Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

Longitude : a privacy-preserving location sharing protocol for mobile applications

Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access users’ location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a user’s location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone

Survey on Lightweight Primitives and Protocols for RFID in Wireless Sensor Networks

The use of radio frequency identification (RFID) technologies is becoming widespread in all kind of wireless network-based applications. As expected, applications based on sensor networks, ad-hoc or mobile ad hoc networks (MANETs) can be highly benefited from the adoption of RFID solutions. There is a strong need to employ lightweight cryptographic primitives for many security applications because of the tight cost and constrained resource requirement of sensor based networks. This paper mainly focuses on the security analysis of lightweight protocols and algorithms proposed for the security of RFID systems. A large number of research solutions have been proposed to implement lightweight cryptographic primitives and protocols in sensor and RFID integration based resource constraint networks. In this work, an overview of the currently discussed lightweight primitives and their attributes has been done. These primitives and protocols have been compared based on gate equivalents (GEs), power, technology, strengths, weaknesses and attacks. Further, an integration of primitives and protocols is compared with the possibilities of their applications in practical scenarios

Input-shrinking functions: theory and application

In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits, respectively. Our results come with instantiations and analysis of concrete parameters. Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers. Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key Exchange (PAKE) protocol secure in the Universally Composable (UC) framework. The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be efficiently implementable in practice. In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random choice instead of averaging sampler, but we are able to show an efficient implementation of it. Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol. To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work. In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model. However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the standard model. In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field

Dark clouds on the horizon:the challenge of cloud forensics

We introduce the challenges to digital forensics introduced by the advent and adoption of technologies, such as encryption, secure networking, secure processors and anonymous routing. All potentially render current approaches to digital forensic investigation unusable. We explain how the Cloud, due to its global distribution and multi-jurisdictional nature, exacerbates these challenges. The latest developments in the computing milieu threaten a complete “evidence blackout” with severe implications for the detection, investigation and prosecution of cybercrime. In this paper, we review the current landscape of cloud-based forensics investigations. We posit a number of potential solutions. Cloud forensic difficulties can only be addressed if we acknowledge its socio-technological nature, and design solutions that address both human and technological dimensions. No firm conclusion is drawn; rather the objective is to present a position paper, which will stimulate debate in the area and move the discipline of digital cloud forensics forward. Thus, the paper concludes with an invitation to further informed debate on this issue

Analysis and Design of Authentication and Encryption Algorithms for Secure Cloud Systems

Along with the fast growth of networks and mobile devices, cloud computing has become one of the most attractive and effective technologies and business solutions nowadays. Increasing numbers of organizations and customers are migrating their businesses and data to the cloud due to the flexibility and cost-efficiency of cloud systems. Preventing unauthorized access of sensitive data in the cloud has been one of the biggest challenges when designing a secure cloud system, and it strongly relies on the chosen authentication and encryption algorithms for providing authenticity and confidentiality, respectively. This thesis investigates various aspects of authentication and encryption algorithms for securing cloud systems, including authenticated encryption modes of operation, block ciphers, password hashing algorithms, and password-less/two-factor authentication mechanisms. Improving Authenticated Encryption Modes. The Galois/Counter Mode (GCM) is an authenticated encryption mode of operation for block ciphers. It has been widely adopted by many network standards and protocols that protect the security of cloud communications, such as TLS v1.2, IEEE 802.1AE and IPsec. Iwata et al. recently found a flaw in GCM's original proofs for non-96-bit nonce cases, and then presented new security bounds for GCM. The new bounds imply that the success probabilities of adversaries for attacking GCM are much larger than the originally expected ones. We propose a simple change to repair GCM. When applied, it will improve the security bounds by a factor of about $2^{20}$ while maintaining most of the original proofs. Analyzing Polynomial-Based Message Authentication Codes. We investigate attacks on polynomial-based message authentication code (MAC) schemes including the one adopted in GCM. We demonstrate that constructing successful forgeries of these MAC schemes does not necessarily require hash collisions. This discovery removes certain restrictions in the attacks previously proposed by Procter and Cid. Moreover, utilizing a special design of GCM for processing non-96-bit nonces, we turn these forgery attacks into birthday attacks, which will significantly increase their success probabilities. Therefore, by considering the birthday attacks and the security proof flaw found by Iwata et al., cloud system designers should avoid using GCM with non-96-bit nonces if they do not revise the design of GCM. Analyzing Block Ciphers. We propose a new framework for analyzing symmetric-key ciphers by guessing intermediate states to divide ciphers into small components. This framework is suitable for lightweight ciphers with simple key schedules and block sizes smaller than key lengths. Using this framework, we design new attacks on the block cipher family KATAN. These attacks can recover the master keys of 175-round KATAN32, 130-round KATAN48 and 112-round KATAN64 faster than exhaustive search, and thus reach many more rounds than the existing attacks. We also provide new attacks on 115-round KATAN32 and 100-round KATAN48 in order to demonstrate that this new kind of attack can be more time-efficient and memory-efficient than the existing ones. Designing Password Hashing Algorithms. Securely storing passwords and deriving cryptographic keys from passwords are also crucial for most secure cloud system designs. However, choices of well-studied password hashing algorithms are extremely limited, as their security requirements and design principles are different from common cryptographic primitives. We propose two practical password hashing algorithms, Pleco and Plectron. They are built upon well-understood cryptographic algorithms, and combine the advantages of symmetric-key and asymmetric-key primitives. By employing the Rabin cryptosystem, we prove that the one-wayness of Pleco is at least as strong as the hard problem of integer factorization. In addition, both password hashing algorithms are designed to be sequential memory-hard, in order to thwart large-scale password searching using parallel hardware, such as GPUs, FPGAs, and ASICs. Designing Password-less/Two-Factor Authentication Mechanisms. Motivated by a number of recent industry initiatives, we propose Loxin, an innovative solution for password-less authentication for cloud systems and web applications. Loxin aims to improve on passwords with respect to both usability and security. It utilizes push message services for mobile devices to initiate authentication transactions based on asymmetric-key cryptography, and enables users to access multiple services by using pre-owned identities, such as email addresses. In particular, the Loxin server cannot generate users' authentication credentials, thereby eliminating the potential risk of credential leakage if the Loxin server gets compromised. Furthermore, Loxin is fully compatible with existing password-based authentication systems, and thus can serve as a two-factor authentication mechanism

Quantum Cryptography

Quantum cryptography is a new method for secret communications offering the ultimate security assurance of the inviolability of a Law of Nature. In this paper we shall describe the theory of quantum cryptography, its potential relevance and the development of a prototype system at Los Alamos, which utilises the phenomenon of single-photon interference to perform quantum cryptography over an optical fiber communications link.Comment: 36 pages in compressed PostScript format, 10 PostScript figures compressed tar fil