Yet another attack on a password authentication scheme based on quadratic residues with parameters unknown 1

In 1988, Harn, Laih and Huang proposed a password authentication scheme based on quadratic residues. However, in 1995, Chang, Wu and Laih pointed out that if the parameters d b a , , and l are known by the intruder, this scheme can be broken. In this paper, we presented another attack on the Harn-Laih-Huang scheme. In our attack, it doesn’t need to know the parameters and it is more efficient than the Chang-Wu-Laih attack

A Distributed Security Architecture for Large Scale Systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories Hursley Park, Winchester, U

SECURING TESLA BROADCAST PROTOCOL WITH DIFFIE- HELLMAN KEY EXCHANGE

ABSTRACT Broadcast communication is highly prone to attacks from unauthenticated users in the wireless medium. Techniques have been proposed to make the communication more secure. In this paper, TESLA broadcast protocol is used to ensure source authentication. Diffie-Hellman Key Exchange is used to share the cryptographic keys in a secured manner. A PKI is developed based on TESLA and Diffie-Hellman Key Exchange, assuming that all network nodes in the network are loosely synchronized in time

A Hybrid Approach for Data Hiding using Cryptography Schemes

Abstract -The use of internet increases for communication and for other more aspects. There are number of Cryptography scheme that used to increase security where we discuss about the confidential information transfer. As unauthorized access & data loss increases so, in this work we proposed a hybrid approach to hide secret data in other file that it can't be lost or accessed by unauthorized user. This hybrid technique can be proposed by using advance hill cipher and DES to enhance the security which can be measured by calculating PSNR & MSE values. This technique is a new technique for hiding text data behind the image file and increase the security

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods

A control theoretic approach for security of cyber-physical systems

In this dissertation, several novel defense methodologies for cyber-physical systems have been proposed. First, a special type of cyber-physical system, the RFID system, is considered for which a lightweight mutual authentication and ownership management protocol is proposed in order to protect the data confidentiality and integrity. Then considering the fact that the protection of the data confidentiality and integrity is insufficient to guarantee the security in cyber-physical systems, we turn to the development of a general framework for developing security schemes for cyber-physical systems wherein the cyber system states affect the physical system and vice versa. After that, we apply this general framework by selecting the traffic flow as the cyber system state and a novel attack detection scheme that is capable of capturing the abnormality in the traffic flow in those communication links due to a class of attacks has been proposed. On the other hand, an attack detection scheme that is capable of detecting both sensor and actuator attacks is proposed for the physical system in the presence of network induced delays and packet losses. Next, an attack detection scheme is proposed when the network parameters are unknown by using an optimal Q-learning approach. Finally, this attack detection and accommodation scheme has been further extended to the case where the network is modeled as a nonlinear system with unknown system dynamics --Abstract, page iv

Wireless LAN security.

Chan Pak To Patrick.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 82-86).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- The Problems --- p.3Chapter 1.3 --- My Contribution --- p.4Chapter 1.4 --- Thesis Organization --- p.5Chapter 2 --- Wireless LAN Security Model --- p.6Chapter 2.1 --- Preliminary Definitions on WLAN --- p.6Chapter 2.2 --- Security Model --- p.7Chapter 2.2.1 --- Security Attributes --- p.7Chapter 2.2.2 --- Security Threats in WLAN --- p.8Chapter 2.2.3 --- Attacks on Authentication Scheme --- p.10Chapter 2.2.4 --- Attacks on Keys --- p.10Chapter 2.3 --- Desired Properties of WLAN Authentication --- p.11Chapter 2.3.1 --- Security Requirements of WLAN Authentication --- p.11Chapter 2.3.2 --- Security Requirements of Session Keys --- p.12Chapter 2.3.3 --- Other Desired Properties of WLAN Authentication --- p.12Chapter 3 --- Cryptography --- p.14Chapter 3.1 --- Overview on Cryptography --- p.14Chapter 3.2 --- Symmetric-key Encryption --- p.15Chapter 3.2.1 --- Data Encryption Standard (DES) --- p.15Chapter 3.2.2 --- Advanced Encryption Standard (AES) --- p.15Chapter 3.2.3 --- RC4 --- p.16Chapter 3.3 --- Public-key Cryptography --- p.16Chapter 3.3.1 --- RSA Problem and Related Encryption Schemes --- p.17Chapter 3.3.2 --- Discrete Logarithm Problem and Related Encryption Schemes --- p.18Chapter 3.3.3 --- Elliptic Curve Cryptosystems --- p.19Chapter 3.3.4 --- Digital Signature --- p.19Chapter 3.4 --- Public Key Infrastructure --- p.20Chapter 3.5 --- Hash Functions and Message Authentication Code --- p.21Chapter 3.5.1 --- SHA-256 --- p.22Chapter 3.5.2 --- Message Authentication Code --- p.22Chapter 3.6 --- Entity Authentication --- p.23Chapter 3.6.1 --- ISO/IEC 9798-4 Three-pass Mutual --- p.23Chapter 3.6.2 --- ISO/IEC 9798-4 One-pass Unilateral --- p.24Chapter 3.7 --- Key Establishment --- p.24Chapter 3.7.1 --- Diffie-Hellman Key Exchange --- p.24Chapter 3.7.2 --- Station-to-Station Protocol --- p.25Chapter 3.8 --- Identity-Based Cryptography --- p.25Chapter 3.8.1 --- The Boneh-Franklin Encryption Scheme --- p.26Chapter 3.8.2 --- Au and Wei's Identification Scheme and Signature Scheme --- p.27Chapter 4 --- Basics of WLAN Security and WEP --- p.29Chapter 4.1 --- Basics of WLAN Security --- p.29Chapter 4.1.1 --- "Overview on ""Old"" WLAN Security" --- p.29Chapter 4.1.2 --- Some Basic Security Measures --- p.29Chapter 4.1.3 --- Virtual Private Network (VPN) --- p.30Chapter 4.2 --- WEP --- p.31Chapter 4.2.1 --- Overview on Wired Equivalent Privacy (WEP) --- p.31Chapter 4.2.2 --- Security Analysis on WEP --- p.33Chapter 5 --- IEEE 802.11i --- p.38Chapter 5.1 --- Overview on IEEE 802.11i and RSN --- p.38Chapter 5.2 --- IEEE 802.1X Access Control in IEEE 802.11i --- p.39Chapter 5.2.1 --- Participants --- p.39Chapter 5.2.2 --- Port-based Access Control --- p.40Chapter 5.2.3 --- EAP and EAPOL --- p.40Chapter 5.2.4 --- RADIUS --- p.41Chapter 5.2.5 --- Authentication Message Exchange --- p.41Chapter 5.2.6 --- Security Analysis --- p.41Chapter 5.3 --- RSN Key Management --- p.43Chapter 5.3.1 --- RSN Pairwise Key Hierarchy --- p.43Chapter 5.3.2 --- RSN Group Key Hierarchy --- p.43Chapter 5.3.3 --- Four-way Handshake and Group Key Handshake --- p.44Chapter 5.4 --- RSN Encryption and Data Integrity --- p.45Chapter 5.4.1 --- TKIP --- p.45Chapter 5.4.2 --- CCMP --- p.46Chapter 5.5 --- Upper Layer Authentication Protocols --- p.47Chapter 5.5.1 --- Overview on the Upper Layer Authentication --- p.47Chapter 5.5.2 --- EAP-TLS --- p.48Chapter 5.5.3 --- Other Popular ULA Protocols --- p.50Chapter 6 --- Proposed IEEE 802.11i Authentication Scheme --- p.52Chapter 6.1 --- Proposed Protocol --- p.52Chapter 6.1.1 --- Overview --- p.52Chapter 6.1.2 --- The AUTHENTICATE Protocol --- p.56Chapter 6.1.3 --- The RECONNECT Protocol --- p.59Chapter 6.1.4 --- Packet Format --- p.61Chapter 6.1.5 --- Ciphersuites Negotiation --- p.64Chapter 6.1.6 --- Delegation --- p.64Chapter 6.1.7 --- Identity Privacy --- p.68Chapter 6.2 --- Security Considerations --- p.68Chapter 6.2.1 --- Security of the AUTHENTICATE protocol --- p.68Chapter 6.2.2 --- Security of the RECONNECT protocol --- p.69Chapter 6.2.3 --- Security of Key Derivation --- p.70Chapter 6.2.4 --- EAP Security Claims and EAP Methods Requirements --- p.72Chapter 6.3 --- Efficiency Analysis --- p.76Chapter 6.3.1 --- Overview --- p.76Chapter 6.3.2 --- Bandwidth Performance --- p.76Chapter 6.3.3 --- Computation Speed --- p.76Chapter 7 --- Conclusion --- p.79Chapter 7.1 --- Summary --- p.79Chapter 7.2 --- Future Work --- p.80Bibliography --- p.8

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998