Showing papers on "Handshake published in 2009"
Patent•
19 May 2009TL;DR: A network security handshake exchange for combining user and platform authentication is proposed in this article, where the pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint.
Abstract: A network security handshake exchange for combining user and platform authentication. The security handshake exchange performs operations on a pre-master secret to increase identity verification and security. The pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint. A second phase of exchanges may include exchange of a master secret that is the pre-master secret modified with platform identity and user identity of the other endpoint.
102 citations
Patent•
23 Dec 2009TL;DR: In this paper, the authors present a system for processing an Online Certificate Status Protocol (OCSP) request in parallel to processing a Secure Socket Layer (SSL) handshake, where the intermediary device may decide whether to terminate or maintain the established SSL connection based on the status of the client certificate received via a response from the OCSP server.
Abstract: The present invention is directed towards systems and methods for processing an Online Certificate Status Protocol (OCSP) request in parallel to processing a Secure Socket Layer (SSL) handshake. The method includes transmitting, by an OCSP responder of an intermediary device between a plurality of clients and one or more servers, an OCSP request to a OCSP server for a status of a client certificate responsive to receiving the client certificate from a client during a SSL handshake. The intermediary device may continue to perform remaining portions of the SSL handshake while the OCSP request to the OCSP server is outstanding. The intermediary device may establish an SSL connection for the SSL handshake. The intermediary device may determine whether to terminate or maintain the established SSL connection based on the status of the client certificate received via a response from the OCSP server.
30 citations
01 Jul 2009
TL;DR: A new target component set and synthesis scheme for the Balsa hardware description language is described, which removes the reliance on precise handshake interleaving and enclosure by separating out control `go' and `done' signalling into separate channels rather than using different phases of the asynchronous handshake.
Abstract: This paper describes a new target component set and synthesis scheme for the Balsaasynchronous hardware description language. This new scheme removes the reliance on precise handshake interleavingand enclosure by separating out control `go' and `done' signalling into separate channels ratherthan using different phases of the asynchronous handshake. This leads to circuits in which optimisationand control overhead mitigation can be carried out by merging/separating control and data channels and byintroducing handshake-decoupling latches. This work aims to make Balsa descriptions implementable inthe more widely used and understood higher performance token-based asynchronous circuit styles.
30 citations
20 Jul 2009
TL;DR: This paper shows how one can guarantee correct verdicts in the asynchronous case for a large set of implementations by using the observation of quiescence as a handshake between a test case and the implementation.
Abstract: This paper studies model-based input-output conformance testing in the presence of queues. Normally, it is assumed that a test case communicates synchronously with an implementation under test. This causes some challenges in practice, since testing is often conducted asynchronously. In an asynchronous environment messages between a tester and the implementation are queued. This may lead to incorrect verdicts. In this paper we show how one can guarantee correct verdicts in the asynchronous case for a large set of implementations. If choices between inputs and outputs are restricted to internal choices with respect to an implementation one can use the observation of quiescence as a handshake between a test case and the implementation. Such a handshake allows us to test for input-output conformance in the context of queues. In addition, the input-enabledness assumption on implementations is relaxed. Besides a formal discussion of this approach, we show the practical relevance by applying our approach to a conference protocol.
29 citations
TL;DR: This paper investigates the areas of contact during handshake interactions and indentation experiments were conducted to obtain the benchmark data for duplication with synthetic skins.
Abstract: The handshake has become the most acceptable gesture of greeting in many cultures. Replicating the softness of the human hand can contribute to the improvement of the emotional healing process of people who have lost their hands by enabling the concealment of prosthetic hand usage during handshake interactions. Likewise, sociable robots of the future will exchange greetings with humans. The soft humanlike hands during handshakes would be able to address the safety and acceptance issues of robotic hands. This paper investigates the areas of contact during handshake interactions. After the areas of high contact were known, indentation experiments were conducted to obtain the benchmark data for duplication with synthetic skins.
27 citations
02 Apr 2009
TL;DR: In this article, two types of anonymities against the group authority (GA) of a group G are discussed: 1) Even GA cannot identify members, namely nobody can identify them (No-Traceability), and 2) Only GA can identify members (traceability).
Abstract: Secret handshake allows two members in the same group to authenticate each other secretly. In previous works of secret handshake schemes, two types of anonymities against the group authority (GA) of a group G are discussed: 1)Even GA cannot identify members, namely nobody can identify them (No-Traceability), 2)Only GA can identify members (Traceability). In this paper, first the necessity of tracing of the identification is shown. Second, we classify abilities of GA into the ability of identifying players and that of issuing the certificate to members. We introduce two anonymities Co-Traceability and Strong Detector Resistance . When a more strict anonymity is required ever for GA, the case 2) is unfavorable for members. Then, we introduce Co-Traceability where even if ${\cal A}$ has GA's ability of identifying members or issuing the certificate, ${\cal A}$ cannot trace members identification. However, if a scheme satisfies Co-Traceability, GA may be able to judge whether handshake players belong to the own group. Then, we introduce Strong Detector Resistance where even if an adversary ${\cal A}$ has GA's ability of identifying members, ${\cal A}$ cannot make judgments whether a handshaking player belongs to G . Additionally, we propose a secret handshake scheme which satisfies previous security requirements and our proposed anonymity requirements by using group signature scheme with message recovery.
20 citations
Journal Article•
TL;DR: The authors compared students who received a handshake to those who did not at the first class meeting and evaluated teaching skills, instructor's ability to motivate student interest, and instructor's support of students as a function of touch group and instructor gender.
Abstract: Can a simple handshake on the first day of class change student impressions of the instructor and the course? We compared students who received a handshake to those who did not at the first class meeting and evaluated teaching skills, instructor's ability to motivate student interest, and instructor's support of students as a function of touch group and instructor gender. Our findings revealed significantly higher ratings for female instructors than for male instructors when they shook hands, with these differences specific to ratings of instructor skills and instructor's motivation of students. In addition, students with whom male professors shook hands actually rated their professors lower on teaching skill and ability to motivate than those with no handshake. Thus, female professors may establish immediacy through the touch of a handshake, but male professors should avoid this seemingly innocuous touching of students.
14 citations
16 May 2009
TL;DR: Security analysis indicates that the identity-based protocols have equivalent security level but more security attributes than the standard certificate-based schemes and the ones proposed in the literature so far, but achieve shorter handshake latency especially in bandwidth-limited environments because of less communication traffic.
Abstract: Transport layer security (TLS) protocol is widely used in e-business and information systems for providing security attributes such as authentication, confidentiality and integrity. However, the certificate-based mechanism which is adopted by most TLS handshake protocols results in complex certificate management overheads and long handshake latency. To overcome these disadvantages, a series of handshake protocols were presented that applies identity-based encryption, signature, signcryption, and authenticated key agreement schemes respectively. Security analysis indicates that the identity-based protocols have equivalent security level but more security attributes than the standard certificate-based schemes and the ones proposed in the literature so far. Experiment results show that our schemes have commensurate cryptographic computation overheads comparing with other schemes, but achieve shorter handshake latency especially in bandwidth-limited environments because of less communication traffic.
13 citations
Patent•
27 Apr 2009TL;DR: In this article, a system and method for configuring a data communication between a terminal computing device and a communication network is presented, where a mobile device is tethered to a terminal computer and acts as a wireless modem.
Abstract: A system and method for configuring a data communication between a terminal computing device and a communication network, wherein the terminal computing device connects to the communication network via a mobile device is tethered to a terminal computing device and acts as a wireless modem. A second handshake operation between the computing device and mobile device occurs after a handshake operation between the mobile device and network occurs to negotiate a variety of communication protocol parameters controlling the data communication. The variety of communication protocol parameters negotiated between the mobile device and network are used in the negotiation of communication protocol parameters during the second handshake operation between the computing device and mobile device.
12 citations
01 Jan 2009
TL;DR: In this paper, a series of handshake protocols were presented that applies identity-based encryption, signature, signcryption, and authenticated key agreement schemes respectively, and the results show that the schemes have commensurate cryptographic computation overheads comparing with other schemes, but achieve shorter handshake latency especially in bandwidth-limited environments because of less communication traffic.
Abstract: Transport layer security (TLS) protocol is widely used in e-business and information systems for providing security attributes such as authentication, confidentiality and integrity. However, the certificate-based mechanism which is adopted by most TLS handshake protocols results in complex certificate management overheads and long handshake latency. To overcome these disadvantages, a series of handshake protocols were presented that applies identity-based encryption, signature, signcryption, and authenticated key agreement schemes respectively. Security analysis indicates that the identity-based protocols have equivalent security level but more security attributes than the standard certificate-based schemes and the ones proposed in the literature so far. Experiment results show that our schemes have commensurate cryptographic computation overheads comparing with other schemes, but achieve shorter handshake latency especially in bandwidth-limited environments because of less communication traffic.
12 citations
Patent•
11 Jun 2009TL;DR: In this paper, the authors propose a data communication system for starting transmission and reception of target data for processing upon recognition that switching between communication modes is completed, which includes a master communication device and a slave communication device that continuously perform, at a time of switching from half-duplex to fullduplex communication, (i) a handshake using a directional control code indicating the switching and a preamble code indicating completion of the switching, whereby each of the devices recognizes that the switching by the opposite device is completed and starts transmission and receiving of the target data.
Abstract: A data communication system for starting transmission and reception of target data for processing upon recognition that switching between communication modes is completed. The data communication system includes a master communication device and a slave communication device that continuously perform, at a time of switching from half-duplex communication to full-duplex communication, (i) a handshake using a directional control code indicating the switching and a preamble code indicating completion of the switching and (ii) a handshake using the preamble code and an acknowledge code indicating receipt of the preamble code, whereby each of the devices recognizes that the switching between communication modes by the opposite device is completed and starts transmission and reception of the target data.
31 Dec 2009
TL;DR: A CSK (Combined Symmetric Key) based SSL handshake protocol is proposed, which improves the speed and performance of SSL handshake, and enhances the security of SSL.
Abstract: SSL is a protocol which provides effective security for Web transaction. This Paper introduces the principle of standard SSL handshake protocol and analyzes its performance at first. Then a CSK (Combined Symmetric Key) based SSL handshake protocol is proposed. This protocol uses CSK technology to authenticate both communication sides and uses symmetric key to encrypt /decrypt the secret information. It improves the speed and performance of SSL handshake, and enhances the security of SSL.
21 Nov 2009
TL;DR: The paper outlines two scenarios where it is possible to produce DoS and DDoS attacks to 4-way handshake of ECMA-368 standard while two solutions are given respectively and the solutions increase the security of ECma-368.
Abstract: ECMA-368 (European Computer Manufacturers Association) Standard specifies the ultra wideband MAC(Medium Access Control) sublayer for a high-speed short range wireless network. This Standard specifies a 4-way handshake mechanism to guarantee secure data transmission; however, it also provides opportunities for hackers to produce DoS(Denial of Service) or DDoS(Distributed DoS) attacks. The paper outlines two scenarios where it is possible to produce DoS and DDoS attacks to 4-way handshake of ECMA-368 standard while two solutions are given respectively. The first DoS attack will consume system’s resources such as CPU and memory resources. The solution successfully prevents the first DoS attack. The second attack deprives the legitimate device of the possibilities to build secure relationship and the solution suppresses the hackers’ behavior. The solutions increase the security of ECMA-368.
25 Jul 2009
TL;DR: Client-aided RSA provide the best performance among the algorithms in SSL/TLS Handshake Protocol by transfer some cryptographic computation to client by increase some bandwidth and memory overhead to client.
Abstract: SSL/TLS servers are often overloaded with many simultaneous requests or Denial of Service (DoS) attack which will result in degradation of performance. So SSL/TLS servers have to utilize significantly more hardware in order to provide a reasonable response time to their customers. Instead of developing the hardware, it is always possible to look for faster algorithms in order to speed up decryption stages for improve SSL/TLS performance. In the paper, we investigate the performance and security of three algorithms in SSL/TLS handshake protocol. The solutions improve the performance without decrease security of the system or requiring expensive hardware. We provide detailed analyses of the three techniques and compare disadvantages of the three techniques. In particular, although increase some bandwidth and memory overhead to client, Client-aided RSA provide the best performance among the algorithms in SSL/TLS Handshake Protocol by transfer some cryptographic computation to client.
18 May 2009
TL;DR: This paper presents the first Secret Handshake scheme that allows dynamic matching of properties under stringent security requirements: in particular, the right to prove and to verify is strictly under the control of an authority.
Abstract: A Secret Handshake is a protocol that allows two users to mutually verify one another’s properties, and in case of simultaneous matching, to share a key used to secure subsequent communications. In this paper, we present the first Secret Handshake scheme that allows dynamic matching of properties under stringent security requirements: in particular, the right to prove and to verify is strictly under the control of an authority. This work merges characteristics of Secret Handshake with features peculiar to Secure Matchmaking.
Patent•
23 Dec 2009TL;DR: In this paper, a method for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange is described.
Abstract: A method is described for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange.
Patent•
28 Oct 2009
TL;DR: In this article, a method, a device and a system for encryption suite selection is described, which can avoid the problem of encryption suite conflict existing in the prior art and can be well compatible with the prior-art.
Abstract: The embodiment of the invention discloses a method, a device and a system for encryption suite selection. The method comprises the following steps: receiving first handshake information sent by a client, which comprises a first country code and a corresponding special-purpose encryption suite list; and sending second handshake information to which an encryption suite is added to the client according to the first country code, the special-purpose encryption suite list and the preset policy selection encryption suite. The device and the system correspond to the method. The embodiment of the invention can avoid the problem of encryption suite conflict existing in the prior art and can be well compatible with the prior art.
Patent•
08 Dec 2009
TL;DR: In this paper, a trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps: an access controller (AC) sends message 1 for handshake activation to an Access Requestor (AR), the AR sends message 2 for access handshake request to the AC after receiving message 1.
Abstract: A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message 1 for handshake activation to an Access Requestor (AR). The AR sends message 2 for access handshake request to the AC after receiving message 1. The AC sends message 3 for certificate authentication and integrity evaluation request to a Policy Manager (PM) after receiving message 2. The PM sends message 4 for certificate authentication and integrity evaluation response to the AC after receiving message 3. The AC sends message 5 for access handshake response to the AR after receiving message 4. The trusted network connect handshake is completed after the AR receives message 5.
30 Jan 2009
TL;DR: A methodology to optimize handshake circuits is presented and represents a significant improvement with respect to the local optimizations typically applied on typical Balsa examples.
Abstract: A methodology to optimize handshake circuits is presented. The approach selects clusters of a handshake network for which signals representing internal channels within a cluster are hidden. To guarantee asynchronous implementability on the resulting cluster, state encoding is applied using modern structural techniques. The theory of Petri nets is used to identify clusters for which the structural techniques perform successfully. Finally logic synthesis is employed for each reencoded cluster. The approach is integrated into the Balsa synthesis flow and represent a significant improvement with respect to the local optimizations typically applied. Experimental results in area and performance have been obtained to measure the optimization on typical Balsa examples.
14 Dec 2009
TL;DR: This paper presents a light and simple implementation to deter DoS attacks against the 4-way handshake protocol.
Abstract: 802.11i is the latest security standard for wireless LAN (WLAN). It provides data confidentiality and integrity. The 802.11i 4-way handshake and key management remains secure against any attack which could compromise the key. However, availability protection is still an issue as 802.11i is subjected to denial of service attacks. Since Message 1 in the 4-way handshake is not protected by any mechanism, forging these messages is possible. This paper presents a light and simple implementation to deter DoS attacks against the 4-way handshake protocol.
TL;DR: An efficient, effective and inexpensive method for minimizing image blur due to handshake is proposed and the results of applying the proposed method under different scene conditions are presented.
Abstract: Image blur due to handshake is a significant problem for cell-phone cameras. A set of new handshake characteristics are
established using a high-frame-rate image capture and processing system. Based on these newly established handshake
characteristics, an efficient, effective and inexpensive method for minimizing image blur due to handshake is proposed.
The results of applying the proposed method under different scene conditions are presented.
Patent•
17 Dec 2009TL;DR: In this article, a first network node intends to advertise a pseudo node by sending a first handshake message containing different data fields, such as the node sending the handshake message, which contains the address of the first node, and associated with the sending node.
Abstract: Proposed is a method of exchanging handshake messages. A first network node intends to advertise a pseudo node. The first network node sends via a link a first handshake message containing different data fields. One data field indicates the node sending the handshake message, which contains the address of the first network node. Another data field indicates a pseudo node, which is associated with the sending node. This data field contains a pseudo node identifier of the pseudo node. The first network node receives via the link, along which it sent the first handshake message, a second handshake message. In the case, that the second handshake message contains a data field containing a node address of another network node, a data field for containing the node address of the first network node, and a data field for carrying a pseudo node identifier of the pseudo node, the first network node advertises the pseudo node.
TL;DR: The notion of handshake PetriNet is introduced, a Petri net with a specific external interface that captures the properties defining a handshake protocol and it is shown that for any handshake protocol the authors can construct a corresponding net.
14 Dec 2009
TL;DR: This paper introduces a hardware/software co-design approach for accelerating SSL protocol execution in resource-restricted devices and executes a full SSL handshake using an elliptic curve over a 192-bit prime field in less than 300 msec when the SPARC processor is clocked at 20 MHz.
Abstract: Modern mobile devices like cell phones or PDAs allow for a level of network connectivity similar to that of standard PCs, making access to the Internet possible from anywhere at anytime. Going along with this evolution is an increasing demand for cryptographically secure network connections with such resource-restricted devices. The Secure Sockets Layer (SSL) protocol is the current de-facto standard for secure communication over an insecure network like the Internet and provides protection against eavesdropping, message forgery and replay attacks. To achieve this, the SSL protocol employs a set of computation-intensive cryptographic algorithms, in particular public-key algorithms, which can result in unacceptably long delays on devices with modest processing capabilities. In this paper we introduce a hardware/software co-design approach for accelerating SSL protocol execution in resource-restricted devices. The software part of our co-design consists of MatrixSSLTM, a lightweight SSL implementation into which we integrated elliptic curve cryptography (ECC) to speed up the public-key operations performed during the SSL handshake. The hardware part comprises a SPARC V8 compliant processor core with instruction set extensions to support the low-level arithmetic operations carried out in ECC. Our co-design executes a full SSL handshake using an elliptic curve over a 192-bit prime field in less than 300 msec when the SPARC processor is clocked at 20 MHz. A pure software implementation like OpenSSL is, depending on the field type and order, up to a factor of 10 slower than our co-design solution.
24 Nov 2009
TL;DR: An attempt has been made to propose the medium-access-control protocol, which uses collision avoidance using receiver initiated handshake, and in this model, the channel is divided into equal and static size slots.
Abstract: Medium-access-control (MAC) protocol for wireless networks proposed are based on collision avoidance using handshake between sender and receiver. The earlier existing protocols are sender initiated. In this paper, an attempt has been made to propose the model, which uses collision avoidance using receiver initiated handshake. In this model, the channel is divided into equal and static size slots. The proposed model uses carrier sensing and frequency hoping spread spectrum.
TL;DR: The analysis shows that the 4-way handshake and the group key handshake may provide satisfactory mutual authentication, key management, and issue of a new group temporal key from an access point to a user device, under the guarantee of mutual possession of a confidential pairwise master key.
Abstract: Authentication is the basis of the security of IEEE 802.11i standard. The authentication process in 802.11i involves two important protocols: a 4-way handshake and a group key handshake. A formal analysis of authentication in 802.11i is given via a belief multisets formalism. The analysis shows that the 4-way handshake and the group key handshake may provide satisfactory mutual authentication, key management, and issue of a new group temporal key from an access point to a user device, under the guarantee of mutual possession of a confidential pairwise master key. The analysis also shows that there exists a denial of service attack in the 4-way handshake and some seeming redundancies are useful in the protocol implementation.
24 Jun 2009
TL;DR: A new on-line checking scheme for asynchronous handshake protocols requires very small chip area while maintaining high coverage for all considered faults which are briefly exposed and provides off-line diagnosis capabilities in order to further analyze the cause of a fault and the time of its occurrence.
Abstract: This paper presents a new on-line checking scheme for asynchronous handshake protocols. The proposed scheme requires very small chip area while maintaining high coverage for all considered faults which are briefly exposed. In addition to simple pass-fail information the checker provides off-line diagnosis capabilities in order to further analyze the cause of a fault and the time of its occurrence. In order to verify its functionality the checker was proven by performing analogue simulations. In addition the area overhead and the power consumption was determined and compared with existing implementations.
Patent•
11 Feb 2009TL;DR: In this article, a handshake is performed between a load port associated with process equipment and material handling equipment, and a carrier is transferred between the equipment and the load port based on the handshake.
Abstract: Methods and systems are provided. The invention includes performing a handshake directly between a load port associated with process equipment and material handling equipment; and transferring a carrier between the material handling equipment and the load port based on the handshake. Numerous other aspects are provided.
Patent•
28 Oct 2009
TL;DR: In this article, the authors propose an identification method for the safe mobile memory apparatus and an address handshake protocol between a host and the SMA, belonging to the Safe Mobile Memory field.
Abstract: The invention relates to a method for communication with a safe mobile memory apparatus, particularly relating to an identification method for the safe mobile memory apparatus and an address handshake protocol between a host and the safe mobile memory apparatus, belonging to the safe mobile memory field. The identification method includes: the host reads the data and backups; the host transmits an apparatus identification instruction, if the apparatus is a safe mobile memory apparatus, then the host transmits the acquisition apparatus identification response instruction, receives and determines whether the instruction is a response instruction, if yes, then discarding the backup data and stopping the apparatus identification The address handshake protocol includes: the host transmits handshake instruction; the safe mobile memory apparatus analyzes and identifies the instruction, if the instruction is a handshake instruction package, then operating; and the host acquires the response instruction of the safe mobile memory apparatus and stops the handshake instruction. The invention solves the problems of the identification of the host to the safe mobile memory apparatus and different communicating addresses owing to inconsistency of physical address and logical address of the safe mobile memory apparatus in different systems.
Patent•
15 Apr 2009
TL;DR: In this article, a handshake method, a handshake initiating device, and a handshake responding device used for network security is described, and the technical proposal provided by the embodiment of the invention can uses a master key preset in the master key list to involve in the handshaking process.
Abstract: The invention relates to the communication technology field and discloses a handshake method, a handshake initiating device and a handshake responding device used for network security The technical proposal provided by the embodiment of the invention can uses a master key preset in a master key list to involve in the handshaking process and can lead the master key preset in the master key list to be capable of involving in the generation of a temporary key during the handshaking process; therefore, the handshaking can also be smoothly carried out without the master key by negotiation of upper classes and the master key preset in the master key list can be involved in the generation of the temporary key, thus further improving the handshaking safety