Showing papers on "Handshake published in 2013"

On the Security of the TLS Protocol: A Systematic Analysis

Abstract: TLS is the most widely-used cryptographic protocol on the Internet. It comprises the TLS Handshake Protocol, responsible for authentication and key establishment, and the TLS Record Protocol, which takes care of subsequent use of those keys to protect bulk data. In this paper, we present the most complete analysis to date of the TLS Handshake protocol and its application to data encryption (in the Record Protocol). We show how to extract a key-encapsulation mechanism (KEM) from the TLS Handshake Protocol, and how the security of the entire TLS protocol follows from security properties of this KEM when composed with a secure authenticated encryption scheme in the Record Protocol. The security notion we achieve is a variant of the ACCE notion recently introduced by Jager et al. (Crypto ’12). Our approach enables us to analyse multiple different key establishment methods in a modular fashion, including the first proof of the most common deployment mode that is based on RSA PKCS #1v1.5 encryption, as well as Diffie-Hellman modes. Our results can be applied to settings where mutual authentication is provided and to the more common situation where only server authentication is applied.

Towards viable certificate-based authentication for the internet of things

Abstract: The vision of the Internet of Things considers smart objects in the physical world as first-class citizens of the digital world. Especially IP technology and RESTful web services on smart objects promise simple interactions with Internet services in the Web of Things, e.g., for building automation or in e-health scenarios. Peer authentication and secure data transmission are vital aspects in many of these scenarios to prevent leakage of personal information and harmful actuating tasks. While standard security solutions exist for traditional IP networks, the constraints of smart objects demand for more lightweight security mechanisms. Thus, the use of certificates for peer authentication is predominantly considered impracticable. In this paper, we investigate if this assumption is valid. To this end, we present preliminary overhead estimates for the certificate-based DTLS handshake and argue that certificates - with improvements to the handshake - are a viable method of authentication in many network scenarios. We propose three design ideas to reduce the overheads of the DTLS handshake. These ideas are based on (i) pre-validation, (ii) session resumption, and (iii) handshake delegation. We qualitatively analyze the expected overhead reductions and discuss their applicability.

On the Security of TLS-DHE in the Standard Model

Abstract: TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral Diffie-Hellman key exchange (TLS-DHE), which include the cipher suite TLS DHE DSS WITH 3DES EDE CBC SHA mandatory in TLS 1.0 and TLS 1.1. It is impossible to prove security of the TLS Handshake in any classical key-indistinguishabilitybased security model (like e.g. the Bellare-Rogaway or the Canetti-Krawczyk model), due to subtle issues with the encryption of the final Finished messages of the TLS Handshake. Therefore we start with proving the security of a truncated version of the TLS Handshake protocol, which has also been considered in previous work on TLS. Then we define the notion of authenticated and confidential channel establishment (ACCE) as a new security model which captures precisely the security properties expected from TLS in practice, and show that the combination of the TLS Handshake protocol with the TLS Record Layer can be proven secure in this model.

Dynamic selection of security protocol

Abstract: Techniques described herein enable a client to store information indicating whether various hosts (e.g., servers, web domains) support a preferred security protocol, such as a False Start-modified TLS or SSL protocol. The client may then use this information to dynamically determine whether to use the preferred protocol when connecting to a particular host. When the client attempts a handshake to establish a secure connection with a host for the first time, the client does so using the preferred protocol. If the handshake fails, the client locally stores domain or other identifying information for the host so that the client may employ a non-preferred protocol in subsequent connection attempts. Thus, a client may avoid performance degradation caused by attempting a preferred-protocol connection with a host that does not support the preferred protocol. Stored information may include a time stamp enable periodic checks for host capability updates.

Secure near field communication (nfc) handshake

Abstract: Technologies are presented for securing NFC exchange through movement of at least one of the communicating devices. In some examples, a first device, utilizing a communication module and a processor, may transmit an initial NFC handshake signal as the first device is being moved relative to a second device. The second device, utilizing a communication module, two or more antennae, and a processor, may receive the initial NFC handshake signal from the first device. Each device may record a movement of the first device. The second device may transmit a message to the first device that includes a recording of the movement at the second device and a temporary secret. Once the first device determines that the movement recorded at the second device matches the movement recorded at the first device, the first device may use the temporary secret to encrypt further communication with the second device.

Joint Time and Spatial Reuse Handshake Protocol for Underwater Acoustic Communication Networks

Abstract: In most existing handshake-based collision avoidance (CA) protocols, nodes in the communication range of the transmitter or the receiver are kept silent during an ongoing communication session (CS). In underwater acoustic communication (UWAC), this restriction results in low throughput and long transmission delay. In this paper, we utilize the long propagation delay in the underwater acoustic channel and the (possible) sparsity of the network topology, and formalize conditions for which a node can transmit even when it is located within the communication range of a node participating in a CS. We consider these conditions as design constraints and present a distributed CA handshake-based protocol, which, by jointly applying spatial and time reuse techniques, greatly improves channel utilization. Our simulation results show that our protocol outperforms existing handshake-based protocols in terms of throughput and transmission delay. These gains come at the price of some reduction in fairness in resource allocation.

Analysing and attacking the 4-way handshake of IEEE 802.11i standard

Abstract: The IEEE 802.11i standard has been designed to enhance security in wireless networks. In the 4-way handshake the supplicant and the authenticator use the pairwise master key (PMK) to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security while assuming the supplicant and authenticator have the same PMK before running 4-way handshake. In this paper, the 4-way handshake phase has been analysed using Isabelle tool to identify a new Denial-of-Service (DoS) attack. The attack prevents the authenticator from receiving message 4 after the supplicant sends it out. This attack forces the authenticator to re-send the message 3 until time out and subsequently to de-authenticate supplicant. This paper has proposed improvements to the 4-way handshake to avoid the Denial-of-Service attack.

Business method including handshake protocol to control actors and functions to propagate acceptance of an IP license to securely authenticate software application program interfaces (APIs)

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.

Evaluating selective ARQ and slotted handshake based access in real world underwater networks

Abstract: Medium Access Control (MAC) is an essential component of protocol stacks in Underwater Acoustic Networks (UANs). Numerous dedicated UAN MAC protocols have been proposed and studied via analysis and simulations. However, limited work has been done on evaluating these protocols in real ocean environments. To achieve a better understanding on how MAC protocols perform in real world UANs, we implemented Selective ARQ and Slotted Handshake based Access (SASHA) on UAN nodes. SASHA embraces some most essential and representative techniques in UAN MAC design, including selective ARQ, time slotting, handshake and collision avoidance. Moreover, a sea test was conducted at Atlantic Ocean to evaluate the performance of SASHA. With the experimental data, we are able to study how the aforementioned techniques affect the performance of SASHA. we also analyze the hop-by-hop and end-to-end behavior of SASHA. Specifically, we investigate the transmission delay and queuing delay of a data packet on one hop. From the findings, some issues are discovered and the corresponding design guidelines are emerged.

A new adaptive receiver-initiated scheme for mitigating starvation in wireless networks

Abstract: Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) has been adopted by the IEEE 802.11 standard and provides good performance when all transmitters are within the range of each other. Unfortunately, in multi-hop topologies, the asymmetric view of the channel state leads to a throughput distribution where a few flows may capture all the available bandwidth while many other flows get very low throughput and sometime meet starvation. To address this problem, in this paper we describe a solution called Carrier Sense Multiple Access with Collision Avoidance by Receiver Detection (CSMA/CARD) which makes use of collisions sensed by a receiver at the physical layer to help the handshake mechanism and mitigate the effect of such problem. More specifically, we propose a mechanism based on historical observations, where collisions can be used by the receiver to predict whether some sender attempted to initiate a transmission. The receiver then reacts accordingly by participating itself in a handshake sequence. We show some interesting results, obtained through analysis and simulations, when the CSMA/CARD is compared to the IEEE 802.11 protocol.

A RFID Security Protocol Based on Hash Chain and Three-Way Handshake

Abstract: Radio Frequency Identification (RFID) technology is one of the important techniques of the Internet of Things, it has many security problems for it runs in open environment. In order to solve the communication security problem between the RFID tag and the reader, in this article, we proposed a RFID security protocol based on hash chain and Three-way Handshake. We also analyzed the security of the protocol by using the BAN logic and analyzed the performance. The result shows that this protocol only needs little computation resource and power supply and has high security level.

A fast handshake join implementation on FPGA with adaptive merging network

Abstract: One of a critical design issues for implementing handshake-join hardware is result collection performed by a merging network. To address the issue, we introduce an adaptive merging network. Our implementation achieves over 3 million tuples per second when the selectivity is 0.1. The proposed implementation attains up to 5.2x higher throughput than original handshake-join hardware. In this demonstration, we apply the proposed technique to filter out malicious packets from packet streams. To the best of our knowledge, our system is the fastest handshake join implementation on FPGA.

Line of sight initiated handshake

Abstract: Technologies are generally described for systems, devices and methods effective to implement a line of sight initiated handshake. In some examples, a processor in a first communication device may detect a line of sight directed from the first communication device to a second communication device. The first communication device may send a handshake request to the second communication device. The first communication device may receive a handshake acknowledgement from the second communication device. The handshake request and handshake acknowledgement may be effective to create the handshake. The first and second communication devices can thereafter share data.

A secure handshake scheme for mobile-hierarchy city intelligent transportation system

Abstract: Due to development and extension of internet of things, mobile-hierarchy architecture was proposed for querying a deployed wireless sensor network in an intelligent transportation system. Secure handshake among nodes becomes an important part of an intelligent transportation system. The mobile node verifies the legitimacy of an ordinary sensor node over an insecure communication channel. Attribute set or information as important handshake factors and negotiate each other privately in local side. In this paper, a secure attribute matching handshake scheme which extends fuzzy information for mobile-hierarchy city intelligent transportation system is proposed.

Auto-update while running client interface with handshake

Abstract: In one embodiment, a predecessor version of a client software application may execute a runtime handover to a successor version of the client software application. A client side device may execute a predecessor version of a client software application while installing a successor version of the client software application. The client side device may execute an update handshake between the successor version and the predecessor version. The client side device may execute a runtime validation of the successor version.

An Unlinkable Secret Handshake with Fuzzy Matching for Social Networks

Abstract: An unlinkable secret handshake allows two members from the same groups to secretly distinguish each other. In this paper, a new unlinkable secret handshake scheme is constructed to achieve fuzzy matching. The proposed scheme supports more flexible threshold-based appropriate matching under the multiple-groups environment, which is not limited to authenticate between members from the same groups. Our new scheme is constructed from the fuzzy identity-based encryption scheme and constant-size group signature. Without using the random oracle, the new scheme is proved secure by assuming the intractability of the decisional bilinear Diffie-Hellman problems. Compared with previous works, our proposed scheme is adaptive to realize for many different applications.

A key refreshing technique to reduce 4-way handshake latency in 802.11i based networks

Abstract: Authentication per frame is an implicit necessity for security in Wireless LANs (Local Area Networks). 802.11i security framework proposes encryption and MIC based authentication of data frames. In this, the key is not refreshed every time a frame is sent. For refreshing the key entities explicitly perform a 4-way handshake to evaluate PTK. 4-way handshake also ensures that involved entities have the same transient key (refreshed key). 4-way handshake involves computation cost. It also adds to the communication cost in the wireless environment, as data frame are utilized for this purpose. 4-way handshake in the 802.11i framework happens to be prone to DoS attacks (especially due to first message of the 4-way handshake). We propose a novel per frame key refreshing method that do away with the 4-way handshake. It does not require extra bits or extra frame for this purpose and also no change in the existing frame format is required. It uses existing key, frame sequence number along with the authentication stream generator for key refreshing.

Robust handshake procedure in cross-talk environments

Abstract: Embodiments of the invention provide a robust mechanism to isolate transceivers that attempt to train on a FEXT channel during the handshake phase and to abort a false activation. According to aspects of the invention, either or both transceiver acknowledges the unique identity of the other transceiver during the handshake phase. This ensures that the transceiver progresses to training and beyond with only one other remote transceiver.

SAS: Source Asynchronous Signaling Protocol for Asynchronous Handshake Communication Free from Wire Delay Overhead

Abstract: Asynchronous handshake protocol communication is accomplished by sending data down a communication link coupled with data validity information. Flow control is established by acknowledging the receipt of data, thereby enabling transmission of new data down the link. Handshake protocols operate at target cycle times based on system operational requirements. When the communication delay down wires increases beyond a certain point, the latency in sending the request and acknowledge signals across the link becomes longer than the target cycle time. This reduces the communication bandwidth below the desired value. This deleterious effect is particularly conspicuous on long links and network-on-chip communication. A method of enabling full communication bandwidth on wires with arbitrary delay when employing handshake communication is provided. This method supports end-to-end communication across links with arbitrarily large but finite latency without limiting the bandwidth, so long as line variation can be reliably controlled. This paper introduces the news AS protocol, provides an efficient implementation, and reports the resultant significant energy and bandwidth improvements over conventional handshaking methods.

iMAC: improved Medium Access Control for multi‐channel multi‐hop wireless networks

Abstract: Trends in wireless networks are increasingly pointing towards a future with multi-hop networks deployed in multi-channel environments. In this paper, we present the design for iMAC—a protocol targeted at Medium Access Control in such environments. iMAC uses control packets on a common control channel to facilitate a three-way handshake between the sender and the receiver for every packet transmission. This handshake enables the sender and the receiver to come to a consensus on a channel to use for data transmission and also signals to neighboring nodes about the contention on that channel. iMAC then uses a mechanism similar to 802.11 for data communication. Our evaluation of iMAC shows that it provides significant gains in throughput in comparison with uninformed channel selection, especially when contention for channel bandwidth is neither too low nor too high; intelligent selection of channels by iMAC is necessary to harness available bandwidth resources in the presence of medium levels of contention. Copyright © 2011 John Wiley & Sons, Ltd.

Secret handshake scheme with request-based-revealing

Abstract: Secret handshake (SH) schemes enable two members who belong to the same group to authenticate each other in a way that hides their affiliation to that group from all others. In previous work on SH, the group authority (GA) of the group G has been shown to have the ability to reveal the identity (ID) of a handshake player who belongs to G. The capability to reveal a malicious player is important in SH systems. In this paper, we focus first on the classification of traceability of GA. We classify this feature as follows: (i) GA of G is able to reveal IDs of members belonging to G by using a transcript of a handshake protocol; and (ii) GA of G is able to confirm whether handshake players belong to G or not by using a transcript of a handshake protocol. Previous research in this field only considers the former capability. In some situations, only the latter capability is needed. Next, we consider a SH system that GA has only an ability to confirm whether a handshake player belongs to his own group without revealing his ID. The most naive method is that member IDs are eliminated and members have a common group ID. However, if member ID does not exist, one cannot reveal the handshake player's ID in the event of disputes. Thus, we introduce a SH with request-based-revealing (SHRBR). In SHRBR schemes, GA can check whether handshake players belong to their own group, but cannot reveal member IDs alone. After a handshake player A executes a handshake protocol with B, if A wants to reveal a handshake partner (in this case B), A requests GA to reveal a handshake partner's ID by bringing forth his own ID and secret information of A. We define the security requirements for SHRBR schemes and propose two concrete SHRBR schemes, SHRBR-1 and SHRBR-2. We prove that the proposed SHRBR schemes satisfy security requirements in the random oracle model.

Secret handshake issue and validate authority based authentication system for wireless sensor network

Abstract: Wireless Sensor Networks (WSN) are major research area in the past few decades. WSN is formed by collection of sensor nodes. Power source life and m emory size limit the hardware sources and these wil l decide the lifesapn of sensor nodes in WSN. Therefo re, many resources based research issues are evolve d in WSN. This study focused security issue and proposed authentication system. As the sensor nodes are limited memory, the traditional authentication syst ems are uncomforted. Hence, secret handshake system using two authorities, namely Issue Authority and V alidate Authority are proposed in this study. The proposed authentication system is called as, Secret Handshake Issue and Validate Authority (SHIVA). The proposed methodology is occupying lesser memory space and also reducing number of communication of sensor nodes for the authentication model. Therefor e, the proposed methodology proved optimum for WSN.

Initial experiments of data acquisition system for tele-handshaking

Abstract: A handshake is a form of social interactions. It is important because it influences either positive or negative first impressions. This video shows a total of nine hand pressure data collected from an empirical study with a total of 42 participants. The study revealed the primary contact points of palm while handshaking.

The research of improving SSL handshake performance

Abstract: An RSA variant algorithmic approach for speeding up SSL's performance is presented on a web server. The RSA variant improves the performance of SSL's handshake protocol by up to a factor of 7.5 for 1024-bit RSA keys. We improve the server's performance by batching the SSL handshake protocol and shifting some decryption work to SSL clients. The theoretical value shows that the performance of the SSL handshake protocol has been substantially improved by the method.

ESKIMO 2-Way Handshake

Abstract: Recent research has shown that there are many security issues associated with the original IEEE 4-Way Handshake. The most serious of these security issues is the key recovery attack, during which hackers are able to retrieve the secret key and use it to access a targeted network. In order to mitigate this serious security vulnerability, this research analysed the IEEE 4-Way Handshake and identified the source of the problem. Similarly, the research reviewed some proposed ideas on how to fix this very problem, but concluded that none of the proposed approaches is secure and efficient. Finally, this research proposes the new ESKIMO (Encryption System with Keyed Integrity and Managed Oracle) 2-Way Handshake, which incorporates a strong cryptographic Message Authentication Code (MAC) algorithm called ESMAC (ESKIMO MAC). This research argues that the ESKIMO 2-Way Handshake is secure and lightweight. It provides better security and efficiency, and also cuts down the original IEEE 4-Way Handshake scheduling time by at least fifty percent.

Data packet transmission method and related device and system

Abstract: Embodiments of the present disclosure relate to the field of computer networks, and disclose a data packet transmission method and a related device and system. In the method, a traditional communication protocol (such as TCP) handshake process is optimized, so that data packet transmission may be implemented in the handshake process. The data packet transmission does not depend on completion of the handshake, thereby effectively reducing a data packet transmission delay caused by an RTT delay existing in the handshake process.

Network device, program, system and method

Abstract: PROBLEM TO BE SOLVED: To provide a mechanism in which a network device can receive an instruction performed by a management device using Push communication, even when the network device fails in Handshake of the Push communication with the management deviceSOLUTION: A first client computer 110 performs a request for indirect Push communication which is Push communication with a server computer 100 through a second client computer 170 to the second client computer 170 The second client computer 170 transfers an instruction which the server computer 100 performs to the first client computer 110 using the Push communication, to the first client computer 110 after the indirect Push communication