Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up

A Survey on Acoustic Side Channel Attacks on Keyboards

Most electronic devices utilize mechanical keyboards to receive inputs, including sensitive information such as authentication credentials, personal and private data, emails, plans, etc. However, these systems are susceptible to acoustic side-channel attacks. Researchers have successfully developed methods that can extract typed keystrokes from ambient noise. As the prevalence of keyboard-based input systems continues to expand across various computing platforms, and with the improvement of microphone technology, the potential vulnerability to acoustic side-channel attacks also increases. This survey paper thoroughly reviews existing research, explaining why such attacks are feasible, the applicable threat models, and the methodologies employed to launch and enhance these attacks.Comment: 22 pages, conferenc

LightSource: Ultra Lightweight Clone Detection of RFID Tags from Software Unclonable Responses

Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database on each partner site. A persistent online connection is not guaranteed and local databases on each partner site impose extra cost and security issues. We introduce a new method in which we use 2-3kb Non-Volatile Memory (NVM) in RFID tags themselves to function as a very small “encoded local database”. Our method allows us to get rid of local databases and there is no need to have any connection between supply chain partners and the back-end database except when they want to verify products. We formally define black-box software unclonability and prove our scheme to satisfy this property. To this purpose, we introduce a simple “XOR-ADD” function and prove it is hard to predict its challenge-response behavior if given only one challenge response pair. The XOR-ADD function with control logic can be implemented using at most 170 gates. This implies that our scheme is compatible with the strict power consumption constraints of cheap EPC Class 1 Gen 2 RFIDs

Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up

Principles of Computer Programming I

This open textbook and its ancillary resources were developed under a Round 19 Transformation Grant.https://oer.galileo.usg.edu/compsci-textbooks/1015/thumbnail.jp

On the universally composable security of OpenStack

We initiate an effort to demonstrate how we can provide a rigorous, perceptible and holistic security analysis of a very large scale system. We choose OpenStack to exemplify our approach. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a crucial mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework, which has been so far used mainly for analyzing security of cryptographic protocols. Indeed, demonstrating how the UC framework can be used to argue about security-sensitive systems which are mostly non-cryptographic, in nature, is one of the main contributions of this work. Our analysis has the following key features: 1. It is user-centric: It stresses the security guarantees given to users of the system, in terms of privacy, correctness, and timeliness of the services. 2. It provides defense in depth: It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3. It is modular: It formulates security properties for individual components and uses them to assert security properties of the overall system. 4. It is extendable: Due to the scale of OpenStack, we limit the analysis to some core services of OpenStack at a high level. The analysis is extendable to more detail of the services, and other services can be added to the model using the same methodology, without much conceptual difficulty. Because of the modularity of the analysis, new services can be added one by one, almost independently of each other. Although our analysis covers only a number of core components of OpenStack, it formulates some basic and important security trade offs in the design. It also naturally paves the way to a more comprehensive analysis of OpenStack. In addition, as a by-product result of our modeling, we introduce a novel tokening mechanism, RAFT, which is backward compatible with Fernet Token currently used in OpenStack. By applying the UC framework, we prove that RAFT's one-time use tokens can realize a more secure OpenStack cloud than bearer tokens do.https://eprint.iacr.org/2018/602First author draf