8,214 research outputs found
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
An Authentication Protocol for Future Sensor Networks
Authentication is one of the essential security services in Wireless Sensor
Networks (WSNs) for ensuring secure data sessions. Sensor node authentication
ensures the confidentiality and validity of data collected by the sensor node,
whereas user authentication guarantees that only legitimate users can access
the sensor data. In a mobile WSN, sensor and user nodes move across the network
and exchange data with multiple nodes, thus experiencing the authentication
process multiple times. The integration of WSNs with Internet of Things (IoT)
brings forth a new kind of WSN architecture along with stricter security
requirements; for instance, a sensor node or a user node may need to establish
multiple concurrent secure data sessions. With concurrent data sessions, the
frequency of the re-authentication process increases in proportion to the
number of concurrent connections, which makes the security issue even more
challenging. The currently available authentication protocols were designed for
the autonomous WSN and do not account for the above requirements. In this
paper, we present a novel, lightweight and efficient key exchange and
authentication protocol suite called the Secure Mobile Sensor Network (SMSN)
Authentication Protocol. In the SMSN a mobile node goes through an initial
authentication procedure and receives a re-authentication ticket from the base
station. Later a mobile node can use this re-authentication ticket when
establishing multiple data exchange sessions and/or when moving across the
network. This scheme reduces the communication and computational complexity of
the authentication process. We proved the strength of our protocol with
rigorous security analysis and simulated the SMSN and previously proposed
schemes in an automated protocol verifier tool. Finally, we compared the
computational complexity and communication cost against well-known
authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29
pages, 15 figure
ABAKA : a novel attribute-based k-anonymous collaborative solution for LBSs
The increasing use of mobile devices, along with advances in telecommunication systems, increased the popularity of Location-Based Services (LBSs). In LBSs, users share their exact location with a potentially untrusted Location-Based Service Provider (LBSP). In such a scenario, user privacy becomes a major con- cern: the knowledge about user location may lead to her identification as well as a continuous tracing of her position. Researchers proposed several approaches to preserve usersâ location privacy. They also showed that hiding the location of an LBS user is not enough to guarantee her privacy, i.e., userâs pro- file attributes or background knowledge of an attacker may reveal the userâs identity. In this paper we propose ABAKA, a novel collaborative approach that provides identity privacy for LBS users considering usersâ profile attributes. In particular, our solution guarantees p -sensitive k -anonymity for the user that sends an LBS request to the LBSP. ABAKA computes a cloaked area by collaborative multi-hop forwarding of the LBS query, and using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We ran a thorough set of experiments to evaluate our solution: the results confirm the feasibility and efficiency of our proposal
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks
Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature
Garnet: a middleware architecture for distributing data streams originating in wireless sensor networks
We present an architectural framework, Garnet, which provides a data stream centric abstraction to encourage the manipulation and exploitation of data generated in sensor networks. By providing middleware services to allow mutually-unaware applications to manipulate sensor behaviour, a scalable, extensible platform is provided. We focus on sensor networks with transmit and receive capabilities as this combination poses greater challenges for managing and distributing sensed data. Our approach allows simple and sophisticated sensors to coexist, and allows data consumers to be mutually unaware of each other This also promotes the use of middleware services to mediate among consumers with potentially conflicting demands for shared data. Garnet has been implemented in Java, and we report on our progress to date and outline some likely scenarios where the use of our distributed architecture and accompanying middleware support enhances the task of sharing data in sensor network environments
- âŠ