246 research outputs found
Security of signed ELGamal encryption
Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts
Security of discrete log cryptosystems in the random oracle and the generic model
We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q
A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks
We propose a micro-payment scheme for multi-hop cellular networks that encourages collaboration in packet forwarding by letting users benefit from relaying others` packets. At the same time as proposing mechanisms for detecting and rewarding collaboration, we introduce appropriate mechanisms for detecting and punishing various forms of abuse. We show that the resulting scheme -- which is exceptionally light-weight -- makes collaboration rational and cheating undesirable
Secure Remote Attestation
More than ten years ago, a devastating data substitution attack was shown to successfully compromise all previously proposed remote attestation techniques. In fact, the authors went further than simply attacking previously proposed methods: they called into question whether it is theoretically possible for remote attestation methods to exist in face of their attack. Subsequently, it has been shown that it is possible, by relying on self-modifying code.
We show that it is possible to create remote attestation that is secure against all data substitution attacks, without relying on self-modifying code. Our proposed method relies on a construction of the checksum process that forces frequent L2 cache overflows if any data substitution attack takes place
Reputation-based Wi-Fi Deployment - Protocols and Security Analysis
In recent years, wireless Internet service providers (WISPs) have established thousands of WiFi hot spots in cafes, hotels and airports in order to offer to travelling Internet users access to email, web or other Internet service. However, two major problems still slow down the deployment of this kind of networks: the lack of a seamless roaming scheme and the variable quality of service experienced by the users. This paper provides a response to these two problems: We present a solution that, on the one hand, allows a mobile node to connect to a foreign WISP in a secure way while preserving its anonymity and, on the other hand, encourages the WISPs to provide the users with good QoS. We analyse the robustness of our solution against various attacks and we prove by means of simulations that our reputation model indeed encourages the WISPs to behave correctly
Distributed Phishing Attacks
We identify and describe a new type of phishing attack that circumvents what is probably
today\u27s most efficient defense mechanism in the war against phishing, namely the
shutting down of sites run by the phisher. This attack is carried out using what we
call a distributed phishing attack (DPA). The attack works by a per-victim
personalization of the location of sites collecting credentials and a covert
transmission of credentials to a hidden coordination center run by the phisher.
We show how our attack can be simply and efficiently implemented and how it can
increase the success rate of attacks while at the same time concealing the tracks
of the phisher. We briefly describe a technique that may be helpful to combat DPAs
Privacy-Preserving Polling using Playing Cards
Visualizing protocols is not only useful as a step towards
understanding and ensuring security properties, but is also a
beneficial tool to communicate notions of security to decision
makers and technical people outside the field of cryptography. We
present a simple card game that is a visualization for a secure
protocol for private polling where it is simple to see that
individual responses cannot be traced back to a respondent, and
cheating is irrational. We use visualization tricks to illustrate a
somewhat complex protocol, namely the Cryptographic Randomized
Response Technique protocol of Lipmaa et al. While our tools ---
commitments and cut-and-choose --- are well known, our construction
for oblivious transfer using playing cards is new. As part of
visualizing the protocol, we have been able to show that, while
cut-and-choose protocols normally get more secure with an increasing
number of choices, the protocol we consider --- surprisingly ---
does not. This is true for our visualization of the protocol and
for the real protocol
- …