Showing papers on "Concrete security published in 2013"

Foundations of Garbled Circuits

Abstract: Garbled circuits, a classical idea rooted in the work of Andrew Yao, have long been understood as a cryptographic technique, not a cryptographic goal. Here we cull out a primitive corresponding to this technique. We call it a garbling scheme. We provide a provable-security treatment for garbling schemes, endowing them with a versatile syntax and multiple security definitions. The most basic of these, privacy, suffices for two- party secure function evaluation (SFE) and private function evaluation (PFE). Starting from a PRF, we provide an efficient garbling scheme achieving privacy and we analyze its concrete security. We next consider obliviousness and authenticity, properties needed for private and verifiable outsourcing of computation. We extend our scheme to achieve these ends. We provide highly efficient blockcipher-based instantiations of both schemes. Our treatment of garbling schemes presages more efficient garbling, more rigorous analyses, and more modularly designed higher-level protocols.

White-Box Security Notions for Symmetric Encryption Schemes

Abstract: White-box cryptography has attracted a growing interest from researchers in the last decade Several white-box implementations of standard block-ciphers DES, AES have been proposed but they have all been broken On the other hand, neither evidence of existence nor proofs of impossibility have been provided for this particular setting This might be in part because it is still quite unclear what white-box cryptography really aims to achieve and which security properties are expected from white-box programs in applications This paper builds a first step towards a practical answer to this question by translating folklore intuitions behind white-box cryptography into concrete security notions Specifically, we introduce the notion of white-box compiler that turns a symmetric encryption scheme into randomized white-box programs, and we capture several desired security properties such as one-wayness, incompressibility and traceability for white-box programs We also give concrete examples of white-box compilers that already achieve some of these notions Overall, our results open new perspectives on the design of white-box programs that securely implement symmetric encryption

Non-uniform Cracks in the Concrete: The Power of Free Precomputation

Abstract: AES-128, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols are frequently conjectured to provide a security level of 2128. Extensive cryptanalysis of these primitives appears to have stabilized sufficiently to support such conjectures.

Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

Abstract: We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code.We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standardized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of assembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.

Breaking '128-bit Secure' Supersingular Binary Curves ? (or how to solve discrete logarithms in F24 1223 and F212 367)

Abstract: In late 2012 and early 2013 the discrete logarithm problem (DLP) in nite elds of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi- polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thom e. Using these developments, Adj, Menezes, Oliveira and Rodr guez-Henr quez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature, which were originally thought to be 128-bit secure. In particular, they suggested that the new algorithms have no impact on the security of a genus one curve over F21223, and reduce the security of a genus two curve over F2367 to 94:6 bits. In this paper we propose a new eld representation and ecient general descent principles which together make the new techniques far more practical. Indeed, at the '128-bit security level' our analysis shows that the aforementioned genus one curve has approximately 59 bits of security, and we report a total break of the genus two curve.

Formal Specification of Security Properties using Z Notation

Abstract: Software security is a challenging issue for distributed and open systems. Despite the importance of external protections of software systems, internal security has significant impact on the overall security of the software systems. In this study, internal security issues of software systems are addressed. Internal security of software systems is defined in terms of security properties: authentication, authorization, confidentiality, integrity, non-repudiation and resource availability. Internal security of software systems largely depends on the integration of these security properties into the software systems. A precise and unambiguous representation of these security properties is crucial for any successful secure system. Majority of the existing models are based on informal or semi- formal approaches to model these security properties. But no model is based on formal methods. Therefore, in this study, a formal specification of these security properties is presented in Z notation because formal methods are the only way to specify system properties unambiguously, completely and precisely. The resulting models are then analyzed by using Z/EVES theorem prover. The formal specifications of these security properties are analyzed only for syntax checking, type checking and automatic proofs of models.

Security Model and Analysis of FHMQV, Revisited

Abstract: HMQV is one of the most efficient (provably secure) authenticated key-exchange protocols based on public-key cryptography, and is widely standardized. In spite of its seemingly conceptual simplicity, the HMQV protocol was actually very delicately designed. The provable security of HMQV is conducted in the Canetti-Krawczyk framework (CK-framework, in short), which is quite complicated and lengthy with many subtleties actually buried there. However, lacking a full recognition of the precise yet subtle interplay between HMQV protocol structure and provable security can cause misunderstanding of the HMQV design, and can cause potential flawed design and analysis of HMQV protocol variants. In this work, we explicitly make clear the interplay between HMQV protocol structure and provable security, showing the delicate design of HMQV. We then re-examine the security model and analysis of a recently proposed HMQV protocol variant, specifically, the FHMQV protocol proposed by Sarr et al. in [25]. We clarify the relationship between the traditional CK-framework and the CK-FHMQV security model proposed for FHMQV, and show that CK-HMQV and CK-FHMQV are incomparable. Finally, we make a careful investigation of the CDH-based analysis of FHMQV in the CK-FHMQV model, which was considered to be one of the salient advantages of FHMQV. We identify that the CDH-based security analysis of FHMQV is actually flawed. The flaws identified in the security proof of FHMQV just stem from lacking a full realization of the precise yet subtle interplay, as clarified in this work, between HMQV protocol structure and provable security.

Securing DNA Information through Public Key Cryptography

Abstract: This research work emerged as a new concept to provide robust security to the huge volume of information residing in DNA. In present scenario, security is being managed through symmetric key cryptography only. A new initiative has been taken to increase the robustness of DNA security. In this paper we are integrating public key cryptography inside traditional DNA security algorithm. The additional security is provided through a new algorithm as proposed, which takes advantage of residue theorem and traditional RSA algorithm. The main security concept is based on complexity in factorization and high versatility of choosing parameters/ variables. Basically, DNA is encrypted through symmetric key cryptography and the key used to encrypt the data symmetrically is itself encrypted asymmetrically through proposed modified RSA algorithm. Through example, it is further illustrated in this paper that this is not only one of the optimized algorithms to provide a tradeoff between security and computational speed but also adds some sort of defense strategy against various attacks in a layered approach.

Study on physical layer security with game theory

Abstract: In the research of physical layer security, it is sometimes needed to analyze the security of network nodes with dependency or adversary relationships, but there is hardly any efficient solution at present This article analyzes the dependency or adversary situations and proposes that current physical layer security has rational nature and multi-objective optimization need in the new scenes, both of which are meanwhile the fundamental requirements of Game Theory A new solution is formed by constructing a game description of physical layer security with Game Theory

An Efficient and Provable Secure Security-Mediated Identity-Based Identification Scheme

Abstract: In USENIX 2001, Boneh et al. introduced a new way of obtaining fast revocation for RSA keys with the help of a security mediator. In 2003, Boneh et al. also showed how to convert the security-mediated RSA encryption scheme into an identity-based mediated RSA encryption scheme. This new technique addressed the shortcoming of identity-based cryptography where revocation required appending the valid date for a user's keys together with his identity-string, allowing for instant revocation of invalid user keys. Subsequently, many security-mediated cryptographic primitives were proposed. Surprisingly however, no work has yet to be done to address security-mediated identity-based identification schemes despite more than a decade has passed since this feature was incorporated into encryption and signature primitives. In this paper, we provide that contribution by defining the appropriate security notions for achieving fast revocation for identity-based identification schemes. Subsequently we show a concrete scheme that achieves these security notions under provable security.

State Machine-Based Security Fusion for Resource-Constrained Environments

Abstract: A growing range of devices has difficulty in implementing strong cryptographic algorithms. Radio frequency IDs and sensors, for instance, generally lack the processing power and memory to perform these operations in an efficient and timely manner. Recently, a new paradigm in security, called security fusion, was introduced for resource-constrained environments. In this approach, strong security properties are synthesized from weaker point-to-point properties, thereby minimizing the resource requirements at each node without compromising system-level security. In this paper, we describe a state machine-based architecture and pertinent protocols to realize security fusion. Furthermore, we analyze these protocols for their security capabilities.

Another Look at XCB.

Abstract: XCB is a tweakable enciphering scheme (TES) which was first proposed in 2004. The scheme was modified in 2007. We call these two versions of XCB as XCBv1 and XCBv2 respectively. XCBv2 was later proposed as a standard for encryption of sector oriented storage media in IEEE-std 1619.2 2010. There is no known proof of security for XCBv1 but the authors provided a concrete security bound for XCBv2 and a “proof” for justifying the bound. In this paper we show that XCBv2 is not secure as a TES by showing an easy distinguishing attack on it. For XCBv2 to be secure, the message space should contain only messages whose lengths are multiples of the block length of the block cipher. For such restricted message spaces also, the bound that the authors claim is not justified. We show this by pointing out some errors in the proof. For XCBv2 on full block messages, we provide a new security analysis. The resulting bound that can be proved is much worse than what has been claimed by the authors. Further, we provide the first concrete security bound for XCBv1, which holds for all message lengths. In terms of known security bounds, both XCBv1 and XCBv2 are worse compared to existing alternative TES.

Provably Secure Signcryption Scheme Based on q-Diffie-Hellman Problem for Wireless Security

Abstract: Confidentiality and authenticity are two fundamental security requirement of Public key Cryptography. These are achieved by encryption scheme and digital signatures respectively. Wireless sensor networks are commonly used for critical security tasks such as intrusion or tamper detection, and therefore must be protected. The article proposes a provable secure signcryption scheme in Random oracle model for wireless security. It enables nodes to authenticate each other by keeping the information confidential. Also achieve data integrity in the communication. Security of the scheme is based on q-Diffie Hellman Problem. We modify the scheme proposed by Libert et al. and proposed a provably secure scheme with respect to security under assumptions of Strong Diffie-Hellman (SDH) and Diffie-Hellman Inversion (DHI) in the random oracles.

MQ Signature and Proxy Signature Schemes with Exact Security Based on UOV Signature.

Abstract: Multivariate public key cryptography which relies on MQ (Multivariate Quadratic) problems is one of the main approaches to guarantee the security of communication in the post-quantum world. In this paper, we propose a combined MQ signature scheme based on the yet unbroken UOV (Unbalanced Oil and Vinegar) signature if parameters are properly chosen. Our scheme can not only reduce the public key size of the UOV signature, but also provide more tighter bound of security against chosen-message attack in the random oracle model. On the other hand, we propose a proxy signature scheme based on our proposed combined signature scheme. Additionally, we give a strict security proof for our proxy signature scheme. Finally, we present experiments for all of our proposed schemes and the baseline schemes. Comparisons with related schemes show that our work has some advantages on performance along with more strict security.

On Provable Security of Cryptographic Schemes

Abstract: Provable security is an important issue in modern cryptography because it satisfies the security of the encryption schemes in a theoretical way via a reduction method. Typically, a mathematically hard problem M is reduced to breaking the scheme S that is wanted to be proven secure. Existence of such a reduction implies that the problem of breaking the scheme S is as hard as M. This reduction results in a contradiction by arguing that if there exists a polynomial time algorithm A breaking S, then one consructs a polynomial time algorithm B to solve M by using A as a subroutine. Besides, to prove the security of a cryptographic scheme, it is necessarry to define the goals and the capabilities of the adversary. In this paper, we review security models in terms of the adversarial goals and the adversarial capabilities. We define what security actually means to decide whether a scheme is secure. We review the definition of provably security by means of several games between the challenger and the adversary in some security models, namely the standard model and the random oracle model. We state the main differences between these two models and observe the advantage of the success probability of the adversary in breaking the cryptographic schemes. We investigate the security of some public key encryption schemes such as RSA, ElGamal, Cramer-Shoup and discuss under which circumstances they satisfy which security notions.

Survey of Threats to the Biometric Authentication Systems and Solutions

Abstract: authentication is an exciting field in the system security domain. The challenges associated with this domain need to be addressed in detail since the security of the biometric template is itself a big challenge. Biometric template once lost or copied cannot be changed like simple password. This paper summarizes and discusses major challenges; Categorization of the attacks and their known remedies has also been highlighted. This work is an attempt to establish a thought in front of research community that the methods proposed recently do not sufficiently encompasses the concrete security procedures to make the biometric template safe. Keywordssecurity, Biometric, Fuzzy vault, Biometric cryptography, attacks on biometrics.

Embedding of Security Components in Untrusted Third-Party Websites

Abstract: Security-sensitive components, such as single sign-on APIs, need to be safely deployed on untrusted webpages. We present several new attacks on security components used in popular web applications that demonstrate how failing to isolate such components leaves them vulnerable to attacks both from the hosting website and other components loaded on the same page. These attacks are not prevented by browser security mechanisms alone, because they are caused by code interacting within the same origin. To mitigate these attacks, we propose to combine fine-grained component isolation at the JavaScript level with cryptographic mechanisms. We present Defensive JavaScript (DJS), a subset of the language that guarantees the behavioral integrity of trusted scripts loaded in an untrusted page. We give a sound type system, type inference tool and build defensive libraries for cryptography and data encodings. We show the effectiveness of our solution by implementing several isolation patterns that fix some of our original attacks. We use a translation of a fragment of DJS to to applied pi-calculus to verify concrete security policies of critical components against various classes of web attackers.

The New Approach of Quantum Cryptography in Network Security

Abstract: There are multiple encryption techniques at present time but they cannot provide sufficient security. Thus security is still a challenging issue of communications. By the Since now –a-days security is the primary concern for any organization. This paper suggest a new approach of quantum computation. In this approach fingerprint and quantum mechanical affect creates new and highly secure network.

Network Security Management for Railway Out-of-Gauge and Enhanced-Load Goods Dispatching System

Abstract: Railway out-of-gauge and enhanced-load goods (ROEG) transport organization with risky, costly and difficult characteristics is the system engineering. For better scientific online management, ROEG dispatching system (ROEGDS) with B/S mode and three-layer is developed. Then, with the network framework and architecture for ROEGDS, network security technologies including firewall intrusion detection, dynamic password authentication, security vulnerability assessment technologies and so on are all put forward. Besides, concrete security management measures are further given from four aspects to ensure network security. The results from its trial in Nanning Railway Administration show that ROEGDS can achieve given goals and these network security technologies and management measures put forward in the paper can also guarantee ROEGDS and ROEG transport safety.

Risk Assessment of Security Systems Based on Entropy Theory and Neyman-Pearson Criterion

Abstract: For a security system, the risk assessment is an important metric to judge whether the protection effectiveness of a security system is good or not. In this paper, the security systems deployed in a guard field are regarded abstractly as a diagram of security network. Firstly a method about risk assessment based on entropy theory and Neyman-Pearson criterion is proposed. Secondly, the most vulnerable path formulation of a security network is described and a solution by utilizing the Dijkstra's shortest path algorithm is provided. The protection probability on the most vulnerable path is considered as the risk measure of a security network. Furthermore, we study the effects of some parameters on the risk and the breach protection probability and present simulations. Ultimately, we can gain insight about the risk of a security network.

Provable Security Proofs and their Interpretation in the Real World.

Abstract: This paper analyses provable security proofs, using the EDL signature scheme as its case study, and interprets their benets and drawbacks when applied to the real world. Provable security has been an area of contention. Some, such as Koblitz and Menezes, give little credit to the potential extra security provided and argue that it is a distracting goal. However, others believe that an algorithm with a security proof is superior to one without it, and are prepared to accept the impact to performance that their use might involve. Goldreich has been notable for his defence of the security proof, and for his opposition to the view of Koblitz and Menezes. This paper is designed to help the reader make their own decisions on security proofs. We achieve this by giving an introduction to the typical security model used, then give a description of the EDL signature scheme and its tight reduction to the CDH problem in the Random Oracle Model, then analyse the proof’s assumptions, meaning, validity

Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations.

Abstract: We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealised components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework with the RSA-OAEP encryption scheme, as standardized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of assembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it is the first application of computer-aided cryptographic tools to real-world security, and the first application of CompCert to cryptographic software.

An evaluation of key-agreement protocols based on weak-secrets

Abstract: Two agents want to securely communicate on a insecure channel in the presence of an adversary. For that they agree in a strong cryptographic key based on a weak-source of randomness stemming from the physical network characteristics where these agents communicate. In this dissertation we evaluate the tradeoffs between two protocols: an information theoretically-secure Authenticated Key Agreement (AKA) [7] that was specifically designed for this scenario; and a PasswordAuthenticated Key Exchange (PAKE) protocol [11] whose security guarantees are based on computational arguments. To this end, we carry out an analysis of the concrete security of both protocols, considering in both cases that the goal is to agree on a fresh 128-bit secret key.

Unconditional Tightness Bounds for Generic Reductions: The Exact Security of Schnorr Signatures, Revisited.

Abstract: A long line of research investigates the existence of tight security reductions for the Schnorr signature scheme. Most of these works presented lower tightness bounds, most recently Seurin (Eurocrypt 2012) showed that under certain assumptions the non-tight security proof for Schnorr signatures by Pointcheval and Stern (Eurocrypt 1996) is essentially optimal. All previous works in this direction share the same restrictions: The results hold only under the interactive one-more discrete logarithm assumption, they only consider algebraic reductions, and they only rule out tight reductions from the (one-more) discrete logarithm problem. The existence of a tight reduction from weaker computational problems, like CDH or DDH, remained open. In this paper we introduce a new meta-reduction technique, which allows to prove lower bounds for the large and very natural class of generic reductions. A generic reduction is independent of a particular representation of group elements. Most reductions in state-of-the-art security proofs have this desirable property. This new approach allows to show unconditionally that there is no tight generic reduction from any natural computational problem Π defined over algebraic groups (including even interactive problems) to breaking Schnorr signatures, unless solving Π is easy.