313 research outputs found
Crumpled and Abraded Encryption: Implementation and Provably Secure Construction
Abraded and crumpled encryption allows communication software such as messaging platforms to ensure privacy for their users while still allowing for some investigation by law enforcement. Crumpled encryption ensures that each decryption is costly and prevents law enforcement from performing mass decryption of messages. Abrasion ensures that only large organizations like law enforcement are able to access any messages. The current abrasion construction uses public key parameters such as prime numbers which makes the abrasion scheme difficult to analyze and allows possible backdoors. In this thesis, we introduce a new abrasion construction which uses hash functions to avoid the problems with the current abrasion construction. In addition, we present a proof-of-concept for using crumpled encryption on an email server
Defeating the Ben-Zvi, Blackburn, and Tsaban Attack on the Algebraic Eraser
The Algebraic Eraser Diffie-Hellman (AEDH) protocol was introduced in 2005
and published in 2006 by Anshel-Anshel-Goldfeld-Lemieux as a protocol suitable
for use on platforms with constrained computational resources, such as FPGAs,
ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol
that allows two users to construct a shared secret via a Diffie-Hellman-type
scheme over an insecure channel.
Building on the refuted 2012 permutation-based attack of
Kalka-Teichner-Tsaban, in 2015 Ben-Zvi-Blackburn-Tsaban (BBT) presented a
heuristic attack that attempts to recover the AEDH shared secret. In their
paper BBT reference the AEDH protocol as presented to ISO for certification
(ISO 29167-20) by SecureRF. The ISO draft contains two profiles using the
Algebraic Eraser. One profile is unaffected by this attack; the second profile
is subject to their attack provided the attack runs in real time. This is not
the case in most practical deployments.
The BBT attack is simply a targeted attack that does not attempt to break the
method, system parameters, or recover any private keys. Rather, its limited
focus is to recover the shared secret in a single transaction. In addition, the
BBT attack is based on several conjectures that are assumed to hold when
parameters are chosen according to standard distributions, which can be
mitigated, if not avoided. This paper shows how to choose special distributions
so that these conjectures do not hold making the BBT attack ineffective for
braid groups with sufficiently many strands. Further, the BBT attack assumes
that certain data is available to an attacker, but there are realistic
deployment scenarios where this is not the case, making the attack fail
completely. In summary, the BBT attack is flawed (with respect to the SecureRF
ISO draft) and, at a minimum, over-reaches as to its applicability
Naturally Rehearsing Passwords
We introduce quantitative usability and security models to guide the design
of password management schemes --- systematic strategies to help users create
and remember multiple passwords. In the same way that security proofs in
cryptography are based on complexity-theoretic assumptions (e.g., hardness of
factoring and discrete logarithm), we quantify usability by introducing
usability assumptions. In particular, password management relies on assumptions
about human memory, e.g., that a user who follows a particular rehearsal
schedule will successfully maintain the corresponding memory. These assumptions
are informed by research in cognitive science and validated through empirical
studies. Given rehearsal requirements and a user's visitation schedule for each
account, we use the total number of extra rehearsals that the user would have
to do to remember all of his passwords as a measure of the usability of the
password scheme. Our usability model leads us to a key observation: password
reuse benefits users not only by reducing the number of passwords that the user
has to memorize, but more importantly by increasing the natural rehearsal rate
for each password. We also present a security model which accounts for the
complexity of password management with multiple accounts and associated
threats, including online, offline, and plaintext password leak attacks.
Observing that current password management schemes are either insecure or
unusable, we present Shared Cues--- a new scheme in which the underlying secret
is strategically shared across accounts to ensure that most rehearsal
requirements are satisfied naturally while simultaneously providing strong
security. The construction uses the Chinese Remainder Theorem to achieve these
competing goals
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Memory Encryption for Smart Cards Barı¸s Ege 1, Elif Bilge Kavun 2,andTolgaYalçın 2
Abstract. With the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. Lightweight and low-latency cryptographic modules are a promising solution to this problem. In this study, memory encryption schemes using counter (CTR) and XOR-Encrypt-XOR (XEX) modes of operation are adapted for the target application, and utilized using various implementations of the block ciphers AES and PRESENT. Both schemes are implemented with a block cipher-based address scrambling scheme, as well as a special write counter scheme in order to extend the lifetime of the encryption key in CTR-mode. Using the lightweight cipher PRESENT, it is possible to implement a smart card NVM encryption scheme with less than 6K gate equivalents and zero additional latency
- …