Message Authentication and Recognition Protocols Using Two-Channel Cryptography

We propose a formal model for non-interactive message authentication protocols (NIMAPs) using two channels and analyze all the attacks that can occur in this model. Further, we introduce the notion of hybrid-collision resistant (HCR) hash functions. This leads to a new proposal for a NIMAP based on HCR hash functions. This protocol is as efficient as the best previous NIMAP while having a very simple structure and not requiring any long strings to be authenticated ahead of time. We investigate interactive message authentication protocols (IMAPs) and propose a new IMAP, based on the existence of interactive-collision resistant (ICR) hash functions, a new notion of hash function security. The efficient and easy-to-use structure of our IMAP makes it very practical in real world ad hoc network scenarios. We also look at message recognition protocols (MRPs) and prove that there is a one-to-one correspondence between non-interactive MRPs and digital signature schemes with message recovery. Further, we look at an existing recognition protocol and point out its inability to recover in case of a specific adversarial disruption. We improve this protocol by suggesting a variant which is equipped with a resynchronization process. Moreover, another variant of the protocol is proposed which self-recovers in case of an intrusion. Finally, we propose a new design for message recognition in ad hoc networks which does not make use of hash chains. This new design uses random passwords that are being refreshed in each session, as opposed to precomputed elements of a hash chain

Practical Unconditionally Secure Two-channel Message Authentication

We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. We look at both noninteractive message authentication protocols (NIMAPs) and interactive message authentication protocols (IMAPs). We provide a new proof of nonexistence of nontrivial unconditionally secure NIMAPs. This proof consists of a combinatorial counting argument and is much shorter than the previous proof by Wang et al., which was based on probability distribution arguments. Further, we propose a generalization of an unconditionally secure 3-round IMAP due to Naor, Segev and Smith. With a careful choice of parameters, our scheme improves that of Naor et al. Our scheme is very close to optimal for most parameter situations of practical interest.

Recognition in Ad Hoc Pervasive Networks

We examine the problem of message and entity recognition in the context of ad hoc networks. We review the definitions and the security model described in the literature and examine previous recognition protocols described in ABCLMN98, HWGW05, LZWW05, M03, and WW03. We prove that there is a one to one correspondence between non-interactive message recognition protocols and digital signature schemes. Hence, we concentrate on designing interactive recognition protocols. We look at LZWW05 in more detail and suggest a variant to overcome a certain shortcoming. In particular, in case of communication failure or adversarial disruption, this protocol is not equipped with a practical resynchronization process and can fail to resume. We propose a variant of this protocol which is equipped with a resynchronization technique that allows users to resynchronize whenever they wish or when they suspect an intrusion

Who is Influencing the #GDPR Discussion on Twitter: Implications for Public Relations

On May 25, 2018, the European Union (EU) implemented the General Data Protection Regulation (GDPR) to protect individuals’ privacy and data. This regulation has far-reaching implications as it applies to any organization that deals with data of EU residents. By studying the discussion about this regulation on Twitter, our goal is to examine public opinions and organizational public relations (PR) strategies about GDPR. The results show that the regulation is being actively discussed by a variety of stakeholders, but especially by cybersecurity and IT-related firms and consultants. At the same time, some of the stakeholders that were expected to have a more active role were less involved, including companies that store or process personal data, government and regulatory bodies, mainstream media, and academics. The results also show that the stakeholders mostly have one-way rather than two-way communication with their audiences, thus fulfilling the rhetorical than relational function of PR

Forgery-Resilience for Digital Signature Schemes

We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm for digital signature schemes exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signature, and exponentially many acceptable signatures, all but one of them being spurious. This primitive enables a judge to verify whether an alleged forged signature is indeed a forgery. In particular, the scheme considers an adversary who has access to a signing oracle and an oracle that solves a “hard” problem, and who tries to produce a signature that appears to be acceptable from a verifier’s point of view. However, a judge can tell apart such a spurious signature from a signature that is produced by an honest signer. This property is referred to as validatibility. Moreover, the scheme provides undeniability against malicious signers who try to fabricate spurious signatures and deny them later by showing that they are not valid. Last but not least, trustability refers to the inability of a malicious judge trying to forge a valid signature. This notion for signature schemes improves upon the notion of fail-stop signatures in different ways. For example, it is possible to sign more than one messages with forgery-resilient signatures and once a forgery is found, the credibility of a previously signed signature is not under question. A concrete instance of a forgery-resilient signature scheme is constructed based on the hardness of extracting roots of higher residues, which we show to be equivalent to the factoring assumption. In particular, using collision-free accumulators, we present a tight reduction from malicious signers to adversaries against the factoring problem. Meanwhile, a secure pseudorandom function ensures that no polynomially-bounded cheating verifier, who can still solve hard problems, is able to forge valid signatures. Security against malicious judges is based on the RSA assumption

Revisiting Iterated Attacks in the Context of Decorrelation Theory

Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C* based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d. when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d-1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples. We also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks