Analysis and Improvement of an Authentication Scheme in Incremental Cryptography

International audienceIntroduced in cryptography by Bellare, Goldreich and Goldwasser in 1994, incrementality is an attractive feature that enables to update efficiently a cryptographic output like a ciphertext, a signature or an authentication tag after modifying the corresponding input. This property is very valuable in large scale systems where gigabytes of data are continuously processed (e.g. in cloud storage). Adding cryptographic operations on such systems can decrease dramatically their performance and incrementality is an interesting solution to have security at a reduced cost.We focus on the so-called XOR-scheme, the first incremental authentication construction proposed by Bellare, Goldreich and Goldwasser, and the only strongly incremental scheme (i.e. incremental regarding insert and delete update operations at any position in a document). Surprisingly, we found a simple attack on this construction that breaks the basic security claimed by the authors in 1994 with only one authentication query (not necessarily chosen). Our analysis gives different ways to fix the scheme; some of these patches are discussed in this paper and we provide a security proof for one of them

Deregulation of Rab and Rab Effector Genes in Bladder Cancer

Growing evidence indicates that Rab GTPases, key regulators of intracellular transport in eukaryotic cells, play an important role in cancer. We analysed the deregulation at the transcriptional level of the genes encoding Rab proteins and Rab-interacting proteins in bladder cancer pathogenesis, distinguishing between the two main progression pathways so far identified in bladder cancer: the Ta pathway characterized by a high frequency of FGFR3 mutation and the carcinoma in situ pathway where no or infrequent FGFR3 mutations have been identified. A systematic literature search identified 61 genes encoding Rab proteins and 223 genes encoding Rab-interacting proteins. Transcriptomic data were obtained for normal urothelium samples and for two independent bladder cancer data sets corresponding to 152 and 75 tumors. Gene deregulation was analysed with the SAM (significant analysis of microarray) test or the binomial test. Overall, 30 genes were down-regulated, and 13 were up-regulated in the tumor samples. Five of these deregulated genes (LEPRE1, MICAL2, RAB23, STXBP1, SYTL1) were specifically deregulated in FGFR3-non-mutated muscle-invasive tumors. No gene encoding a Rab or Rab-interacting protein was found to be specifically deregulated in FGFR3-mutated tumors. Cluster analysis showed that the RAB27 gene cluster (comprising the genes encoding RAB27 and its interacting partners) was deregulated and that this deregulation was associated with both pathways of bladder cancer pathogenesis. Finally, we found that the expression of KIF20A and ZWINT was associated with that of proliferation markers and that the expression of MLPH, MYO5B, RAB11A, RAB11FIP1, RAB20 and SYTL2 was associated with that of urothelial cell differentiation markers. This systematic analysis of Rab and Rab effector gene deregulation in bladder cancer, taking relevant tumor subgroups into account, provides insight into the possible roles of Rab proteins and their effectors in bladder cancer pathogenesis. This approach is applicable to other group of genes and types of cancer

On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation

Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME(+) and EME* modes from random tweakable permutations with negligible effort and 2(n/2) chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation

On the Rila-Mitchell security protocols for biometrics-based cardholder authentication in smartcards

We consider the security of the Rila-Mitchell security protocols recently proposed for biometrics-based smartcard systems. We first present a man-in-the-middle (MITM) attack on one of these protocols and hence show that it fails to achieve mutual authentication between the smartcard and smartcard reader. In particular, a hostile smartcard can trick the reader into believing that it is a legitimate card and vice versa. We also discuss security cautions that if not handled carefully would lead to attacks. We further suggest countermeasures to strengthen the protocols against our attacks, as well as to guard against the cautions highlighted. Our emphasis here is that seemingly secure protocols when implemented with poor choices of parameters would lead to attacks

Cryptanalysis of a generalized anonymous buyer-seller watermarking protocol of IWDW 2004

In this paper, we analyze the security of a generalized anonymous buyer-seller watermarking protocol recently proposed by Choi and Park at IWDW 2004. We prove that it has not met the designers' intended security criteria by showing that an attacker can actually: (1) discover the unique buyer's watermark which was chosen by the watermark certificate center (WCC), and (2) decrypt the encrypted watermarked digital content without any extra cost. Also, it is surprising to note that when designing their protocol, the designers did not take into consideration the conspiracy attacks

Cryptanalysis of PASS II and MiniPass

In ACISP '00, Wu et al. proposed attacks to break the Polynomial Authentication and Signature Scheme (PASS), in particular, they are able to generate valid authentication transcripts and digital signatures without knowing the private key and any previous transcripts/signatures. They showed that PASS can be broken with around 2(38.3) trials. In this paper, we analyze the security of the improved versions of PASS; viz. PASS II and MiniPASS, and extend the Wu et al.'s attacks to PASS II and MiniPASS to break them. Furthermore, we discuss why and how these schemes are broken from the view point of the structure of cryptosystems and point out the fundamental weakness behind

Fruit and vegetable consumption in rural adults population in INDEPTH HDSS sites in Asia

BACKGROUND: Low fruit and vegetable consumption is among the top 10 risk factors contributing to mortality worldwide. WHO/FAO recommends intake of a minimum of 400 grams (or five servings) of fruits and vegetables per day for the prevention of chronic diseases such as heart diseases, cancer, diabetes, and obesity. OBJECTIVE: This paper examines the fruit and vegetable consumption patterns and the prevalence of inadequate fruit and vegetable consumption (less than five servings a day) among the adult population in rural surveillance sites in five Asian countries. DATA AND METHODS: The analysis is based on data from a 2005 cross-site study on non-communicable disease risk factors which was conducted in nine Asian INDEPTH Health and Demographic Surveillance System (HDSS) sites. Standardised protocols and methods following the WHO STEPwise approach to risk factor surveillance were used. The total sample was 18,429 adults aged 25-64 years. Multivariate logistic regression analysis was performed to assess the association between socio-demographic factors and inadequate fruit and vegetable consumption. RESULTS: Inadequate fruit and vegetable consumption was common in all study sites. The proportions of inadequate fruit and vegetable consumption ranged from 63.5% in men and 57.5% in women in Chililab HDSS in Vietnam to the whole population in Vadu HDSS in India, and WATCH HDSS in Bangladesh. Multivariate logistic regression analysis in six sites, excluding WATCH and Vadu HDSS, showed that being in oldest age group and having low education were significantly related to inadequate fruit and vegetable consumption, although the pattern was not consistent through all six HDSS. CONCLUSIONS: Since such a large proportion of adults in Asia consume an inadequate amount of fruits and vegetables, despite of the abundant availability, education and behaviour change programmes are needed to promote fruit and vegetable consumption. Accurate and useful information about the health benefits of abundant fruit and vegetable consumption should be widely disseminated