On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto’04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least 226 and 254, respectively. Our herding and multicollision attacks on the hash functions based on generic checksum functions (e.g., one-way) are a special case of the attacks on the cascaded iterated hash functions previously analysed by Dunkelman and Preneel and are not better than their attacks. On hash functions with easily invertible checksums, our multicollision and herding attacks (if the hash value is short as in MD2) are more efficient than those of Dunkelman and Preneel

Electronic Contract Administration – Legal and Security Issues Research Report

This Report is a deliverable for the CRC for Construction Innovation research project 2005-025-A Electronic Contract Administration – Legal and Security Issues. It considers the security and legal risks that result from the increasing adoption of information and communication technologies (ICT) in the construction industry for e-contracting purposes and makes recommendations to minimise those risks

Practical Electromagnetic Template Attack on HMAC

The original publication is available at www.springerlink.comInternational audienceIn this paper, we show that HMAC can be attacked using a very efficient side channel attack which reveals the Hamming distance of some registers. After a profiling phase which requires access to a similar device that can be configured by the adversary, the attack recovers the secret key on one recorded execution of HMAC-SHA-1 for example, on an embedded device. We perform experimentations using a NIOS processor executed on a Field Programmable Gate Array (FPGA) to confirm the leakage model. Besides the high efficiency of this attack, $2^32\cdot 3^k$ where $k$ is the number of 32-bit words of the key, that we tested with experimentations, our results also shed some light on the on the requirements in term of side channel attack for the future SHA-3 function. Finally, we show that our attack can also be used to break the confidentiality of network protocols usually implemented on embedded devices. We have performed experiments using a NIOS processor executed on a Field Programmable Gate Array (FPGA) to confirm the leakage model. We hope that our results shed some light on the requirements in term of side channel attack for the future SHA-3 function

Side channel analysis of some hash based MACs:A response to SHA-3 requirements

The forthcoming NIST's Advanced Hash Standard (AHS) competition to select SHA-3 hash function requires that each candidate hash function submission must have at least one construction to support FIPS 198 HMAC application. As part of its evaluation, NIST is aiming to select either a candidate hash function which is more resistant to known side channel attacks (SCA) when plugged into HMAC, or that has an alternative MAC mode which is more resistant to known SCA than the other submitted alternatives. In response to this, we perform differential power analysis (DPA) on the possible smart card implementations of some of the recently proposed MAC alternatives to NMAC (a fully analyzed variant of HMAC) and HMAC algorithms and NMAC/HMAC versions of some recently proposed hash and compression function modes. We show that the recently proposed BNMAC and KMDP MAC schemes are even weaker than NMAC/HMAC against the DPA attacks, whereas multi-lane NMAC, EMD MAC and the keyed wide-pipe hash have similar security to NMAC against the DPA attacks. Our DPA attacks do not work on the NMAC setting of MDC-2, Grindahl and MAME compression functions. This talk outlines our results

Candida albicans-produced farnesol stimulates Pseudomonas quinolone signal production in LasR-defective Pseudomonas aeruginosa strains

Candida albicans has been previously shown to stimulate the production of Pseudomonas aeruginosa phenazine toxins in dual-species colony biofilms. Here, we report that P. aeruginosa lasR mutants, which lack the master quorum sensing system regulator, regain the ability to produce quorum-sensing-regulated phenazines when cultured with C. albicans. Farnesol, a signalling molecule produced by C. albicans, was sufficient to stimulate phenazine production in LasR− laboratory strains and clinical isolates. P. aeruginosa ΔlasR mutants are defective in production of the Pseudomonas quinolone signal (PQS) due to their inability to properly induce pqsH, which encodes the enzyme necessary for the last step in PQS biosynthesis. We show that expression of pqsH in a ΔlasR strain was sufficient to restore PQS production, and that farnesol restored pqsH expression in ΔlasR mutants. The farnesol-mediated increase in pqsH required RhlR, a transcriptional regulator downstream of LasR, and farnesol led to higher levels of N-butyryl-homoserine lactone, the small molecule activator of RhlR. Farnesol promotes the production of reactive oxygen species (ROS) in a variety of species. Because the antioxidant N-acetylcysteine suppressed farnesol-induced RhlR activity in LasR− strains, and hydrogen peroxide was sufficient to restore PQS production in las mutants, we propose that ROS are responsible for the activation of downstream portions of this quorum sensing pathway. LasR mutants frequently arise in the lungs of patients chronically infected with P. aeruginosa. The finding that C. albicans, farnesol or ROS stimulate virulence factor production in lasR strains provides new insight into the virulence potential of these strains

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting)

We study the concrete security of high-performance implementations of half-gates garbling, which all rely on (hardware-accelerated)~AES. We find that current instantiations using $k$-bit wire labels can be completely broken---in the sense that the circuit evaluator learns all the inputs of the circuit garbler---in time $O(2^k/C)$, where $C$ is the total number of (non-free) gates that are garbled, possibly across multiple independent executions. The attack can be applied to existing circuit-garbling libraries using $k=80$ when $C \approx 10^9$, and would require 267 machine-months and cost about USD 3500 to implement on the Google Cloud Platform. Since the attack can be entirely parallelized, the attack could be carried out in about a month using $\approx 250$ machines. With this as our motivation, we seek a way to instantiate the hash function in the half-gates scheme so as to achieve better concrete security. We present a construction based on AES that achieves optimal security in the single-instance setting (when only a single circuit is garbled). We also show how to modify the half-gates scheme so that its concrete security does not degrade in the multi-instance setting. Our modified scheme is as efficient as prior work in networks with up to 2 Gbps bandwidth

A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

Electronic Contract Administration – Legal and Security Issues Research Report

This Report is a deliverable for the CRC for Construction Innovation research project 2005-025-A Electronic Contract Administration – Legal and Security Issues. It considers the security and legal risks that result from the increasing adoption of information and communication technologies (ICT) in the construction industry for e-contracting purposes and makes recommendations to minimise those risks

Electronic Contract Administration – Legal and Security Issues Literature Review

This Report is a deliverable for the CRC for Construction Innovation research project 2005-025-A Electronic Contract Administration – Legal and Security Issues. It contains the results of a literature review of various national and international publications, legislation and court decisions relevant to electronic contracting. The Report identifies the legal and security issues that may arise in connection with: • The formation of construction contracts within an electronic environment; • The electronic administration and management of construction contracts; and • The management and retention of electronic records associated with construction projects

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC)