Showing papers on "Handshake published in 2004"

Analysis of the 802.11i 4-way handshake

Abstract: 802.11i is an IEEE standard designed to provide enhanced MAC security in wireless networks. The authentication process involves three entities: the supplicant (wireless device), the authenticator (access point), and the authentication server (e.g., a backend RADIUS server). A 4-Way Handshake must be executed between the supplicant and the authenticator to derive a fresh pairwise key and/or group key for subsequent data transmissions.We analyze the 4-Way Handshake protocol using a finite-state verification tool and find a Denial-of-Service attack. The attack involves forging initial messages from the authenticator to the supplicant to produce inconsistent keys in peers. Three repairs are proposed; based on various considerations, the third one appears to be the best. The resulting improvement to the standard, adopted by the 802.11 TGi in their final deliberation, involves only a minor change in the algorithm used by the supplicant.

Secret Handshakes from CA-Oblivious Encryption

Abstract: Secret handshakes were recently introduced [BDS + 03] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging some party in the handshake protocol, whether that party is a member of this group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, a secret handshake protocol can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders.

Using TCP to authenticate IP source addresses

Abstract: A method for authenticating communication traffic includes intercepting a request directed over a network (26) from a source address to open a connection to a target computer (22) in accordance with a handshake procedure specified by a predetermined communication protocol. A reply to the request that deviates from the specified handshake procedure is sent to the source address. A response from the source address to the reply is analyzed in order to make an assessment of legitimacy of the source address. Upon determining, based on the assessment, that the source address is legitimate, the target computer is permitted to complete the handshake procedure so as to open the connection with the source address.

k-anonymous secret handshakes with reusable credentials

Abstract: The problem of privacy-preserving authentication has been extensively investigated in a set of diverse system settings However, a full-fledged such mechanism called secret handshake, whereby two users (eg, CIA agents) authenticate each other in a way that no one reveals its own membership (or credential) unless the peer's legitimacy was already ensured of, remains to be elusive because simultaneity of authentication must be guaranteed even in the presence of an active adversary that may act as a handshake initiator or responder The state-of-the-art secret handshake scheme is very efficient, but imposes on the users the following restriction: either they have to use one-time credentials, or they have to suffer from the privacy degradation that all the sessions involving a same user (or credential are trivially linkable In this paper, we present the first secret handshake schemes that achieve unlinkability while allowing the users to reuse their credentials (ie, unlinkability is not achieved by means of one-time credentials) Specifically, we introduce the concept of $k$-anonymous secret handshakes where $k$ is an adjustable parameter indicating the desired anonymity assurance We present a detailed construction based on public key cryptosystems, and sketch another based on symmetric key cryptosystems Both schemes are efficient, and can even be seamlessly integrated into a standard public key infrastructure (PKI) Moreover, and their security analysis does not resort to any random oracle

Handshake protocols for de-synchronization

Abstract: De-synchronization appears as a new paradigm to automate the design of asynchronous circuits from synchronous netlists. This paper studies different protocols for de-synchronization and formally proves their correctness. Taxonomy of existing protocols for latch controllers is provided. In particular, four-phase handshake protocols devised for micro-pipelines are studied. A new controller with maximum concurrency for de-synchronization is also proposed. The applicability of de-synchronization on an implementation of the DLX microprocessor is also described and discussed.

Examination of connection handshake to enhance classification of encrypted network traffic

Abstract: Methods, apparatuses and systems directed to the classification of encrypted network traffic. In one implementation, the present invention facilitates the classification of network traffic that has been encrypted according to a dynamically-created encryption mechanism involving a handshake between two end-systems, such as the SSL and TLS protocols. In one implementation, the present invention observes and analyzes attributes of the handshake between two nodes to enhance the classification of network traffic. In one embodiment, the enhanced classification mechanisms described herein operate seamlessly with other Layer 7 traffic classification mechanisms that operate on attributes of the packets themselves. Implementations of the present invention can be incorporated into a variety of network devices, such as traffic monitoring devices, packet capture devices, firewalls, and bandwidth management devices.

In-line modification of protocol handshake by protocol aware proxy

Abstract: The present invention relates to systems and methods for network communication between a client and server via multiple proxies. A network protocol is used to establish and control an end-to-end connection between the client and the server via a single handshake mechanism. Through the protocol and end-to-end handshake, the proxies can participate in the establishment of the end-to-end connection. The present invention also provides a method and system by which a connection from one end-point to another end-point can be independently controlled and configured by the proxies along the connection path. Furthermore, the protocol is forward-compatible so that different proxies can be upgraded to different protocol versions at different times and the end-to-end connection control continues to operate.

Method of audio-video synchronization

Abstract: A method for synchronization of an audio stream and a video stream comprising the steps of (A) determining a first presentation time stamp from the video stream and generating a first handshake signal when the video stream is ready to be transmitted, (B) repeating and dropping one or more audio frames of the audio stream in response to the first handshake signal and a plurality of first predetermined threshold values until a second presentation time stamp from the audio stream matches the first presentation time stamp and generating a second handshake signal when the audio stream is ready to be transmitted and (C) transmitting the video stream and the audio stream in response to the second handshake signal.

Client-side caching for TLS

Abstract: We propose two new mechanisms for caching handshake information on TLS clients. The "fast-track" mechanism provides a client-side cache of a server's public parameters and negotiated parameters in the course of an initial, enabling handshake. These parameters need not be resent on subsequent handshakes. Fast-track reduces both network traffic and the number of round trips, and requires no additional server state. These savings are most useful in high-latency environments such as wireless networks. The second mechanism, "client-side session caching," allows the server to store an encrypted version of the session information on a client, allowing a server to maintain a much larger number of active sessions in a given memory footprint. Our design is fully backward-compatible with TLS: extended clients can interoperate with servers unaware of our extensions and vice versa. We have implemented our fast-track proposal to demonstrate the resulting efficiency improvements.

Towards behavioral synthesis of asynchronous circuits - an implementation template targeting syntax directed compilation

Abstract: This paper presents a method for behavioral synthesis of asynchronous circuits. Our approach aims at providing a synthesis flow which is very similar to what is found in existing synchronous design tools. We adapt the synchronous behavioral synthesis abstraction into the asynchronous handshake domain by introducing a computation model, which resembles the synchronous datapath and control architecture, but which is completely asynchronous. The datapath and control architecture is then expressed in the Balsa-language, and using syntax directed compilation a corresponding handshake circuit implementation is produced. The paper also reports area, speed and power figures for a couple of benchmark circuits, which have been synthesized to layout.

iBand: a wearable device for handshake-augmented interpersonal information exchange

Abstract: iBand is a technology-enhanced bracelet that can store, display, and exchange information about you and your relationships. This exchange occurs during a common user-initiated one-to-one gestural interaction between two people: a handshake. iBand aims to leverage the familiar nature of the handshake, coupled with the qualities of jewelry to act as tangible keepsakes and reminders of relationships, to explore potential applications at the intersection of social networking and ubiquitous computing.

A Channel Library for Asynchronous Circuit Design Supporting Mixed-Mode Modeling

Abstract: This paper presents the use of SystemC to model communication channels for asynchronous circuits at various levels of abstraction. Our channel library supports transactions through a CSP-like interface (implementing send() and receive() commands) as well as through one of many specific handshake protocols e.g. 4-phase-bundled-data push etc. Our SystemC implementation enables a seamless design flow which makes possible: (i) modeling and simulation at different and mixed levels of abstraction, and (ii) easy use of different data types and handshake protocols on different channels in the circuit being designed. The paper also illustrates the use of this design flow for several asynchronous Networks-on-Chip all the way from system level to handshake components.

Positioning method of recording general progress anomal recede using sharing core-object

Abstract: The method records current newest information of each common process directly by using the shared memory object in form of circular buffer, and sets the timing handshake between monitoring process and common process to determine whether there is a exited process Thus, it is convenient to solve the issue for locating abnormal existed process The circular buffer makes saved information reduce greatly so as to raise running speed

Performance evaluation of WTLS handshake protocol using RSA and elliptic curve cryptosystems

Abstract: WTLS (Wireless Transport Layer Security) is the security protocol designed for WAP (Wireless Application Protocol) protocol stack. Negotiation of the security parameters and authentication of the peers require using public key cryptosystems. Public key operations are generally slow. Thus, use of these cryptosystems in resource constrained handheld devices becomes a significant problem. Server (WAP Gateway) waiting time and handshake data transmission time may also be bottlenecks that occur during the WTLS handshake. In this study, WTLS Handshake Protocol is implemented using C++ and performance measurements are done using Nokia 7650 as client and open source Kannel gateway as the WAP Gateway. GSM CSD (Global System for Mobile Communication - Circuit Switched Data) data bearer with 9600 bps data rate has been used during the tests. Networking time has also been measured using GPRS bearer. Mutual authenticated and Server Authenticated WTLS full handshake performance with RSA (Rivest-Shamir-Adleman) and ECDH_ECDSA (Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm) key exchange suites has been compared for three different categories. Each category contains four groups: three of these groups use certificates with ECC (Elliptic Curve Cryptography) curve parameters and the fourth group uses RSA certificates. All of the groups in each category are assumed to provide the same level of security. Three groups of ECC certificates are composed of prime, Koblitz and random curve parameters. Client and server processing times have been measured for each handshake message of the test cases. These values have been used to analyze the processing load of the corresponding key exchange suite, overall handshake time and server queue delay. Server has been modeled as an M/G/1 queue and the average waiting time in the server queue has been modeled based on the well-known Pollaczek-Khincin (P-K) formula. Queue delay model has been implemented in Matlab 6.0 and queue delay characteristics of the considered test cases have been analyzed using the measured server processing times. Data transmission time model includes two components. The first component is the amount of time necessary to transmit the measured size of data with specified channel transmission rate. The second component is the traversal delay of the network that is added to the data transmission time regardless of how much data is sent. Simulation results show that ECC has better processing time performance than RSA. Server queue delay does not seem to be bottleneck for mutual authenticated WTLS handshake using ECC certificates with prime curve parameters. Server authenticated WTLS handshake using any of the three ECC certificate types also has a good queue delay characteristic. However, there exists a practical upper limit of handshake requests per second for other key exchange suites. Traversal delay of the network is much more effective on the overall handshake time when using GSM CSD or GPRS bearer.

Electronic circuit with a fifo pipeline

Abstract: An asynchronously operated FIFO pipe-line (10a-d) comprises a plurality of handshake chains functionally in parallel. Successive data items are each passed by selecting a chain dependent on a value of the data item. The FIFO pipelines (10a-d) comprise successive pipe-line stages, each pipe-line stage with respective handshake stages (12, 16) of each of the plurality of handshake chains. A coordination circuit (15) prevents handshakes in mutually different ones of handshake chains from overtaking one another. Preferably four phase handshake protocols are used with logic gates (26, 28) between the request line ((REQ1- i, REQ0- i) and the acknowledge line (ACK1- i, ACK0- i) at the input of a stage and a set-reset latch (20, 22) with a set input coupled to the output of the logic gate (26, 28). The latch has a data output coupled to the request line of at the output of the stage, a reset input coupled to the acknowledge line of the output of the stage, and a not-data output coupled to the coordination circuit (24). The coordination circuit (24) is arranged to disable response of the logic gates (26, 28) of all handshake stages in a pipeline stage while the not-data output of any one of the set-reset latches (20, 22) the pipeline stage indicates a set state.

Secret Handshakes from CA-Oblivious Encryption.

Abstract: Secret handshakes were recently introduced [BDS03] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging some party in the handshake protocol, whether that party is a member of this group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, a secret handshake protocol can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders. The work of [BDS03] constructed secret handshakes secure under the Bilinear Diffie-Hellman (BDH) assumption in the Random Oracle Model (ROM). We show how to build secret handshake protocols secure under a more standard cryptographic assumption of Computational Diffie Hellman (CDH), using a novel tool ofCA-oblivious public key encryption, which is an encryption scheme s.t. neither the public key nor the ciphertext reveal any information about the Certification Authority (CA) which certified the public key. We construct such CA-oblivious encryption, and hence a handshake scheme, based on CDH (in ROM). The new scheme takes 3 communication rounds like the [BDS03] scheme, but it is about twice cheaper computationally, and it relies on a weaker computational assumption. keywords: authentication, privacy, anonymity, encryption

Practitioner's handbook: from handshake to compact: guidance to foster collaborative, multimodal decision making

Abstract: This report is the result of a research project initiated by the Transit Cooperative Research Program and the National Cooperative Highway Research Program to identify and document examples of collaboration in multimodal decision making. The research has resulted in three companion products designed to be complementary to each other. These include a Research Results Digest (TCRP RRD 65/NCHRP RRD 288) (see TRIS 00969926), CRP-CD-52 (included with this report), and this handbook, which is designed to provide practical advice to transportation professionals interested in identifying, implementing, and sustaining collaborative activities. A method for assessing the health of an existing collaboration is proposed that allows one to identify areas of weakness and areas where improvement can occur. For those wanting to start a collaboration initiative, or for those already in a collaborative effort who want to reach a more involved level of collaboration, a multistep strategy is described. This strategy is portrayed as a ladder representing the often difficult need to undertake multiple efforts to reach the level of collaboration necessary to achieve an original purpose. The research for this handbook consisted of case studies of collaborative efforts in several policy/planning areas.

Implementation of handshake components

Abstract: Handshake Technology is a clockless design style for digital circuits, targeted at applications where low energy consumption and ease of integration are essential. Communicating Sequential Processes play a role at various levels of representation. The design-entry language has parallel composition operators, communication channels for broadcast and narrowcast, and input and output actions on these channels. The intermediate architecture is based on Handshake Circuits, which is a network of components connected by handshake channels. In the implementation of these components in VLSI, models of communication again play a role. This paper presents how in Handshake Technology the specification and implementation of handshake components is addressed. It is based on a formal definition of handshake protocols, and outlines the obligation for an implementor to establish a relation between handshake events in the implementation and the specification. Examples of two phase, four phase, and spurious-acknowledge implementations of handshake control circuits are discussed.

Control system and method, information processing apparatus and method, information processing terminal and method, recording medium, and program

Abstract: PROBLEM TO BE SOLVED: To more surely and more efficiently attain control of an apparatus connected via a network. SOLUTION: A mobile phone 5 (client) to which a device such as an IC card 3 is connected starts the Handshake Protocol and requests a server 2 to start communication. When the Handshake Protocol is performed and the communication is established, the leadership of communication is shifted to the server side (Neutral state). In the neutral state, the server 2 transmits a control packet including a prescribed number of messages and one FINISHED message to the client. The client receiving the control packet applies processing to the device on the basis of the message. The system is applicable to both of the client apparatus (PC, mobile phone, PDA, and house appliance electric product or the like) for controlling the device and the server apparatus in the system. COPYRIGHT: (C)2004,JPO&NCIPI

A Variation of the WTLS Authentication Protocol for Reducing Energy Consumption in Wireless Devices

Abstract: Energy efficiency has been an important factor in protocol design in wireless networks where small handheld wireless devices rely solely on battery power. Security is also of great concern in wireless networks. Several security protocols adapted from wired networks have been used in wireless networks to provide identity authentication. Security protocols could contribute significantly to energy consumption, especially authentication protocols such as Wireless Transport Layer Security (WTLS) or Transport Layer Security (TLS) Handshake protocol that are based on computationally intensive public key cryptography. There have been many efforts trying to reduce cryptographic load and energy consumption at wireless devices. Some are complicated and others may not comply with existing WTLS/TLS standards. In this paper, we propose a simple variant of TLS Handshake protocol for mutual authentication and key exchange, which reduces energy consumption in wireless devices. The proposed protocol uses RSA and ECC algorithms differently to make the Handshake protocol more energy efficient. With our proposed protocol, we can save about 25% compared to 1024-bit RSA or 70% compared to 163-bit ECC Handshake protocol. Our proposed protocol can also be easily integrated into the standard WTLS protocol with small modification.

Port controller for GALS with first come first served function

Abstract: This paper describes port controllers that implements a first come first served scheme and are intended to be used in GALS systems. The port controllers described can handle handshake with or without stopping the local clock. It is also possible to stop the local clock until a handshake signal arrives to one of several ports. The port controllers described uses only standard cells to minimize the design effort when migrating between CMOS processes.

A Parallel Flop Synchronizer and the Handshake Interface for Bridging Asynchronous Domains

Abstract: Inter-domain communications on a chip require a synchronizer to resolve the timing problems between an input and a clock of a destination. This paper presents a parallel flop synchronizer and its interface circuit for transferring asynchronous data to the clock domain. The proposed scheme uses a bank of independent two-flops in parallel and supports a two-phase handshake protocol. Compared to the conventional two-flop synchronizer, performance analysis shows that the proposed scheme can reduce latency up to one and a half of clock cycles while retaining its safety to a tolerable level. All designs have been implemented in a 0.25 μm CMOS technology to verify performance analysis of the proposed synchronization.

Auto-negotiation of transceiver roles in communication systems

Abstract: A transceiver unit freely and automatically chooses whether it will operate as a central unit or as a remote unit, depending on the capabilities of the peer transceiver unit, which it is connected to. The transceiver unit listens first to any signal the peer may transmit to initiate the handshake procedure. Such a signal would de-facto identify the peer as a remote unit or as a central unit and would allow the transceiver unit to select the appropriate role. If no signal is detected, the transceiver unit tries to initiate the handshake procedure and waits for the corresponding signal from the peer. The transceiver unit may try to initiate the handshake procedure as a remote unit only, or it may try both as a central unit and as a remote unit.

Running-mode analysis of the Security Socket Layer protocol

Abstract: The Secure-Socket Layer (SSL) protocol is analyzed using a formal analysis mehod called the approach of the running-mode analysis. This analysis uncovers successfully some anomalies in the basic SSL handshake protocol. And we give some attacks on these anomalies.

Bringing handshake technology to the open market

Abstract: There are many incentives to tackle the chaos of asynchronous circuit technology. The holy grail of supreme speed is certainly one of them, but it remains a distant goal. However, today's market suffers from other problems for which asynchronous circuits may provide immediate answers - problems such as energy consumption and the integration of analog and digital circuits. Solutions in these domains may have direct impact on the market in areas such as automotive, wireless connectivity, identification and smart cards. A line of business within the Philips Technology Incubator, handshake solutions brings handshake technology to the semiconductor market. Handshake technology is an extremely disciplined asynchronous design style, supported by a complete tool set for design, simulation, prototyping and testing. It enables the industrialization of asynchronous design and has been used in dozens of different IC types with tens of millions of ICs already sold with handshake technology inside. Summary form only given.

Security Enhanced WTLS Handshake Protocol

Abstract: WAP is the protocol that is a secure data communication for the wireless environments developed by the WAP Forum. WTLS(Wireless Transport Layer Security) is the proposed protocol for secure communication in the WAP. The purpose of WTLS is to provide secure and efficient services in the wireless Internet environment. However, the existing WTLS handshake protocol has some security problems in several active attacks. Therefore, in this paper, we analyze the securities of the existing protocol, and then propose a security enhanced WTLS Handshake protocol.

Advances in Security of WTLS Handshake Protocol

Abstract: This paper analyzes the security of existing WTLS handshake protocol and points out the secure limitation and its corresponding threat. Then we propose a modified WTLS handshake protocol which can provide forward secrecy and user anonymity by using signcryption. Finally this paper makes a discussion of the security of modified protocol.

Processing system and method for tranmitting data

Abstract: A method for exchanging data between a first and a second functional unit is described, which comprises the following steps: in a first handshake procedure, data is exchanged corresponding to a communication thread (TID) selected by the first functional unit (I), while independently in a second handshake procedure, information relating to a status of at least one communication thread is exchanged from the second (T) to the first functional unit (I). The information enables the first functional unit (I) to anticipate the possibility of exchanging data for the at least one communication thread.

Handshake-wave combined approach with runtime reconfiguration for designing a low latency asynchronous FIFO

Abstract: In this paper, a novel design scheme combining a handshake protocol and wave pipeline is proposed to improve latency performance of an asynchronous linear FIFO. The stage control of the proposed FIFO can be reconfigured dynamically to be one of two different operating styles, waving or handshaking, according to the status of data flow in the FIFO. The use of wave pipelining in a control and a datapath can eliminate delays of handshaking circuits and latching data respectively. The proposed circuits have been designed with 0.25 /spl mu/m, 2.5 V CMOS process technology and simulated using HSPICE. Preliminary results show about two times improvement on latency performance over a state-of-art linear FIFO circuit while retaining throughput and a simple linear structure.

Secret handshakes from CA-oblivious encryption

Abstract: Secret handshakes were recently introduced [BDS + 03] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging some party in the handshake protocol, whether that party is a member of this group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, a secret handshake protocol can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders. The work of [BDS + 03] constructed secret handshakes secure under the Bilinear Diffie-Hellman (BDH) assumption in the Random Oracle Model (ROM). We show how to build secret handshake protocols secure under a more standard cryptographic assumption of Computational Diffie Hellman (CDH), using a novel tool of CA-oblivious public key encryption, which is an encryption scheme s.t. neither the public key nor the ciphertext reveal any information about the Certification Authority (CA) which certified the public key. We construct such CA-oblivious encryption, and hence a handshake scheme, based on CDH (in ROM). The new scheme takes 3 communication rounds like the [BDS + 03] scheme, but it is about twice cheaper computationally.