Analysis and Improvement of an Authentication Scheme in Incremental Cryptography

International audienceIntroduced in cryptography by Bellare, Goldreich and Goldwasser in 1994, incrementality is an attractive feature that enables to update efficiently a cryptographic output like a ciphertext, a signature or an authentication tag after modifying the corresponding input. This property is very valuable in large scale systems where gigabytes of data are continuously processed (e.g. in cloud storage). Adding cryptographic operations on such systems can decrease dramatically their performance and incrementality is an interesting solution to have security at a reduced cost.We focus on the so-called XOR-scheme, the first incremental authentication construction proposed by Bellare, Goldreich and Goldwasser, and the only strongly incremental scheme (i.e. incremental regarding insert and delete update operations at any position in a document). Surprisingly, we found a simple attack on this construction that breaks the basic security claimed by the authors in 1994 with only one authentication query (not necessarily chosen). Our analysis gives different ways to fix the scheme; some of these patches are discussed in this paper and we provide a security proof for one of them

Transparent code authentication at the processor level

The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure