Viabilidade de ataque de negação de serviço explorando Perfect Forward Secrecy no SSL/TLS

Monografia (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2014.O uso do Perfect Forward Secrecy vem se tornando uma peça fundamental na segurança da inforação na Internet. O objetivo deste trabalho é analisar o impacto do uso do Perfect Forward Secrecy, mensurando sua eficácia e analisar a viabilidade de um ataque de negação de serviço explorando essa propriedade. _____________________________________________________________________________ ABSTRACTThe use of the Perfect Forward Secrecy has become an important element on the security of the information on the Internet. The aim of this project is to analyse the impact of the use Perfect Forward Secrecy, measuring its effectiveness and analyse the viability of a denial of service attack exploring this property

The Wiretap Channel with Feedback: Encryption over the Channel

In this work, the critical role of noisy feedback in enhancing the secrecy capacity of the wiretap channel is established. Unlike previous works, where a noiseless public discussion channel is used for feedback, the feed-forward and feedback signals share the same noisy channel in the present model. Quite interestingly, this noisy feedback model is shown to be more advantageous in the current setting. More specifically, the discrete memoryless modulo-additive channel with a full-duplex destination node is considered first, and it is shown that the judicious use of feedback increases the perfect secrecy capacity to the capacity of the source-destination channel in the absence of the wiretapper. In the achievability scheme, the feedback signal corresponds to a private key, known only to the destination. In the half-duplex scheme, a novel feedback technique that always achieves a positive perfect secrecy rate (even when the source-wiretapper channel is less noisy than the source-destination channel) is proposed. These results hinge on the modulo-additive property of the channel, which is exploited by the destination to perform encryption over the channel without revealing its key to the source. Finally, this scheme is extended to the continuous real valued modulo-$\Lambda$ channel where it is shown that the perfect secrecy capacity with feedback is also equal to the capacity in the absence of the wiretapper.Comment: Submitted to IEEE Transactions on Information Theor

Secure Compute-and-Forward in a Bidirectional Relay

We consider the basic bidirectional relaying problem, in which two users in a wireless network wish to exchange messages through an intermediate relay node. In the compute-and-forward strategy, the relay computes a function of the two messages using the naturally-occurring sum of symbols simultaneously transmitted by user nodes in a Gaussian multiple access (MAC) channel, and the computed function value is forwarded to the user nodes in an ensuing broadcast phase. In this paper, we study the problem under an additional security constraint, which requires that each user's message be kept secure from the relay. We consider two types of security constraints: perfect secrecy, in which the MAC channel output seen by the relay is independent of each user's message; and strong secrecy, which is a form of asymptotic independence. We propose a coding scheme based on nested lattices, the main feature of which is that given a pair of nested lattices that satisfy certain "goodness" properties, we can explicitly specify probability distributions for randomization at the encoders to achieve the desired security criteria. In particular, our coding scheme guarantees perfect or strong secrecy even in the absence of channel noise. The noise in the channel only affects reliability of computation at the relay, and for Gaussian noise, we derive achievable rates for reliable and secure computation. We also present an application of our methods to the multi-hop line network in which a source needs to transmit messages to a destination through a series of intermediate relays.Comment: v1 is a much expanded and updated version of arXiv:1204.6350; v2 is a minor revision to fix some notational issues; v3 is a much expanded and updated version of v2, and contains results on both perfect secrecy and strong secrecy; v3 is a revised manuscript submitted to the IEEE Transactions on Information Theory in April 201

To Harvest and Jam: A Paradigm of Self-Sustaining Friendly Jammers for Secure AF Relaying

This paper studies the use of multi-antenna harvest-and-jam (HJ) helpers in a multi-antenna amplify-and-forward (AF) relay wiretap channel assuming that the direct link between the source and destination is broken. Our objective is to maximize the secrecy rate at the destination subject to the transmit power constraints of the AF relay and the HJ helpers. In the case of perfect channel state information (CSI), the joint optimization of the artificial noise (AN) covariance matrix for cooperative jamming and the AF beamforming matrix is studied using semi-definite relaxation (SDR) which is tight, while suboptimal solutions are also devised with lower complexity. For the imperfect CSI case, we provide the equivalent reformulation of the worst-case robust optimization to maximize the minimum achievable secrecy rate. Inspired by the optimal solution to the case of perfect CSI, a suboptimal robust scheme is proposed striking a good tradeoff between complexity and performance. Finally, numerical results for various settings are provided to evaluate the proposed schemes.Comment: 16 pages (double column), 8 figures, submitted for possible journal publicatio

Secure Authentication

Many complicated authentication and encryption techniques have been embedded into WiMAX but it still facing a lot of challenging situations. This paper shows that, GTEK Hash chain algorithm for Multi and Broadcast service of IEEE 802.16e facing a reduced forward secrecy problem. These vulnerabilities are the possibilities to forge key messages in Multiand Broadcast operation, which are susceptible to forgery and reveals important management information. In this paper, we also propose three UAKE protocols with PFS (Perfect Forward Secrecy) that are efficient and practical for mobile devices

Symmetric-key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy

Key exchange protocols in the asymmetric-key setting are known to provide stronger security properties than protocols in symmetric-key cryptography. In particular, they can provide perfect forward secrecy, as illustrated by key exchange protocols based on the Diffie-Hellman scheme. However public-key algorithms are too heavy for low-resource devices, which can then not benefit from forward secrecy. In this paper, we describe a scheme that solves this issue. Using a nifty resynchronisation technique, we propose an authenticated key exchange protocol in the symmetric-key setting that guarantees perfect forward secrecy. We prove that the protocol is sound, and provide a formal security proof

SECURE COMMUNICATION USING PFS IN A DISTRIBUTED ENVIRONMENT

Today millions of ordinary citizens are using networks for banking, shopping and filing their tax return. Network security has become a massive problem. All this requires network to identify its legal users for providing services. An authentication protocol used is Kerberos which uses strong secret key for user authentication but it is vulnerable in case of weak passwords. Authentication  & key distribution protocols requires sharing secret key(s) with a view that only the concerned users know to derive the information from it. These protocols are vulnerable to key guessing attacks. Another important consideration is perfect forward secrecy in which our proposed scheme cover cases with application servers, authentication servers or clients key are revealed & their combination. In this paper our proposed scheme deal with key guessing attacks, perfect forward secrecy and protocols for few combinations of keys. All these protocols are based on the fact that the keys are weak & can be exploited easily