Showing papers on "Handshake published in 2005"

A modular correctness proof of IEEE 802.11i and TLS

Abstract: The IEEE 802.11i wireless networking protocol provides mutual authentication between a network access point and user devices prior to user connectivity. The protocol consists of several parts, including an 802.1X authentication phase using TLS over EAP, the 4-Way Handshake to establish a fresh session key, and an optional Group Key Handshake for group communications. Motivated by previous vulnerabilities in related wireless protocols and changes in 802.11i to provide better security, we carry out a formal proof of correctness using a Protocol Composition Logic previously used for other protocols. The proof is modular, comprising a separate proof for each protocol section and providing insight into the networking environment in which each section can be reliably used. Further, the proof holds for a variety of failure recovery strategies and other implementation and configuration options. Since SSL/TLS is widely used apart from 802.11i, the security proof for SSL/TLS has independent interest.

Semantic Self-Formation of Communities of Peers

Abstract: The formation of semantic communities of peers plays a crucial role for realizing effective query propagation mechanisms on a semantic basis. In this paper, we propose a novel approach to the selforganization of autonomous communities of peers; we propose semantic handshake techniques based on semantic community aggregation and community-aware query propagation techniques exploiting dynamic ontology matching techniques for improving traditional P2P search and discovery capabilities.

Attacking control overhead to improve synthesised asynchronous circuit performance

Abstract: The development of robust synthesis techniques and tools is important if asynchronous design is to gain more widespread acceptance. Handshake circuits are a method of constructing asynchronous circuits from a set of modular components connected by handshake channels. They offer a level of abstraction above a particular target technology or implementation style. The Balsa system employs the handshake circuit approach and has demonstrated that it can be used to rapidly generate large, robust circuits. This speed and flexibility is currently achieved at the cost of performance. This paper examines the problem of control overhead in handshake circuits and proposes new handshake component specifications and implementations that significantly reduce this overhead. These changes are incorporated into the Balsa synthesis system and are shown to produce a doubling of the performance of a 32-bit processor without making any changes to the original description.

Analysis of Security Protocols for Wireless Networks

Abstract: Security is a serious concern in wireless networks. In order to eliminate the vulnerabilities in previous Standards, the IEEE 802.11i Standard is designed to provide security enhancements in MAC layer. The authentication process consists of several components, including an 802.1X authentication phase using TLS over EAP, a 4-Way Handshake to establish a fresh session key, and an optional Group Key Handshake for group communications. The objective of this work is to analyze IEEE 802.11i with respect to data confidentiality, integrity, mutual authentication, and availability. Under our threat model, 802.11i appears to provide effective data confidentiality and integrity when CCMP is used. 802.11i may also provide satisfactory mutual authentication and key management, although there are some potential implementation oversights that may cause severe problems. On the other hand, we identified several Denial of Service attacks. Different solutions are proposed for these vulnerabilities, which result in an improved variant of 802.11i with a more efficient failure recovery mechanism. Some of the resulting improvements have been adopted by the IEEE 802.11 TGi in their final deliberation. We used a finite-state verification tool, called Murp, to analyze the 4-Way Handshake component. Our result shows that finite-state verification is quite effective for analyzing security protocols. Furthermore, we adopted Protocol Composition Logic to conduct a correctness proof of 802.11i, including SSL/TLS as a component. The proof is modular, comprising a separate proof for each protocol component and providing insight into the networking environment in which each component can be reliably used. Finally, we showed that 802.11i can significantly reduce the complexity of designing a secure routing protocol when it is deployed in wireless ad hoc networks.

RSA-Based secret handshakes

Abstract: A secret handshake mechanism allows two entities, members of a same group, to authenticate each other secretly. This primitive was introduced recently by Balfanz, Durfee, Shankar, Smetters, Staddon and Wong and, so far, all the schemes proposed are based on discrete log systems. This paper proposes three new secret handshake protocols secure against active impersonator and detector adversaries. Inspired by two RSA-based key agreement protocols introduced by Okamoto and Tanaka in 1989 and Girault in 1991, our schemes are, in the random oracle model, provably secure against active adversaries under the assumption that the RSA problem is intractable.

The Invisible Handshake: Interpreting the Job-Seeking Communication of Foreign-Born Chinese in the U.S.

Abstract: x Chapter 1: Globalization’s consequences for organizational communication study

System & method for asynchronous logic synthesis from high-level synchronous descriptions

Abstract: A method for generating an equivalent asynchronous handshake circuit from a synchronous description of its intended behavior.

Secure protocol handshake offload using TNICs

Abstract: A method for offloading a secure protocol handshake. The method includes establishing a connection between a host system and a remote peer, and determining whether the secure protocol handshake is offloaded to a network interface card (NIC). When the secure protocol handshake is offloaded to the NIC, an offload request is sent to offload the secure protocol handshake, where the offload request includes a value of at least one cryptographic key. The method further includes performing cryptographic operations associated with the secure protocol handshake using the value of at least one cryptographic key to obtain at least one secret key, and returning a status of the secure protocol handshake to the host system.

Handshake legged mobile robot control system

Abstract: In a legged mobile robot control system having leg actuators each driving the individual legs and arm actuators each driving the individual arms, an external force acting on the right arm is detected, operation of the right arm actuators is controlled to produces a handshake posture, and operation of the leg actuators is controlled based on the detected external force acting on the right hand during handshaking, thereby improving communication capability by enabling it to shake hands with humans and to maintain a stable posture during the handshaking.

DHCP client impersonation for VPN tunnels

Abstract: A network based method that enhances the handshake between clients and virtual private network (VPN) servers so that the internet protocol (IP) address assignment of client tunnels is done by existing dynamic host configuration protocol (DHCP) servers instead of being done by the VPN servers

A Method for Automatic Recognition of Handshake Data Exchange at Clock-Domain Crossing in Integrated Circuit Design

Abstract: A structural analysis tool automatically detects complex handshake mechanisms for controlling data transfers between clock-domain crossings. The structural analysis tool may also verify the correctness of the handshake mechanism.

Batching SSL/TLS handshake improved

Abstract: Secure socket layer (SSL) is the most popular protocol to secure Internet communications. Since SSL handshake requires a large amount of computational resource, batch RSA was proposed to speedup SSL session initialization. However, the batch method is impractical since it requires a multiple of certificates. In this paper, we overcome this problem without modifying SSL protocol. To select the optimal batching parameters in terms of performance of server and durable waiting time of the client, we model the connection request with M/D/1 queue. We validate the solutions of the analytical model through simulation.

Implementation of handshake components

Abstract: Handshake Technology is a clockless design style for digital circuits, targeted at applications where low energy consumption and ease of integration are essential. Communicating Sequential Processes play a role at various levels of representation. The design-entry language has parallel composition operators, communication channels for broadcast and narrowcast, and input and output actions on these channels. The intermediate architecture is based on Handshake Circuits, which is a network of components connected by handshake channels. In the implementation of these components in VLSI, models of communication again play a role. This paper presents how in Handshake Technology the specification and implementation of handshake components is addressed. It is based on a formal definition of handshake protocols, and outlines the obligation for an implementor to establish a relation between handshake events in the implementation and the specification. Examples of two phase, four phase, and spurious-acknowledge implementations of handshake control circuits are discussed.

The security proof of a 4-way handshake protocol in IEEE 802.11i

Abstract: The IEEE 802.11i is the security standard to solve the security problems of WLAN, in which, the protocol 4-way handshake plays a very important role in the authentication and key agreement process. In this paper, we analyzed the security of protocol 4-way handshake with the Canetti-Krawczyk (CK) model, a general framework for constructing and analyzing authentication protocols in realistic models of communication networks. The results show that 4-way handshake protocol can not only satisfy the definition of Session Key security defined in the CK model, but also the universal composition security, a stronger definition of security. So it can be securely used as the basic model of the authentication and key agreement of WLAN.

Intellectual property module for system-on-chip

Abstract: Disclosed is an IP module for an SOC which brings easiness in designing system architecture and integration. The IP module of the invention includes a controller for generating a control signal for IP module with reference to a handshake signal and sending a control signal which leads the IP module to process input data in response to handshake signal; and a data processor generating output data and a modified handshake signal after processing a handshake signal and input data under the control of the controller. The present invention makes it possible to design an IP module that is easily reusable and optimized in architecture, lightening effort and time for designing and verifying an SOC by means of the proposed IP module.

Differential Value Encoding for Delay Insensitive Handshake Protocol

Abstract: Since the inception of Globally Asynchronous Locally Synchronous (GALS) VLSI design, GALS has been considered a promising design technique for multi-clock-domain System-on-Chip (SoC). Among the handshake protocols available for SoC design, delay insensitive (DI) handshake protocol is becoming a core technology, since it facilitates robust data transfer regardless of wire delay variation. In this paper, a new data encoding scheme Differential Value Encoding (DVE) is proposed for two-phase 1-of-N DI handshake protocol. Compared with the conventional data encoding method, the proposed scheme effectively reduces the crosstalk effect on wires sending sequentially increasing data patterns, resulting in reduction of the data transfer time. Simulation results with SPEC CPU 2000 benchmarks and sequentially increasing data pattern reveal that the DVE scheme can reduce the crosstalk effect by tens of percentage and significantly decrease the data transfer time.

Optimization of Transport Security for Securing Peer-to-Peer Communication in Heterogeneous Networks

Abstract: This thesis concerns the security of tomorrow’s peer-to-peer real-time communication in heterogeneous networks. Because of the additional delay caused by inband handshake and the poor compatibiliti ...

Two Party Aspect Agreement using a COTS Solver

Abstract: A number of researchers have proposed an aspect-oriented approach for integrating concerns with component based applications. With this approach, components only implement a functional interface; aspects such as security are left unresolved until deployment time. In this paper we present the latest version of our declarative language, GlueQoS, used to specify aspect deployment policies. Our work is focused on automating the process of configuring cooperating remote aspects using a client-server handshake. During the handshake the two parties agree on aspect configuration by using mixed integer programming. A security example is presented as well as initial performance observations.

Web Server Cluster's Load Balancing for Security Session

Abstract: In order to create security session, security keys are preconfigured between communication objects. For this purpose, Handshake Protocol exists. The pre-master secret key that is used in this process needs to interpreted by a server to create master secret key, whose process requires a big calculation, resulting in deteriorating system's transmission performance. Therefore, it is helpful in increasing transmission speed to reuse secret keys rather than to create them at every connection.

Data interface device and image forming apparatus

Abstract: PROBLEM TO BE SOLVED: To easily realize various image flows by flexibly executing the switching of the association between the input/output devices of data. SOLUTION: This data interface device is provided with a proxy handshake device 14 between a plurality of interface controllers 7, 8 and 9 which execute any of the input or output or input/output of data, a data compression device 12 and an extending device 13 and a plurality of DMAC10 which directly perform access to data on a memory 4. When data are transferred between those respective devices, handshake between those respective devices is not directly executed between the respective devices, but executed in a batch in proxy. The proxy handshake device 14 is constituted of a register and a selector, and configured so that a single data column transfer path can be set, and simultaneously transferred to a plurality of transfer paths. COPYRIGHT: (C)2005,JPO&NCIPI

Low Latency Four-Flop Synchronizer with the Handshake Interface

Abstract: This letter presents a synchronizer and its handshake interface for bridging clock domains in SoC. The proposed scheme uses a double two-flop synchronizer operated at different clock edges respectively, based on a two-phase handshake protocol. Performance analysis shows that the proposed design reduces latency up to a clock cycle, while retaining its safety to a tolerable level.

Asynchronous Checker designs for monitoring Handshake Interfaces

Abstract: Checker designs for on-line testing of asynchronous handshake interfaces are proposed here. The checker monitors the interface signals that follow a protocol. The checker produces a code word at its output when the interface signals abide to the protocol, where as, when the protocol is violated, a noncode word is generated at the output. Checkers are designed to directly implement sets of forbidden transitions, otherwise known as refusals. A “busy” approach is used to design the checker. In this approach, self-test of the checker is performed during the normal operation where the output signals are constantly switching.

Protocol emulation system particularly for routers in computer networks

Abstract: The emulation system has at least one description that describes fields, using a generic format such as XML or hex encoded, in a protocol message. An application transforms the description into a machine readable template and the system then creates protocol messages based upon the template. The protocol messages are preferable created from the template by a finite state machine. The messages are preferably used in a handshake process with a router in a computer network.

Method and system for configurable drain mechanism in two-way handshake system

Abstract: A method and system for configurable drain for two-way handshake system is provided and may comprise coupling a transmitting device to a drain bucket, and draining unwanted data at the transmitting device. The drain bucket may be configurably coupled to the transmitting device via a switch, where the switch may be a crossbar switch. The drain bucket may receive at least one transmitter handshake signal from at least one transmitting device. The drain bucket may transmit at least one receiver handshake signal to the at least one transmitting device. The receiver handshake signal may be asserted at least as long as the received transmitter handshake signal is asserted. The receiver handshake signal may be based on the received transmitter handshake signal. For example, the received transmitter handshake signal may be looped back by the receiver as the receiver handshake signal. The method may also comprise generating the receiver handshake signal utilizing at least one of combinational logic and sequential logic.

Fast, efficient and secure BSS transitions

Abstract: We present a fast and efficient way of switching a wireless node (WN) between different Access Points (AP) in an Infrastructure Wireless Network Our proposed model adheres to the security standards set by IEEE 80211i draft New architectures like 80211i and Robust Secure Network (RSN) mainly depend on the 8021x communication between a Wireless supplicant node and an Authentication Server (AS) followed by a 4-Way handshake between Wireless Supplicant node and Access Point Reassociation with another AP also requires a four way handshake We propose two models for transitions The first model is based on Distributed approach while the second one is based on Centralized approach Distributed model involves AP to AP direct communication without the involvement of AS while in Centralized model APs communicate through AS We show that both the models are very efficient, secure and deny any kind of man in the middle attack, any rogue attack by wireless node or an AP and any kind of Denial of Service attack Finally, we show that Centralized model has a little edge over the distributed model

Performance Evaluation of End-to-End Security in Wireless Applications using WTLS Handshake Protocol.

Abstract: In this paper we analyze the performance of end-to-end security in wireless applications. WTLS (Wireless Transport Layer Security) handshake protocol is used as the key security protocol. Several scenarios and different cryptosystems are considered. We took an experimental approach and implemented the protocols and necessary crypto primitives in both wireless handheld device and server. Tests are performed over a GSM provider network. Processing, queuing and transmission delays are considered in the analysis. Results are interpreted from both client and the server points of view. Not only the key sizes proposed by the WTLS standard, but also stronger key sizes are tested. Results show that (i) Elliptic Curve Cryptosystems (ECC) perform better than RSA cryptosystem, and (ii) it is possible to use ECC key sizes larger than the ones proposed in the WTLS standard without significant performance degradation. In our tests, GSM CSD and GPRS bearers are taken into account. Another interesting result is that the these two bearers perform close to each other in WTLS handshake protocol because of similar and significant traversal delays in both bearers.