Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1

In this paper, we present a deterministic algorithm to produce disturbance vectors for collision attacks against SHA-1. We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We define a cost function, close to those described in \cite{Mendel06}, to evaluate the complexity of a collision attack for a given disturbance vector. Using the classification and the cost function we made an exhaustive search which allowed us to retrieve all known vectors. We also found new vectors which have lower cost. This may lead to the best collision attack against SHA-1, with a theoretical attack complexity of $2^{51}$ hash function calls

New collision attacks on SHA-1 based on optimal joint local-collision analysis

The main contributions of this paper are two-fold. Firstly, we present a novel direction in the cryptanalysis of the cryptographic hash function {\SHA}. Our work builds on previous cryptanalytic efforts on {\SHA} based on combinations of local collisions. Due to dependencies, previous approaches used heuristic corrections when combining the success probabilities and message conditions of the individual local collisions. Although this leads to success probabilities that are seemingly sufficient for feasible collision attacks, this approach most often does not lead to the maximum success probability possible as desired. We introduce novel techniques that enable us to determine the theoretical maximum success probability for a given set of (dependent) local collisions, as well as the smallest set of message conditions that attains this probability. We apply our new techniques and present an implemented open-source near-collision attack on {\SHA} with a complexity equivalent to $2^{57.5}$ {\SHA} compressions. Secondly, we present an identical-prefix collision attack and a chosen-prefix collision attack on {\SHA} with complexities equivalent to approximately $2^{61}$ and $2^{77.1}$ {\SHA} compressions, respectively

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme

Informática forense : recolha e preservação da prova digital

A proliferação das redes de comunicações digitais na sociedade levou a um concomitante aumento do seu envolvimento em atividades ilícitas. O exame e análise forense dos sistemas informáticos tornaram-se assim numa importante e fundamental ajuda a todos aqueles que têm de lidar com incidentes informáticos, sejam eles do foro criminal, cível ou simplesmente laboral. A correta execução dos procedimentos quer em termos técnicos quer jurídicos, que regem a identificação, a recolha e a preservação da prova digital, torna-se assim fundamental por se tratar do primeiro passo na cadeia de custódia da prova, fundamental para a sua admissão legal. A presente dissertação agrega num único documento as melhores práticas, recomendações e normas que regem a identificação, recolha e preservação da prova digital, enquadrando estas práticas no ordenamento jurídico português. Todos os procedimentos sugeridos estão enquadrados pela lei portuguesa, apresentando-se alguns exemplos de procedimentos que embora tecnicamente lógicos e corretos seriam no entanto legalmente inadmissíveis e eventualmente até consubstanciar crime. São levadas em conta as determinações da norma ISO 27037:2012 e as recomendações de diversos organismos internacionais tão diversos como o Concelho Europeu, o G8 ou a IOCE. Esta dissertação descreve os procedimentos de planeamento e execução de uma operação de recolha e preservação de suportes digitais. Adicionalmente, apresenta os procedimentos e ferramentas utilizados na preparação e utilização dos suportes de armazenamento da prova digital, incluindo a sua validação através de assinatura digital. Apresenta ainda os procedimentos de recolha de prova em sistemas corporativos, em fontes abertas, de interpretação de cabeçalhos de mensagens de correio eletrónico e por essa via da identificação da sua origem. Finalmente e sob uma forma que pode ser facilmente adaptada a pequenos manuais ou guias de bolso, consolida os procedimentos, direcionando-os para agentes de primeira resposta, independentemente do seu nível técnico.their involvement in illicit activities. The examination and analysis of all computer equipments has become an important aid to those that must deal with computer incidents, criminal, civil or labour related. The correct technical and juridical execution of the proceedings, that rules the identification, recovery and collection of digital evidence, is fundamental since it becomes the first step in the evidence chain of custody. This thesis consolidates in a single document the best practices, recommendations and norms that rule the identification, collection and preservation of the digital evidence, according to the Portuguese law. Every proceeding is according to the Portuguese law and some examples are presented whereas technically logical and correct would be legally inadmissible and possibly even a crime if undertaken. The ISO 27037:2012 is taken into consideration as well as the recommendations of several international organizations such as the European Council, the G8 or the IOCE. This thesis describes the correct proceedings of the planning and execution of a collection and preservation of digital evidence operation. In addiction it presents the proceedings of the preparation of the digital evidence supports, including their validation through digital signature. It also presents the proceedings of evidence collection in corporate systems, through open sources, the interpretation of email headers and through that way the identification of their source. Finally and under a format that can easily be converted into a small manual or pocket guide, all the proceedings are consolidated independently of technical knowledge and directed to a first responder

Reliability Evaluation and Defense Strategy Development for Cyber-physical Power Systems

With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them. To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy. Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal

Analysis and Design Security Primitives Based on Chaotic Systems for eCommerce

Security is considered the most important requirement for the success of electronic commerce, which is built based on the security of hash functions, encryption algorithms and pseudorandom number generators. Chaotic systems and security algorithms have similar properties including sensitivity to any change or changes in the initial parameters, unpredictability, deterministic nature and random-like behaviour. Several security algorithms based on chaotic systems have been proposed; unfortunately some of them were found to be insecure and/or slow. In view of this, designing new secure and fast security algorithms based on chaotic systems which guarantee integrity, authentication and confidentiality is essential for electronic commerce development. In this thesis, we comprehensively explore the analysis and design of security primitives based on chaotic systems for electronic commerce: hash functions, encryption algorithms and pseudorandom number generators. Novel hash functions, encryption algorithms and pseudorandom number generators based on chaotic systems for electronic commerce are proposed. The securities of the proposed algorithms are analyzed based on some well-know statistical tests in this filed. In addition, a new one-dimensional triangle-chaotic map (TCM) with perfect chaotic behaviour is presented. We have compared the proposed chaos-based hash functions, block cipher and pseudorandom number generator with well-know algorithms. The comparison results show that the proposed algorithms are better than some other existing algorithms. Several analyses and computer simulations are performed on the proposed algorithms to verify their characteristics, confirming that these proposed algorithms satisfy the characteristics and conditions of security algorithms. The proposed algorithms in this thesis are high-potential for adoption in e-commerce applications and protocols

Elaboration d'un modèle d'identité numérique adapté à la convergence

L évolution des réseaux informatiques, et notamment d Internet, s ancre dans l émergence de paradigmes prépondérants tels que la mobilité et les réseaux sociaux. Cette évolution amène à considérer une réorganisation de la gestion des données circulant au cœur des réseaux. L accès à des services offrant de la vidéo ou de la voix à la demande depuis des appareils aussi bien fixes que mobiles, tels que les Smartphones, ou encore la perméabilité des informations fournies à des réseaux sociaux conduisent à s interroger sur la notion d identité numérique et, de manière sous-jacente, à reconsidérer les concepts de sécurité et de confiance. La contribution réalisée dans ce travail de thèse consiste, dans une première partie, à analyser les différents modèles d identité numérique existants ainsi que les architectures de fédération d identité, mais également les protocoles déployés pour l authentification et les problèmes de confiance engendrés par l absence d élément sécurisé tel qu une carte à puce. Dans une deuxième partie, nous proposons, en réponse aux éléments dégagés dans la partie précédente, un modèle d identité fortement attaché au protocole d authentification TLS embarqué dans un composant sécurisé, permettant ainsi de fournir les avantages sécuritaires exigibles au cœur des réseaux actuels tout en s insérant naturellement dans les différents terminaux, qu ils soient fixes ou mobiles. Enfin, dans une dernière partie, nous expliciterons plusieurs applications concrètes, testées et validées, de ce modèle d identité, afin d en souligner la pertinence dans des cadres d utilisation pratique extrêmement variés.IT networks evolution, chiefly Internet, roots within the emergence of preeminent paradigms such as mobility and social networks. This development naturally triggers the impulse to reorganize the control of data spreading throughout the whole network. Taking into account access to services such as video or voice on demand coming from terminals which can be fixed or mobile such as smartphones, or also permeability of sensitive information provided to social networks, these factors compel a necessary interrogation about digital identity as a concept. It also intrinsically raises a full-fledged reconsideration of security and trust concepts. The contribution of this thesis project is in line, in a first part, with the analysis of the existing manifold digital identity frameworks as well as the study of current authentication protocols and trust issues raised by the lack of trusted environment such as smartcards. In a second part, as an answer to the concerns suggested in the first part, we will advocate an identity framework strongly bounded to the TLS authentication protocol which needs to be embedded in a secure component, thus providing the mandatory security assets for today s networks while naturally fitting with a varied scope of terminals, be it fixed or mobile. In a last part, we will finally exhibit a few practical applications of this identity framework, which have been thoroughly tested and validated, this, in order to emphasize its relevance throughout multifarious use cases.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

The Cryptographic Security of the German Electronic Identity Card

In November 2010, the German government started to issue the new electronic identity card (eID) to its citizens. Besides its original utilization as a ’visual’ identification document, the eID card can be used by the cardholder to prove one’s identity at border control and to enhance security of authentication processes over the Internet, with the eID card serving as a token to reliably transmit personal data to service providers or terminals, respectively. To this end, the German Federal Office for Information Security (BSI) proposed several cryptographic protocols now deployed on the eID card. The Password Authenticated Connection Establishment (PACE) protocol secures the wireless communication between the eID card and the user’s local card reader, based on a cryptographically weak password like the PIN chosen by the card owner. Subsequently, the Extended Access Control (EAC) protocol is executed by the chip and the service provider to mutually authenticate and agree on a shared secret session key. This key is then used in the secure channel protocol, called Secure Messaging (SM). Finally, an optional protocol, called Restricted Identification (RI), provides a method to use pseudonyms such that they can be linked by individual service providers, but not across different service providers (even not by malicious ones). This thesis consists of two parts. First, we present the above protocols and provide a rigorous analysis on their security from a cryptographic point of view. We show that the Germen eID card provides reasonable security for authentication and exchange of sensitive information allaying concerns regarding its usage. In the second part of this thesis, we introduce two possible modifications to enhance the security of these protocols even further. Namely, we show how to (a) add to PACE an additional efficient chip authentication step, and (b) augment RI to allow also for signatures under pseudonyms

Formal verification of cryptographic security proofs

Verifying cryptographic security proofs manually is inherently tedious and error-prone. The game-playing technique for cryptographic proofs advocates a modular proof design where cryptographic programs called games are transformed stepwise such that each step can be analyzed individually. This code-based approach has rendered the formal verification of such proofs using mechanized tools feasible. In the first part of this dissertation we present Verypto: a framework to formally verify game-based cryptographic security proofs in a machine-assisted manner. Verypto has been implemented in the Isabelle proof assistant and provides a formal language to specify the constructs occurring in typical cryptographic games, including probabilistic behavior, the usage of oracles, and polynomial-time programs. We have verified the correctness of several game transformations and demonstrate their applicability by verifying that the composition of 1-1 one-way functions is one-way and by verifying the IND-CPA security of the ElGamal encryption scheme. In a related project Barthe et al. developed the EasyCrypt toolset, which employs techniques from automated program verification to validate game transformations. In the second part of this dissertation we use EasyCrypt to verify the security of the Merkle-Damgård construction - a general design principle underlying many hash functions. In particular we verify its collision resistance and prove that it is indifferentiable from a random oracle.Kryptographische Sicherheitsbeweise manuell zu überprüfen ist mühsam und fehleranfällig. Spielbasierte Beweistechniken ermöglichen einen modularen Beweisaufbau, wobei kryptographische Programme - sog. Spiele - schrittweise so modifiziert werden, dass jeder Schritt einzeln überprüfbar ist. Dieser code-basierte Ansatz erlaubt die computergestützte Verifikation solcher Beweise. Im ersten Teil dieser Dissertation präsentieren wir Verypto: ein System zur computergestützten formalen Verifikation spielbasierter kryptographischer Sicherheitsbeweise. Auf Grundlage des Theorembeweisers Isabelle entwickelt, bietet Verypto eine formale Sprache, mit der sich kryptographische Eigenheiten wie probabilistisches Verhalten, Orakelzugriffe und polynomielle Laufzeit ausdrücken lassen. Wir beweisen die Korrektheit verschiedener Spieltransformationen und belegen deren Anwendbarkeit durch die Verifikation von Beispielen: Wir zeigen, dass Kompositionen von 1-1 Einwegfunktionen auch einweg sind und dass die ElGamal Verschlüsselung IND-CPA sicher ist. In einem ähnlichen Projekt entwickelten Barthe et al. das EasyCrypt System, welches Spieltransformationen mit Methoden der Programmanalyse validiert. Im zweiten Teil dieser Dissertation verwenden wir EasyCrypt und verifizieren die Sicherheit der Merkle-Damgård Konstruktion - ein Designprinzip, das vielen Hashfunktionen zugrunde liegt. Wir zeigen die Kollisionsresistenz der Konstruktion und verifizieren, dass sie sich wie ein Zufallsorakel verhält