this protocol that preserves the security guarantees and the round complexity, but reduces the amount of data that has to be sent and also reduces the number of signature computations and verifications by 50 %. Moreover, we propose a variant of Bohli et al.'s protocol whose security analysis does not require a random oracle or other idealizing assumptions. [ABSTRACT FROM AUTHOR]

Published

2014

46. A BSP algorithm for on-the-fly checking CTL* formulas on security protocols.

Author

Gava, Frédéric, Pommereau, Franck, and Guedj, Michaël

Subjects

*COMPUTER security, *PARALLEL algorithms, *COMPUTER network protocols, *MATHEMATICAL formulas, *PROTOTYPES

Abstract

This paper presents a distributed (Bulk-Synchronous Parallel or bsp) algorithm to compute on-the-fly whether a structured model of a security protocol satisfies a ctl $$^*$$ formula. Using the structured nature of the security protocols allows us to design a simple method to distribute the state space under consideration in a need-driven fashion. Based on this distribution of the states, the algorithm for logical checking of a ltl formula can be simplified and optimised allowing, with few tricky modifications, the design of an efficient algorithm for ctl $$^*$$ checking. Some prototype implementations have been developed, allowing to run benchmarks to investigate the parallel behaviour of our algorithms. [ABSTRACT FROM AUTHOR]

Published

2014

47. Secure Hamming distance based record linkage with malicious adversaries.

Author

Zhang, Bo, Cheng, Rong, and Zhang, Fangguo

Subjects

*COMPUTER security, *HAMMING distance, *MALWARE, *DATABASES, *COMPUTER network protocols, *DATA encryption

Abstract

Record linkage aims at finding the matching records from two or multiple different databases. Many approximate string matching methods in privacy-preserving record linkage have been presented. In this paper, we study the problem of secure record linkage between two data files in the two-party computation setting. We note that two records are linked when all the Hamming distances between their attributes are smaller than some fixed thresholds. We firstly construct two efficient secure protocols for computing the powers of an encrypted value and implementing zero test on an encrypted value, then present an efficient protocol within constant rounds for computing the Hamming distance based record linkage in the presence of malicious adversaries by transferring these two protocols. We also discuss the extension of our protocol for settling the Levenshtein distance based record linkage problem. [ABSTRACT FROM AUTHOR]

Published

2014

48. Protocol insecurity with a finite number of sessions and a cost-sensitive guessing intruder is NP-complete.

Author

Adão, Pedro, Mateus, Paulo, and Viganò, Luca

Subjects

*COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *MODULES (Algebra), *NP-complete problems, *DATA analysis

Abstract

Abstract: Guessing attacks in security protocols arise when honest agents make use of data easily guessable by an intruder, such as passwords generated from a small dictionary. A way to model such attacks is to formalize a Dolev–Yao style model with inference rules that capture the additional capabilities of the intruder concerning guessable data. In this paper, we formalize a cost-sensitive intruder deduction system where information is available at a cost. The intruder may apply standard operations to deduce new messages from his current knowledge, or invoke an oracle rule that allows him to get hold of data that was previously unknown to him. Our system manipulates data items by means of inference rules and uses labels to keep track of the costs associated to the application of each rule. This allows us to answer the question of what is the cost of deducing a particular data that was meant to remain a secret between honest protocol participants. We also investigate the complexity of this quantitative insecurity problem and show that it is NP-complete in the case of a finite number of protocol sessions. [Copyright &y& Elsevier]

Published

2014

49. Cryptanalysis and improvement of three-particle deterministic secure and high bit-rate direct quantum communication protocol.

Author

Liu, Zhi-Hao, Chen, Han-Wu, Wang, Dong, and Li, Wen-Qian

Subjects

*QUANTUM communication, *CRYPTOGRAPHY, *QUANTUM theory, *COMPUTER security, *BIT rate, *COMPUTER network protocols, *DENIAL of service attacks

Abstract

The three-particle deterministic secure and high bit-rate direct quantum communication protocol and its improved version are analyzed. It shows that an eavesdropper can steal the sender's secret message by the intercept-resend attack and the entanglement attack. The original version is even fragile under denial-of-service attack. As a result, some suggestions to revise them are given. [ABSTRACT FROM AUTHOR]

Published

2014

50. StatVerif: Verification of stateful processes.

Author

Arapinis, Myrto, Phillips, Joshua, Ritter, Eike, and Ryan, Mark D.

Subjects

*CRYPTOGRAPHY, *SOFTWARE verification, *HORN clauses, *LOGIC programming, *COMPUTER security, *COMPUTER input-output equipment, *COMPUTER network protocols

Abstract

We present StatVerif, which is an extension of the ProVerif process calculus with constructs for explicit state, in order to be able to reason about protocols that manipulate global state. Global state is required by protocols used in hardware devices (such as smart cards and the trusted platform module), as well as by protocols involving databases that store persistent information. We provide the operational semantics of StatVerif. We extend the ProVerif compiler to a compiler for StatVerif, which takes processes written in the extended process language and produces Horn clauses. Our compilation is carefully engineered to avoid many false attacks. We prove the correctness of the StatVerif compiler. We illustrate our method on two examples: a small hardware security device and a contract signing protocol. We are able to prove their desired properties automatically. [ABSTRACT FROM AUTHOR]

Published

2014