Efficient Authenticated Encryption Schemes with Public Verifiability

An authenticated encryption scheme allows messages to be encrypted and authenticated simultaneously. In 2003, Ma and Chen proposed such a scheme with public verifiability. That is, in their scheme the receiver can efficiently prove to a third party that a message is indeed originated from a specific sender. In this paper, we first identify two security weaknesses in the Ma-Chen authenticated encryption scheme. Then, based on the Schnorr signature, we proposed an efficient and secure improved scheme such that all the desired security requirements are satisfied.Comment: Early version appears in the Proc. of The 60th IEEE Vehicular Technology Conference (VTC 2004-Fall) - Wireless Technologies for Global Security. IEEE, 200

Effective Caching for the Secure Content Distribution in Information-Centric Networking

The secure distribution of protected content requires consumer authentication and involves the conventional method of end-to-end encryption. However, in information-centric networking (ICN) the end-to-end encryption makes the content caching ineffective since encrypted content stored in a cache is useless for any consumer except those who know the encryption key. For effective caching of encrypted content in ICN, we propose a novel scheme, called the Secure Distribution of Protected Content (SDPC). SDPC ensures that only authenticated consumers can access the content. The SDPC is a lightweight authentication and key distribution protocol; it allows consumer nodes to verify the originality of the published article by using a symmetric key encryption. The security of the SDPC was proved with BAN logic and Scyther tool verification.Comment: 7 pages, 9 figures, 2018 IEEE 87th Vehicular Technology Conference (VTC Spring

Real-time encryption and authentication of medical video streams on FPGA

This work presents an FPGA-based solution for the encryption and authentication of video streams of surgeries. The most important is minimal latency. To achieve this, a block cipher with an authenticated mode of operation is used. We choose to use AES128 with Galois/Counter Mode (GCM), because the this mode of operation is patent-free and it allows for random read access. This solution minimizes the overhead on the existing critical path to a single XOR operation. Our solution supports the broadcasting of the video stream. When a new receiver announces itself, it should receive the active keys of the sender. Therefore, a key transport protocol is used to establish a key between the sender and the announcing receiver. A proof-of-concept implementation of the proposed solution has been implemented and tested. While the complete video stream is encrypted and authenticated, the demonstrator confirms that the added latency, which is around 23 s, could not be noticed by the human eye. Random read access and the key establishment protocol provide a flexible solution

Validating a Web Service Security Abstraction by Typing

An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lower-level language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the Workshop on XML Security 2002, pp. 18-29, November 200

A two‐step authentication framework for Mobile ad hoc networks

The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation