Your search keyword '"COMPUTER network protocols"' showing total 279 results

1. Device Onboarding Using FDO and the Untrusted Installer Model.

Author

Cooper, Geoffrey H.

Subjects

*INTERNET of things, *COMPUTER security, *COMPUTER network protocols, *DATA structures, *WIRELESS Internet, *DATA encryption, *COMPUTER systems, *INSTALLATION of equipment

Abstract

The Internet of Things (IoT) market has expanded significantly, encompassing various sectors like home, retail, manufacturing, and transportation, with millions of devices and servers dedicated to monitoring real-world aspects. Regardless of the field, all IoT devices share the characteristic of transitioning from initial ownership to target application ownership to fulfill their intended functions, a process known as onboarding, which requires fast, reliable, and secure interaction between devices and servers. Two distinct approaches to onboarding, trusted and untrusted installers, exist, with trusted installers employing configurator tools to establish trust between devices and servers, while untrusted installers rely on mechanisms like ownership vouchers for authentication, offering scalability and parallel device onboarding.

Published

2024

2. A Messy State of the Union: Taming the Composite State Machines of TLS.

Author

Beurdouche, Benjamin, Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Fournet, Cédric, Kohlweiss, Markulf, Pironti, Alfredo, Strub, Pierre-Yves, and Zinzindohoue, Jean Karim

Subjects

*COMPUTER network protocols, *FINITE state machines, *CLIENT/SERVER computing, *COMPUTER security

Abstract

The Transport Layer Security (TLS) protocol supports various authentication modes, key exchange methods, and protocol extensions. Confusingly, each combination may prescribe a different message sequence between the client and the server, and thus a key challenge for TLS implementations is to define a composite state machine that correctly handles these combinations. If the state machine is too restrictive, the implementation may fail to interoperate with others; if it is too liberal, it may allow unexpected message sequences that break the security of the protocol. We systematically test popular TLS implementations and find unexpected transitions in many of their state machines that have stayed hidden for years. We show how some of these flaws lead to critical security vulnerabilities, such as FREAK. While testing can help find such bugs, formal verification can prevent them entirely. To this end, we implement and formally verify a new composite state machine for OpenSSL, a popular TLS library. [ABSTRACT FROM AUTHOR]

Published

2017

3. Networking Named Content.

Author

Jacobson, Van, Smetters, Diana K., Thornton, James D., Plass, Michael, Briggs, Nick, and Braynard, Rebecca

Subjects

*COMPUTER network security, *NETWORK routers, *COMPUTER architecture, *COMPUTER security, *COMPUTER network protocols, *DATA protection, *COMPUTER operating systems, *MANAGEMENT

Abstract

Current network use is dominated by content distribution and retrieval yet current networking protocols are designed for conversations between hosts. Accessing content and services requires mapping from the what that users care about to the network's where. We present Content-Centric Networking (CCN) which uses content chunks as a primitive---decoupling location from identity, security and access, and retrieving chunks of content by name. Using new approaches to routing named content, derived from IP, CCN simultaneously achieves scalability, security, and performance. We describe our implementation of the architecture's basic features and demonstrate its performance and resilience with secure file downloads and VoIP calls. [ABSTRACT FROM AUTHOR]

Published

2012

4. Formally analyzed m-coupon protocol with confirmation code (MCWCC).

Author

YILDIRIM, Kerim, DALKILIÇ, Gökhan, and DURU, Nevcihan

Subjects

*ELECTRONIC coupons (Retail trade), *COMPUTER network protocols, *MOBILE apps, *CONSUMER behavior, *COMPUTER security

Abstract

There are many marketing methods used to attract customers' attention and customers search for special discounts and conduct research to get products cheaper. Using discount coupons is one of the widely used methods for obtaining discounts. With the development of technology, classical paper-based discount coupons become e-coupons and then turn into mobile coupons (m-coupons). It is inevitable that retailers will use m-coupon technology to attract customers while mobile devices are used in daily life. As a result, m-coupon technology is a promising technology. One of the significant problems with using m-coupons is security. Here it is necessary to ensure the safety of the seller's and retailer's data and to prevent unnecessary loss of income. In this study, a new m-coupon protocol is proposed and analyzed against well-known attacks: impersonation, man-in-the-middle, eavesdropping, replay, data modification, unauthorized coupon copying/generation, and multiple cash-in attacks. Then, to show that both the client and the retailer's data are at the highest level of security, the protocol is subjected to security analysis with a powerful protocol analysis tool, Scyther. Thus, the proposed protocol is proved to meet all safety criteria. To the best of our knowledge, this protocol is the first m-coupon protocol for which formal security analysis is conducted by the protocol's developers. [ABSTRACT FROM AUTHOR]

Published

2019

5. A PUF-based hardware mutual authentication protocol.

Author

Barbareschi, Mario, De Benedictis, Alessandra, and Mazzocca, Nicola

Subjects

*COMPUTER access control, *COMPUTER network protocols, *COMPUTER security, *UNIQUENESS (Mathematics), *COMPUTER architecture

Abstract

Physically Unclonable Functions (PUFs) represent a promising security primitive due to their unclonability, uniqueness and tamper-evident properties, and have been recently exploited for device identification and authentication, and for secret key generation and storage purposes. In this paper, we present PHEMAP (Physical Hardware-Enabled Mutual Authentication Protocol), that allows to achieve mutual authentication in a one-to-many communication scenario, where multiple devices are connected to a sink node. The protocol exploits the recursive invocation of the PUF embedded on the devices to generate sequences (chains) of values that are used to achieve synchronization among communicating parties. We demonstrate that, under reasonable assumptions, PHEMAP is secure and robust against man-in-the-middle attacks and other common physical attacks. We discuss PHEMAP performance in several operation conditions, by measuring the efficiency of the protocol when varying some of the underlying parameters. Finally, we present an implementation of PHEMAP on devices hosting an FPGA belonging to the Xilinx Zynq-7000 family and embedding an Anderson PUF architecture, and show that the computation and hardware overhead introduced by the protocol makes it feasible for commercial mid-range devices. [ABSTRACT FROM AUTHOR]

Published

2018

6. An automatic RFID reader-to-reader delegation protocol for SCM in cloud computing environment.

Author

Anandhi, S., Anitha, R., and Sureshkumar, Venkatasamy

Subjects

*RADIO frequency identification systems, *CLOUD computing, *COMPUTER security, *COMPUTER network protocols, *COMPUTER access control, *ELECTRONIC authentication, *DATA encryption

Abstract

Radio frequency identification (RFID) technology enables unique identification and tracking of the tag attached to an object. Widespread usage of RFID technologies in supply chain management (SCM) has drawn attention for developing security protocols to protect data stored in the tag. In SCM objects move from one place/department to another, the same RFID readers are not used throughout the supply chain. So, current reader delegates its access right to the new reader. When an object is moved inside the organization, delegation takes place between the readers. Many of the existing delegation protocols use trusted third party (TTP), which is practically difficult to incorporate or requires a keyed hash function/symmetric key encryption to be executed in the RFID tag, whereas tags are computationally intensive. Our work aims to simplify the delegation process by removing the usage of a TTP as well as eliminating reader-to-reader communication which avoids fixing the reader sequence in advance. Also, it preserves the security and privacy requirements for cloud-based applications. The proposed protocol withstands many attacks like tracing attack, tag impersonation attack, reader impersonation attack, and privacy attack. The proposed protocol not only resists the above-mentioned attacks but also achieves mutual authentication, anonymity property, and forward/backward secrecy. The proposed protocol is analyzed formally using GNY logic, which ensures that the protocol achieves mutual authentication. Performance analysis is carried out and it shows that our protocol is relatively better than the existing related schemes with respect to tag computation and communication cost. [ABSTRACT FROM AUTHOR]

Published

2018

7. WiFi Attack Vectors.

Author

Berghel, Hal and Uecker, Jacob

Subjects

*COMPUTER security, *IEEE 802.11 (Standard), *COMPUTER network protocols, *COMPUTER hackers, *ETHERNET, *COMPUTERS

Abstract

The article presents information on security risks of WiFi connectivity. While many users may know that WiFi is vulnerable to hacking, far fewer know why. The genesis of the wireless insecurity problem was the 802.11 standard. The vulnerabilities were built into the protocols. Nowhere is this more evident than in the bungled implementation of the RC4 symmetric, stream cipher algorithm in the implementation of Wired Equivalent Privacy (WEP). The WEP implementation of RC4 is flawed in several ways. It should be noted that even if the implementation of RC4 was corrected, WEP would still be vulnerable to replay attacks, checksum forging, message integrity check forging, and sundry authentication attacks resulting from the fact that both the plaintext challenge and cipher text response are broadcast. IEEE standard for IV selection was ambiguous, so many wireless vendors use sequential IV generators that begin with 00:00:00 and wrap with FF:FF:FF. Other WEP weaknesses that may be exploited include defective key-generation implementations. INSET: URL Pearls.

Published

2005

8. Wireless Infidelity II: Airjacking.

Author

Berghel, Hal and Uecker, Jacob

Subjects

*WIRELESS communications, *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *COMPUTER operating systems, *COMPUTER network protocols

Abstract

This article assesses the extent of the security risks involved in wireless networking technology by considering three possible scenarios demonstrating vulnerabilities. The Service Set ID (SSID) is a 32 byte or less network name of a service set. This name is used by other network devices to initiate a connection. Wireless Application Protocols (WAP) may be configured as "open" or "closed." In the open mode, the WAP broadcasts its SSID to the world, while in closed mode, it does not. A computer with a WiFi card set to SSID=ANY will attempt to authenticate with the open WAPs with the strongest signals. This is called association polling and is built into Windows XP by default when wireless is enabled. The goal of Wired Equivalent Privacy (WEP) was to bring some of the security available in wired networks to WiFi. Unfortunately, the designers bungled the job. WEP suffers from two fundamental deficiencies — it was poorly designed and it was poorly implemented. Other than that, it's fine. A key WEP vulnerability results from the implementation of the RC4 symmetric stream cipher algorithm. INSET: URL Pearls.

Published

2004

9. Standards Insecurity.

Author

Mercuri, Rebecca T.

Subjects

*STANDARDS, *COMPUTER industry, *CERTIFICATION, *COMPUTER security, *COMPUTER network protocols

Abstract

This article presents the author's comments on the authenticity of standards meant for the computer industry. It is informed that standards play a significant and vital role for the industry by enforcing security baselines and enabling compatibilities among various products. However, the author holds that, they should not be relied on blindly. According to the author, despite the creation of a standard through an open process, transparency in the certification process is not guaranteed.

Published

2003

10. SECURITY FLAWS IN 802.11 DATA LINK PROTOCOLS.

Author

Cam-Winget, Nancy, Housley, Russ, Wagner, David, and Walker, Jesse

Subjects

*COMPUTER network security, *COMPUTER network protocols, *COMPUTER security, *WIRELESS LANs, *LOCAL area networks, *WIRELESS communications

Abstract

This article investigates the security problems in the 802.11-based data link protocol, Wireless Equivalent Privacy (WEP). It is evident that anyone with a radio receiver can eavesdrop on a wireless local area network (WLAN), and therefore widely acknowledged that a WLAN needs a mechanism to counter this threat. The IEEE 802.11 standard defines a data confidentiality mechanism known as WEP. The security goal of WEP is data confidentiality equivalent to that of a wired LAN. WEP falls short of this objective, which is an intuitively appealing but vague security goal. As a consequence, WEP was insufficiently thought through, and numerous flaws quickly appeared. The discovery of shortcomings led to a process to replace WEP by more robust security protocols. The study of WEP flaws illustrates the difficulties in security protocol design. An understanding of these flaws helps clarify the choices made by the designers of the new protocols. WEP has several serious inherent problems. It does not meet its fundamental goals of wired-equivalent confidentiality.

Published

2003

11. Caustic Cookies.

Author

Berghel, Hal

Subjects

*COOKIES (Computer science), *HTTP (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *HARD disks, *INFORMATION resources management

Abstract

The article discusses that cookies can be beneficial in electronic commerce but can invade personal privacy. The modern Websites' medium is defined, enabled, and constrained by a pair of Internet protocols, HTTP and HTML. HTTP is a platform-independent, client/server protocol defined for any packet-switched digital network that supports the lower-level Transmission Control Protocol /Internet Protocol suite. HTTP is an application layer protocol that sits directly a top Transmission Control Protocol, which in turn sits atop Internet Protocol. HTTP is rather unique, in that it is stateless. Once the transaction cycle is complete, the connection between client and server is disconnected. HTTP needs transaction persistence. The persistence would take the form of depositing digital information on the client's hard disk. This persistent state object came to be known as cookies. In any case, the technical description of a cookie is a piece of transaction state information left on the client before the HTTP transaction cycle is concluded. Included in this state Cookies are virtually unlimited in the range of information they can store. When such information gets stored in cookies, it is most likely the result of an end user unwisely volunteering this information in the first place. INSET: Berghel's URL Pearls..

Published

2001

12. A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

Author

Baig, Ahmed Fraz, Hassan, Khwaja Mansoor ul, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Khan, Imran, and Ashraf, Muhammad Usman

Subjects

*WIRELESS communications, *TELECOMMUNICATION systems, *COMPUTER network protocols, *COMPUTER networks, *BIOMETRIC identification

Abstract

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. [ABSTRACT FROM AUTHOR]

Published

2018

13. An efficient anonymous authentication protocol in multiple server communication networks (EAAM).

Author

Braeken, An, Kumar, Pardeep, Liyanage, Madhusanka, and Hue, Ta Thi Kim

Subjects

*COMPUTER network protocols, *COMPUTER access control, *MULTI-factor authentication, *BIOMETRIC identification, *COMPUTER security, *CRYPTOGRAPHY

Abstract

In a multi-server authentication environment, a user only needs to register once at a central registration place before accessing the different services on the different registered servers. Both, from a user point of view as for the management and maintenance of the infrastructure, these types of environments become more and more popular. Smartcard- or smartphone-based approaches lead to more secure systems because they offer two- or three-factor authentication, based on the strict combination of the user’s password, the user’s biometrics and the possession of the device. In this paper, we propose an efficient anonymous authentication protocol in multiple server communication networks, called the EAAM protocol, which is able to establish user anonymity, mutual authentication, and resistance against known security attacks. The novelty of the proposed scheme is that it does not require a secure channel during the registration between the user and the registration center and is resistant to a curious but honest registration system. These features are established in a highly efficient way with the minimum amount of communication flows between user and server during the establishment of the secret shared key and by using light-weight cryptographic techniques such as Chebyshev chaotic map techniques and symmetric key cryptography. The performance and security of the protocol are analyzed and compared with the latest new proposals in this field. [ABSTRACT FROM AUTHOR]

Published

2018

14. Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Author

Wen, Shameng, Meng, Qingkun, Feng, Chao, and Tang, Chaojing

Subjects

*REVERSE engineering, *COMPUTER network protocols, *FUZZY logic, *PROTOTYPES, *COMPUTER security

Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. [ABSTRACT FROM AUTHOR]

Published

2017

15. On probabilistic snap-stabilization.

Author

Altisen, Karine and Devismes, Stéphane

Subjects

*MESSAGE passing (Computer science), *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *COMPUTING platforms

Abstract

In this paper, we introduce probabilistic snap-stabilization . We relax the definition of deterministic snap-stabilization without compromising its safety guarantees. In an unsafe environment, a probabilistically snap-stabilizing algorithm satisfies its safety property immediately after the last fault; whereas its liveness property is only ensured with probability 1. We show that probabilistic snap-stabilization is more expressive than its deterministic counterpart. Indeed, we propose two probabilistic snap-stabilizing algorithms for a problem having no deterministic snap- or self-stabilizing solution: guaranteed service leader election in arbitrary anonymous networks. This problem consists in computing a correct answer to each process that initiates the question “Am I the leader of the network?,” i.e. , (1) processes always compute the same answer to that question and (2) exactly one process computes the answer true . Our solutions being probabilistically snap-stabilizing, the answers are only delivered within an almost surely finite time; however any delivered answer is correct, regardless the arbitrary initial configuration and provided the question has been properly started. [ABSTRACT FROM AUTHOR]

Published

2017

16. Privacy-enhanced attribute-based private information retrieval.

Author

Lai, Jianchang, Mu, Yi, Guo, Fuchun, Jiang, Peng, and Susilo, Willy

Subjects

*DATA privacy, *INFORMATION storage & retrieval systems, *COMPUTER network protocols, *COMPUTER security, *COMPUTER users

Abstract

A private information retrieval protocol allows a user to retrieve w th data item (or k items) of its choice from a database of N data items without revealing its choice w to the server. The traditional private information retrieval protocols based on the notion of oblivious transfer must publish the description of each data item stored in the database in order for the user to make a choice before users run the protocol (each data item’s content is not revealed though). Aiming to eliminate the information leakage of the data item in the private information retrieval system, in this work, we propose a novel attribute-based private information retrieval protocol which can enhance the data privacy. In our proposed protocol, each data item is associated with a set of attributes which is not made public to users who are only given a universal attribute set, which reveals no information about individual data item. For each query, the user can only obtain the data items whose attributes are within its chosen attribute set. We provide a rigorous security analysis of our protocol and demonstrate its efficiency and feasibility. [ABSTRACT FROM AUTHOR]

Published

2018

17. Securing The Commercial Internet.

Author

Bhimani, Anish

Subjects

*COMPUTER network security, *COMPUTER security, *WORLD Wide Web, *DATA protection, *FIREWALLS (Computer security), *COMPUTER network protocols

Abstract

The Internet can bring down physical barriers to commerce, almost immediately giving even the smallest business access to untapped markets around the world. By the same token, consumers can conduct business and make purchases from organizations previously unavailable to them. Armed with these goals, individuals have flocked to the Internet, and most businesses have set out to set up storefronts on the Internet and its World Wide Web. Just about every major business in the U.S., perhaps in the world, has a home page on the Internet on which can be found information about their services and products. As the Internet grew, the community expanded, and the existing security framework was found lacking. Over the past few years, people have seen evidence of this fact, in the form of Internet-based attacks on commercial systems. Awareness of these attacks has spawned the use of network security tools, such as firewalls, to protect individual networks from attack. More sophisticated attacks can take advantage of basic flaws in the Internet's infrastructure. INSET: Basic Flaws in Internet Infrastructure..

Published

1996

18. Distributing Trust with the Rampart Toolkit.

Author

Reiter, Michael K.

Subjects

*COMPUTER network protocols, *COMPUTER security, *SYSTEMS design, *COMPUTER programming, *COMPUTER software, *COMPUTER networks

Abstract

The article describes a research on distributing trust among a group of nodes. Central to this effort is a toolkit of group communication protocols called Rampart. The Rampart group communication protocols are designed to distribute trust among a group of nodes in a distributed system so while individual nodes need not be fully trusted, the group can be. An overarching goal of computer security mechanisms is to limit the extent to which each component of a system must be trusted to implement a desired security policy. This goal leads to system designs in which components are labeled trusted or untrusted. Rampant supports distributed process groups, a programming paradigm shown to simply construction of distributed programs tolerant of simple failures. Rampart has been adapted for two notable applications: sealed-bid auctions and cryptographic key management. Initial experiences with the system indicate that it can greatly simplify the task of distributing trust among multiple nodes in a system, and that it performs sufficiently well to support a wide range of applications.

Published

1996

19. Securing Cyberspace.

Author

Ganesan, Ravi and Sandhu, Ravi

Subjects

*COMPUTER security, *CYBERSPACE, *DISTRIBUTED computing, *ELECTRONIC commerce, *COMPUTER crimes, *COMPUTER network protocols

Abstract

The development, and especially deployment, of security technologies has not kept space of the heightened threats a distributed connected environment presents. Distributed systems make commercial environments more vulnerable than ever before, and hence the demand for security technologies by this sector of the marketplace is rapidly increasing. The growth of technologies such as electronic commerce mandates the duplication of security paradigms implicit in the paper world. Among the attacks that can often be mounted in a low-tech fashion are denial of service attacks. In these attacks, an intruder does not necessarily steal information but instead, for profit or for pure malicious delight, disrupts all your operations. A seemingly secure protocol can have extremely subtle problems that compromise the security of the system in a very unsubtle and dramatic function. It is also a stark reminder to all that the state of the art in proving or certifying security properties is at best an inexact science.

Published

1994

20. Cryptanalysis and Protocol Failures.

Author

Simmons, Gustavus J.

Subjects

*CRYPTOGRAPHY, *COMPUTER network protocols, *COMPUTER security, *COMPUTER algorithms, *CRYPTOGRAMS, *COMPUTATIONAL complexity, *COMPUTER science

Abstract

This article presents examples of protocol failures in cryptographic operations. In many protocols, the security of the cryptographic portion is progressively weakened as a result of the protocol being exercised, for example, by reducing the size of the key space that one would have to search to identify an active cryptographic key but these are not considered examples of true protocol failures, even though they are clearly examples of potential sources of failure in the intended security function of a protocol. Finding and fixing failures of the latter type is the function of conventional analysis of cryptoalgorithms. An algorithm or protocol can be unconditionally secure, computationally secure, provably secure, or, of course, insecure. A scheme is said to be unconditionally secure if the probability of breaking it is independent of the computing resources and time an opponent is able or willing to spend. A scheme is said to be computationally secure if breaking it requires an attacker to carry out some computation that is possible in principle but for which all known methods of execution require an infeasible amount of computation.

Published

1994

21. A Randomized Protocol for Signing Contracts.

Author

Even, Shimon, Goldreich, Oded, Lempel, Abraham, and Horowitz, Ellis

Subjects

*COMPUTER network protocols, *COMPUTER networks, *BUSINESS communication, *PROBABILITY theory, *COMPUTER security, *DATA protection

Abstract

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented. The protocols use a 1-out-of-2 oblivious transfer subprotocol which is axiomatically defined. The l-out-of-2 oblivious transfer allows one party to transfer exactly one secret, out of two recognizable secrets to his counterpart. The first (second) secret is received with probability one half while the sender is ignorant of which secret has been received. An implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented. [ABSTRACT FROM AUTHOR]

Published

1985

22. Timestamps in Keys Distribution Protocols.

Author

Denning, Dorothy E., Sacco, Giovanni Maria, and Gaines, R. Stockton

Subjects

*COMPUTER network protocols, *DATA encryption, *DATA transmission systems, *INFORMATION networks, *COMPUTER security, *DATA protection

Abstract

The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake. [ABSTRACT FROM AUTHOR]

Published

1981

23. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model.

Author

Wu, Zehui and Wei, Qiang

Subjects

*SOFTWARE-defined networking, *COMPUTER security, *PROGRAMMABLE controllers, *QUALITATIVE chemical analysis, *COMPUTER network protocols

Abstract

SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results. [ABSTRACT FROM AUTHOR]

Published

2017

24. An analysis of safety evidence management with the Structured Assurance Case Metamodel.

Author

de la Vara, Jose Luis, Génova, Gonzalo, Álvarez-Rodríguez, Jose María, and Llorens, Juan

Subjects

*COMPUTER network protocols, *COMPUTER interfaces, *COMPUTER science, *INDUSTRIAL safety, *COMPUTER security

Abstract

SACM (Structured Assurance Case Metamodel) is a standard for assurance case specification and exchange. It consists of an argumentation metamodel and an evidence metamodel for justifying that a system satisfies certain requirements. For assurance of safety-critical systems, SACM can be used to manage safety evidence and to specify safety cases. The standard is a promising initiative towards harmonizing and improving system assurance practices, but its suitability for safety evidence management needs to be further studied. To this end, this paper studies how SACM 1.1 supports this activity according to requirements from industry and from prior work. We have analysed the notion of evidence in SACM, its evidence lifecycle, the classes and associations of the evidence metamodel, and the link of this metamodel with the argumentation one. As a result, we have identified several improvement opportunities and extension possibilities in SACM. The notions of evidence and evidence assertion should be clarified, the overlaps between metamodel elements should be reduced, and a wider support to the lifecycle of the artefacts used as safety evidence could be provided. Addressing these aspects will allow SACM to better fit safety evidence management needs and practices, especially beyond the scope of a safety case. The results and the conclusions drawn are especially valuable for practitioners interested in SACM adoption and vendors interested in developing tool support for SACM-based safety evidence management. [ABSTRACT FROM AUTHOR]

Published

2017

25. Comparison of group key establishment protocols.

Author

SŞAHİN, Serap and ASLANOĞLU, Rabia

Subjects

*COMPUTER network protocols, *KEY agreement protocols (Computer network protocols), *WIRELESS Application Protocol (Computer network protocol), *COMPUTER security, *CRYPTOGRAPHY

Abstract

Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing-based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users. [ABSTRACT FROM AUTHOR]

Published

2017

26. Combinatorial Methods in Security Testing.

Author

Simos, Dimitris E., Kuhn, Rick, Voyiatzis, Artemios G., and Kacker, Raghu

Subjects

*COMPUTER security, *COMBINATORICS, *COMPUTER software security, *COMPUTER network protocols, *INTERNET of things

Abstract

Combinatorial methods can make software security testing much more efficient and effective than conventional approaches. [ABSTRACT FROM PUBLISHER]

Published

2016

27. Designing and Modeling of Covert Channels in Operating Systems.

Author

Lin, Yuqi, Malik, Saif U. R., Bilal, Kashif, Yang, Qiusong, Wang, Yongji, and Khan, Samee U.

Subjects

*COMPUTER operating systems, *COMPUTER security, *DATA security failures, *CLOUD computing, *FINITE state machines, *COMPUTER network protocols

Abstract

Covert channels are widely considered as a major risk of information leakage in various operating systems, such as desktop, cloud, and mobile systems. The existing works of modeling covert channels have mainly focused on using finite state machines (FSMs) and their transforms to describe the process of covert channel transmission. However, a FSM is rather an abstract model, where information about the shared resource, synchronization, and encoding/decoding cannot be presented in the model, making it difficult for researchers to realize and analyze the covert channels. In this paper, we use the high-level Petri Nets (HLPN) to model the structural and behavioral properties of covert channels. We use the HLPN to model the classic covert channel protocol. Moreover, the results from the analysis of the HLPN model are used to highlight the major shortcomings and interferences in the protocol. Furthermore, we propose two new covert channel models, namely: (a) two channel transmission protocol (TCTP) model and (b) self-adaptive protocol (SAP) model. The TCTP model circumvents the mutual inferences in encoding and synchronization operations; whereas the SAP model uses sleeping time and redundancy check to ensure correct transmission in an environment with strong noise. To demonstrate the correctness and usability of our proposed models in heterogeneous environments, we implement the TCTP and SAP in three different systems: (a) Linux, (b) Xen, and (c) Fiasco.OC. Our implementation also indicates the practicability of the models in heterogeneous, scalable and flexible environments. [ABSTRACT FROM AUTHOR]

Published

2016

28. Novel Duplicate Address Detection with Hash Function.

Author

Song, GuangJia and Ji, ZhenZhou

Subjects

*INTERNET protocol address, *COMPARATIVE studies, *COMPUTER network protocols, *COMPUTER security, *COMPUTER simulation

Abstract

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. [ABSTRACT FROM AUTHOR]

Published

2016

29. Contributory Broadcast Encryption with Efficient Encryption and Short Ciphertexts.

Author

Wu, Qianhong, Qin, Bo, Zhang, Lei, Domingo-Ferrer, Josep, Farras, Oriol, and Manjon, Jesus A.

Subjects

*BROADCAST engineering, *DATA encryption, *CIPHERS, *SCHEME programming language, *COMPUTER network protocols, *COMPUTER security

Abstract

Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision $n$ -Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols. [ABSTRACT FROM AUTHOR]

Published

2016

30. Toward secure large-scale machine-to-machine comm unications in 3GPP networks: chall enges and solutions.

Author

Lai, Chengzhe, Lu, Rongxing, Zheng, Dong, Li, Hui, and Shen, Xuemin (sherman)

Subjects

*MACHINE-to-machine communications, *LONG-Term Evolution (Telecommunications), *MOBILE computing, *COMPUTER network protocols, *COMPUTER security, *STANDARDS

Abstract

With trillions of machines connecting to mobile communication networks to provide a wide variety of applications, supporting a massive number of machine-to-machine (M2M) communications devices has been considered an essential requirement for mobile operators. Meanwhile, cyber security is of paramount importance in M2M as all applications involving M2M cannot be widely accepted without security guarantees. In this article we focus on the standardization activities of 3GPP, especially group-based security for largescale M2M communications in 3GPP networks. We first introduce the main components of the machine-type communication (MTC) security architecture. Then we discuss several major challenges for group-oriented secure M2M communications in 3GPP systems, i.e. authentication signalling congestion and overload, and group message protection. Specifically, we identify the performance issues of authentication signalling congestion and overload in no/low mobility scenarios, and propose three group access authentication and key agreement protocols. Moreover, several 3GPP candidate solutions for group message protection are introduced. Finally, we present key issues and research directions related to group-based secure M2M communications, including security, privacy, and efficiency in mobility scenarios of MTC, and flexible and efficient group key management. [ABSTRACT FROM AUTHOR]

Published

2015

31. Formal analysis of privacy in Direct Anonymous Attestation schemes.

Author

Smyth, Ben, Ryan, Mark D., and Chen, Liqun

Subjects

*MATHEMATICAL equivalence, *RSA algorithm, *COMPUTER security, *DATA privacy, *COMPUTER network protocols, *CRYPTOGRAPHY

Abstract

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy. [ABSTRACT FROM AUTHOR]

Published

2015

32. Vulnerability aware graphs for RFID protocol security benchmarking.

Author

Chang, Shan, Lu, Li, Liu, Xiaoqiang, Song, Hui, and Yao, Qingsong

Subjects

*GRAPH theory, *RADIO frequency identification systems, *COMPUTER network protocols, *COMPUTER security, *BENCHMARK problems (Computer science)

Abstract

Security and privacy issues in Radio Frequency Identification (RFID) systems mainly result from limited storage and computation resources of RFID tags and unpredictable communication environment. Although many security protocols for RFID system have been proposed, most of them have various flaws. We propose a random graph-based methodology enabling automated benchmarking of RFID security. First, we formalize the capability of adversaries by a set of atomic actions. Second, Vulnerability Aware Graphs (VAGs) were developed to elaborate the interactions between adversaries and RFID systems, which are used to discover the potential attacks of adversaries via some paths on the graphs. The quantitative analysis on VAGs can predict the probability that the adversary leverages the potential flaws to perform attacks. Moreover, a joint entropy-based method is provided to measure the indistinguishability of RFID tags under passive attacks. Analysis and simulation were conducted to show the validity and effectiveness of VAGs. [ABSTRACT FROM AUTHOR]

Published

2015

33. Safeguarding 5G wireless communication networks using physical layer security.

Author

Yang, Nan, Wang, Lifeng, Geraci, Giovanni, Elkashlan, Maged, Yuan, Jinhong, and Renzo, Marco

Subjects

*WIRELESS Application Protocol (Computer network protocol), *COMPUTER network protocols, *COMPUTER security, *COMPUTER engineering, *WIRELESS communications, *PHYSICAL layer security

Abstract

The fifth generation (5G) network will serve as a key enabler in meeting the continuously increasing demands for future wireless applications, including an ultra-high data rate, an ultrawide radio coverage, an ultra-large number of devices, and an ultra-low latency. This article examines security, a pivotal issue in the 5G network where wireless transmissions are inherently vulnerable to security breaches. Specifically, we focus on physical layer security, which safeguards data confidentiality by exploiting the intrinsic randomness of the communications medium and reaping the benefits offered by the disruptive technologies to 5G. Among various technologies, the three most promising ones are discussed: heterogenous networks, massive multiple-input multiple-output, and millimeter wave. On the basis of the key principles of each technology, we identify the rich opportunities and the outstanding challenges that security designers must tackle. Such an identification is expected to decisively advance the understanding of future physical layer security. [ABSTRACT FROM PUBLISHER]

Published

2015

34. Optimistic fair exchange in the enhanced chosen-key model.

Author

Wang, Yang, Au, Man Ho, and Susilo, Willy

Subjects

*COMPUTER security, *COMPUTER network protocols, *CYBERTERRORISM, *DIGITAL signatures, *SCHEME programming language

Abstract

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the existing chosen-key model through two concrete OFE schemes that serve as counterexamples. Finally, we revisit two existing generic constructions of optimistic fair exchange schemes, one based on verifiably encrypted signatures, and the other based on conventional signatures and ring signatures. Our result shows that the two generic approaches can still offer schemes secure in our enhanced model, which captures the real scenario that dishonest users may have access to the full signatures generated by the signer. [ABSTRACT FROM AUTHOR]

Published

2015

35. An efficient client-client password-based authentication scheme with provable security.

Author

Farash, Mohammad and Attari, Mahmoud

Subjects

*CLIENT/SERVER computing, *COMPUTER passwords, *COMPUTER access control, *COMPUTER security, *COMPUTER network protocols

Abstract

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso's protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso's protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model. [ABSTRACT FROM AUTHOR]

Published

2014

36. A BSP algorithm for on-the-fly checking CTL* formulas on security protocols.

Author

Gava, Frédéric, Pommereau, Franck, and Guedj, Michaël

Subjects

*COMPUTER security, *PARALLEL algorithms, *COMPUTER network protocols, *MATHEMATICAL formulas, *PROTOTYPES

Abstract

This paper presents a distributed (Bulk-Synchronous Parallel or bsp) algorithm to compute on-the-fly whether a structured model of a security protocol satisfies a ctl $$^*$$ formula. Using the structured nature of the security protocols allows us to design a simple method to distribute the state space under consideration in a need-driven fashion. Based on this distribution of the states, the algorithm for logical checking of a ltl formula can be simplified and optimised allowing, with few tricky modifications, the design of an efficient algorithm for ctl $$^*$$ checking. Some prototype implementations have been developed, allowing to run benchmarks to investigate the parallel behaviour of our algorithms. [ABSTRACT FROM AUTHOR]

Published

2014

37. Secure Hamming distance based record linkage with malicious adversaries.

Author

Zhang, Bo, Cheng, Rong, and Zhang, Fangguo

Subjects

*COMPUTER security, *HAMMING distance, *MALWARE, *DATABASES, *COMPUTER network protocols, *DATA encryption

Abstract

Record linkage aims at finding the matching records from two or multiple different databases. Many approximate string matching methods in privacy-preserving record linkage have been presented. In this paper, we study the problem of secure record linkage between two data files in the two-party computation setting. We note that two records are linked when all the Hamming distances between their attributes are smaller than some fixed thresholds. We firstly construct two efficient secure protocols for computing the powers of an encrypted value and implementing zero test on an encrypted value, then present an efficient protocol within constant rounds for computing the Hamming distance based record linkage in the presence of malicious adversaries by transferring these two protocols. We also discuss the extension of our protocol for settling the Levenshtein distance based record linkage problem. [ABSTRACT FROM AUTHOR]

Published

2014

38. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity.

Author

Wang, Ding, Wang, Nan, Wang, Ping, and Qing, Sihan

Subjects

*COMPUTER security, *MATHEMATICAL proofs, *COMPUTER access control, *DATA security, *COMPUTER network protocols

Abstract

Due to its simplicity, portability and robustness, two-factor authentication has received much interest in the past two decades. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In ICISC 2012, Kim–Kim presented an efficient two-factor authentication scheme that attempts to provide user anonymity and to guard against various known attacks, offering many merits over existing works. However, in this paper we shall show that user privacy of Kim–Kim’s scheme is achieved at the price of severe usability downgrade – a de-synchronization attack on user’s pseudonym identities may render the scheme completely unusable unless the user re-registers. Besides this defect, it is also prone to known key attack and privileged insider attack. It is noted that our de-synchronization attack can also be applied to several latest schemes that strive to preserve user anonymity. As our main contribution, an enhanced scheme with provable security is suggested, and what we believe is most interesting is that superior security and privacy can be achieved at nearly no additional communication or computation cost. As far as we know, this work is the first one that defines a formal model to capture the feature of user un-traceability and that highlights the damaging threat of de-synchronization attack on privacy-preserving two-factor authentication schemes. [ABSTRACT FROM AUTHOR]

Published

2015

39. Protocol insecurity with a finite number of sessions and a cost-sensitive guessing intruder is NP-complete.

Author

Adão, Pedro, Mateus, Paulo, and Viganò, Luca

Subjects

*COMPUTER network protocols, *CYBERTERRORISM, *COMPUTER security, *MODULES (Algebra), *NP-complete problems, *DATA analysis

Abstract

Abstract: Guessing attacks in security protocols arise when honest agents make use of data easily guessable by an intruder, such as passwords generated from a small dictionary. A way to model such attacks is to formalize a Dolev–Yao style model with inference rules that capture the additional capabilities of the intruder concerning guessable data. In this paper, we formalize a cost-sensitive intruder deduction system where information is available at a cost. The intruder may apply standard operations to deduce new messages from his current knowledge, or invoke an oracle rule that allows him to get hold of data that was previously unknown to him. Our system manipulates data items by means of inference rules and uses labels to keep track of the costs associated to the application of each rule. This allows us to answer the question of what is the cost of deducing a particular data that was meant to remain a secret between honest protocol participants. We also investigate the complexity of this quantitative insecurity problem and show that it is NP-complete in the case of a finite number of protocol sessions. [Copyright &y& Elsevier]

Published

2014

40. On the Efficiency of Classical and Quantum Secure Function Evaluation.

Author

Winkler, Severin and Wullschleger, Jurg

Subjects

*COMPUTER security, *MATHEMATICAL bounds, *ENTROPY (Information theory), *QUANTUM mechanics, *COMPUTER network protocols, *QUANTUM communication, *QUANTUM computing

Abstract

We provide bounds on the efficiency of secure one-sided output two-party computation of arbitrary finite functions from trusted distributed randomness in the statistical case. From these results, we derive bounds on the efficiency of protocols that use different variants of oblivious transfer (OT) as a black box. When applied to implementations of OT, these bounds generalize most known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. In the second part, we study the efficiency of quantum protocols implementing OT. While most classical lower bounds for perfectly secure reductions of OT to distributed randomness still hold in the quantum setting, we present a statistically secure protocol that violates these bounds by an arbitrarily large factor. We then prove a weaker lower bound that does hold in the statistical quantum setting and implies that even quantum protocols cannot extend OT. Finally, we present two lower bounds for reductions of OT to commitments and a protocol based on string commitments that is optimal with respect to both of these bounds. [ABSTRACT FROM PUBLISHER]

Published

2014

41. Clone wars: Distributed detection of clone attacks in mobile WSNs.

Author

Conti, M., Di Pietro, R., and Spognardi, A.

Subjects

*WIRELESS sensor networks, *COMPUTER security, *COMPUTER network protocols, *INFORMATION sharing, *DETECTORS, *CYBERTERRORISM

Abstract

Abstract: Among security challenges raised by mobile Wireless Sensor Networks, clone attack is particularly dreadful since it makes an adversary able to subvert the behavior of a network just leveraging a few replicas of some previously compromised sensors. In this work, we provide several contributions: first, we introduce two novel realistic adversary models, the vanishing and the persistent adversary, characterized by different compromising capability. We then propose two distributed, efficient, and cooperative protocols to detect replicas: History Information-exchange Protocol (HIP) and its optimized version (HOP). Both HIP and HOP leverage just local (one-hop) communications and node mobility, and differ for the amount of computation required. We study their behavior against the introduced types of attacker, considering two different mobility models and comparing our solutions against the state of the art. Both analysis and simulation results show that our solutions are effective and efficient, providing high detection rate, while incurring limited overhead. [Copyright &y& Elsevier]

Published

2014

42. Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys.

Author

Woo, Jeffrey Lok Tin and Tripunitara, Mahesh V.

Subjects

*CRYPTOGRAPHY, *COMPUTER security, *CLIENT/SERVER computing, *AUTHENTICATION (Law), *COMPUTER network protocols

Abstract

We motivate and present two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY) for authenticated transport of cryptographic keys for secure group-communication in enterprise and public-safety settings. A technical challenge, and our main contribution, is the analysis of the security of the composition. Towards this, we design our compositions to have intuitive appeal and thereby less prone to security vulnerabilities. We then employ protocol composition logic (PCL), a state-of-the-art approach for analyzing our composition. For this, we first articulate two properties that are of interest. Both properties are on the group key that is transported; we call them Group Key Confidentiality and Acquisition. Group Key Confidentiality is the property that if a principal possesses the key, then it is an authorized member of the group. Group Key Acquisition is the property that if a principal is a member of the group, then it is able to acquire the group key. In the course of our rigorous analysis, we discovered a flaw in our first design, which we point out, and which lead us to our second design. We have implemented both designs starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. Our implementations are available as open-source. We discuss our experience from the implementation, and present empirical results. [ABSTRACT FROM PUBLISHER]

Published

2014

43. Analytical evaluation of a time- and energy-efficient security protocol for IP-enabled sensors.

Author

Astorga, Jasone, Jacob, Eduardo, Toledo, Nerea, and Aguado, Marina

Subjects

*ENERGY consumption, *COMPUTER security, *INTERNET protocols, *COMPUTER network protocols, *DATA transmission systems, *WIRELESS sensor networks

Abstract

Highlights: [•] There is a lack of end-to-end security mechanisms tailored to IP-enabled sensors. [•] Ladon is proposed as end-to-end authentication and authorization protocol. [•] We evaluate the time and energy cost of executing Ladon on the protected sensors. [•] Ladon is proved to be a suitable security protocol for resource-deprived devices. [ABSTRACT FROM AUTHOR]

Published

2014

44. Model checking quantum Markov chains.

Author

Feng, Yuan, Yu, Nengkun, and Ying, Mingsheng

Subjects

*MARKOV processes, *QUANTUM theory, *COMPUTER security, *QUANTUM cryptography, *QUANTUM mechanics, *COMPUTER network protocols

Abstract

Abstract: Although security of quantum cryptography is provable based on principles of quantum mechanics, it can be compromised by flaws in the design of quantum protocols. So, it is indispensable to develop techniques for verifying and debugging quantum cryptographic systems. Model-checking has proved to be effective in the verification of classical cryptographic protocols, but an essential difficulty arises when it is applied to quantum systems: the state space of a quantum system is always a continuum even when its dimension is finite. To overcome this difficulty, we introduce a novel notion of quantum Markov chain, especially suited for modelling quantum cryptographic protocols, in which quantum effects are encoded as super-operators labelling transitions, leaving the location information (nodes) being classical. Then we define a quantum extension of probabilistic computation tree logic (PCTL) and develop a model-checking algorithm for quantum Markov chains. [Copyright &y& Elsevier]

Published

2013

45. Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier.

Author

Marin, Leandro, Jara, Antonio, and Skarmeta Gomez, Antonio

Subjects

*COMBINATORIAL optimization, *CRYPTOGRAPHY, *COMPUTER input-output equipment, *COMPUTER security, *INTERNET of things, *COMPUTER network protocols

Abstract

Abstract: Security for the Internet of Things (IoT) presents the challenge of offering suitable security primitives to enable IP-based security protocols such as IPSec and DTLS. This challenge is here because host-based implementations and solutions are not providing a proper performance over the devices used in the IoT. This is mainly because of the use of highly constraint devices in terms of computational capabilities. Therefore, it is necessary to implement new optimized and scalable cryptographic primitives which can use existing protocols to provide security, authentication, privacy and integrity to the communications. Our research focus on the mathematical optimization of cryptographic primitives for Public Key Cryptography (PKC) based on Elliptic Curve Cryptography (ECC). PKC has been considered, since the IoT requires high scalability, multi-domain interoperability, self-commissioning, and self-identification. Specifically, this contribution presents a set of optimizations for ECC over constrained devices, and a brief tutorial of its implementation in the microprocessor Texas Instrument MSP430 (Briel, 2000) [1] (commonly used in IoT devices such as 6LoWPAN, active RFID and DASH7). Our main contribution is the proof that these special pseudo-Mersenne primes, which we have denominated ‘shifting primes’ can be used for ECC primitives with 160-bit keys in a highly optimal way. This paper presents an ECC scalar multiplication with 160-bit keys within 5.4 million clock cycles over MSP430 devices without hardware multiplier. Shifting primes provide a set of features, which make them more compliant with the set of instructions available with tiny CPUs such as the MSP430 and other 8 and 16-bit CPUs. [Copyright &y& Elsevier]

Published

2013

46. Multi-recastable e-bidding game with dual-blindness.

Author

Fan, Chun-I, Wu, Chien-Nan, Sun, Wei-Zhe, and Chen, Wei-Kuei

Subjects

*AUCTIONS, *GAME theory, *ELECTRONIC commerce, *INTERNET, *COMPUTER security, *COMPUTER network protocols

Abstract

Abstract: Electronic auctions (e-auction) enable bidders to bid for diverse sold objects under an electronic platform via the Internet. Relevant literature has presented numerous online bidding auction schemes considering different security issues. However, none of them can satisfy all essential properties simultaneously and some of them possess security vulnerabilities. For example, the winner cannot hold the properties of anonymity and unlinkability without re-registration for the auction of another product. In order to cope with the above problems, this study presents an e-auction scheme which owns the following features: every bidder’s anonymity during the entire auction, unlinkability among plural auctions of different selling topics, unforgeability, no framing (tamper resistance of bidding tickets), non-repudiation, public verifiability of all bidding tickets, and easy revocation for illegal activities. In our e-bidding protocol, all participants can take part in a sequence of different auctions for various products unlimitedly after performing one time of registration, where the winner does not need to re-register again, either. We formally prove the security of the proposed scheme and also provide comparisons to show that it is the most efficient one as compared with previous works. [Copyright &y& Elsevier]

Published

2013

47. A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols.

Author

Choo, Kim-Kwang Raymond, Nam, Junghyun, and Won, Dongho

Subjects

*COMPUTER network protocols, *MATHEMATICAL proofs, *NUMERICAL calculations, *COMPUTER security, *IDENTITIES (Mathematics)

Abstract

We describe a mechanical approach to derive identity-based (ID-based) protocols from existing Diffie–Hellman-based ones. As case studies, we present the ID-based versions of the Unified Model protocol, UMP-ID, Blake-Wilson et al. (1997)’s protocol, BJM-ID, and Krawczyk (2005)’s HMQV protocol, HMQV-ID. We describe the calculations required to be modified in existing proofs. We conclude with a comparative security and efficiency of the three proposed ID-based protocols (relative to other similar published protocols) and demonstrate that our proposed ID-based protocols are computationally efficient. [ABSTRACT FROM AUTHOR]

Published

2014

48. Deciding equivalence-based properties using constraint solving.

Author

Cheval, Vincent, Cortier, Véronique, and Delaune, Stéphanie

Subjects

*CONSTRAINT satisfaction, *PROBLEM solving, *COMPUTER network protocols, *COMPUTER security, *COMPUTER access control, *CRYPTOGRAPHY

Abstract

Abstract: Formal methods have proved their usefulness for analyzing the security of protocols. Most existing results focus on trace properties like secrecy or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require a notion of behavioral equivalence. Typical examples are anonymity, privacy related properties or statements closer to security properties used in cryptography. In this paper, we consider three notions of equivalence defined in the applied pi calculus: observational equivalence, may-testing equivalence, and trace equivalence. First, we study the relationship between these three notions. We show that for determinate processes, observational equivalence actually coincides with trace equivalence, a notion simpler to reason with. We exhibit a large class of determinate processes, called simple processes, that capture most existing protocols and cryptographic primitives. While trace equivalence and may-testing equivalence seem very similar, we show that may-testing equivalence is actually strictly stronger than trace equivalence. We prove that the two notions coincide for image-finite processes, such as processes without replication. Second, we reduce the decidability of trace equivalence (for finite processes) to deciding symbolic equivalence between sets of constraint systems. For simple processes without replication and with trivial else branches, it turns out that it is actually sufficient to decide symbolic equivalence between pairs of positive constraint systems. Thanks to this reduction and relying on a result first proved by M. Baudet, this yields the first decidability result of observational equivalence for a general class of equational theories (for processes without else branch nor replication). Moreover, based on another decidability result for deciding equivalence between sets of constraint systems, we get decidability of trace equivalence for processes with else branch for standard primitives. [Copyright &y& Elsevier]

Published

2013

49. New attacks and security model of the secure flash disk.

Author

Wang, An, Li, Zheng, Yang, Xianwen, and Yu, Yanyan

Subjects

*COMPUTER security, *MOBILE apps, *DATA encryption, *COMPUTER access control, *INFORMATION theory, *COMPUTER network protocols, *PERFORMANCE evaluation

Abstract

Abstract: Nowadays, the secure flash disk is the most common secure mobile storage device. Two conventional schemes, flash encryption and identity authentication, are used to ensure the security of the information stored in it, but there is no comprehensive security model. We summarize three shortcomings of it: the USB cable is very easy to be monitored; the disk is not applicable to a big group and does not resist the corruption attack. In this paper, a new attack named USB cable monitor attack is proposed and implemented. In order to overcome the existing shortcomings, we give a notion of “secure group flash disk” and its security model. Accordingly, a set of universal cryptographic strategies and a concrete authenticated key exchange protocol are devised, whose security can be proved via the universally composable security model. Based on the strategies, the system architecture of this USB flash disk is designed. An IP core of the USB device controller is implemented and verified on a FPGA, so that the performance superiority can be given. Our experiment shows that our strategies can perfectly solve the problems of USB cable monitor, group application, and resistance to corruption. [Copyright &y& Elsevier]

Published

2013

50. NAPADI NA IEEE802.11 BEŽIČNE MREŽE.

Author

Tepšić, Dejan M. and Veinović, Mladen Đ.

Subjects

*WIRELESS communications, *COMPUTER security, *COMPUTER network protocols, *DATA encryption, *ALGORITHMS

Abstract

Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i) later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. [ABSTRACT FROM AUTHOR]

Published

2013