356 research outputs found
A practical forgery and state recovery attack on the authenticated cipher PANDA-s
PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a
state recovery attack against PANDA-s with time complexity about under the known-plaintext-attack model, which needs 137 pairs of known plaintext/ciphertext and about 2GB memories. Our attack is practical in a small workstation. Based on the above attack, we further deduce a forgery attack against PANDA-s, which can forge a legal ciphertext of an arbitrary plaintext . The results show that PANDA-s is insecure
A Forgery Attack against PANDA-s
\panda~is an authenticated encryption scheme designed by Ye {\it et al.}, and submitted to the CAESAR competition.
The designers claim that \pandas, which is one of the designs of the \panda-family, provides 128-bit security in the nonce misuse model.
In this note, we describe our forgery attack against \pandas.
Our attack works in the nonce misuse model.
It exploits the fact that the message processing function and the finalization function are identical,
and thus a variant of the length-extension attack can be applied.
We can find a tag for a pre-specified formatted message with 2 encryption oracle calls, computational cost, and negligible memory
General Classification of the Authenticated Encryption Schemes for the CAESAR Competition
An Authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the ``Competition for Authenticated Encryption: Security, Applicability, and Robustness\u27\u27) was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes
that offer advantages over AES-GCM and are suitable for widespread adoption.
The first round started with 57 candidates in March 2014; and nine of these
first-round candidates where broken and withdrawn from the competition. The
remaining 48 candidates went through an intense process of review, analysis
and comparison. While the cryptographic community benefits greatly from the
manifold different submission designs, their sheer number
implies a challenging amount of study. This paper provides
an easy-to-grasp overview over functional aspects, security parameters, and
robustness offerings by the CAESAR candidates, clustered by their underlying
designs (block-cipher-, stream-cipher-, permutation-/sponge-,
compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round
Time Stamped Proxy Blind Signature Scheme With Proxy Revocation Based on Discrete Logarithm Problem
Proxy blind signature combines both the properties of blind signature and proxy signature. In a proxy blind signature scheme, the proxy signer is allowed to generate a blind signature on behalf of the original signer. It is a protocol played by three parties in which a user obtains a proxy signer’s signature for a desired message and the proxy signer learns nothing about the message. During the verification of a proxy blind signature scheme, the verifier cannot get whether signing is within the delegation period or after delegation period. In this thesis a time stamped proxy blind signature scheme with proxy revocation is proposed which records the time stamp during the proxy signing phase and satisfies all the security properties of proxy blind signature i.e distinguishability, nonrepudiation, unforgeability, verifiability, identifiability, unlinkability, prevention of misuse. In a proxy revocation scheme, the original signer can terminate the delegation power of a proxy signer before the completion of delegation period. Proxy blind signature has wide applications in real life scenarios, such as, e-cash, e-voting and e-commerece applications
A Mediated Definite Delegation Model allowing for Certified Grid Job Submission
Grid computing infrastructures need to provide traceability and accounting of
their users" activity and protection against misuse and privilege escalation. A
central aspect of multi-user Grid job environments is the necessary delegation
of privileges in the course of a job submission. With respect to these generic
requirements this document describes an improved handling of multi-user Grid
jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security
analysis of the ALICE Grid job model is presented with derived security
objectives, followed by a discussion of existing approaches of unrestricted
delegation based on X.509 proxy certificates and the Grid middleware gLExec.
Unrestricted delegation has severe security consequences and limitations, most
importantly allowing for identity theft and forgery of delegated assignments.
These limitations are discussed and formulated, both in general and with
respect to an adoption in line with multi-user Grid jobs. Based on the
architecture of the ALICE Grid Services, a new general model of mediated
definite delegation is developed and formulated, allowing a broker to assign
context-sensitive user privileges to agents. The model provides strong
accountability and long- term traceability. A prototype implementation allowing
for certified Grid jobs is presented including a potential interaction with
gLExec. The achieved improvements regarding system security, malicious job
exploitation, identity protection, and accountability are emphasized, followed
by a discussion of non- repudiation in the face of malicious Grid jobs
Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy
Cloud storage services have become accessible and used by everyone.
Nevertheless, stored data are dependable on the behavior of the cloud servers,
and losses and damages often occur. One solution is to regularly audit the
cloud servers in order to check the integrity of the stored data. The Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
presented in ACISP'15 is a straightforward design of such solution. However,
this scheme is threatened by several attacks. In this paper, we carefully
recall the definition of this scheme as well as explain how its security is
dramatically menaced. Moreover, we proposed two new constructions for Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
based on the scheme presented in ACISP'15, one using Index Hash Tables and one
based on Merkle Hash Trees. We show that the two schemes are secure and
privacy-preserving in the random oracle model.Comment: ISPEC 201
Color My World: Deterministic Tagging for Memory Safety
Hardware-assisted memory protection features are increasingly being deployed
in COTS processors. ARMv8.5 Memory Tagging Extensions (MTE) is a recent
example, which has been used to provide probabilistic checks for memory safety.
This use of MTE is not secure against the standard adversary with arbitrary
read/write access to memory. Consequently MTE is used as a software development
tool. In this paper we present the first design for deterministic memory
protection using MTE that can resist the standard adversary, and hence is
suitable for post-deployment memory safety. We describe our compiler extensions
for LLVM Clang implementing static analysis and subsequent MTE instrumentation.
Via a comprehensive evaluation we show that our scheme is effective
- …