Your search keyword '"DATA encryption"' showing total 2,148 results

1. Traffic Analysis Attacks on a Continuously-Observable Steganographic File System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Troncoso, Carmela

Abstract

A continuously-observable steganographic file system allows to remotely store user files on a raw storage device; the security goal is to offer plausible deniability even when the raw storage device is continuously monitored by an attacker. Zhou, Pang and Tan have proposed such a system in [7] with a claim of provable security against traffic analysis. In this paper, we disprove their claims by presenting traffic analysis attacks on the file update algorithm of Zhou et al. Our attacks are highly effective in detecting file updates and revealing the existence and location of files. For multi-block files, we show that two updates are sufficient to discover the file. One-block files accessed a sufficient number of times can also be revealed. Our results suggest that simple randomization techniques are not sufficient to protect steganographic file systems from traffic analysis attacks. [ABSTRACT FROM AUTHOR]

Published

2008

2. Generalised Category Attack—Improving Histogram-Based Attack on JPEG LSB Embedding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kwangsoo Lee

Abstract

We present a generalised and improved version of the category attack on LSB steganography in JPEG images with straddled embedding path. It detects more reliably low embedding rates and is also less disturbed by double compressed images. The proposed methods are evaluated on several thousand images. The results are compared to both recent blind and specific attacks for JPEG embedding. The proposed attack permits a more reliable detection, although it is based on first order statistics only. Its simple structure makes it very fast. [ABSTRACT FROM AUTHOR]

Published

2008

3. Pros and Cons of Mel-cepstrum Based Audio Steganalysis Using SVM Classification.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kraetzer, Christian

Abstract

While image steganalysis has become a well researched domain in the last years, audio steganalysis still lacks a large scale attentiveness. This is astonishing since digital audio signals are, due to their stream-like composition and the high data rate, appropriate covers for steganographic methods. In this work one of the first case studies in audio steganalysis with a large number of information hiding algorithms is conducted. The applied trained detector approach, using a SVM (support vector machine) based classification on feature sets generated by fusion of time domain and Mel-cepstral domain features, is evaluated for its quality as a universal steganalysis tool as well as a application specific steganalysis tool for VoIP steganography (considering selected signal modifications with and without steganographic processing of audio data). The results from these evaluations are used to derive important directions for further research for universal and application specific audio steganalysis. [ABSTRACT FROM AUTHOR]

Published

2008

4. A Fusion of Maximum Likelihood and Structural Steganalysis.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Ker, Andrew D.

Abstract

This paper draws together two methodologies for the detection of bit replacement steganography: the principle of maximum likelihood, which is statistically well-founded but has lead to weak detectors in practice, and so-called structural detection, which is sensitive but lacks optimality and can suffer from complicated exposition. The key novelty is to extend structural analysis to include a hypothetical "pre-cover", from which the cover object is imagined to derive. Here, maximum likelihood detection is presented for three structural detectors. Although the algebraic derivation is long, and maximizing the likelihood function difficult in practice, conceptually the new detectors are reasonably simple. Experiments show that the new detectors are the best performers yet, very significantly so in the detection of replacement of multiple bit planes. [ABSTRACT FROM AUTHOR]

Published

2008

5. Security of Invertible Media Authentication Schemes Revisited.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Dönigus, Daniel

Abstract

Dittmann, Katzenbeisser, Schallhart and Veith (SEC 2005) introduced the notion of invertible media authentication schemes, embedding authentication data in media objects via invertible watermarks. These invertible watermarks allow to recover the original media object (given a secret encryption key), as required for example in some medical applications where the distortion must be removable. Here we revisit the approach of Dittmann et al. from a cryptographic viewpoint, clarifying some important aspects of their security definitions. Namely, we first discuss that their notion of unforgeability may not suffice in all settings, and we therefore propose a strictly stronger notion. We then show that the basic scheme suggested by Dittmann et al. achieves our notion if instantiated with the right cryptographic primitives. Our proof also repairs a flaw in the original scheme, pointed out by Hopper, Molnar and Wagner (TCC 2007). We finally address the issue of secrecy of media authentication schemes, basically preventing unauthorized recovering of the original media object without the encryption key. We give a rigorous security statement (that is, the best security guarantee we can achieve) and prove again that the scheme by Dittmann et al. meets this security level if the right cryptographic building blocks are deployed. Together our notions of unforgeability and of secrecy therefore give very strong security guarantees for such media authentication schemes. [ABSTRACT FROM AUTHOR]

Published

2008

6. Imaging Sensor Noise as Digital X-Ray for Revealing Forgeries.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Mo Chen

Abstract

In this paper, we describe a new forensic tool for revealing digitally altered images by detecting the presence of photo-response non-uniformity noise (PRNU) in small regions. This method assumes that either the camera that took the image is available to the analyst or at least some other non-tampered images taken by the camera are available. Forgery detection using the PRNU involves two steps - estimation of the PRNU from non-tampered images and its detection in individual image regions. From a simplified model of the sensor output, we design optimal PRNU estimators and detectors. Binary hypothesis testing is used to determine which regions are forged. The method is tested on forged images coming from a variety of digital cameras and with different JPEG quality factors. The approximate probability of falsely identifying a forged region in a non-forged image is estimated by running the algorithm on a large number of non-forged images. [ABSTRACT FROM AUTHOR]

Published

2008

7. Software Integrity Checking Expressions (ICEs) for Robust Tamper Detection.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Jakubowski, Mariusz

Abstract

We introduce software integrity checking expressions (SoftICEs), which are program predicates that can be used in software tamper detection. We present two candidates, probabilistic verification conditions (PVCs) and Fourier-learning approximations (FLAs), which can be computed for certain classes of programs,. We show that these predicates hold for any valid execution of the program, and fail with some probability for any invalid execution (e.g., when the output value of one of the variables is tampered). PVCs work with straight-line integer programs that have operations { ∗ , + , − }. We also sketch how we can extend this class to include branches and loops. FLAs can work over programs with arbitrary operations, but have some limitations in terms of efficiency, code size, and ability to handle various classes of functions. We describe a few applications of this technique, such as program integrity checking, program or client identification, and tamper detection. As a generalization of oblivious hashing (OH), our approach resolves several troublesome issues that complicate practical application of OH towards tamper-resistance. [ABSTRACT FROM AUTHOR]

Published

2008

8. A Graph Game Model for Software Tamper Protection.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Dedić, Nenad

Abstract

We present a probabilistic program-transformation algorithm to render a given program tamper-resistant. In addition, we suggest a model to estimate the required effort for an attack. We make some engineering assumptions about local indistinguishability on the transformed program and model an attacker's steps as making a walk on the program flow graph. The goal of the attacker is to learn what has been inserted by the transformation, in which case he wins. Our heuristic estimate counts the number of steps of his walk on the graph. Our model is somewhat simplified, but we believe both the constructions and models can be made more realistic in the future. [ABSTRACT FROM AUTHOR]

Published

2008

9. Tamper Hiding: Defeating Image Forensics.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kirchner, Matthias

Abstract

This paper introduces novel hiding techniques to counter the detection of image manipulations through forensic analyses. The presented techniques allow to resize and rotate (parts of) bitmap images without leaving a periodic pattern in the local linear predictor coefficients, which has been exploited by prior art to detect traces of manipulation. A quantitative evaluation on a batch of test images proves the proposed method's efficacy, while controlling for key parameters and for the retained image quality compared to conventional linear interpolation. [ABSTRACT FROM AUTHOR]

Published

2008

10. Exposing Digital Forgeries Through Specular Highlights on the Eye.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Johnson, Micah K.

Abstract

When creating a digital composite of two people, it is difficult to exactly match the lighting conditions under which each individual was originally photographed. In many situations, the light source in a scene gives rise to a specular highlight on the eyes. We show how the direction to a light source can be estimated from this highlight. Inconsistencies in lighting across an image are then used to reveal traces of digital tampering. [ABSTRACT FROM AUTHOR]

Published

2008

11. Combining Tardos Fingerprinting Codes and Fingercasting.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Katzenbeisser, Stefan

Abstract

Forensic tracking faces new challenges when employed in mass-scale electronic content distribution. In order to avoid a high load at the server, the watermark embedding process should be shifted from the secure server to the client side, where (1) the security of the watermark secrets must be ensured, and (2) collusion-resistance against a reasonably sized coalition of malicious users needs to be guaranteed. The combination of secure content broadcasting, secure embedding and collusion tolerance aspects has been recently addressed and termed as Fingercasting. However, the proposed solution does not apply a special collusion-resistant code, but derives a limited resistance against collusion attacks from the underlying spread spectrum watermark. In this paper, we make the first step towards tackling this problem: we propose a construction that provides collusion-resistance against a large coalition in a secure watermark embedding setting. In particular, we propose to incorporate a variant of the collusion resistant random code of Tardos, currently the code with best asymptotic behavior, into a Fingercasting framework. Through statistical analysis we show that the combination is feasible for a small subset of possible Fingercasting system parameters. [ABSTRACT FROM AUTHOR]

Published

2008

12. Optimization of Tardos's Fingerprinting Codes in a Viewpoint of Memory Amount.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Nuida, Koji

Abstract

It is known that Tardos's collusion-secure probabilistic fingerprinting code (Tardos code) has length of theoretically minimal order. However, Tardos code uses certain continuous probability distribution, which causes that huge amount of extra memory is required in a practical use. An essential solution is to replace the continuous distributions with finite discrete ones, preserving the security. In this paper, we determine the optimal finite distribution for the purpose of reducing memory amount; the required extra memory is reduced to less than 1/32 of the original in some practical setting. Moreover, the code length is also reduced (to, asymptotically, about 20.6% of Tardos code), and some further practical problems such as approximation errors are also considered. [ABSTRACT FROM AUTHOR]

Published

2008

13. A Geometrical Robust Image Data Hiding Scheme Using FCA-Based Resynchronization.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Peizhong Lu

Abstract

This paper proposes a data hiding scheme composed of a synchronization technique by using content of the image and a DCT payload embedding method. The position of the center of gravity of each Delaunay triangle is embedded inside the red channel of the corresponding triangle. This information called synchronization information is afterward decoded robustly by fast correlation attacks used commonly in cryptanalysis. The synchronization information is used to recover the affine transform that has been done on the image. The best merit of correlation attack is its powerful error-correcting ability which can be used not only to get rid of false position information caused by a few missed or imagined features, but also to obtain enough error-free synchronization information in spite of the feature points undergoing geometry transformations. A DCT-based algorithm is used to embed secret messages in the blue channel of the image. The paper also explicitly analyses the channel noise model so as to provide a basis on which some important parameters used in fast correlation attacks are designed. Simulation results show that our data-hiding scheme is highly robust to geometrical distortions including RST and most of affine transformations, and common signal processing such as JPEG compression. [ABSTRACT FROM AUTHOR]

Published

2008

14. Noise Robust Speech Watermarking with Bit Synchronisation for the Aeronautical Radio.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Hofbauer, Konrad

Abstract

Analogue amplitude modulation radios are used for air/ ground voice communication between aircraft pilots and controllers. The identification of the aircraft, so far always transmitted verbally, could be embedded as a watermark in the speech signal and thereby prevent safety-critical misunderstandings. The first part of this paper presents an overview on this watermarking application. The second part proposes a speech watermarking algorithm that embeds data in the linear prediction residual of unvoiced narrowband speech at a rate of up to 2 kbit/s. A bit synchroniser is developed which enables the transmission over analogue channels and which reaches the optimal limit within one to two percentage points in terms of raw bit error rate. Simulations show the robustness of the method for the AWGN channel. [ABSTRACT FROM AUTHOR]

Published

2008

15. Soft Feature-Based Watermark Decoding with Insertion/Deletion Correction.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Schlauweg, Mathias

Abstract

Hard decisions constitute the major problem in digital watermarking applications, especially when content adaptive embedding methods are used. Soft-decision decoding, on the other hand, has proved to be performance gaining, often realized during forward error correction. But despite this insight, no adaptive watermarking approach integrates the adaptation process into soft decoding, up to now. Further, insertion/deletion errors can occur in a content dependent watermarking system due to hard decisions if data is embedded only in some selected regions of the host signal. This kind of error usually desynchronizes the decoder and disables the correct watermark extraction. In this paper, we work out three fundamental properties of content dependent quantization-based watermarking. We show how the coupling between these properties and common soft-decision forward error correction decoding can be used to build up an overall soft processing watermarking. No pre-distortion has to be used, and hence, the image quality is not degraded. Even adaptation techniques can be used where it is computational infeasible to project a pre-distortion back onto the host image. Afterwards, we describe how to modify a common Viterbi decoder to enable the correction of insertion/deletion errors combined with our new soft decoding approach and hence improve the overall performance. [ABSTRACT FROM AUTHOR]

Published

2008

16. Reducing the Complexity of Syndrome Coding for Embedding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Schönfeld, Dagmar

Abstract

This paper deals with strategies to dramatically reduce the complexity for embedding based on syndrome coding. In contrast to existing approaches, our goal is to keep the embedding efficiency constant, i.e., to embed less complexly without increasing the average number of embedding changes, compared to the classic Matrix Embedding scenario. Generally, our considerations are based on structured codes, especially on BCH Codes. However, they are not limited to this class of codes. We propose different approaches to reduce embedding complexity concentrating on both syndrome coding based on a parity check matrix and syndrome coding based on the generator polynomial. [ABSTRACT FROM AUTHOR]

Published

2008

17. How Can Reed-Solomon Codes Improve Steganographic Schemes?

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Fontaine, Caroline

Abstract

The use of syndrome coding in steganographic schemes tends to reduce distortion during embedding. The more complete model comes from the wet papers [FGLS05] which allow to lock positions that cannot be modified. Recently, BCH codes have been investigated, and seem to be good candidates in this context [SW06]. Here, we show that Reed-Solomon codes are twice better with respect to the number of locked positions and that, in fact, they are optimal. We propose two methods for managing these codes in this context: the first one is based on a naive decoding process through Lagrange interpolation; the second one, more efficient, is based on list decoding techniques and provides an adaptive trade-off between the number of locked positions and the embedding efficiency. [ABSTRACT FROM AUTHOR]

Published

2008

18. Steganographic Communication with Quantum Information.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Martin, Keye

Abstract

We introduce a scheme for steganographic communication based on a channel hidden within the quantum key distribution protocol of Bennett and Brassard. An outside observer cannot establish evidence that this communication is taking place for the simple reason that no correlations between public data and hidden information exist. Assuming an attacker guesses hidden communication is underway, we obtain a precise quantitative bound on the amount of hidden information they can acquire, and find that it is very small, less than 10− 7 bits per channel use in typical experimental settings. We also calculate the capacity of the steganographic channel, including an analysis based on data available from experimental realizations of quantum protocols. [ABSTRACT FROM AUTHOR]

Published

2008

19. Practical Security Analysis of Dirty Paper Trellis Watermarking.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, and Bas, Patrick

Abstract

This paper analyses the security of dirty paper trellis (DPT) watermarking schemes which use both informed coding and informed embedding. After recalling the principles of message embedding with DPT watermarking, the secret parameters of the scheme are highlighted. The security weaknesses of DPT watermarking are then presented: in the watermarked contents only attack (WOA) setup, the watermarked data-set exhibits clusters corresponding to the different patterns attached to the arcs of the trellis. The K-means clustering algorithm is used to estimate these patterns and a co-occurrence analysis is performed to retrieve the connectivity of the trellis. Experimental results demonstrate that it is possible to accurately estimate the trellis configuration, which enables to perform attacks much more efficient than simple additive white Gaussian noise (AWGN). [ABSTRACT FROM AUTHOR]

Published

2008

20. Exploiting Security Holes in Lattice Data Hiding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Pérez-Freire, Luis

Abstract

This paper presents a security analysis for data hiding methods based on nested lattice codes, extending the analysis provided by previous works. The security is quantified in an information-theoretic sense by means of the information leakage between the watermarked signals seen by the attacker and the secret key used in the embedding process. The theoretical analysis accomplished in the first part of the paper addresses important issues such as the possibility of achieving perfect secrecy and the impact of the embedding rate and channel coding in the security level. In the second part, a practical algorithm for estimating the secret key is proposed, and the information extracted is used for implementing a reversibility attack on real images. [ABSTRACT FROM AUTHOR]

Published

2008

21. Robust and High Capacity Image Watermarking Based on Jointly Coding and Embedding Optimization.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Chuntao Wang

Abstract

A new informed image watermarking algorithm is presented in this paper, which can achieve the information rate of 1/64 bits/pixel with high robustness. Firstly, the LOT (Locally Optimum Test) detector based on HMM in wavelet domain is developed to tackle the issue that the exact strength for informed embedding is unknown to the receiver. Then based on the LOT detector, the dirty-paper code for informed coding is constructed and the metric for the robustness is defined accordingly. Unlike the previous approaches of informed watermarking which take the informed coding and embedding process separately, the proposed algorithm implements a jointly coding and embedding optimization for high capacity and robust watermarking. The Genetic Algorithm (GA) is employed to optimize the robustness and distortion constraints simultaneously. Extensive simulations are carried out which demonstrates that the proposed algorithm achieves significant improvements in performance against JPEG, gain attack, low-pass filtering and so on. [ABSTRACT FROM AUTHOR]

Published

2008

22. Three-Dimensional Meshes Watermarking: Review and Attack-Centric Investigation.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kai Wang

Abstract

The recent decade has seen the emergence of 3D meshes in industrial, medical and entertainment applications. Therefore, their intellectual property protection problem has attracted more and more attention in both the research and industrial realms. This paper gives a synthetic review of 3D mesh watermarking techniques, which are deemed to be a potential effective solution to the above problem. We begin with a discussion on the particular difficulties encountered while applying watermarking on 3D meshes. Then some typical algorithms are presented and analyzed, classifying them in two categories: spatial and spectral. Considering the important impact of the different attacks on the design of 3D mesh watermarking algorithms, we also provide an attack-centric viewpoint of this state of the art. Finally, some special issues and possible future working directions are discussed. [ABSTRACT FROM AUTHOR]

Published

2008

23. Space-Efficient Kleptography Without Random Oracles.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Young, Adam L.

Abstract

In the past, hiding asymmetric backdoors inside cryptosystems required a random oracle assumption (idealization) as "randomizers" of the hidden channels. The basic question left open is whether cryptography itself based on traditional hardness assumption(s) alone enables "internal randomized channels" that enable the embedding of an asymmetric backdoor inside another cryptosystem while retaining the security of the cryptosystem and the backdoor (two security proofs in one system). This question translates into the existence of kleptographic channels without the idealization of random oracle functions. We therefore address the basic problem of controlling the probability distribution over information (i.e., the kleptogram) that is hidden within the output of a cryptographic system. We settle this question by presenting an elliptic curve asymmetric backdoor construction that solves this problem. As an example, we apply the construction to produce a provably secure asymmetric backdoor in SSL. The construction is general and applies to many other kleptographic settings as well. [ABSTRACT FROM AUTHOR]

Published

2008

24. YASS: Yet Another Steganographic Scheme That Resists Blind Steganalysis.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Solanki, Kaushal

Abstract

A new, simple, approach for active steganography is proposed in this paper that can successfully resist recent blind steganalysis methods, in addition to surviving distortion constrained attacks. We present Yet Another Steganographic Scheme (YASS), a method based on embedding data in randomized locations so as to disable the self-calibration process (such as, by cropping a few pixel rows and/or columns to estimate the cover image features) popularly used by blind steganalysis schemes. The errors induced in the embedded data due to the fact that the stego signal must be advertised in a specific format such as JPEG, are dealt with by the use of erasure and error correcting codes. For the presented JPEG steganograhic scheme, it is shown that the detection rates of recent blind steganalysis schemes are close to random guessing, thus confirming the practical applicability of the proposed technique. We also note that the presented steganography framework, of hiding in randomized locations and using a coding framework to deal with errors, is quite simple yet very generalizable. [ABSTRACT FROM AUTHOR]

Published

2008

25. MPSteg-color: A New Steganographic Technique for Color Images.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Cancelli, Giacomo

Abstract

A new steganographic algorithm for color images (MPSteg-color) is presented based on Matching Pursuit (MP) decomposition of the host image. With respect to previous works operating in the MP domain, the availability of three color bands is exploited to avoid the instability of the decomposition path and to randomize it for enhanced security. A selection and an update rule working entirely in the integer domain have been developed to improve the capacity of the stego channel and limit the computational complexity of the embedder. The system performance are boosted by applying the Matrix Embedding (ME) principle possibly coupled with a Wet Paper Coding approach to avoid ambiguities in stego-channel selection. The experimental comparison of the new scheme with a state-of-the-art algorithm applying the ME principle directly in the pixel domain reveals that, despite the lower PSNR achieved by MPSteg-color, a classical steganalyzer finds it more difficult to detect the MP-stego messages. [ABSTRACT FROM AUTHOR]

Published

2008

26. Drive-By Pharming.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Stamm, Sid, and Ramzan, Zulfikar

Abstract

This paper describes an attack concept termed Drive-by Pharming where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim's home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker's choice. The attacker can direct the victim's Internet traffic and point the victim to the attacker's own web sites regardless of what domain the victim thinks he is actually going to, potentially leading to the compromise of the victim's credentials. The same attack methodology can be used to make other changes to the router, like replacing its firmware. Routers could then host malicious web pages or engage in click fraud. Since the attack is mounted through viewing a web page, it does not require the attacker to have any physical proximity to the victim nor does it require the explicit download of traditional malicious software. The attack works under the reasonable assumption that the victim has not changed the default management password on their broadband router. [ABSTRACT FROM AUTHOR]

Published

2008

27. Application of the PageRank Algorithm to Alarm Graphs.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Treinen, James J., and Thurimella, Ramakrishna

Abstract

The task of separating genuine attacks from false alarms in large intrusion detection infrastructures is extremely difficult. The number of alarms received in such environments can easily enter into the millions of alerts per day. The overwhelming noise created by these alarms can cause genuine attacks to go unnoticed. As means of highlighting these attacks, we introduce a host ranking technique utilizing Alarm Graphs. Rather than enumerate all potential attack paths as in Attack Graphs, we build and analyze graphs based on the alarms generated by the intrusion detection sensors installed on a network. Given that the alarms are predominantly false positives, the challenge is to identify, separate, and ideally predict future attacks. In this paper, we propose a novel approach to tackle this problem based on the PageRank algorithm. By elevating the rank of known attackers and victims we are able to observe the effect that these hosts have on the other nodes in the Alarm Graph. Using this information we are able to discover previously overlooked attacks, as well as defend against future intrusions. [ABSTRACT FROM AUTHOR]

Published

2008

28. Firewall for Dynamic IP Address in Mobile IPv6.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Ying Qiu, and Feng Bao

Abstract

Mobile communication is becoming the mainstream with the rapid growth of mobile devices penetrating our daily life. More and more mobile devices such as mobile phones, personal digital assistants, notebooks etc, are capable of Internet access. Mobile devices frequently change their communication IP addresses in mobile IPv6 network following its current attached domain. This raises a big challenge for building firewall for mobile devices. The conventional firewalls are primarily based on IPv4 networks where the security criteria are specified only to the fixed IP addresses or subnets, which apparently do not apply to mobile IPv6. In this paper we propose three solutions for mobile IPv6 firewall. Our approaches make the firewall adaptive to dynamic IP addresses in mobile IPv6 network. They have different expense and weight corresponding to different degree of universality. The paper focuses the study more from practical aspect. [ABSTRACT FROM AUTHOR]

Published

2008

29. DDoS Attack Detection Algorithms Based on Entropy Computing.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Liying Li, and Jianying Zhou

Abstract

Distributed Denial of Service (DDoS) attack poses a severe threat to the Internet. It is difficult to find the exact signature of attacking. Moreover, it is hard to distinguish the difference of an unusual high volume of traffic which is caused by the attack or occurs when a huge number of users occasionally access the target machine at the same time. The entropy detection method is an effective method to detect the DDoS attack. It is mainly used to calculate the distribution randomness of some attributes in the network packets' headers. In this paper, we focus on the detection technology of DDoS attack. We improve the previous entropy detection algorithm, and propose two enhanced detection methods based on cumulative entropy and time, respectively. Experiment results show that these methods could lead to more accurate and effective DDoS detection. [ABSTRACT FROM AUTHOR]

Published

2008

30. Collecting Autonomous Spreading Malware Using High-Interaction Honeypots.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Jianwei Zhuge, and Holz, Thorsten

Abstract

Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop antivirus signatures. In this paper, we present an integrated toolkit called HoneyBow, which is able to collect autonomous spreading malware in an automated manner using high-interaction honeypots. Compared to low-interaction honeypots, HoneyBow has several advantages due to a wider range of captured samples and the capability of collecting malware which propagates by exploiting new vulnerabilities. We validate the properties of HoneyBow with experimental data collected during a period of about nine months, in which we collected thousands of malware binaries. Furthermore, we demonstrate the capability of collecting new malware via a case study of a certain bot. [ABSTRACT FROM AUTHOR]

Published

2008

31. BIOS Security Analysis and a Kind of Trusted BIOS.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, ZhenLiu Zhou, and RongSheng Xu

Abstract

The BIOS's security threats to computer system are analyzed and security requirements for firmware BIOS are summarized in this paper. Through discussion about TCG's trust transitivity, a new approach about CRTM implementation based on BIOS is developed. In this paper, we also put forward a new trusted BIOS architecture-UTBIOS which is built on Intel Framework for EFI/UEFI. The trustworthiness of UTBIOS is based on trusted hardware TPM. In UTBIOS, trust encapsulation and trust measurement are used to construct pre-OS trust chain. Performance of trust measurement is also analyzed in the end. [ABSTRACT FROM AUTHOR]

Published

2008

32. Detection and Diagnosis of Control Interception.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Chang-Hsien Tsai, and Shih-Kun Huang

Abstract

Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs. [ABSTRACT FROM AUTHOR]

Published

2008

33. A Novel Approach for Untrusted Code Execution.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Yan Wen, and Jinjing Zhao

Abstract

In this paper, we present a new approach called Secure Virtual Execution Environment (SVEE) which enables users to "try out" untrusted software without the fear of damaging the system in any manner. A key feature of SVEE is that it implements the OS isolation by executing untrusted code in a hosted virtual machine. Another key feature is that SVEE faithfully reproduces the behavior of applications, as if they were running natively on the underlying host OS. SVEE also provides a convenient way to compare the changes within SVEE and host OS. Referring to these comparison results, users can make a decision to commit these changes or not. With these powerful characteristics, SVEE supports a wide range of tasks, including the study of malicious code, controlled execution of untrusted software and so on. This paper focuses on the execution model of SVEE and the security evaluation for this model. [ABSTRACT FROM AUTHOR]

Published

2008

34. Auth-SL - A System for the Specification and Enforcement of Quality-Based Authentication Policies.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Squicciarini, Anna C., and Bhargav-Spantzel, Abhilasha

Abstract

This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules. In addition the language supports a rich set of constraints; by using these constraints, one can specify for example that a subject must be authenticated by two credentials issued by different authorities. The paper presents a logical definition of the language and its corresponding XML encoding. It also reports an implementation of the proposed authentication system in the context of the FreeBSD Unix operating system (OS). Critical issues in the implementation are discussed and performance results are reported. These results show that the implementation is very efficient. [ABSTRACT FROM AUTHOR]

Published

2008

35. Toward Practical Anonymous Rerandomizable RCCA Secure Encryptions.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Xue, Rui, and Feng, Dengguo

Abstract

Replayable adaptively chosen ciphertext attack (RCCA) security is a relaxation of popular adaptively chosen ciphertext attack (CCA) security for public key encryption system. Unlike CCA security, RCCA security allows modifying a ciphertext into a new ciphertext of the same message. One of the open questions is that if there exists a perfectly rerandomizable RCCA secure encryption [4]. Prabhakaran and Rosulek recently answered this question affirmatively [14]. The scheme they proposed (PR scheme for short) is composed of a double-strands Cramer-Shoup schemes that involves as many as 56 exponents in encryption and 65 exponents in decryption, and 55 exponents operations during rerandomization. We present a practical perfectly rerandomizable RCCA secure encryption system in this paper. The system constitutes of two layers of encryptions. One layer carries message, the other layer carries a random quantity used to hiding the message in previous layer. This random quantity in the encryption also works as correlation between the two parts of encryption such that they are formed in a prescribed way. The proposed construction dramatically reduces the complexities, compared with PR scheme, to 15 exponents in encryption, 6 exponents decryption as well as 16 exponents operations in rerandomization. Besides the practical feature, our scheme is also the first receiver anonymous, perfectly rerandomizable RCCA secure encryption, which settles an open question in [14]. The scheme is secure under DDH assumption. [ABSTRACT FROM AUTHOR]

Published

2008

36. Extending FORK-256 Attack to the Full Hash Function.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Contini, Scott, and Matusiewicz, Krystian

Abstract

In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions for the FORK-256 hash function was presented [8]. The paper contained examples of near-collisions for the compression function, but in practice the attack could not be extended to the full function due to large memory requirements and computation time. In this paper we improve the attack and show that it is possible to find near-collisions in practice for any given value of IV. In particular, this means that the full hash function with the prespecified IV is vulnerable in practice, not just in theory. We exhibit an example near-collision for the complete hash function. [ABSTRACT FROM AUTHOR]

Published

2008

37. Differential Fault Analysis on CLEFIA.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Hua Chen, and Wenling Wu

Abstract

CLEFIA is a new 128-bit block cipher proposed by SONY corporation recently. The fundamental structure of CLEFIA is a generalized Feistel structure consisting of 4 data lines. In this paper, the strength of CLEFIA against the differential fault attack is explored. Our attack adopts the byte-oriented model of random faults. Through inducing randomly one byte fault in one round, four bytes of faults can be simultaneously obtained in the next round, which can efficiently reduce the total induce times in the attack. After attacking the last several rounds' encryptions, the original secret key can be recovered based on some analysis of the key schedule. The data complexity analysis and experiments show that only about 18 faulty ciphertexts are needed to recover the entire 128-bit secret key and about 54 faulty ciphertexts for 192/256-bit keys. [ABSTRACT FROM AUTHOR]

Published

2008

38. Modeling Agreement Problems in the Universal Composability Framework.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Terada, Masayuki, and Yoneyama, Kazuki

Abstract

Agreement problems are one of the keys to distributed computing. In this paper, we propose a construction of the ideal-model functionality of one of the most important agreement problems, non-blocking atomic commitment (NBAC), in the universally-composability (UC) framework. NBAC is not only important in realizing dependable transactions in distributed computing environments but also useful in constructing security protocols that require the fairness property, such as fair exchange protocols. Our construction of NBAC functionality (namely ${\mathcal F}_{\rm NBAC}$) is exactly equivalent to the NBAC definition; it is formally proved that a protocol UC-securely realizes ${\mathcal F}_{\rm NBAC}$if and only if the protocol is an NBAC protocol. The proposed functionality and its proof of equivalence to NBAC enables the NBAC protocols to be used as a provably secure building block, and thus makes it much easier to feasibly and securely create higher-level protocols. [ABSTRACT FROM AUTHOR]

Published

2008

39. Secure Multiparty Computation of DNF.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, and Kun Peng

Abstract

Homomorphism based multiparty computation techniques are studied in this paper as they have several advantages over the other multiparty computation schemes. A new homomorphism based multiparty computation technique is proposed to evaluate functions in DNF form. The new technique exploits homomorphism of a certain sealing function to evaluate a function in DNF. The new technique has two advantages over the existing homomorphism based multiparty computation schemes. Firstly, it supports any input format. Secondly, a general method to reduce any function to DNFs is proposed in this paper. With this method, functions like the famous millionaire problem can be reduced to DNFs and efficiently evaluated. Security of the new scheme is formally defined in the static active adversary model and proved in a new simulation model. [ABSTRACT FROM AUTHOR]

Published

2008

40. Power Efficient Hardware Architecture of SHA-1 Algorithm for Trusted Mobile Computing.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Mooseop Kim, and Jaecheol Ryou

Abstract

The Trusted Mobile Platform (TMP) is developed and promoted by the Trusted Computing Group (TCG), which is an industry standard body to enhance the security of the mobile computing environment. The built-in SHA-1 engine in TMP is one of the most important circuit blocks and contributes the performance of the whole platform because it is used as key primitives supporting platform integrity and command authentication. Mobile platforms have very stringent limitations with respect to available power, physical circuit area, and cost. Therefore special architecture and design methods for low power SHA-1 circuit are required. In this paper, we present a novel and efficient hardware architecture of low power SHA-1 design for TMP. Our low power SHA-1 hardware can compute 512-bit data block using less than 7,000 gates and has a power consumption about 1.1 mA on a 0.25μm CMOS process. [ABSTRACT FROM AUTHOR]

Published

2008

41. A System Architecture for History-Based Access Control for XML Documents.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Röder, Patrick, and Tafreschi, Omid

Abstract

In this paper, we present a history-based model which considers not only the content of an XML document to define access, but also how this content was created. The last aspect is an important factor for access control. Within the proposed model, the creation of documents is stored in histories, which also contain the source and destination of copied document parts. This enables us to define access depending on the origin of document parts. Applying this model in an environment where multiple users can edit documents concurrently is a challenging task, since access decisions depend on other documents, which are possibly edited at the same time. For this purpose, we present a system architecture which supports an efficient workflow and reduces the overhead for determining access rights of documents depending on other documents. [ABSTRACT FROM AUTHOR]

Published

2008

42. Square Like Attack on Camellia.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Lei Duo, and Chao Li

Abstract

In this paper, a square like attack on Camellia is presented, by which 9-round 128-bit key Camellia without FL/FL− 1 functions layer and whitening is breakable with complexity of 2 86.9 encryptions and 266 data and 12-round 256-bit key Camellia without FL/FL− 1 function layer and whitening is breakable with the complexity of 2250.8 encryptions and 266 data. And we can also apply such method to block cipher having XORing sBoxes in diffusion layer. [ABSTRACT FROM AUTHOR]

Published

2008

43. What Semantic Equivalences Are Suitable for Non-interference Properties in Computer Security.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Xiaowei Huang, and Li Jiao

Abstract

Non-interference properties are an important class of security properties. Many different non-interference properties have been presented based on different underlying models including the process algebraic languages. Usually, in specifying the non-interference properties using process algebraic languages, a specific semantic equivalence is introduced. Though weak bisimulation based non-interference properties have been studied extensively, it is not always satisfactory. This paper considers the topic on pursuing a probably more suitable semantic equivalence for specifying the non-interference properties. We find several alternatives, e.g., should testing equivalence, impossible future equivalence and possible future equivalence, etc. As another topic in the paper, based on the structural operational semantics, we suggest a compositional rule format, the SISNNI format, for an impossible future equivalence based non-interference property, i.e., the SISNNI property. We show that the SISNNI property is compositional in any SISNNI languages, i.e., languages in the SISNNI format. [ABSTRACT FROM AUTHOR]

Published

2008

44. A Framework for Game-Based Security Proofs.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, and Nowak, David

Abstract

To be accepted, a cryptographic scheme must come with a proof that it satisfies some standard security properties. However, because cryptographic schemes are based on non-trivial mathematics, proofs are error-prone and difficult to check. The main contributions of this paper are a refinement of the game-based approach to security proofs, and its implementation on top of the proof assistant Coq. The proof assistant checks that the proof is correct and deals with the mundane part of the proof. An interesting feature of our framework is that our proofs are formal enough to be mechanically checked, but still readable enough to be humanly checked. We illustrate the use of our framework by proving in a systematic way the so-called semantic security of the encryption scheme Elgamal and its hashed version. [ABSTRACT FROM AUTHOR]

Published

2008

45. Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, and Jiqiang Lu

Abstract

SMS4 is a 32-round block cipher with a 128-bit block size and a 128-bit user key. It is used in WAPI, the Chinese WLAN national standard. In this paper, we present a rectangle attack on 14-round SMS4, and an impossible differential attack on 16-round SMS4. These are better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds. [ABSTRACT FROM AUTHOR]

Published

2008

46. Boudot's Range-Bounded Commitment Scheme Revisited.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Imai, Hideki, Guilin Wang, Zhengjun Cao, and Lihua Liu

Abstract

Checking whether a committed integer lies in a specific interval has many cryptographic applications. In Eurocrypt'98, Chan et al. proposed an instantiation (CFT Proof). Based on CFT, Boudot presented a popular range-bounded commitment scheme in Eurocrypt'2000. Both CFT Proof and Boudot Proof are based on the encryption $E(x, r)=g^xh^r\ \mbox{mod}\ n$, where n is an RSA modulus whose factorization is unknown by the prover. They did not use a single base as usual. Thus an increase in cost occurs. In this paper, we show that it suffices to adopt a single base. The cost of the modified Boudot Proof is about half of that of the original scheme. Moreover, the key restriction in the original scheme, i.e., both the discrete logarithm of g in base h and the discrete logarithm of h in base g are unknown by the prover, which is a potential menace to the Boudot Proof, is definitely removed. [ABSTRACT FROM AUTHOR]

Published

2008

47. Compact and Secure Design of Masked AES S-Box.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, Zakeri, Babak, and Salmasizadeh, Mahmoud

Abstract

Composite field arithmetic is known as an alternative method for lookup tables in implementation of S-box block of AES algorithm. The idea is to breakdown the computations to lower order fields and compute the inverse there. Recently this idea have been used both for reducing the area in implementation of S-boxes and masking implementations of AES algorithm. The most compact design using this technique is presented by Canright using only 92 gates for an S-box block. In another approach, IAIK laboratory has presented a masked implementation of AES algorithm with higher security comparing common masking methods using Composite field arithmetic. Our work in this paper is to use basic ideas of the two approaches above to get a compact masked S-box. We shall use the idea of masking inversion of IAIK's masked S-box but we will rewrite the equations using normal basis. We arrange the terms in these equations in a way that the optimized functions in Canright's compact S-box can be used for our design. An implementation of IAIK's masked S-box is also presented using Canright's polynomial functions to have a fair comparison between our design and IAIK's design. Moreover, we show that this design which uses two special normal basis for GF(16) and GF(4) is the smallest. We shall also prove the security of this design using some lemmas. [ABSTRACT FROM AUTHOR]

Published

2008

48. MDH: A High Speed Multi-phase Dynamic Hash String Matching Algorithm for Large-Scale Pattern Set.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Zongwei Zhou, and Yibo Xue

Abstract

String matching algorithm is one of the key technologies in numerous network security applications and systems. Nowadays, the increasing network bandwidth and pattern set size both calls for high speed string matching algorithm for large-scale pattern set. This paper proposes a novel algorithm called Multi-phase Dynamic Hash (MDH), which cut down the memory requirement by multi-phase hash and explore valuable pattern set information to speed up searching procedure by dynamic-cut heuristics. The experimental results demonstrate that MDH can improve matching performance by 100% to 300% comparing with other popular algorithms, whereas the memory requirement stays in a comparatively low level. [ABSTRACT FROM AUTHOR]

Published

2008

49. High Speed Modular Divider Based on GCD Algorithm.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Qing, Sihan, Imai, Hideki, Wang, Guilin, and Zadeh, Abdulah Abdulah

Abstract

GCD algorithm is a well known algorithm for computing modular division and inversion which is widely used in Elliptic Curve Cryptography (ECC). Also division is the most time-consuming operation in Elliptic and Hyperelliptic Curve Cryptography. The conventional radix-2 GCD algorithm, is performed modular division over GF(2m) in approximately 2m iterations (or clock cycles). These algorithms consist of at least four comparisons at each iteration. In this paper the conventional algorithm is extended to radix-4. To increase the efficiency of algorithm the number of comparisons is reduced. So the algorithm enables very fast computation of division over GF(2m). The proposed algorithm described in such a way that its hardware realization is straightforward. The implemented results show reducing the division time to m clock cycles. Also the proposed architecture is compared with other reported dividers and it has been shown that the proposed architecture only occupies %14 more LUT (over GF(2163)) while the computation time is decreased to half. [ABSTRACT FROM AUTHOR]

Published

2008

50. On the Design of Fast Prefix-Preserving IP Address Anonymization Scheme.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sihan Qing, Hideki Imai, Guilin Wang, Qianli Zhang, and Jilong Wang

Abstract

Traffic traces are generally anonymized before used in analysis. Prefix-preserving anonymization is often used to avoid privacy issues as well as preserve prefix relationship after anonymization. To facilitate research on real time high speed network traffic, address anonymization algorithm should be fast and consistent. In this paper, the bit string based algorithm and the embedded bit string algorithm will be introduced. Bit string based algorithm uses precomputed bit string to improve the anonymization performance. Instead of only using the LSB of each Rijndael output, the embedded bit string algorithm will take advantage of the full size Rijndael output to anonymize several bits at the same time. The implementation can be downloaded from https://sourceforge.net/projects/ipanon. [ABSTRACT FROM AUTHOR]

Published

2008