20 research outputs found
On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard
Wireless Body Area Networks (WBAN) support a variety of real-time health
monitoring and consumer electronics applications. The latest international
standard for WBAN is the IEEE 802.15.6. The security association in this
standard includes four elliptic curve-based key agreement protocols that are
used for generating a master key. In this paper, we challenge the security of
the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols
to several attacks. We perform a security analysis on the protocols, and show
that they all have security problems, and are vulnerable to different attacks
An Elliptic Curve-based Signcryption Scheme with Forward Secrecy
An elliptic curve-based signcryption scheme is introduced in this paper that
effectively combines the functionalities of digital signature and encryption,
and decreases the computational costs and communication overheads in comparison
with the traditional signature-then-encryption schemes. It simultaneously
provides the attributes of message confidentiality, authentication, integrity,
unforgeability, non-repudiation, public verifiability, and forward secrecy of
message confidentiality. Since it is based on elliptic curves and can use any
fast and secure symmetric algorithm for encrypting messages, it has great
advantages to be used for security establishments in store-and-forward
applications and when dealing with resource-constrained devices.Comment: 13 Pages, 5 Figures, 2 Table
A Decentralized Dynamic PKI based on Blockchain
The central role of the certificate authority (CA) in traditional public key infrastructure (PKI) makes it fragile and prone to compromises and operational failures. Maintaining CAs and revocation lists is demanding especially in loosely-connected and large systems. Log-based PKIs have been proposed as a remedy but they do not solve the problem effectively. We provide a general model and a solution for decentralized and dynamic PKI based on a blockchain and web of trust model where the traditional CA and digital certificates are removed and instead, everything is registered on the blockchain. Registration, revocation, and update of public keys are based on a consensus mechanism between a certain number of entities that are already part of the system. Any node which is part of the system can be an auditor and initiate the revocation procedure once it finds out malicious activities. Revocation lists are no longer required as any node can efficiently verify the public keys through witnesses
On Continuous After-the-Fact Leakage-Resilient Key Exchange
Side-channel attacks are severe type of attack against implementation of cryptographic primitives. Leakage-resilient cryptography is a new theoretical approach to formally address the problem of side-channel attacks. Recently, the Continuous After-the-Fact Leakage (CAFL) security model has been introduced for two-party authenticated key exchange (AKE) protocols. In the CAFL model, an adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated. It supports continuous leakage even when the adversary learns certain ephemeral secrets or session keys. The amount of leakage is limited per query, but there is no bound on the total leakage. A generic leakage-resilient key exchange protocol has also been introduced that is formally proved to be secure in the CAFL model. In this paper, we comment on the CAFL model, and show that it does not capture its claimed security. Furthermore, we present an attack and counterproofs for the security of protocol which invalidates the formal security proofs of protocol in the CAFL model
Solutions to the GSM Security Weaknesses
Recently, the mobile industry has experienced an extreme increment in number
of its users. The GSM network with the greatest worldwide number of users
succumbs to several security vulnerabilities. Although some of its security
problems are addressed in its upper generations, there are still many operators
using 2G systems. This paper briefly presents the most important security flaws
of the GSM network and its transport channels. It also provides some practical
solutions to improve the security of currently available 2G systems.Comment: 6 Pages, 2 Figure
A Permissioned Blockchain-based System for Collaborative Drug Discovery
Research and development of novel molecular compounds in the pharmaceutical industry can be highly costly. Lack of confidentiality can prevent a product from being patented or commercialized. As an effect, cross-organizational collaboration is virtually non-existent. In this paper, we introduce a blockchain-based solution to the collaborative drug discovery problem so that participants can maintain full ownership of the asset and upload partial information about molecules without revealing the molecule itself. A prototype is also implemented using the blockchain technology Hyperledger Fabric and analyzed from security and performance perspectives. The prototype provides a set of functionalities that makes sure that ownership is maintained, integrity is protected, and critical information remains confidential. From a performance perspective, it provides a good throughput and latency in the order of milliseconds. However, further improvements could be done to the scalability of the syst em