Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network

A medical sensor network can wirelessly monitor vital signs of humans, making it useful for long-term health care without sacrificing patient comfort and mobility. For such a network to be viable, its design must protect data privacy and authenticity given that medical data are highly sensitive. We identify the unique security challenges of such a sensor network and propose a set of resource-efficient mechanisms to address these challenges. Our solution includes (1) a novel two-tier scheme for verifying the authenticity of patient data, (2) a secure key agreement protocol to set up shared keys between sensor nodes and base stations, and (3) symmetric encryption/decryption for protecting data confidentiality and integrity. We have implemented the proposed mechanisms on a wireless mote platform, and our results confirm their feasibility

Robust Encryption

We provide a provable-security treatment of ``robust\u27\u27 encryption. Robustness means it is hard to produce a ciphertext that is valid for two different users. Robustness makes explicit a property that has been implicitly assumed in the past. We argue that it is an essential conjunct of anonymous encryption. We show that natural anonymity-preserving ways to achieve it, such as adding recipient identification information before encrypting, fail. We provide transforms that do achieve it, efficiently and provably. We assess the robustness of specific encryption schemes in the literature, providing simple patches for some that lack the property. We discuss applications including PEKS (Public-key Encryption with Keyword Search) and auctions. Overall our work enables safer and simpler use of encryption

Securing Remote Access Inside Wireless Mesh Networks

Wireless mesh networks (WMNs) that are being increasingly deployed in communities and public places provide a relatively stable routing infrastructure and can be used for diverse carrier-managed services. As a particular example we consider the scenario where a mobile device initially registered for the use with one wireless network (its home network) moves to the area covered by another network inside the same mesh. The goal is to establish a secure access to the home network using the infrastructure of the mesh. Classical mechanisms such as VPNs can protect end-to-end communication between the mobile device and its home network while remaining transparent to the routing infrastructure. In WMNs this transparency can be misused for packet injection leading to the unnecessary consumption of the communication bandwidth. This may have negative impact on the cooperation of mesh routers which is essential for the connection establishment. In this paper we describe how to establish remote connections inside WMNs while guaranteeing secure end-to-end communication between the mobile device and its home network and secure transmission of the corresponding packets along the underlying multi-hop path. Our solution is a provably secure, yet lightweight and round-optimal remote network access protocol in which intermediate mesh routers are considered to be part of the security architecture. We also sketch some ideas on the practical realization of the protocol using known standards and mention extensions with regard to forward secrecy, anonymity and accounting

A machine-checked proof of security for AWS key management service

We present a machine-checked proof of security for the domain management protocol of Amazon Web Services' KMS (Key Management Service) a critical security service used throughout AWS and by AWS customers. Domain management is at the core of AWS KMS; it governs the top-level keys that anchor the security of encryption services at AWS. We show that the protocol securely implements an ideal distributed encryption mechanism under standard cryptographic assumptions. The proof is machine-checked in the EasyCrypt proof assistant and is the largest EasyCrypt development to date.Manuel Barbosa was supported by grant SFRH/BSAB/143018/2018 awarded by the Portuguese Foundation for Science and Technology (FCT). Vitor Pereira was supported by grant FCT-PD/BD/113967/201 awarded by FCT. This work was partially funded by national funds via FCT in the context of project PTDC/CCI-INF/31698/2017

The Exact Security of a Stateful IBE and New Compact Stateful PKE Schemes

Recently, Baek et al. proposed a stateful identity based encryption scheme with compact ciphertext and commented that the security of the scheme can be reduced to the Computational Bilinear Diffie Hellman (CBDH) problem. In this paper, we formally prove that the security of the stateful identity based encryption scheme by Baek et al. cannot be reduced to the CBDH problem. In fact, we show that the challenger will confront the Y-Computational problem while providing the decryption oracle access to the adversary. We provide the exact and formal security proof for the scheme, assuming the hardness of the Gap Bilinear Diffie Hellman (GBDH) problem. We also propose two new stateful public key encryption scheme with ciphertext verifiability. Our schemes offer more compact ciphertext when compared to all existing stateful public key encryption schemes with ciphertext verifiability. We have proved all the schemes in the random oracle model

Authenticated wireless roaming via tunnels : making mobile guests feel at home

In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) others several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios

Design And Hardware Implementation Of A Novel Scrambling Security Algorithm For Robust Wireless Local Area Networks

The IEEE802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, which is a popular wireless secure communication stream cipher protocol approach to network security used to protect link-layer communications from eavesdropping and other attacks. It allows user to communicate with the user; sharing the public key over a network. It provides authentication and encrypted communications over unsecured channels. However, WEP protocol has an inherent security flaw. It is vulnerable to the various attacks, various experiments has proved that WEP fails to achieve its security goals. This thesis entails designing, evaluating and prototyping a wireless security infrastructure that can be used with the WEP protocol optionally, thus reducing the security vulnerabilities. We have studied the flaws of WEP and the reasons for their occurrence, and we provide the design and implementation of a novel scheme in Matlab and VHDL to improve the security of WEP in all aspects by a degree of 1000. The architecture was designed with a consideration for least increment in hardware, thus achieving power and cost efficiency. It also provides flexibility for optional implementation with the available technology by being able to be bypassed by the technology, which allows for non-replacement of existing hardware, common on both, the WEP and the proposed protocols, on the fly

Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

Nová varianta Diffie-Hellmanova problému

Diffie-Hellmanov (DH) problém je problém, o ktorom sa predpo- kladá, že je ťažký. Preto sa naň redukuje bezpečnosť mnohých kryptografických systémov. V tejto práci sa zoznámime s novou variantou DH problému - so zdvo- jeným DH problémom. Vytvoríme si metódu, ktorá nám dovolí simulovať rozho- dovacie orákulum bez znalosti príslušného diskrétneho logaritmu daných prvkov. Ukážeme si zdvojené ElGamalovo šifrovanie a jeho bezpečnosť v modele náhodné- ho orákula. ElGamalovo šifrovanie je bezpečné pri útoku vybraním zašifrovaného textu za predpokladu, že je proti tomuto útoku bezpečná aj príslušná symetrická šifra. Dokážeme si, že zdvojený DH protokol na neinteraktívnu výmenu kľúča je v modele náhodného orákula bezpečný proti aktívnym útokom. V oboch prípa- doch stačí predpokladať platnosť DH predpokladu. 1The Diffie-Hellman (DH) problem is a problem that is assumed to be difficult to do, hence the security of many cryptographic protocols is reduced to this problem. We show a new variant of the DH problem - the twin DH problem. We propose a method which allows us to simulate a decision oracle without knowing the discrete logarithms of the elements. We show twin ElGamal encryption and its security in a random oracle model. ElGamal is secure against chosen ciphertext attack when we assume that the symmetric encryption is secure against chosen ciphertext attack and the DH problem is hard. We prove that the DH non-interactive key exchange protocol is secure against an active attack in a random oracle model when the DH problem holds. 1Department of AlgebraKatedra algebryFaculty of Mathematics and PhysicsMatematicko-fyzikální fakult

Kurosawa-Desmedt Key Encapsulation Mechanism, Revisited and More

While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is provably secure against chosen ciphertext attacks (namely, IND-CCA-secure), its associated key encapsulation mechanism (KEM) is widely known as not \CCA-secure. In this paper, we present a direct proof of IND-CCA security thanks to a simple twist on the Kurosawa-Desmedt KEM. Our KEM beats the standardized version of Cramer-Shoup KEM in ISO/IEC 18033-2 by margins of -- at least 20\% in encapsulation speed, and -- up to 60\% in decapsulation speed, which are verified by both theoretical comparison and experimental results. The efficiency of decapsulation can be even -- about 40\% better than the decapsulation of the PSEC-KEM in ISO/IEC 18033-2 -- only slightly worse than the decapsulation of the ECIES-KEM in ISO/IEC 18033-2 which is of independent interest since the security of both PSEC-KEM and ECIES-KEM are argued using the controversial random oracle heuristic in contrast to ours. We then generalize the technique into hash proof systems, proposing several KEM schemes with IND-CCA security under decision linear and decisional composite residuosity assumptions respectively. All the KEMs are in the standard model, and use standard, computationally secure symmetric building blocks. We finally show that, with additional simple yet innovative twists, the KEMs can be proved resilient to certain amount of leakage on the secret key. Specifically with the DDH-based scheme, a fraction of $1/4-o(1)$ of the secret key can be leaked, and when conditioned on a fixed leakage rate, we obtain the most efficient leakage-resilient KEMs regarding computation and storage