1,199 research outputs found
Input-shrinking functions: theory and application
In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may
leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of
leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits,
respectively.
Our results come with instantiations and analysis of concrete parameters.
Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key
Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers.
Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key
Exchange (PAKE) protocol secure in the Universally Composable (UC) framework.
The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be
efficiently implementable in practice.
In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random
choice instead of averaging sampler, but we are able to show an efficient implementation of it.
Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol.
To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work.
In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model.
However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the
standard model.
In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters
and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field
Sufficient condition for ephemeral key-leakage resilient tripartite key exchange
17th Australasian Conference on Information Security and Privacy, ACISP 2012; Wollongong, NSW; Australia; 9 July 2012 through 11 July 2012Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead. The first one-round authenticated 3KE version that preserved the unique efficiency properties of the original protocol and strengthened its security towards resilience against leakage of ephemeral (session-dependent) secrets was proposed recently by Manulis, Suzuki, and Ustaoglu (ICISC 2009). In this work we explore sufficient conditions for building such protocols. We define a set of admissible polynomials and show how their construction generically implies 3KE protocols with the desired security and efficiency properties. Our result generalizes the previous 3KE protocol and gives rise to many new authenticated constructions, all of which enjoy forward secrecy and resilience to ephemeral key-leakage under the gap Bilinear Diffie-Hellman assumption in the random oracle model. © 2012 Springer-Verlag
Leakage-resilient biometric-based remote user authentication with fuzzy extractors
National Research Foundation (NRF) Singapor
On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard
Wireless Body Area Networks (WBAN) support a variety of real-time health
monitoring and consumer electronics applications. The latest international
standard for WBAN is the IEEE 802.15.6. The security association in this
standard includes four elliptic curve-based key agreement protocols that are
used for generating a master key. In this paper, we challenge the security of
the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols
to several attacks. We perform a security analysis on the protocols, and show
that they all have security problems, and are vulnerable to different attacks
BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks
BANZKP is the best to date Zero Knowledge Proof (ZKP) based secure
lightweight and energy efficient authentication scheme designed for Wireless
Area Network (WBAN). It is vulnerable to several security attacks such as the
replay attack, Distributed Denial-of-Service (DDoS) attacks at sink and
redundancy information crack. However, BANZKP needs an end-to-end
authentication which is not compliant with the human body postural mobility. We
propose a new scheme BAN-GZKP. Our scheme improves both the security and
postural mobility resilience of BANZKP. Moreover, BAN-GZKP uses only a
three-phase authentication which is optimal in the class of ZKP protocols. To
fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key
allocation and a Hop-by-Hop authentication definition. We further prove the
reliability of our scheme to various attacks including those to which BANZKP is
vulnerable. Furthermore, via extensive simulations we prove that our scheme,
BAN-GZKP, outperforms BANZKP in terms of reliability to human body postural
mobility for various network parameters (end-to-end delay, number of packets
exchanged in the network, number of transmissions). We compared both schemes
using representative convergecast strategies with various transmission rates
and human postural mobility. Finally, it is important to mention that BAN-GZKP
has no additional cost compared to BANZKP in terms memory, computational
complexity or energy consumption
Deniable Key Establishment Resistance against eKCI Attacks
In extended Key Compromise Impersonation (eKCI) attack against authenticated key establishment (AKE) protocols the adversary impersonates one party, having the long term key and the ephemeral key of the other peer party. Such an attack can be mounted against variety of AKE protocols, including 3-pass HMQV. An intuitive countermeasure, based on BLS (BonehâLynnâShacham) signatures, for strengthening HMQV was proposed in literature. The original HMQV protocol fulfills the deniability property: a party can deny its participation in the protocol execution, as the peer party can create a fake protocol transcript indistinguishable from the real one. Unfortunately, the modified BLS based version of HMQV is not deniable. In this paper we propose a method for converting HMQV (and similar AKE protocols) into a protocol resistant to eKCI attacks but without losing the original deniability property. For that purpose, instead of the undeniable BLS, we use a modification of Schnorr authentication protocol, which is deniable and immune to ephemeral key leakages
Secure data storage and retrieval in cloud computing
Nowadays cloud computing has been widely recognised as one of the most inuential information technologies because of its unprecedented advantages. In spite of its widely recognised social and economic benefits, in cloud computing customers lose the direct control of their data and completely rely on the cloud to manage their data and computation, which raises significant security and privacy concerns and is one of the major barriers to the adoption of public cloud by many organisations and individuals. Therefore, it is desirable to apply practical security approaches to address the security risks for the wide adoption of cloud computing
Efficient public-key cryptography with bounded leakage and tamper resilience
We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions.
The model of bounded tamper resistance was recently put forward by DamgÄrd et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
On the design of forgiving biometric security systems
This work aims to highlight the fundamental issue surrounding biometric security
systems: it's all very nice until a biometric is forged, but what do we do after that? Granted,
biometric systems are by physical nature supposedly much harder to forge than other factors
of authentication since biometrics on a human body are by right unique to the particular human
person. Yet it is also due to this physical nature that makes it much more catastrophic
when a forgery does occur, because it implies that this uniqueness has been forged as well,
threatening the human individuality; and since crime has by convention relied on identifying
suspects by biometric characteristics, loss of this biometric uniqueness has devastating consequences
on the freedom and basic human rights of the victimized individual. This uniqueness
forgery implication also raises the motivation on the adversary to forge since a successful
forgery leads to much more impersonation situations when biometric systems are used i.e.
physical presence at crime scenes, identi cation and access to security systems and premises,
access to nancial accounts and hence the ability to use the victim's nances. Depending on
the gains, a desperate highly motivated adversary may even resort to directly obtaining the
victim's biometric parts by force e.g. severing the parts from the victim's body; this poses
a risk and threat not just to the individual's uniqueness claim but also to personal safety
and well being. One may then wonder if it is worth putting one's assets, property and safety
into the hands of biometrics based systems when the consequences of biometric forgery far
outweigh the consequences of system compromises when no biometrics are used
- âŠ