Your search keyword '"COMPUTER network protocols"' showing total 82 results

1. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

2. An analysis of safety evidence management with the Structured Assurance Case Metamodel.

Author

de la Vara, Jose Luis, Génova, Gonzalo, Álvarez-Rodríguez, Jose María, and Llorens, Juan

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER science, *INDUSTRIAL safety, *COMPUTER security

Abstract

SACM (Structured Assurance Case Metamodel) is a standard for assurance case specification and exchange. It consists of an argumentation metamodel and an evidence metamodel for justifying that a system satisfies certain requirements. For assurance of safety-critical systems, SACM can be used to manage safety evidence and to specify safety cases. The standard is a promising initiative towards harmonizing and improving system assurance practices, but its suitability for safety evidence management needs to be further studied. To this end, this paper studies how SACM 1.1 supports this activity according to requirements from industry and from prior work. We have analysed the notion of evidence in SACM, its evidence lifecycle, the classes and associations of the evidence metamodel, and the link of this metamodel with the argumentation one. As a result, we have identified several improvement opportunities and extension possibilities in SACM. The notions of evidence and evidence assertion should be clarified, the overlaps between metamodel elements should be reduced, and a wider support to the lifecycle of the artefacts used as safety evidence could be provided. Addressing these aspects will allow SACM to better fit safety evidence management needs and practices, especially beyond the scope of a safety case. The results and the conclusions drawn are especially valuable for practitioners interested in SACM adoption and vendors interested in developing tool support for SACM-based safety evidence management. [ABSTRACT FROM AUTHOR]

Published

2017

3. Privacy-enhanced attribute-based private information retrieval.

Author

Lai, Jianchang, Mu, Yi, Guo, Fuchun, Jiang, Peng, and Susilo, Willy

Subjects

*DATA privacy, *INFORMATION storage & retrieval systems, *COMPUTER network protocols, *COMPUTER security, *COMPUTER users

Abstract

A private information retrieval protocol allows a user to retrieve w th data item (or k items) of its choice from a database of N data items without revealing its choice w to the server. The traditional private information retrieval protocols based on the notion of oblivious transfer must publish the description of each data item stored in the database in order for the user to make a choice before users run the protocol (each data item’s content is not revealed though). Aiming to eliminate the information leakage of the data item in the private information retrieval system, in this work, we propose a novel attribute-based private information retrieval protocol which can enhance the data privacy. In our proposed protocol, each data item is associated with a set of attributes which is not made public to users who are only given a universal attribute set, which reveals no information about individual data item. For each query, the user can only obtain the data items whose attributes are within its chosen attribute set. We provide a rigorous security analysis of our protocol and demonstrate its efficiency and feasibility. [ABSTRACT FROM AUTHOR]

Published

2018

4. Formal analysis of privacy in Direct Anonymous Attestation schemes.

Author

Smyth, Ben, Ryan, Mark D., and Chen, Liqun

Subjects

*MATHEMATICAL equivalence, *RSA algorithm, *COMPUTER security, *DATA privacy, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy. [ABSTRACT FROM AUTHOR]

Published

2015

5. Optimistic fair exchange in the enhanced chosen-key model.

Author

Wang, Yang, Au, Man Ho, and Susilo, Willy

Subjects

*COMPUTER security, *COMPUTER network protocols, *CYBERTERRORISM, *DIGITAL signatures, *SCHEME programming language

Abstract

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the existing chosen-key model through two concrete OFE schemes that serve as counterexamples. Finally, we revisit two existing generic constructions of optimistic fair exchange schemes, one based on verifiably encrypted signatures, and the other based on conventional signatures and ring signatures. Our result shows that the two generic approaches can still offer schemes secure in our enhanced model, which captures the real scenario that dishonest users may have access to the full signatures generated by the signer. [ABSTRACT FROM AUTHOR]

Published

2015

6. Secure Hamming distance based record linkage with malicious adversaries.

Author

Zhang, Bo, Cheng, Rong, and Zhang, Fangguo

Subjects

*COMPUTER security, *HAMMING distance, *MALWARE, *DATABASES, *COMPUTER network protocols, *DATA encryption

Abstract

Record linkage aims at finding the matching records from two or multiple different databases. Many approximate string matching methods in privacy-preserving record linkage have been presented. In this paper, we study the problem of secure record linkage between two data files in the two-party computation setting. We note that two records are linked when all the Hamming distances between their attributes are smaller than some fixed thresholds. We firstly construct two efficient secure protocols for computing the powers of an encrypted value and implementing zero test on an encrypted value, then present an efficient protocol within constant rounds for computing the Hamming distance based record linkage in the presence of malicious adversaries by transferring these two protocols. We also discuss the extension of our protocol for settling the Levenshtein distance based record linkage problem. [ABSTRACT FROM AUTHOR]

Published

2014

7. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity.

Author

Wang, Ding, Wang, Nan, Wang, Ping, and Qing, Sihan

Subjects

*COMPUTER security, *MATHEMATICAL proofs, *COMPUTER access control, *DATA security, *COMPUTER network protocols

Abstract

Due to its simplicity, portability and robustness, two-factor authentication has received much interest in the past two decades. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In ICISC 2012, Kim–Kim presented an efficient two-factor authentication scheme that attempts to provide user anonymity and to guard against various known attacks, offering many merits over existing works. However, in this paper we shall show that user privacy of Kim–Kim’s scheme is achieved at the price of severe usability downgrade – a de-synchronization attack on user’s pseudonym identities may render the scheme completely unusable unless the user re-registers. Besides this defect, it is also prone to known key attack and privileged insider attack. It is noted that our de-synchronization attack can also be applied to several latest schemes that strive to preserve user anonymity. As our main contribution, an enhanced scheme with provable security is suggested, and what we believe is most interesting is that superior security and privacy can be achieved at nearly no additional communication or computation cost. As far as we know, this work is the first one that defines a formal model to capture the feature of user un-traceability and that highlights the damaging threat of de-synchronization attack on privacy-preserving two-factor authentication schemes. [ABSTRACT FROM AUTHOR]

Published

2015

8. Protocol insecurity with a finite number of sessions and a cost-sensitive guessing intruder is NP-complete.

Author

Adão, Pedro, Mateus, Paulo, and Viganò, Luca

Subjects

*COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *MODULES (Algebra), *NP-complete problems, *DATA analysis

Abstract

Abstract: Guessing attacks in security protocols arise when honest agents make use of data easily guessable by an intruder, such as passwords generated from a small dictionary. A way to model such attacks is to formalize a Dolev–Yao style model with inference rules that capture the additional capabilities of the intruder concerning guessable data. In this paper, we formalize a cost-sensitive intruder deduction system where information is available at a cost. The intruder may apply standard operations to deduce new messages from his current knowledge, or invoke an oracle rule that allows him to get hold of data that was previously unknown to him. Our system manipulates data items by means of inference rules and uses labels to keep track of the costs associated to the application of each rule. This allows us to answer the question of what is the cost of deducing a particular data that was meant to remain a secret between honest protocol participants. We also investigate the complexity of this quantitative insecurity problem and show that it is NP-complete in the case of a finite number of protocol sessions. [Copyright &y& Elsevier]

Published

2014

9. Analytical evaluation of a time- and energy-efficient security protocol for IP-enabled sensors.

Author

Astorga, Jasone, Jacob, Eduardo, Toledo, Nerea, and Aguado, Marina

Subjects

*ENERGY consumption, *COMPUTER security, *INTERNET protocols, *COMPUTER network protocols, *DATA transmission systems, *WIRELESS sensor networks

Abstract

Highlights: [•] There is a lack of end-to-end security mechanisms tailored to IP-enabled sensors. [•] Ladon is proposed as end-to-end authentication and authorization protocol. [•] We evaluate the time and energy cost of executing Ladon on the protected sensors. [•] Ladon is proved to be a suitable security protocol for resource-deprived devices. [ABSTRACT FROM AUTHOR]

Published

2014

10. Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier.

Author

Marin, Leandro, Jara, Antonio, and Skarmeta Gomez, Antonio

Subjects

*COMBINATORIAL optimization, *CRYPTOGRAPHY, *COMPUTER input-output equipment, *COMPUTER security, *INTERNET of things, *COMPUTER network protocols

Abstract

Abstract: Security for the Internet of Things (IoT) presents the challenge of offering suitable security primitives to enable IP-based security protocols such as IPSec and DTLS. This challenge is here because host-based implementations and solutions are not providing a proper performance over the devices used in the IoT. This is mainly because of the use of highly constraint devices in terms of computational capabilities. Therefore, it is necessary to implement new optimized and scalable cryptographic primitives which can use existing protocols to provide security, authentication, privacy and integrity to the communications. Our research focus on the mathematical optimization of cryptographic primitives for Public Key Cryptography (PKC) based on Elliptic Curve Cryptography (ECC). PKC has been considered, since the IoT requires high scalability, multi-domain interoperability, self-commissioning, and self-identification. Specifically, this contribution presents a set of optimizations for ECC over constrained devices, and a brief tutorial of its implementation in the microprocessor Texas Instrument MSP430 (Briel, 2000) [1] (commonly used in IoT devices such as 6LoWPAN, active RFID and DASH7). Our main contribution is the proof that these special pseudo-Mersenne primes, which we have denominated ‘shifting primes’ can be used for ECC primitives with 160-bit keys in a highly optimal way. This paper presents an ECC scalar multiplication with 160-bit keys within 5.4 million clock cycles over MSP430 devices without hardware multiplier. Shifting primes provide a set of features, which make them more compliant with the set of instructions available with tiny CPUs such as the MSP430 and other 8 and 16-bit CPUs. [Copyright &y& Elsevier]

Published

2013

11. A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols.

Author

Choo, Kim-Kwang Raymond, Nam, Junghyun, and Won, Dongho

Subjects

*COMPUTER network protocols, *MATHEMATICAL proofs, *NUMERICAL calculations, *COMPUTER security, *IDENTITIES (Mathematics)

Abstract

We describe a mechanical approach to derive identity-based (ID-based) protocols from existing Diffie–Hellman-based ones. As case studies, we present the ID-based versions of the Unified Model protocol, UMP-ID, Blake-Wilson et al. (1997)’s protocol, BJM-ID, and Krawczyk (2005)’s HMQV protocol, HMQV-ID. We describe the calculations required to be modified in existing proofs. We conclude with a comparative security and efficiency of the three proposed ID-based protocols (relative to other similar published protocols) and demonstrate that our proposed ID-based protocols are computationally efficient. [ABSTRACT FROM AUTHOR]

Published

2014

12. Multi-recastable e-bidding game with dual-blindness.

Author

Fan, Chun-I, Wu, Chien-Nan, Sun, Wei-Zhe, and Chen, Wei-Kuei

Subjects

*AUCTIONS, *GAME theory, *ELECTRONIC commerce, *INTERNET, *COMPUTER security, *COMPUTER network protocols

Abstract

Abstract: Electronic auctions (e-auction) enable bidders to bid for diverse sold objects under an electronic platform via the Internet. Relevant literature has presented numerous online bidding auction schemes considering different security issues. However, none of them can satisfy all essential properties simultaneously and some of them possess security vulnerabilities. For example, the winner cannot hold the properties of anonymity and unlinkability without re-registration for the auction of another product. In order to cope with the above problems, this study presents an e-auction scheme which owns the following features: every bidder’s anonymity during the entire auction, unlinkability among plural auctions of different selling topics, unforgeability, no framing (tamper resistance of bidding tickets), non-repudiation, public verifiability of all bidding tickets, and easy revocation for illegal activities. In our e-bidding protocol, all participants can take part in a sequence of different auctions for various products unlimitedly after performing one time of registration, where the winner does not need to re-register again, either. We formally prove the security of the proposed scheme and also provide comparisons to show that it is the most efficient one as compared with previous works. [Copyright &y& Elsevier]

Published

2013

13. Deciding equivalence-based properties using constraint solving.

Author

Cheval, Vincent, Cortier, Véronique, and Delaune, Stéphanie

Subjects

*CONSTRAINT satisfaction, *PROBLEM solving, *COMPUTER network protocols, *COMPUTER security, *COMPUTER access control, *CRYPTOGRAPHY

Abstract

Abstract: Formal methods have proved their usefulness for analyzing the security of protocols. Most existing results focus on trace properties like secrecy or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require a notion of behavioral equivalence. Typical examples are anonymity, privacy related properties or statements closer to security properties used in cryptography. In this paper, we consider three notions of equivalence defined in the applied pi calculus: observational equivalence, may-testing equivalence, and trace equivalence. First, we study the relationship between these three notions. We show that for determinate processes, observational equivalence actually coincides with trace equivalence, a notion simpler to reason with. We exhibit a large class of determinate processes, called simple processes, that capture most existing protocols and cryptographic primitives. While trace equivalence and may-testing equivalence seem very similar, we show that may-testing equivalence is actually strictly stronger than trace equivalence. We prove that the two notions coincide for image-finite processes, such as processes without replication. Second, we reduce the decidability of trace equivalence (for finite processes) to deciding symbolic equivalence between sets of constraint systems. For simple processes without replication and with trivial else branches, it turns out that it is actually sufficient to decide symbolic equivalence between pairs of positive constraint systems. Thanks to this reduction and relying on a result first proved by M. Baudet, this yields the first decidability result of observational equivalence for a general class of equational theories (for processes without else branch nor replication). Moreover, based on another decidability result for deciding equivalence between sets of constraint systems, we get decidability of trace equivalence for processes with else branch for standard primitives. [Copyright &y& Elsevier]

Published

2013

14. New attacks and security model of the secure flash disk.

Author

Wang, An, Li, Zheng, Yang, Xianwen, and Yu, Yanyan

Subjects

*COMPUTER security, *MOBILE apps, *DATA encryption, *COMPUTER access control, *INFORMATION theory, *COMPUTER network protocols, *PERFORMANCE evaluation

Abstract

Abstract: Nowadays, the secure flash disk is the most common secure mobile storage device. Two conventional schemes, flash encryption and identity authentication, are used to ensure the security of the information stored in it, but there is no comprehensive security model. We summarize three shortcomings of it: the USB cable is very easy to be monitored; the disk is not applicable to a big group and does not resist the corruption attack. In this paper, a new attack named USB cable monitor attack is proposed and implemented. In order to overcome the existing shortcomings, we give a notion of “secure group flash disk” and its security model. Accordingly, a set of universal cryptographic strategies and a concrete authenticated key exchange protocol are devised, whose security can be proved via the universally composable security model. Based on the strategies, the system architecture of this USB flash disk is designed. An IP core of the USB device controller is implemented and verified on a FPGA, so that the performance superiority can be given. Our experiment shows that our strategies can perfectly solve the problems of USB cable monitor, group application, and resistance to corruption. [Copyright &y& Elsevier]

Published

2013

15. Secret handshake scheme with request-based-revealing

Author

Kawai, Yutaka and Kunihiro, Noboru

Subjects

*COMPUTER access control, *COMPUTER security, *COMPUTER network protocols, *MATHEMATICAL models, *MALWARE, *DATA protection

Abstract

Abstract: Secret handshake (SH) schemes enable two members who belong to the same group to authenticate each other in a way that hides their affiliation to that group from all others. In previous work on SH, the group authority (GA) of the group G has been shown to have the ability to reveal the identity (ID) of a handshake player who belongs to G. The capability to reveal a malicious player is important in SH systems. In this paper, we focus first on the classification of traceability of GA. We classify this feature as follows: (i) GA of G is able to reveal IDs of members belonging to G by using a transcript of a handshake protocol; and (ii) GA of G is able to confirm whether handshake players belong to G or not by using a transcript of a handshake protocol. Previous research in this field only considers the former capability. In some situations, only the latter capability is needed. Next, we consider a SH system that GA has only an ability to confirm whether a handshake player belongs to his own group without revealing his ID. The most naive method is that member IDs are eliminated and members have a common group ID. However, if member ID does not exist, one cannot reveal the handshake player’s ID in the event of disputes. Thus, we introduce a SH with request-based-revealing (SHRBR). In SHRBR schemes, GA can check whether handshake players belong to their own group, but cannot reveal member IDs alone. After a handshake player executes a handshake protocol with , if wants to reveal a handshake partner (in this case ), requests GA to reveal a handshake partner’s ID by bringing forth his own ID and secret information of . We define the security requirements for SHRBR schemes and propose two concrete SHRBR schemes, SHRBR-1 and SHRBR-2. We prove that the proposed SHRBR schemes satisfy security requirements in the random oracle model. [Copyright &y& Elsevier]

Published

2013

16. A hijacker’s guide to communication interfaces of the trusted platform module

Author

Winter, Johannes and Dietrich, Kurt

Subjects

*COMPUTER hackers, *COMPUTER interfaces, *COMPUTING platforms, *MODULES (Algebra), *COMPUTER network protocols, *COMPUTER security

Abstract

Abstract: In this paper, we analyze the communication of trusted platform modules and their interface to the hosting platforms. While trusted platform modules are considered to be tamper resistant, the communication channel between these modules and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted against TPMs and their bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We pursue the idea of an active attack and show how the communication protocol of the LPC bus can be actively manipulated with basic and inexpensive equipment. Moreover, we show how our manipulations can be used to circumvent the security mechanisms, e.g. the chain of trust, provided by modern trusted platforms. In addition, we demonstrate how the proposed attack can be extended to manipulate communication buses on embedded systems. [Copyright &y& Elsevier]

Published

2013

17. A new efficient authenticated multiple-key exchange protocol from bilinear pairings.

Author

Farash, Mohammad Sabzinejad, Attari, Mahmoud Ahmadian, Atani, Reza Ebrahimi, and Jami, Mohamadreza

Subjects

*COMPUTER access control, *COMPUTER network protocols, *LINEAR systems, *COMPUTER security, *SUBROUTINES (Computer programs), *COMPUTATIONAL complexity, *COMPARATIVE studies

Abstract

Abstract: The main goal of this paper is to analyze the security of a multiple-key agreement protocol and to show that this protocol is vulnerable to forgery attack. In order to address the security weakness, a new efficient multiple-key agreement protocol is proposed. The proposed protocol is based on bilinear pairings and utilizes a novel signature scheme without one-way hash functions. In contrast to related protocols which are based on bilinear pairings, in the proposed protocol, these pairings are not utilized for the included signature scheme, but they are only used for session keys. As a result, the computational complexity of the proposed protocol is decreased by 50% compared to that of the existing protocols. Another contribution of the proposed protocol is an increase of the number of the session keys up to (n 2(n +1)2/4), for n ⩾2 random numbers, regarding the bilinear property of the pairings. Finally, the simulation results from AVISPA tools confirm the security analysis of the proposed protocol. [Copyright &y& Elsevier]

Published

2013

18. An efficient conditionally anonymous ring signature in the random oracle model

Author

Zeng, Shengke, Jiang, Shaoquan, and Qin, Zhiguang

Subjects

*GROUP theory, *INFORMATION theory, *COMPUTER security, *MATHEMATICAL constants, *COMPUTER network protocols, *LINEAR systems

Abstract

Abstract: A conditionally anonymous ring signature is an exception since the anonymity is conditional. Specifically, it allows an entity to confirm/refute the signature that he generated before. A group signature also shares the same property since a group manager can revoke a signer’s anonymity using the trapdoor information. However, the special node (i.e., group manager) does not exist in the group in order to satisfy the ad hoc fashion. In this paper, we construct a new conditionally anonymous ring signature, in which the actual signer can be traced without the help of the group manager. The big advantage of the confirmation and disavowal protocols designed by us are non-interactive with constant costs while the known schemes suffer from the linear cost in terms of the ring size or security parameter . [Copyright &y& Elsevier]

Published

2012

19. Authentication protocol using an identifier in an ad hoc network environment

Author

Moon, Jong Sik and Lee, Im-Yeong

Subjects

*COMPUTER network protocols, *AD hoc computer networks, *COMPUTER security, *INFORMATION technology security, *COMPUTER network security, *INFORMATION sharing

Abstract

Abstract: This paper deals with device connections in a trust-based ad hoc network. Because a temporary device frequently joins or leaves a network, the authentication and security technology should be prepared for the malicious devices used in third-party attacks. An authentication scheme with the existing certification and ID, and security technology using symmetric and public keys are used. Therefore, in this paper we propose using two devices that have not shared information for mutual generation of authentication ID. The use of an authentication ID can establish mutual trust and provide security and efficiency for communication and generation of a symmetric key. Our analysis results show that an authentication operation reduction of up to 57%, compared to related work, is achieved by our protocol. [Copyright &y& Elsevier]

Published

2012

20. Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard

Author

Yoon, Eun-Jun

Subjects

*RADIO frequency identification systems, *AUTHENTICATION (Law), *BAR codes, *COMPUTER network protocols, *COMPUTER security, *DATA integrity

Abstract

Abstract: Radio frequency identification (RFID) technology is taking the place of barcodes to become electronic tags of the new generation. EPC Class 1 Generation 2 has served as the most popular standard for passive RFID tags. In 2010, Yeh et al. proposed a new RFID authentication protocol conforming to EPC Class 1 Generation 2 standard. However, this paper demonstrates that Yeh et al.’s protocol has two serious security problems such as DATA integrity problem and forward secrecy problem unlike their claims. An improved protocol is also proposed which can prevent the security problems and be applied in low-cost RFID environments requiring a high level of security. [Copyright &y& Elsevier]

Published

2012

21. On cryptographic protocols employing asymmetric pairings — The role of revisited

Author

Chatterjee, Sanjit and Menezes, Alfred

Subjects

*CRYPTOGRAPHY, *ELLIPTIC curves, *BILINEAR forms, *COMPUTER network protocols, *ISOMORPHISM (Mathematics), *COMPUTER security

Abstract

Abstract: Asymmetric pairings for which an efficiently-computable isomorphism is known are called Type 2 pairings; if such an isomorphism is not known then is called a Type 3 pairing. Many cryptographic protocols in the asymmetric setting rely on the existence of for their security reduction while some use it in the protocol itself. For these reasons, it is believed that some of these protocols cannot be implemented with Type 3 pairings, while for some the security reductions either cannot be transformed to the Type 3 setting or else require a stronger complexity assumption. Contrary to these widely held beliefs, we argue that Type 2 pairings are merely inefficient implementations of Type 3 pairings, and appear to offer no benefit for protocols based on asymmetric pairings from the point of view of functionality, security, and performance. [Copyright &y& Elsevier]

Published

2011

22. An efficient dynamic authenticated key exchange protocol with selectable identities

Author

Guo, Hua, Li, Zhoujun, Mu, Yi, Zhang, Fan, Wu, Chuankun, and Teng, Jikai

Subjects

*AUTHENTICATION (Law), *COMPUTER network protocols, *CRYPTOGRAPHY, *COMPUTER security, *MATHEMATICAL mappings, *DATA encryption

Abstract

Abstract: In the traditional identity-based cryptography, when a user holds multiple identities as its public keys, it has to manage an equal number of private keys. The recent advances of identity-based cryptography allow a single private key to map multiple public keys (identities) that are selectable by the user. This approach simplifies the private key management. Unfortunately, the existing schemes have a heavy computation overhead, since the private key generator has to authenticate all identities in order to generate a resultant private key. In particular, it has been considered as a drawback that the data size for a user is proportional to the number of associated identities. Moreover, these schemes do not allow dynamic changes of user identities. When a user upgrades its identities, the private key generator (PKG) has to authenticate the identities and generate a new private key. To overcome these problems, in this paper we present an efficient dynamic identity-based key exchange protocol with selectable identities, and prove its security under the bilinear Diffie–Hellman assumption in the random oracle model. [Copyright &y& Elsevier]

Published

2011

23. Contracts for security adaptation

Author

Martín, J.A. and Pimentel, E.

Subjects

*COMPUTER security, *COMPUTER architecture, *TECHNICAL specifications, *COMPUTER network protocols, *COMPUTER programming, *QUALITY of service

Abstract

Abstract: Security is considered to be one of the main challenges as regards the widespread application of Service Oriented Architectures across organisations. WS-Security, and its successive extensions, have emerged to fulfil this need, but these approaches hinder the loose-coupling among services, therefore constraining their reusability and replaceability. Software adaptation is a sound solution to overcome the incompatibilities in interface, behaviour and security constraints among stateful services. However, programming adaptors from scratch is a tedious and error-prone task where special care must be given to concurrency and security issues. In this work, we propose to use security adaptation contracts that allow us to express and adapt the security requirements of the services and their orchestration. Given a security adaptation contract and the behavioural description of the services (such as BPEL processes or Windows Workflows), we can generate the protocol of the orchestrator that complies with the security requirements (confidentiality, integrity and authenticity), while overcoming incompatibilities at the signature, behaviour and security QoS levels. The formalisation behind security adaptation contracts has other applications such as security policy negotiation and automatic security protocol verification. [Copyright &y& Elsevier]

Published

2011

24. Provably secure server-aided verification signatures

Author

Wu, Wei, Mu, Yi, Susilo, Willy, and Huang, Xinyi

Subjects

*DIGITAL signatures, *COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *COMPUTER simulation, *VERIFICATION of computer systems

Abstract

Abstract: A server-aided verification signature scheme consists of a digital signature scheme and a server-aided verification protocol. With the server-aided verification protocol, some computational tasks for a signature verification are carried out by a server, which is generally untrusted; therefore, it is very useful for low-power computational devices. In this paper, we first define three security notions for server-aided verification signatures, i.e., existential unforgeability, security against collusion attacks and security against strong collusion attacks. The definition of existential unforgeability includes the existing security requirements in server-aided verification signatures. We then present, on the basis of existing signature schemes, two novel existentially unforgeable server-aided verification signature schemes. The existential unforgeability of our schemes can be formally proved both without the random oracle model and using the random oracle model. We also consider the security of server-aided verification signatures under collusion attacks and strong collusion attacks. For the first time, we formally define security models for capturing (strong) collusion attacks, and propose concrete server-aided verification signature schemes that are secure against such attacks. [Copyright &y& Elsevier]

Published

2011

25. Certificateless public key encryption: A new generic construction and two pairing-free schemes

Author

Yang, Guomin and Tan, Chik How

Subjects

*PUBLIC key cryptography, *DATA encryption, *MATHEMATICAL models, *COMPUTER security, *BINARY number system, *COMPUTER network protocols

Abstract

Abstract: The certificateless encryption (CLE) scheme proposed by Baek, Safavi-Naini and Susilo is computation-friendly since it does not require any pairing operation. Unfortunately, an error was later discovered in their security proof and so far the provable security of the scheme remains unknown. Recently, Fiore, Gennaro and Smart showed a generic way (referred to as the FGS transformation) to transform identity-based key agreement protocols to certificateless key encapsulation mechanisms (CL-KEMs). As a typical example, they showed that the pairing-free CL-KEM underlying Baek et al.’s CLE can be “generated” by applying their transformation to the Fiore–Gennaro (FG) identity-based key agreement (IB-KA) protocol. In this paper, we show that directly applying the Fiore–Gennaro–Smart (FGS) transformation to the original FG IB-KA protocol in fact results in an insecure CL-KEM scheme against strong adversaries, we also give a way to fix the problem without adding any computational cost. The reason behind our attack is that the FGS transformation requires the underlying IB-KA protocol to be secure in a model that is stronger than the conventional security models where existing IB-KA protocols are proved secure, and the FG IB-KA protocol is in fact insecure in the new model. This motivates us to construct a new generic transformation from IB-KA protocols to CLE schemes. In the paper we present such a transformation which only requires the underlying IB-KA protocol to be secure in a security model that is weaker than the existing security models for IB-KA protocols. We illustrate our transformation by generating a new pairing-free CLE scheme that is obtained by directly applying our transformation to the original FG IB-KA protocol. [ABSTRACT FROM AUTHOR]

Published

2011

26. Efficient identity-based authenticated multiple key exchange protocol

Author

Tan, Zuowen

Subjects

*COMPUTER network protocols, *AUTHENTICATION (Law), *ORACLE software, *COMPUTER security, *COMPUTER network security, *COMPUTATIONAL mathematics, *DATA protection, *DATA security

Abstract

Authenticated multiple key exchange protocols not only allow participants to agree the multiple session keys within one run of the protocol but also ensure the authenticity of the other party. In this paper, we propose an identity-based multiple key exchange protocol. The authentication part of the proposed protocol is provably secure in the random oracle model under the BDH assumptions. The proposed identity-based multiple key exchange protocol is secure in a formal security model under the random oracle model upon the CDH assumptions and the BDH assumptions. Compared with the identity-based multiple key exchange protocols in the literature, the proposed protocol is more efficient and holds stronger security. [ABSTRACT FROM AUTHOR]

Published

2011

27. Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

Author

Lasc, Ioana, Dojen, Reiner, and Coffey, Tom

Subjects

*COMPUTER network protocols, *CYBERTERRORISM, *CELL phones, *TELECOMMUNICATION satellites, *COMPUTER security, *COMPUTER network security, *DENIAL of service attacks, *AUTHENTICATION (Law)

Abstract

Abstract: The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped. This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming. [Copyright &y& Elsevier]

Published

2011

28. A novel group key agreement protocol for wireless mesh network

Author

You, Ziyi and Xie, Xiaoyao

Subjects

*COMPUTER network protocols, *COMPUTER network security, *WIRELESS communications, *PRIVACY, *CELL phone systems, *COMPUTER security, *VERIFICATION (Empiricism), *PROBLEM solving

Abstract

Abstract: Group key agreement is the core of secure group communication. In wireless networks, the privacy problem becomes more crucial and urgent for mobile users due to the open nature of radio media. In this paper, we proposed a novel group key agreement protocol based on trusted third Party, applied in collaboration between mobile users for wireless Mesh network. The security verification (PCL logic) and performance analysis show that, our protocol not only provides privacy protection for group members, but also authenticates all participants by adopting certificates. More important, in the proposed protocol, the computation cost and traffics for each group member are largely reduced to improve the implementation efficiency of the protocol. Therefore, our protocol is a novel, reliable group key agreement protocol, and it is well suited for wireless mesh network. [Copyright &y& Elsevier]

Published

2011

29. Vulnerability of two multiple-key agreement protocols

Author

Farash, Mohammad Sabzinejad, Bayat, Majid, and Attari, Mahmoud Ahmadian

Subjects

*COMPUTER network protocols, *ELLIPTIC curves, *CRYPTOGRAPHY, *IMPERSONATION, *CYBERTERRORISM, *FORGERY, *COMPUTER security, *COMPUTER network security

Abstract

Abstract: In 2008, Lee et al. proposed two multiple-key agreement protocols, first one based on elliptic curve cryptography (ECC) and the other one, based on bilinear pairings. Shortly after publication, Vo et al. showed that the Lee–Wu–Wang’s pairing-based protocol is vulnerable to impersonation attack then for removing the problem, they proposed an improved protocol. In this paper, first We show that the Lee–Wu–Wang’s ECC-based protocol is insecure against forgery attack and also, if long-term private keys of two entities and one key of the session keys are revealed, the other session keys are exposed too. Then, we demonstrate that the Vo–Lee–Yeun–Kim’s protocol is vulnerable to another kind of forgery attacks and a reflection attack. [Copyright &y& Elsevier]

Published

2011

30. Analysis and improvement of an authenticated multiple key exchange protocol

Author

Cheng, Qingfeng and Ma, Chuangui

Subjects

*COMPUTER network protocols, *AUTHENTICATION (Law), *CYBERTERRORISM, *COMPUTER security, *COMPUTER network security, *COMPUTER science, *DATA protection, *DATA security

Abstract

Abstract: In 2010, Vo et al. (2010) proposed an enhancement of authenticated multiple key exchange protocol based on Lee et al.’s protocol. In this paper, we will show that Vo et al.’s multiple key exchange protocol cannot resist reflection attack. It means that their protocol fails to provide mutual authentication. Furthermore, we propose an improvement of Vo et al.’s protocol. Our proposed protocol with reflection attack resilience can really provide mutual authentication. [Copyright &y& Elsevier]

Published

2011

31. Strongly secure identity-based authenticated key agreement protocols

Author

Ni, Liang, Chen, Gongliang, Li, Jianhua, and Hao, Yanyan

Subjects

*COMPUTER network protocols, *COMPUTER simulation, *COMPUTER security, *AUTHENTICATION (Law), *ORACLE software, *COMPUTER network security, *DATA protection, *DATA security, *CRYPTOGRAPHY

Abstract

Abstract: In this paper, we present a strongly secure identity-based (ID-based) two-party authenticated key agreement (AKA) protocol, which captures all basic desirable security properties including master key forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model. The security of the protocol can be reduced to the standard Computational Bilinear Diffie–Hellman assumption in the random oracle model. Our scheme is secure as long as each party has at least one uncompromised secret. Also, we give a strongly secure variant of the protocol. The variant has a much lower computational overhead than the original scheme, while its security relies on the Gap Bilinear Diffie–Hellman assumption. Currently, there are few ID-based AKA protocols that are provably secure in the strong eCK model. Compared with previous ID-based AKA schemes, our protocols have advantages over them in security or efficiency. [Copyright &y& Elsevier]

Published

2011

32. I2CSec: A secure serial Chip-to-Chip communication protocol

Author

Lázaro, Jesús, Astarloa, Armando, Zuloaga, Aitzol, Bidarte, Unai, and Jiménez, Jaime

Subjects

*COMPUTER security, *CRYPTOGRAPHY, *COMPUTER network protocols, *I2C (Computer bus), *FIELD programmable gate arrays, *STANDARDIZATION, *COMPUTER algorithms, *COMPUTER architecture, *AUTHENTICATION (Law)

Abstract

Abstract: This paper presents a secured I2C (Inter-Integrated Circuit) protocol for Chip-to-Chip communications. The well known AES-GCM cryptographic and authentication algorithm is used to secure this low speed serial communication protocol. This securization allows the use of this standard into applications where security is an issue and the computation resources are constrained. Both the hardware architecture and the protocol are presented. The implementation of the I2CSec presented in the paper has been optimized for FPGA devices. [Copyright &y& Elsevier]

Published

2011

33. Non-repudiation analysis using LySa with annotations

Author

Brusò, Mayla and Cortesi, Agostino

Subjects

*FLOW control (Data transmission systems), *ANNOTATIONS, *COMPUTER network protocols, *AUTOMATION, *COMPUTER simulation, *COMPUTER security

Abstract

Abstract: This work introduces a formal analysis of the non-repudiation property for security protocols. Protocols are modelled in the process calculus LySa, using an extended syntax with annotations. Non-repudiation is verified using a Control Flow Analysis, following the same approach of Buchholtz and Gao for authentication and freshness analyses. The result is an analysis that can statically check the protocols to predict if they are secure during their execution and which can be fully automated. [Copyright &y& Elsevier]

Published

2010

34. Advanced smart card based password authentication protocol

Author

Song, Ronggong

Subjects

*COMPUTER network security, *COMPUTER network protocols, *SMART cards, *COMPUTER passwords, *AUTHENTICATION (Law), *REMOTE access networks, *COMPUTER security, *INFORMATION technology

Abstract

Abstract: Password-based authentication is widely used for systems that control remote access to computer networks. In order to address some of the security and management problems that occur in traditional password authentication protocols, research in recent decades has focused on smart card based password authentication. In this paper, we show that the improved smart card authentication scheme proposed by Xu-Zhu-Feng is vulnerable to internal and impersonation attacks. We propose an improvement of their solution, present a new efficient strong smart card authentication protocol, and demonstrate that the new protocol satisfies the requirements of strong smart card authentication and is more efficient. [Copyright &y& Elsevier]

Published

2010

35. A dynamic privacy model for web services

Author

Meziane, Hassina and Benbernou, Salima

Subjects

*WEB services, *INFORMATION storage & retrieval systems, *DATA protection, *COMPUTER security, *COMPUTER network protocols, *APPLICATION software, *COMPUTER networks, *COMPUTER simulation

Abstract

Abstract: Web services are among the applications involving closely the customers'' private informations. In order to take into account the privacy concerns of the individuals, organizations provide privacy policies as promises describing how they will handle personal data of the individual. However, privacy policies do not convince potential individuals to disclose their personal data, do not guarantee the protection of personal information, and do not provide how to tackle the evolution of the policies. In this paper, we introduce a framework based on an agreement as a solution to these problems. It contains a privacy model defined in the policy level of the agreement. We provide upon it a reasoning mechanism for the evolution. The framework supports in the negotiation level of the agreement a lifecycle management which is an important deal of a dynamic environment that characterizes Web services. A negotiation protocol is proposed to enable ongoing privacy negotiation to be translated into a new privacy agreement. [Copyright &y& Elsevier]

Published

2010

36. Analysis of Handover Key Management schemes under IETF perspective

Author

Marin-Lopez, R., Ohba, Y., Pereniguez, F., and Gomez, A.F.

Subjects

*ROAMING (Telecommunication), *MOBILE communication systems, *NETWORK PC (Computer), *COMPUTER security, *COMPUTER network protocols, *DATA protection, *SECURITY systems, *PERSONAL computers

Abstract

Abstract: The Extensible Authentication Protocol (EAP) has been standardized within the Internet Engineering Task Force (IETF) in order to provide flexible mechanisms for authentication and key management for network access control. However, some deficiencies have been revealed and recognized as a major obstacle to achieving secure and seamless handover in mobile scenarios. HOKEY (Handover Keying) Working Group in IETF is standardizing low-latency EAP re-authentication and key distribution protocols to address these deficiencies. This paper provides a critical analysis of the on-going work. [Copyright &y& Elsevier]

Published

2010

37. Random effects logistic regression model for anomaly detection

Author

Mok, Min Seok, Sohn, So Young, and Ju, Yong Han

Subjects

*ANOMALY detection (Computer security), *COMPUTER security, *LOGISTIC regression analysis, *DATA mining, *COMPUTER network protocols, *MATHEMATICAL models of engineering, *CLASSIFICATION, *MATHEMATICAL variables

Abstract

Abstract: As the influence of the internet continues to expand as a medium for communications and commerce, the threat from spammers, system attackers, and criminal enterprises has grown accordingly. This paper proposes a random effects logistic regression model to predict anomaly detection. Unlike the previous studies on anomaly detection, a random effects model was applied, which accommodates not only the risk factors of the exposures but also the uncertainty not explained by such factors. The specific factors of the risk category such as retained ‘protocol type’ and ‘logged in’ are included in the proposed model. The research is based on a sample of 49,427 random observations for 42 variables of the KDD-cup 1999 (Data Mining and Knowledge Discovery competition) data set that contains ‘normal’ and ‘anomaly’ connections. The proposed model has a classification accuracy of 98.94% for the training data set, while that for the validation data set is 98.68%. [Copyright &y& Elsevier]

Published

2010

38. Digital rights management for multimedia content over 3G mobile networks

Author

Wu, Chia-Chi, Lin, Chia-Chen, and Chang, Chin-Chen

Subjects

*MOBILE communication systems, *MULTIMEDIA systems, *COPYRIGHT of digital media, *BROADBAND communication systems, *DATA transmission systems, *COMPUTER network protocols, *COMPUTER security, *INFORMATION storage & retrieval systems

Abstract

Abstract: Third generation (3G) mobile systems offer true broadband data transmission and many multimedia services are flourishing on them. Hence, 3G transmission security has become a popular issue. Recently, Dimitriadis and Polemi proposed a lightweight IDM3G protocol for mutual authentication between users and their service providers. However, many multimedia services require safeguards during transmission over 3G networks to protect the digital rights of music and video, for example. Unfortunately, the Dimitriadis and Polemi protocol does not address this requirement in their protocol, which means their protocol can not be directly applied to design a fair and secure digital rights management mechanism. Therefore, in this paper, we try to improve their protocol by integrating the identity management 3G (IDM3G) and then propose a fair and secure digital rights management mechanism for multimedia content or services over 3G networks. Using our proposed scheme enables service providers to provide time-bounded multimedia content or services and guarantees user privacy, data integrity, confidentiality, and non-repudiation, as well as forward secrecy and backward secrecy of transferred digital rights with low computation costs. [Copyright &y& Elsevier]

Published

2010

39. Vulnerability analysis of networks to detect multiphase attacks using the actor-based language Rebeca

Author

Shahriari, Hamid Reza, Makarem, Mohammad Sadegh, Sirjani, Marjan, Jalili, Rasool, and Movaghar, Ali

Subjects

*COMPUTATIONAL complexity, *COMPUTER network protocols, *CLIENT/SERVER computing, *MULTIPHASE flow, *COMPUTER security, *AUTOMATION, *MATHEMATICAL models

Abstract

Abstract: Increasing use of networks and their complexity make the task of security analysis more and more complicated. Accordingly, automatic verification approaches have received more attention recently. In this paper, we investigate applying of an actor-based language based on reactive objects for analyzing a network environment communicating via Transport Protocol Layer (TCP). The formal foundation of the language and available tools for model checking provide us with formal verification support. Having the model of a typical network including client and server, we show how an attacker may combine simple attacks to construct a complex multiphase attack. We use Rebeca language to model the network of hosts and its model checker to find counter-examples as violations of security of the system. Some simple attacks have been modeled in previous works in this area, here we detect these simple attacks in our model and then verify the model to find more complex attacks which may include simpler attacks as their steps. We choose Rebeca because of its powerful yet simple actor-based paradigm in modeling concurrent and distributed systems. As the real network environment is asynchronous and event-based, Rebeca can be utilized to specify and verify the asynchronous systems, including network protocols. [ABSTRACT FROM AUTHOR]

Published

2010

40. IEEE 802.11 user fingerprinting and its applications for intrusion detection

Author

Takahashi, Daisuke, Xiao, Yang, Zhang, Yan, Chatzimisios, Periklis, and Chen, Hsiao-Hwa

Subjects

*INTRUSION detection systems (Computer security), *INTERNET, *COMPUTER network protocols, *IEEE 802.11 (Standard), *COMPUTER users, *COMPUTER security

Abstract

Abstract: Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors. [Copyright &y& Elsevier]

Published

2010

41. Revisiting WiMAX MBS security

Author

Kambourakis, Georgios, Konstantinou, Elisavet, and Gritzalis, Stefanos

Subjects

*IEEE 802.16 (Standard), *COMPUTER algorithms, *COMPUTER network protocols, *DATA encryption, *COMPUTER security, *SCALABILITY, *COMPUTER networks, *DATA transmission systems

Abstract

Abstract: IEEE 802.16 technology also well known as WiMax is poised to deliver the next step in the wireless evolution. This is further fostered by the 802.16e specification which, amongst other things, introduces support for mobility. The Multicast/Broadcast Service (MBS) is also an integral part of 802.16e destined to deliver next generation services to subscribers. In this paper we concentrate on the Multicast and Broadcast Rekeying Algorithm (MBRA) of 802.16e. This algorithm has been recently criticized for various vulnerabilities and security inefficiencies, as its designers are trying to balance wisely between performance and security. After surveying related work, we extensively discuss MBRA security issues and propose the use of a novel asymmetric group key agreement protocol based on the work in Wu et al. (2009) . Our scheme guarantees secure delivery of keys to all the members of a given group and mandates rekeying upon join and leave events. It can prevent insider attacks since only the Base Station possesses a secret encryption key while all other members in the network acquire the transmitted data by using their secret decryption keys. We compare our scheme with related work and demonstrate that although heavier in terms of computing costs, it compensates when scalability and security come to the foreground. [Copyright &y& Elsevier]

Published

2010

42. A universal access control method based on host identifiers for Future Internet

Author

Wang, Hongchao, Zhang, Hongke, Chang, Chi-Yuan, and Chao, Han-Chieh

Subjects

*INTERNET access control, *AUTHENTICATION (Law), *DIGITAL Object Identifiers, *COMPUTER security, *MALWARE, *COMPUTER network protocols, *COMPUTER users

Abstract

Abstract: There have been many security events in the Internet. Many of them are due to arbitrary access permissions to the network resources of the malicious users, especially their free sending packets to anywhere in the network. However, current existing solutions such as ingress filtering and network firewalls cannot solve the problem of malicious access to the network flexibly and effectively. In this paper, we present an efficient access control method based on host identifiers, in which a safe and bidirectional authentication process is introduced whenever the host begins to access the network. Meanwhile, all the succeeding information exchanges between the host and the network can be controlled through the encrypt scheme negotiated during the access authentication process. Through analysis and experiments, we find that the proposed method has the following merits. First, our method has the capability to support various end-nodes to access the Internet in a uniform way. Second, with our method, end-nodes and the core network can establish a mutual trustworthy relationship to avoid any spoof from the other side. Third, our method can support host mobility very well. [Copyright &y& Elsevier]

Published

2010

43. Basing cryptographic protocols on tamper-evident seals

Author

Moran, Tal and Naor, Moni

Subjects

*CRYPTOGRAPHY, *COMPUTER security, *DATA protection, *INFORMATION technology security, *DATA security, *COMPUTER network protocols

Abstract

Abstract: In this article, we attempt to formally study two very intuitive physical models: sealed envelopes and locked boxes, often used as illustrations for common cryptographic operations. We relax the security properties usually required from locked boxes [such as in bit-commitment (BC) protocols] and require only that a broken lock or torn envelope be identifiable to the original sender. Unlike the completely impregnable locked box, this functionality may be achievable in real life, where containers having this property are called “tamper-evident seals”. Another physical object with this property is the “scratch-off card”, often used in lottery tickets. We consider three variations of tamper-evident seals, and show that under some conditions they can be used to implement oblivious transfer, BC and coin flipping (CF). We also show a separation between the three models. One of our results is a strongly fair CF protocol with bias bounded by (where is the number of rounds); this was a stepping stone towards achieving such a protocol in the standard model (in subsequent work). [Copyright &y& Elsevier]

Published

2010

44. Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures

Author

Chevalier, Yannick and Rusinowitch, Michael

Subjects

*COMPUTER network protocols, *MATHEMATICAL logic, *CRYPTOGRAPHY, *DATA encryption, *COMPUTER security

Abstract

Abstract: Most of the decision procedures for symbolic analysis of protocols are limited to a fixed set of algebraic operators associated with a fixed intruder theory. Examples of such sets of operators comprise XOR, multiplication, abstract encryption/decryption. In this report we give an algorithm for combining decision procedures for arbitrary intruder theories with disjoint sets of operators, provided that solvability of ordered intruder constraints, a slight generalization of intruder constraints, can be decided in each theory. This is the case for most of the intruder theories for which a decision procedure has been given. In particular our result allows us to decide trace-based security properties of protocols that employ any combination of the above mentioned operators with a bounded number of sessions. [Copyright &y& Elsevier]

Published

2010

45. Enhancement of two-factor authenticated key exchange protocols in public wireless LANs

Author

Lee, Yunho, Kim, Seungjoo, and Won, Dongho

Subjects

*AUTHENTICATION (Law), *PUBLIC key cryptography, *COMPUTER network protocols, *MESSAGE theory (Communication), *COMPUTER security, *WIRELESS LANs, *COMPUTER passwords, *CLIENT characteristics

Abstract

Abstract: In 2008, Juang and Wu proposed two authenticated key exchange protocols by improving Park and Park’s two-factor authenticated key exchange protocol in public wireless LANs. They pointed out that Park’s protocol was vulnerable to the dictionary attack on the identity protection. The improved protocols requires fewer exchanged messages and provided more secure protection for the client’s identity. In this paper, we propose two protocols require less exchanged messages than Juang’s protocols. In addition to this advantage, we point out that the identity protection of Juang’s protocol is computationally inefficient for the server and efficient identity protection is proposed in the second proposed protocol. [Copyright &y& Elsevier]

Published

2010

46. Enhancements of authenticated multiple key exchange protocol based on bilinear pairings

Author

Vo, Duc-Liem, Lee, Hyunrok, Yeun, Chan-Yeob, and Kim, Kwangjo

Subjects

*AUTHENTICATION (Law), *COMPUTER network protocols, *BILINEAR forms, *PUBLIC key cryptography, *IMPERSONATION, *COMPUTER security, *DATA encryption, *ELLIPTIC curves

Abstract

Abstract: Lee et al. proposed two new authenticated multiple key exchange protocols based on Elliptic Curve Cryptography (ECC) and bilinear pairings. In this paper, we show an impersonation attack on their pairing-based authenticated key exchange protocol. We demonstrate that any attacker can impersonate an entity to share multiple session keys with another entity of his/her choice by using only the public key of the victim. Moreover, their protocol fails to provide perfect forward secrecy, despite of their claim to the contrary. Thus, we propose a simple modification to the original protocol which avoids our attack. [Copyright &y& Elsevier]

Published

2010

47. Efficient and provably secure password-based group key agreement protocol

Author

Zheng, Ming-Hui, Zhou, Hui-Hua, Li, Jun, and Cui, Guo-Hua

Subjects

*SYSTEMS design, *COMPUTER security, *COMPUTER network protocols, *AUTHENTICATION (Law)

Abstract

Abstract: This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model. [Copyright &y& Elsevier]

Published

2009

48. A key management protocol with robust continuity for sensor networks

Author

Wen, Mi, Zheng, Yan-Fei, Ye, Wen-jun, Chen, Ke-Fei, and Qiu, Wei-Dong

Subjects

*COMPUTER network protocols, *SENSOR networks, *ROBUST control, *COMPUTER security, *COMPUTER engineering, *COMPUTER networks

Abstract

Abstract: Robust continuity should be paid much more attention in sensor network key management protocols, especially in privacy-vital environment. However, to our best of knowledge, few papers on key management have addressed the robust continuity in sensor networks. Therefore, in this paper, we present a new key management protocol with robust continuity for sensor networks. The purpose is to minimize the key management redesign effort as well as to make the node flexible and adaptable to many different applications. Compared to existing key management protocols, our proposed protocol has the following merits: First, our protocol addresses the continuity between the pairwise key and group key, it can establish the pairwise key and group key with the same pre-distributed secrets. Second, our protocol can deal with the continuity of the pairwise key and the group key themselves; it can update both of them to support the changes in the size of the network. [Copyright &y& Elsevier]

Published

2009

49. Access delay in LonTalk MAC protocol

Author

Miśkowicz, Marek

Subjects

*MARKOV processes, *COMPUTER network protocols, *COMPUTER security, *PERFORMANCE

Abstract

Abstract: The study deals with the analysis of latency introduced by the media access control algorithm of LonTalk protocol registered as ANSI/CEA-709.1 standard and used in LonWorks control networking technology. The LonTalk protocol provides multicast communication which is a distinctive feature among control network protocols. The predictive p-persistent CSMA protocol built in the MAC sublayer uses the memoryless backoff, additive increase/additive decrease contention window adjustments, provides collision avoidance and optional collision detection. The behavior of the LonTalk MAC protocol, unlike of the other CSMA schemes, is forced not only by the traffic rate but also by the structure of the workload transmitted through the channel. Therefore, the predictive p-persistent CSMA performance depends on the load scenario defined as the specification of the input traffic generated to the network. In the study, a unified method of load scenario definition integrating various addressing and message service types, is used. The contribution of the paper is the adaptation of the analytical approach based on Markov chains to the evaluation of mean access delay of LonTalk protocol for any load scenario. [Copyright &y& Elsevier]

Published

2009

50. Generating routing table for free roaming mobile agent in distributed environment

Author

Venkatesan, S. and Chellappan, C.

Subjects

*COMPUTER security, *COMPUTER network resources, *COMPUTER network protocols, *MULTIMEDIA communications

Abstract

Abstract: Free roaming mobile agent [D. Xu, L. Harn, M. Narasimhan, J. Luo. “An Improved Free-Roaming Mobile Agent Security Protocol against Colluded Truncation Attacks.” In Proceedings of the 30th Annual international Computer Software and Applications Conference(COMPSAC,06), Volume 2, Page(s):309–314,Chigago, Sept. 2006, IEEE Computer Society Press.; S. Venkatesan, C. Chellappan, “Protecting free roaming mobile agent against multiple colluded truncation attacks”, In proceedings of the 3rd International conference on Mobile Multimedia Communication (Mobimedia''07), page(s): 293–297, August 2007.] is to collect information from more number of remote host using the shortest route. The routing table available in the router is not applicable for the free roaming mobile agent to roam around the network, so each and every server must have the routing information. This paper proposes a model to generate the routing table for the free roaming mobile agent to roam around the network by calculating the link cost between the nodes. Link cost between the servers is measured by the energy consumed to reach the destination. Link cost is measured by the transmission of agent instead of sending the message because here the route is calculated for agent roaming. The cost for transferring the message and the agent differs because of the migration and transfer. In agent transmission, the whole thing will be migrated to the remote host. But in the message transmission, the particular message is transmitted. Routing table in the destination will be generated automatically by the mobile agent while it visits the destination host and the routing table of the source host will be generated after the agent returns to its home (source host). [Copyright &y& Elsevier]

Published

2009