Your search keyword '"DATA encryption"' showing total 5,521 results

1. Serious cryptography : a practical introduction to modern encryption.

Author

Aumasson, Jean-Philippe and Green, Matthew D.

Subjects

Data encryption, Encryption, Hash functions, Quantum and post-quantum

Abstract

Summary: This is a book for readers who want to understand how cryptography works in today's world. The book is suitable for a wide audience, yet is filled with mathematical concepts and meaty discussions of how the various cryptographic mechanisms work.

Published

2017

2. Cyber Security

Author

Lu, Wei, Wen, Qiaoyan, Zhang, Yuqing, Lang, Bo, Wen, Weiping, Yan, Hanbing, Li, Chao, Ding, Li, Li, Ruiguang, and Zhou, Yu

Subjects

Systems and Data Security, Computer Communication Networks, Information Systems Applications (incl. Internet), Computer System Implementation, Cryptology, Mobile and Network Security, Data and Information Security, Computer and Information Systems Applications, communication channels (information theory), communication systems, computer crime, computer hardware, computer networks, computer security, computer systems, cryptography, data communication systems, data security, databases, network protocols, network security, sensors, signal processing, telecommunication networks, telecommunication systems, telecommunication traffic, wireless telecommunication systems, Network hardware, Information retrieval, Internet searching, Systems analysis & design, Coding theory & cryptology, Data encryption, bic Book Industry Communication::U Computing & information technology::UR Computer security, bic Book Industry Communication::U Computing & information technology::UK Computer hardware::UKN Network hardware, bic Book Industry Communication::U Computing & information technology::UN Databases::UNH Information retrieval, bic Book Industry Communication::U Computing & information technology::UY Computer science::UYD Systems analysis & design, bic Book Industry Communication::G Reference, information & interdisciplinary subjects::GP Research & information: general::GPJ Coding theory & cryptology, bic Book Industry Communication::U Computing & information technology::UT Computer networking & communications::UTN Network security

Abstract

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security.

Published

2020

3. Chaotic Generator in Digital Secure Communication.

Author

Shu-Ming Chang

Subjects

*CHAOS theory, *DIGITAL communications, *DATA encryption, *CRYPTOGRAPHY, *ALGORITHMS

Abstract

A chaotic orbit generated by a nonlinear system is irregular, aperiodic, unpredictable and has sensitive dependence on initial conditions. However, the chaotic trajectory is still not well enough to be a crypto system in digital secure communication. Therefore, we propose a Modified Logistic Map (MLM) and give a theoretical proof to show that the MLM is a chaotic map according to Devaney's definition. Based on the MLMs, we establish a Modified Logistic Hyper-Chaotic System (MLHCS) and apply MLHCS to develop a symmetric cryptography algorithm, Asymptotic Synchronization of Modified Logistic Hyper-Chaotic System (ASMLHCS). [ABSTRACT FROM AUTHOR]

Published

2009

4. TransCrypt: an Enterprise Encrypting File System over NFS.

Author

Khoje, Abhay, A., Salih K., and Moona, Rajat

Subjects

*SMART cards, *DATA encryption, *COMPUTER network security, *COMPUTER security, *COMPUTER operating systems

Abstract

Many organizations have great deal of confidential information which is stored on computers. Such information is desired to be kept securely yet giving a convenience of accessibility from any part of the world. For data security, one can use an encrypting file system such as eCryptfs [1], dmCrypt [2], File Vault [3]. However these encrypting file systems do not address the problem of accessing files over network from public computers. In this case the public host, the actual FileServer host and the network between them are vulnerable to many attacks. This paper discusses the major problems and proposes a solution for the same using TransCrypt [4] encrypting file system. It also describes how the proposed solution can be implemented on a Linux-based environment. [ABSTRACT FROM AUTHOR]

Published

2009

5. Securing Cover-File Without Limitation of Hidden Data Size Using Computation Between Cryptography and Steganography.

Author

Zaidan, A. A., Othman, Fazidah, Zaidan, B. B., Raji, R. Z., Hasan, Ahmed K., and Naji, A. W.

Subjects

*MULTIMEDIA systems, *INTERNET, *CRYPTOGRAPHY, *COMPUTER files, *DIGITAL communications, *DATA encryption

Abstract

The rapid development of multimedia and internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information. In additional, digital document is also easy to copy and distribute, therefore it may face many threats. It became necessary to find an appropriate protection due to the significance, accuracy and sensitivity of the information. Nowadays, protection system can be classified into more specific as hiding information and encryption information or a combination between them. The strength of the combination between hiding and encryption science is due to the non-existence of standard algorithms to be used in (hiding and encryption) secret messages. Also there is randomness in hiding methods such as combining several media (covers) with different methods to pass a secret message. Furthermore, there is no formal method to be followed to discover a hidden data. In this paper, a new information hiding system is presented. The aim of the proposed system is to hide information (data file) in an execution file (EXE).The new proposed system is able to embed an information in an execution file and also able to retract the hidden file from the execution file. Meanwhile, since the cover file might be used to identify hiding information, the proposed system considers overcoming this dilemma by using the execution file as a cover file. [ABSTRACT FROM AUTHOR]

Published

2009

6. Assessing a Sparse Distributed Memory Using Different Encoding Methods.

Author

Mendes, Mateus, Coimbra, A. Paulo, and Crisóstomo, Manuel

Subjects

*ASSOCIATIVE storage, *COMPUTER storage devices, *DATA encryption, *COMPUTER security, *ROBOTICS

Abstract

A Sparse Distributed Memory (SDM) is a kind of associative memory suitable to work with high-dimensional vectors of random data. This memory model is attractive for Robotics and Artificial Intelligence, for it is able to mimic many characteristics of the human long-term memory. However, sensorial data is not always random: most of the times it is based on the Natural Binary Code (NBC) and tends to cluster around some specific points. This means that the SDM performs poorer than expected. As part of an ongoing project, in which we intend to navigate a robot using a sparse distributed memory to store sequences of sensorial information, we tested different methods of encoding the data. Some methods perform better than others, though some may fade particular characteristics present in the original SDM model. [ABSTRACT FROM AUTHOR]

Published

2009

7. Securing BGP Networks using Consistent Check Algorithm.

Author

Man, C. K., Wong, K. Y., and Yeung, K. H.

Subjects

ALGORITHMS, COMPUTER network security, BGP (Computer network protocol), NETWORK routing protocols, INTERNET, DATA encryption

Abstract

The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure. However, there is no security concern in the original design of BGP, which suffers from various kinds of threats for attacks. To secure the BGP operation, this paper proposes an algorithm called consistent check. The algorithm is to verify the correctness of AS path in an incoming BGP update message by consulting the knowledge of other autonomous systems in the network. Unlike existing solution, this proposed algorithm does not require the need of cryptography calculation. [ABSTRACT FROM AUTHOR]

Published

2009

8. Currently Committed Crypt Analysis Hash Function.

Author

Selvakumar, A. Arul Lawrence and Ganandhas, C. Suresh

Subjects

CRYPTOGRAPHY, DATA encryption, COMPUTER security, COMPUTER network security, COMPUTER science

Abstract

This paper describes the study of cryptographic hash functions, one of the most important classes of primitives used in recent techniques in cryptography. The main aim is the development of recent crypt analysis hash function. We present different approaches to defining security properties more formally and present basic attack on hash function. The Main aim of this paper is the development of recent techniques applicable to crypt Analysis hash function, mainly from SHA family. Recent proposed attacks an MD5 & SHA motivate a new hash function design. It is designed not only to have higher security but also to be faster than SHA-256. The performance of the new hash function is at least 30% better than that of SHA-256 in software. And it is secure against any known cryptographic attacks on hash functions. [ABSTRACT FROM AUTHOR]

Published

2009

9. IDENTITY THEFT.

Subjects

IDENTITY theft, COMPUTER crimes, FALSE personation, SOCIAL security numbers, DATA encryption

Abstract

A chapter from the book "Navigating Your Way Through the Consumer World" is presented. It offers identity theft protection tips for consumers. It explains that identity theft happens when someone uses someone else's personal information like name, Social Security number and credit card number. The possible consequence of identity theft is described. Hence, consumers are encouraged to place passwords on their credit card, bank and telephone accounts and making sure that they encrypt all information they send over the Internet.

Published

2008

10. Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Myeonggil Choi, and Sangmun Shin

Abstract

Increased Internet threats make many kinds of information security systems performing various functions, which can often be combined into functions of an integrated information security system. To load various functions to an integration information system, much development resources should be invested to a development life cycles. The constraints of development resources force developers not to achieve a balanced quality of the system. To attain the specified quality of the system within the given development resources, the relative weights among quality factors of the system on a development life cycle should be measured and a balance between the levels of quality and development costs should be optimized, simultaneously. This paper suggests the relative weights of the quality factors influencing operations of the system, and shows an optimal solution for the quality levels and development costs using desirability function (DF). For optimization, this paper employs AHP as multiple criteria decision making (MCDM) technique and DF. [ABSTRACT FROM AUTHOR]

Published

2008

11. Risk & Distortion Based K-Anonymity.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shenkun Xu, and Xiaojun Ye

Abstract

Current optimizations for K-Anonymity pursue reduction of data distortion unilaterally, and rarely evaluate disclosure risk during process of anonymization. We propose an optimal K-Anonymity algorithm in which the balance of risk & distortion $\left(RD\right)$ can be equilibrated at each anonymity stage: we first construct a generalization space $\left(GS\right)$, then, we use the probability and entropy metric to measure RD for each node in GS, and finally we introduce releaser's RD preference to decide an optimal anonymity path. Our algorithm adequately considers the dual-impact on RD and obtains an optimal anonymity with satisfaction of releaser. The efficiency of our algorithm will be evaluated by extensive experiments. [ABSTRACT FROM AUTHOR]

Published

2008

12. Longer Randomly Blinded RSA Keys May Be Weaker Than Shorter Ones.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, and Walter, Colin D.

Abstract

Side channel leakage from smart cards has been of concern since their inception and counter-measures are routinely employed. So a number of standard and reasonable assumptions are made here regarding an implementation of RSA in a cryptographic token which may be subjected to non-invasive side-channel cryptanalysis. These include blinding the re-usable secret key, input whitening, and using an exponentiation algorithm whose operation sequence partially obscures the key. The working hypothesis is that there is limited side channel leakage which only distinguishes very imprecisely between squarings and multiplications. For this typical situation, a method is described for recovering the private exponent, and, realistically, it does not require an excessive number of traces. It just requires the modulus to be public and the public exponent not to be too large. The attack is computationally feasible unless parameters are appropriately adjusted. It reveals that longer keys are much more vulnerable than shorter ones unless blinding is proportional to key length. A further key conclusion is that designers must assume that the information theoretic level of leakage from smart cards can be transformed into usable key information by adversaries whatever counter-measures are put in place. [ABSTRACT FROM AUTHOR]

Published

2008

13. Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Zhuo Tang, and Ruixuan Li

Abstract

For the complexity of the multi-domain environment and the ceaseless evolvement of the information secure sharing, the traditional access control method can not ensure the absolute security for the exchange of data resources. Through introducing the concept of risk, this paper proposes a dynamic access control model for multi-domain environment based on risk of inter-operations. The risk rank of an access policy can be calculated by the history of the inter-operations among domains, the security degree of the objects and the safety factor of the access events. Through adjusting the access policies which be considered the high risk, the risk in the system can be controlled in real time. The security analysis shows that this method can reinforce the facility of the access control and the security of the multi-domain environment. [ABSTRACT FROM AUTHOR]

Published

2008

14. Geometrically Invariant Image Watermarking in the DWT Domain.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shijun Xiang, and Hyoung-Joong Kim

Abstract

Watermark resistance to both geometric attacks and lossy compressions is a fundamental issue in the image watermarking community. In this paper, we propose a DWT (Discrete Wavelet Transform) based watermarking scheme for such a challenging problem. Watermark resistance to geometric deformations is achieved by using the invariance of the histogram shape. In both theoretical analysis and experimental way, we show that the invariance can be extended to the DWT domain thanks to the time-frequency localization property of DWT. Consequently, we achieve the goal to embed a geometrically invariant watermark into the low-frequency sub-band of DWT in such a way that the watermark is not only invariant to various geometric transforms, but also robust to common image processing operations. Extensive simulation results demonstrate the superiority of the proposed watermark strategy due to the use of the histogram shape invariance combined with the DWT technique. [ABSTRACT FROM AUTHOR]

Published

2008

15. ICRep: An Incentive Compatible Reputation Mechanism for P2P Systems.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Junsheng Chang, and Huaimin Wang

Abstract

In peer-to-peer (P2P) systems, peers often must interact with unknown or unfamiliar peers without the benefit of trusted third parties or authorities to mediate the interactions. Trust management through reputation mechanism to facilitate such interactions is recognized as an important element of P2P systems. It is, however, faced by the problems of how to stimulate reputation information sharing and honest recommendation elicitation. This paper presents ICRep ( an incentive compatible reputation mechanism for P2P systems. ICRep has two unique features: (i) a recommender's credibility and level of confidence about the recommendation is considered in order to achieve a more accurate calculation of reputations and fair evaluation of recommendations. (ii) Incentive for participation and honest recommendation is implemented through a fair differential service mechanism. It relies on peer's level of participation and on the recommendation credibility. Theoretic analysis and simulation show that ICRep can help peers effectively detect dishonest recommendations in a variety of scenarios where more complex malicious strategies are introduced. Moreover, it can also stimulate peers to send sufficiently honest recommendations. [ABSTRACT FROM AUTHOR]

Published

2008

16. Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, JaeCheol Ha, and JeaHoon Park

Abstract

Recently, it has been shown that some cryptographic devices, such as smart card, RFID and USB token, are vulnerable to the power attacks if they have no defence against them. With the introduction of new types of power analysis attack on elliptic curve cryptosystem (ECC) which is implemented in these secure devices, most existing countermeasures against differential power analysis (DPA) are now vulnerable to new power attacks, such as a doubling attack (DA), refined power analysis attack (RPA), and zero-value point attack (ZPA). Mamiya et al. recently proposed a countermeasure (so-called BRIP) against the DPA, RPA, ZPA, and simple power analysis (SPA) by introducing a random initial value. Yet, the BRIP was also shown to be vulnerable to the address-bit DPA by Itoh et al. and the 2-torsion attack by Yen et al.. Accordingly, this paper proposes a secure countermeasure based on a message-blinding technique. A security analysis demonstrates that the proposed countermeasure is secure against most existing power attacks with just a few additional registers. [ABSTRACT FROM AUTHOR]

Published

2008

17. Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, McEvoy, Robert, and Tunstall, Michael

Abstract

The HMAC algorithm is widely used to provide authentication and message integrity to digital communications. However, if the HMAC algorithm is implemented in embedded hardware, it is vulnerable to side-channel attacks. In this paper, we describe a DPA attack strategy for the HMAC algorithm, based on the SHA-2 hash function family. Using an implementation on a commercial FPGA board, we show that such attacks are practical in reality. In addition, we present a masked implementation of the algorithm, which is designed to counteract first-order DPA attacks. [ABSTRACT FROM AUTHOR]

Published

2008

18. Comparative Studies in Key Disagreement Correction Process on Wireless Key Agreement System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Hashimoto, Toru, and Itoh, Takashi

Abstract

This paper describes the comparison of the error-correcting codes that is adopted by the key disagreement correction process about wireless key agreement system called ESPARSKEY that is expected to achieve information-theoretic security. This system consists of AP with a variable directional antenna, that is, an ESPAR antenna, and UT with an omni-directional antenna. We employ conditional mutual information as the evaluation index. From experimental evaluation results, we clarified that the best way is adopting BCH(31,16,7) with table-aided soft-decision decoding as the key disagreement process where one eavesdropper exists more than 40cm from UT. After adopting this error-correcting code, we should transact 200 wireless packets between the nodes to share a 128-bit unguessable key against an eavesdropper. [ABSTRACT FROM AUTHOR]

Published

2008

19. A Compositional Multiple Policies Operating System Security Model.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Lei Xia, and Wei Huang

Abstract

Multilevel security policies aim at only confidentiality assurance, with less consideration on integrity assurance and weakness in expressing channel control policies. Besides, the trusted subjects it introduces to handle the information flow "downgrade" have many security flaws. Moreover, increasing diversity of the computing environments results in various security requirements. However, current mainstream security models are aiming at only one or few requirements of them each. The Multi-Policy Views Security Model is presented, which is based on the MLS model, combining the domain and role attributes to the model, to enforce the expression power in channel control policies, make permission management more fine-grained and enhance the ability of confining the permission of the trusted subjects. Moreover, MPVSM has integrated the properties and functions of MLS, Domain-Type and Role Based models into one unified model. It is able to enforce multi-policy views in operating system in a flexible way. [ABSTRACT FROM AUTHOR]

Published

2008

20. Authorization Constraints Specification of RBAC.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Lilong Han, and Qingtan Liu

Abstract

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principle motivations behind RBAC. Although the importance of the constraints in RBAC has been recognized for a long time, they have not received much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL2000 including its basic elements, syntax and semantics. We show how previously identified role-based authorization constraints such as separation of duty (SOD) can be expressed in this language, and that there are other significant SOD properties that have not been previously identified in the literature. Our work indicates that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. So this language provides us a rigorous foundation for systematic study of role-based authorization constraints. [ABSTRACT FROM AUTHOR]

Published

2008

21. On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Swee-Won Lo, and Phan, Raphael C. -W.

Abstract

Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter. [ABSTRACT FROM AUTHOR]

Published

2008

22. A Generic Method for Secure SBox Implementation.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Prouff, Emmanuel, and Rivain, Matthieu

Abstract

Cryptographic algorithms embedded in low resource devices are vulnerable to side channel attacks. Since their introduction in 1996, the effectiveness of these attacks has been highly improved and many countermeasures have been invalidated. It was especially true for countermeasures whose security was based on heuristics and experiments. Consequently, there is not only a need for designing new and various countermeasures, but it is also necessary to prove the security of the new proposals in formal models. In this paper we provide a simple method for securing the software implementation of functions called SBoxes that are widely used in symmetric cryptosystems. The main advantage of the proposed solution is that it does not require any RAM allocation. We analyze its efficiency and we compare it with other well-known countermeasures. Moreover, we use a recently introduced proof-of-security framework to demonstrate the resistance of our countermeasure from the viewpoint of Differential Power Analysis. Finally, we apply our method to protect the AES implementation and we show that the performances are suitable for practical implementations. [ABSTRACT FROM AUTHOR]

Published

2008

23. Security Analysis of MISTY1.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Tanaka, Hidema, and Hatano, Yasuo

Abstract

We analyze 64-bit block cipher MISTY1 from several standpoints. Our analysis consists of two algorithms based on the higher order differential property of the S-box. The first succeeds in attacking a six round MISTY1 provided 218.9 chosen plaintexts and 280.9 computational cost. The second succeeds in attacking a seven round MISTY1 with no FL functions by controlling the value of the fixed part of the plaintext and using a 2-round elimination method provided 211.9 chosen plaintexts and 2125.1 computational cost. Both algorithms exceeds the existing attack algorithms against MISTY1 and give new perspectives for the security of MISTY1. [ABSTRACT FROM AUTHOR]

Published

2008

24. Breaking 104 Bit WEP in Less Than 60 Seconds.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Tews, Erik, and Weinmann, Ralf-Philipp

Abstract

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40,000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85,000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is negligible. [ABSTRACT FROM AUTHOR]

Published

2008

25. Efficient Implementation of the Pairing on Mobilephones Using BREW.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yoshitomi, Motoi, and Takagi, Tsuyoshi

Abstract

Pairing based cryptography can accomplish novel security applications such as ID-based cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptography is relatively slow compared with the other conventional public key cryptography. However, several efficient algorithms for computing the pairing have been proposed, namely Duursma-Lee algorithm and its variant ηT pairing. In this paper, we present an efficient implementation of the pairing over some mobilephones, and examine the feasibility of the pairing based cryptosystems on ubiquitous devices. Indeed the processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over $\mathbb F_{3^{97}}$. It has become fast enough for implementing security applications using the pairing on mobilephones. [ABSTRACT FROM AUTHOR]

Published

2008

26. An Architecture Providing Virtualization-Based Protection Mechanisms Against Insider Attacks.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Stumpf, Frederic, and Röder, Patrick

Abstract

Insider attacks are very powerful and are relevant in many scenarios, such as grid computing, corporate computing on home computers and electronic commerce of digital content. We present an example scenario to illustrate these attacks and perform a threat analysis to extract requirements for preventing insider attacks. We believe that these requirements are also representative of other scenarios. We develop a four layered protection architecture by using virtualization techniques based on these requirements. Therefore, the proposed architecture prevents insider attacks in scenarios with similar requirements as well. [ABSTRACT FROM AUTHOR]

Published

2008

27. Windows Vault: Prevention of Virus Infection and Secret Leakage with Secure OS and Virtual Machine.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Sameshima, Yoshiki, and Saisho, Hideaki

Abstract

We present an integrated system of two Windows workstations; while the first workstation is prepared to process secret information, the second is for non-secret which may contain computer virus, and the two workstations are integrated into a PC with secure OS, virtual machine and gateways. Since the two workstations are virtually separated at the physical level, the first workstation is not infected by virus, nor is secret leaked out to the Internet, even if the second is infected by unknown virus. Comparing previous work which realizes complete data isolation for intelligence community, user of the proposed system can import data securely from the second workstation to the first through security guaranteed channel between the two workstations. The user can also read e-mail from the Internet on the first without fear of virus infection, and as a result the user does not need to be aware that she/he uses the two workstations. [ABSTRACT FROM AUTHOR]

Published

2008

28. Detecting Motifs in System Call Sequences.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Wilson, William O., and Feyereisl, Jan

Abstract

The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system's user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested. [ABSTRACT FROM AUTHOR]

Published

2008

29. A Fusion of Maximum Likelihood and Structural Steganalysis.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Ker, Andrew D.

Abstract

This paper draws together two methodologies for the detection of bit replacement steganography: the principle of maximum likelihood, which is statistically well-founded but has lead to weak detectors in practice, and so-called structural detection, which is sensitive but lacks optimality and can suffer from complicated exposition. The key novelty is to extend structural analysis to include a hypothetical "pre-cover", from which the cover object is imagined to derive. Here, maximum likelihood detection is presented for three structural detectors. Although the algebraic derivation is long, and maximizing the likelihood function difficult in practice, conceptually the new detectors are reasonably simple. Experiments show that the new detectors are the best performers yet, very significantly so in the detection of replacement of multiple bit planes. [ABSTRACT FROM AUTHOR]

Published

2008

30. Iteration Bound Analysis and Throughput Optimum Architecture of SHA-256 (384,512) for Hardware Implementations.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yong Ki Lee, and Herwin Chan

Abstract

The hash algorithm forms the basis of many popular cryptographic protocols and it is therefore important to find throughput optimal implementations. Though there have been numerous published papers proposing high throughput architectures, none of them have claimed to be optimal. In this paper, we perform iteration bound analysis on the SHA2 family of hash algorithms. Using this technique, we are able to both calculate the theoretical maximum throughput and determine the architecture that achieves this throughput. In addition to providing the throughput optimal architecture for SHA2, the techniques presented can also be used to analyze and design optimal architectures for some other iterative hash algorithms. [ABSTRACT FROM AUTHOR]

Published

2008

31. A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yong Ki Lee, and Verbauwhede, Ingrid

Abstract

We propose a compact architecture of a Montgomery elliptic curve scalar multiplier in a projective coordinate system over GF(2m). To minimize the gate area of the architecture, we use the common Z projective coordinate system where a common Z value is kept for two elliptic curve points during the calculations, which results in one register reduction. In addition, by reusing the registers we are able to reduce two more registers. Therefore, we reduce the number of registers required for elliptic curve processor from 9 to 6 (a 33%). Moreover, a unidirectional circular shift register file reduces the complexity of the register file, resulting in a further 17% reduction of total gate area in our design. As a result, the total gate area is 13.2k gates with 314k cycles which is the smallest compared to the previous works. [ABSTRACT FROM AUTHOR]

Published

2008

32. Information Hiding in Software with Mixed Boolean-Arithmetic Transforms.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yongxin Zhou, and Main, Alec

Abstract

As increasingly powerful software analysis and attack tools arise, we need increasingly potent software protections. We generate an unlimited supply of obscuring transforms via mixed-mode computation over Boolean-arithmetic (mba) algebras corresponding to real-world functions and data. Such transforms resist reverse engineering with existing advanced tools and create np-hard problems for the attacker. We discuss broad uses and concrete applications to aacs key hiding and software watermarking. [ABSTRACT FROM AUTHOR]

Published

2008

33. Implementation of BioAPI Conformance Test Suite Using BSP Testing Model.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Jihyeon Jang, and Elliott, Stephen J.

Abstract

The purpose of this paper is to design a Conformance Test Suite(CTS) for BSPs(Biometric Service Provider) based upon the BioAPI (Biometric Application Programming Interface) v2.0, an international standard by ISO/IEC JTC1/SC37. The proposed BioAPI CTS enables users to test BSPs without depending on various frameworks. In this paper, a test scheduling tool has been embodied in order to use Test Assertion with XML. In order to demonstrate the performance of the CTS, the experiment was performed using both commercial fingerprint verification and identification BSPs. The developed CTS will be installed at Korean National Biometrics Test Center and used to test whether commercial biometrics products are compliant to BioAPI. [ABSTRACT FROM AUTHOR]

Published

2008

34. Implementation of LSM-Based RBAC Module for Embedded System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Jae-Deok Lim, and Sung-Kyong Un

Abstract

Security requirements of the embedded system which were not considered when the embedded system is independently deployed are being increased because the embedded system is connected to an internet. Accordingly, the coverage of the system security is being expanded from the general server to the embedded system. And it is not enough that the embedded system supports only its inherent functions and it becomes the essential element to provide the security function to the embedded system. This paper implements the Role Based Access Control(RBAC) module which is designed using the Linux Security Module(LSM) for the embedded system. RBAC allows security management to be administrated easily and LSM is a lightweight, general purpose, access control framework for mainstream Linux kernel that enables many different access control models. The combination of RABC and LSM properties is very suitable for one of security solutions of embedded system because of the simplicity and flexibility of RBAC and a lightweight loadable mechanism of LSM. And we show the performance of our implementation that has very small overhead for the intended processing and is acceptable. [ABSTRACT FROM AUTHOR]

Published

2008

35. Practical Security Analysis of Dirty Paper Trellis Watermarking.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, and Bas, Patrick

Abstract

This paper analyses the security of dirty paper trellis (DPT) watermarking schemes which use both informed coding and informed embedding. After recalling the principles of message embedding with DPT watermarking, the secret parameters of the scheme are highlighted. The security weaknesses of DPT watermarking are then presented: in the watermarked contents only attack (WOA) setup, the watermarked data-set exhibits clusters corresponding to the different patterns attached to the arcs of the trellis. The K-means clustering algorithm is used to estimate these patterns and a co-occurrence analysis is performed to retrieve the connectivity of the trellis. Experimental results demonstrate that it is possible to accurately estimate the trellis configuration, which enables to perform attacks much more efficient than simple additive white Gaussian noise (AWGN). [ABSTRACT FROM AUTHOR]

Published

2008

36. Toward Practical Anonymous Rerandomizable RCCA Secure Encryptions.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Xue, Rui, and Feng, Dengguo

Abstract

Replayable adaptively chosen ciphertext attack (RCCA) security is a relaxation of popular adaptively chosen ciphertext attack (CCA) security for public key encryption system. Unlike CCA security, RCCA security allows modifying a ciphertext into a new ciphertext of the same message. One of the open questions is that if there exists a perfectly rerandomizable RCCA secure encryption [4]. Prabhakaran and Rosulek recently answered this question affirmatively [14]. The scheme they proposed (PR scheme for short) is composed of a double-strands Cramer-Shoup schemes that involves as many as 56 exponents in encryption and 65 exponents in decryption, and 55 exponents operations during rerandomization. We present a practical perfectly rerandomizable RCCA secure encryption system in this paper. The system constitutes of two layers of encryptions. One layer carries message, the other layer carries a random quantity used to hiding the message in previous layer. This random quantity in the encryption also works as correlation between the two parts of encryption such that they are formed in a prescribed way. The proposed construction dramatically reduces the complexities, compared with PR scheme, to 15 exponents in encryption, 6 exponents decryption as well as 16 exponents operations in rerandomization. Besides the practical feature, our scheme is also the first receiver anonymous, perfectly rerandomizable RCCA secure encryption, which settles an open question in [14]. The scheme is secure under DDH assumption. [ABSTRACT FROM AUTHOR]

Published

2008

37. Secret Signatures: How to Achieve Business Privacy Efficiently?

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Byoungcheon Lee, and Choo, Kim-Kwang Raymond

Abstract

Digital signatures provide authentication and non-repudiation in a public way in the sense that anyone can verify the validity of a digital signature using the corresponding public key. In this paper, we consider the issues of (1) signature privacy and (2) the corresponding public provability of signature. We propose a new digital signature variant, secret signature, which provides authentication and non-repudiation to the designated receiver only. If required, the correctness of the secret signature can be proven to the public either by the signer or the receiver. We conclude with a discussion to demonstrate the usefulness of the proposed cryptographic primitive (e.g., achieving signature privacy in an efficient manner). [ABSTRACT FROM AUTHOR]

Published

2008

38. Boudot's Range-Bounded Commitment Scheme Revisited.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Imai, Hideki, Guilin Wang, Zhengjun Cao, and Lihua Liu

Abstract

Checking whether a committed integer lies in a specific interval has many cryptographic applications. In Eurocrypt'98, Chan et al. proposed an instantiation (CFT Proof). Based on CFT, Boudot presented a popular range-bounded commitment scheme in Eurocrypt'2000. Both CFT Proof and Boudot Proof are based on the encryption $E(x, r)=g^xh^r\ \mbox{mod}\ n$, where n is an RSA modulus whose factorization is unknown by the prover. They did not use a single base as usual. Thus an increase in cost occurs. In this paper, we show that it suffices to adopt a single base. The cost of the modified Boudot Proof is about half of that of the original scheme. Moreover, the key restriction in the original scheme, i.e., both the discrete logarithm of g in base h and the discrete logarithm of h in base g are unknown by the prover, which is a potential menace to the Boudot Proof, is definitely removed. [ABSTRACT FROM AUTHOR]

Published

2008

39. Convertible Undeniable Proxy Signatures: Security Models and Efficient Construction.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Wei Wu, and Yi Mu

Abstract

In the undeniable signatures, the validity or invalidity can only be verified via the Confirmation/Disavowal protocol with the help of the signer. Convertible undeniable signatures provide the flexibility that a signer can convert an undeniable signature into publicly verifiable one. A proxy signature scheme allows an entity to delegate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former when the former is not available. Proxy signatures have found numerous practical applications in ubiquitous computing, distributed systems, mobile agent applications, etc. In this paper, we propose the first convertible undeniable proxy signature scheme with rigorously proven security. The properties of Unforgeability, Invisibility and Soundness in the context of convertible undeniable proxy signatures are also clearly defined. The security of our construction is formally proven in the random oracle models, based on some natural complexity assumptions. [ABSTRACT FROM AUTHOR]

Published

2008

40. Universal ηT Pairing Algorithm over Arbitrary Extension Degree.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shirase, Masaaki, and Kawahara, Yuto

Abstract

The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The ηT pairing defined over finite field ${\mathbb F}_{3^n}$ has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over ${\mathbb F}_{3^n}$ in [3] is designed just for $n \equiv 1\ (\bmod \ 12)$, and it is relatively complicated to construct an explicit algorithm for $n \not \equiv 1\ (\bmod \ 12)$. It is better that we can select many n's to implement the ηT pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing ($\widetilde{\eta_T}$ pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security. [ABSTRACT FROM AUTHOR]

Published

2008

41. Pros and Cons of Mel-cepstrum Based Audio Steganalysis Using SVM Classification.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kraetzer, Christian

Abstract

While image steganalysis has become a well researched domain in the last years, audio steganalysis still lacks a large scale attentiveness. This is astonishing since digital audio signals are, due to their stream-like composition and the high data rate, appropriate covers for steganographic methods. In this work one of the first case studies in audio steganalysis with a large number of information hiding algorithms is conducted. The applied trained detector approach, using a SVM (support vector machine) based classification on feature sets generated by fusion of time domain and Mel-cepstral domain features, is evaluated for its quality as a universal steganalysis tool as well as a application specific steganalysis tool for VoIP steganography (considering selected signal modifications with and without steganographic processing of audio data). The results from these evaluations are used to derive important directions for further research for universal and application specific audio steganalysis. [ABSTRACT FROM AUTHOR]

Published

2008

42. Generalised Category Attack—Improving Histogram-Based Attack on JPEG LSB Embedding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kwangsoo Lee

Abstract

We present a generalised and improved version of the category attack on LSB steganography in JPEG images with straddled embedding path. It detects more reliably low embedding rates and is also less disturbed by double compressed images. The proposed methods are evaluated on several thousand images. The results are compared to both recent blind and specific attacks for JPEG embedding. The proposed attack permits a more reliable detection, although it is based on first order statistics only. Its simple structure makes it very fast. [ABSTRACT FROM AUTHOR]

Published

2008

43. Imaging Sensor Noise as Digital X-Ray for Revealing Forgeries.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Mo Chen

Abstract

In this paper, we describe a new forensic tool for revealing digitally altered images by detecting the presence of photo-response non-uniformity noise (PRNU) in small regions. This method assumes that either the camera that took the image is available to the analyst or at least some other non-tampered images taken by the camera are available. Forgery detection using the PRNU involves two steps - estimation of the PRNU from non-tampered images and its detection in individual image regions. From a simplified model of the sensor output, we design optimal PRNU estimators and detectors. Binary hypothesis testing is used to determine which regions are forged. The method is tested on forged images coming from a variety of digital cameras and with different JPEG quality factors. The approximate probability of falsely identifying a forged region in a non-forged image is estimated by running the algorithm on a large number of non-forged images. [ABSTRACT FROM AUTHOR]

Published

2008

44. Exposing Digital Forgeries Through Specular Highlights on the Eye.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Johnson, Micah K.

Abstract

When creating a digital composite of two people, it is difficult to exactly match the lighting conditions under which each individual was originally photographed. In many situations, the light source in a scene gives rise to a specular highlight on the eyes. We show how the direction to a light source can be estimated from this highlight. Inconsistencies in lighting across an image are then used to reveal traces of digital tampering. [ABSTRACT FROM AUTHOR]

Published

2008

45. Tamper Hiding: Defeating Image Forensics.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kirchner, Matthias

Abstract

This paper introduces novel hiding techniques to counter the detection of image manipulations through forensic analyses. The presented techniques allow to resize and rotate (parts of) bitmap images without leaving a periodic pattern in the local linear predictor coefficients, which has been exploited by prior art to detect traces of manipulation. A quantitative evaluation on a batch of test images proves the proposed method's efficacy, while controlling for key parameters and for the retained image quality compared to conventional linear interpolation. [ABSTRACT FROM AUTHOR]

Published

2008

46. Combining Tardos Fingerprinting Codes and Fingercasting.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Katzenbeisser, Stefan

Abstract

Forensic tracking faces new challenges when employed in mass-scale electronic content distribution. In order to avoid a high load at the server, the watermark embedding process should be shifted from the secure server to the client side, where (1) the security of the watermark secrets must be ensured, and (2) collusion-resistance against a reasonably sized coalition of malicious users needs to be guaranteed. The combination of secure content broadcasting, secure embedding and collusion tolerance aspects has been recently addressed and termed as Fingercasting. However, the proposed solution does not apply a special collusion-resistant code, but derives a limited resistance against collusion attacks from the underlying spread spectrum watermark. In this paper, we make the first step towards tackling this problem: we propose a construction that provides collusion-resistance against a large coalition in a secure watermark embedding setting. In particular, we propose to incorporate a variant of the collusion resistant random code of Tardos, currently the code with best asymptotic behavior, into a Fingercasting framework. Through statistical analysis we show that the combination is feasible for a small subset of possible Fingercasting system parameters. [ABSTRACT FROM AUTHOR]

Published

2008

47. A Geometrical Robust Image Data Hiding Scheme Using FCA-Based Resynchronization.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Peizhong Lu

Abstract

This paper proposes a data hiding scheme composed of a synchronization technique by using content of the image and a DCT payload embedding method. The position of the center of gravity of each Delaunay triangle is embedded inside the red channel of the corresponding triangle. This information called synchronization information is afterward decoded robustly by fast correlation attacks used commonly in cryptanalysis. The synchronization information is used to recover the affine transform that has been done on the image. The best merit of correlation attack is its powerful error-correcting ability which can be used not only to get rid of false position information caused by a few missed or imagined features, but also to obtain enough error-free synchronization information in spite of the feature points undergoing geometry transformations. A DCT-based algorithm is used to embed secret messages in the blue channel of the image. The paper also explicitly analyses the channel noise model so as to provide a basis on which some important parameters used in fast correlation attacks are designed. Simulation results show that our data-hiding scheme is highly robust to geometrical distortions including RST and most of affine transformations, and common signal processing such as JPEG compression. [ABSTRACT FROM AUTHOR]

Published

2008

48. Optimization of Tardos's Fingerprinting Codes in a Viewpoint of Memory Amount.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Nuida, Koji

Abstract

It is known that Tardos's collusion-secure probabilistic fingerprinting code (Tardos code) has length of theoretically minimal order. However, Tardos code uses certain continuous probability distribution, which causes that huge amount of extra memory is required in a practical use. An essential solution is to replace the continuous distributions with finite discrete ones, preserving the security. In this paper, we determine the optimal finite distribution for the purpose of reducing memory amount; the required extra memory is reduced to less than 1/32 of the original in some practical setting. Moreover, the code length is also reduced (to, asymptotically, about 20.6% of Tardos code), and some further practical problems such as approximation errors are also considered. [ABSTRACT FROM AUTHOR]

Published

2008

49. Noise Robust Speech Watermarking with Bit Synchronisation for the Aeronautical Radio.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Hofbauer, Konrad

Abstract

Analogue amplitude modulation radios are used for air/ ground voice communication between aircraft pilots and controllers. The identification of the aircraft, so far always transmitted verbally, could be embedded as a watermark in the speech signal and thereby prevent safety-critical misunderstandings. The first part of this paper presents an overview on this watermarking application. The second part proposes a speech watermarking algorithm that embeds data in the linear prediction residual of unvoiced narrowband speech at a rate of up to 2 kbit/s. A bit synchroniser is developed which enables the transmission over analogue channels and which reaches the optimal limit within one to two percentage points in terms of raw bit error rate. Simulations show the robustness of the method for the AWGN channel. [ABSTRACT FROM AUTHOR]

Published

2008

50. Traffic Analysis Attacks on a Continuously-Observable Steganographic File System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Troncoso, Carmela

Abstract

A continuously-observable steganographic file system allows to remotely store user files on a raw storage device; the security goal is to offer plausible deniability even when the raw storage device is continuously monitored by an attacker. Zhou, Pang and Tan have proposed such a system in [7] with a claim of provable security against traffic analysis. In this paper, we disprove their claims by presenting traffic analysis attacks on the file update algorithm of Zhou et al. Our attacks are highly effective in detecting file updates and revealing the existence and location of files. For multi-block files, we show that two updates are sufficient to discover the file. One-block files accessed a sufficient number of times can also be revealed. Our results suggest that simple randomization techniques are not sufficient to protect steganographic file systems from traffic analysis attacks. [ABSTRACT FROM AUTHOR]

Published

2008