Showing papers on "Handshake published in 2014"

Secure session capability using public-key cryptography without access to the private key

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Proving the TLS Handshake Secure (As It Is)

Abstract: The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, letting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical to obtain practical security guarantees for TLS, as all mainstream implementations support multiple related runs of the handshake and share keys between algorithms.

Low-latency handshake join

Abstract: This work revisits the processing of stream joins on modern hardware architectures. Our work is based on the recently proposed handshake join algorithm, which is a mechanism to parallelize the processing of stream joins in a NUMA-aware and hardware-friendly manner. Handshake join achieves high throughput and scalability, but it suffers from a high latency penalty and a non-deterministic ordering of the tuples in the physical result stream. In this paper, we first characterize the latency behavior of the handshake join and then propose a new low-latency handshake join algorithm, which substantially reduces latency without sacrificing throughput or scalability. We also present a technique to generate punctuated result streams with very little overhead; such punctuations allow the generation of correctly ordered physical output streams with negligible effect on overall throughput and latency.

A Link-Layer Synchronization and Medium Access Control Protocol for Terahertz-Band Communication Networks

Abstract: In this paper, a link-layer synchronization and medium access control (MAC) protocol for very-high-speed wireless communication networks in the THz band is presented. The protocol relies on a receiver-initiated handshake as a way to guarantee synchronization between transmitter and receiver. In addition, it incorporates a sliding window flow control mechanism, which combined with the one-way handshake, maximizes the channel utilization. Two different application scenarios are considered, namely, a macroscale scenario, in which nodes utilize turning directional antennas to periodically sweep the space while overcoming the distance problem at THz frequencies, and a nanoscale scenario, in which nano-nodes require energy harvesting systems to operate. A carrier-based physical layer is considered for the macro-scenario, whereas the physical layer for the nano-scenario is based on a femtosecond- long pulse-based modulation scheme with frame interleaving. The performance of the proposed MAC protocol is analytically investigated in terms of delay, throughput and successful packet transmission probability, and compared to that of an adapted Carrier Sense Multiple Access with Collision Avoidance with and without handshake. The results are validated by means of extensive simulations with ns-3, in which all the necessary THz elements have been implemented. The results show that the proposed protocol can maximize the successful packet delivery probability without compromising the achievable throughput in THz-band communication networks.

Lightweight secure communication for CoAP-enabled Internet of Things using delegated DTLS handshake

Abstract: IETF CoRE working group proposed to use DTLS for supporting secure IoT services. In this paper, we examine problems that can happen when applying the DTLS protocol to IoT networks directly. To solve the problems, we separate the DTLS protocol into two; the handshake phase and the encryption phase. Our approach enhances performance in both device and network by using a way to delegate the DTLS handshake phase. We also present two scenarios (inbound and outbound) based on the properties of Constrained Application Protocol (CoAP) enabled sensors. The proposed scheme supports secure end-to-end communication despite using delegation.

Banning the Handshake From the Health Care Setting

Abstract: The handshake represents a deeply established social custom. In recent years, however, there has been increasing recognition of the importance of hands as vectors for infection, leading to formal recommendations and policies regarding hand hygiene in hospitals and other health care facilities.1 Such programs have been limited by variable compliance and efficacy.1,2 In an attempt to avoid contracting or spreading infection, many individuals have made their own efforts to avoid shaking hands in various settings but, in doing so, may face social, political, and even financial risks.

Proving the TLS Handshake Secure (as it is).

Abstract: The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, letting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical to obtain practical security guarantees for TLS. We experimentally confirm that all mainstream implementations of TLS share key materials between different algorithms, some of them of dubious strength. We outline attacks in their handling of resumption and renegotiation, stressing the need to model multiple related instances of the handshake. We study the provable security of the TLS handshake, as it is implemented and deployed. To capture the details of the standard and its main extensions, we rely on miTLS, a verified reference implementation of the protocol. miTLS inter-operates with mainstream browsers and servers for many protocol versions, configurations, and ciphersuites; and it provides application-level, provable security for some. We propose new agile security definitions and assumptions for the signatures, key encapsulation mechanisms (KEM), and key derivation algorithms used by the TLS handshake. By necessity, our definitions are stronger than those expected with simple modern protocols. To validate our model of key encapsulation, we prove that both RSA and Diffie-Hellman ciphersuites satisfy our definition for the KEM. In particular, we formalize the use of PKCS#1v1.5 encryption in TLS, including recommended countermeasures against Bleichenbacher attacks, and build a 3,000-line EasyCrypt proof of the security of the resulting master secret KEM against replayable chosen-ciphertext attacks under the assumption that ciphertexts are hard to re-randomize. Based on our new agile definitions, we construct a modular proof of security for the miTLS reference implementation of the handshake, including ciphersuite negotiation, key exchange, renegotiation, and resumption, treated as a detailed 3,600-line executable model. We present our main definitions, constructions, and proofs for an abstract model of the protocol, featuring series of related runs of the handshake with different ciphersuites. We also describe its refinement to account for the whole reference implementation, based on automated verification tools.

Sensor network architecture to measure characteristics of a handshake between humans

Abstract: Handshaking is an important component of social interaction between people in many cultures. Thus, for further applications in human/humanoid-robot interaction it is important to understand and measure the characteristics of a handshake during interaction between humans. In this paper, a new wearable sensor network to measure a handshake is described. It consists of a set of several sensors (accelerometers, gyroscopes and force sensors) attached to the glove, and of a microcontroller for signal acquisition and conditioning. The paper focuses on the applicability and qualitative analysis of the proposed architecture of sensors through several experiments of handshaking between two human subjects. The results show that the proposed system allows reproducible experiments to quantify handshake characteristics such as duration and strength of the grip, vigor and rhythmicity of a handshake.

QoS in a system with end-to-end flow control and QoS aware buffer allocation

Abstract: The present disclosure is directed to Quality of Service (QoS) and handshake protocols to facilitate endpoint bandwidth allocation among one or more agents in a Network on Chip (NoC) for an endpoint agent. The QoS policy and handshake protocols may involve the use of credits for buffer allocation which are sent to agents in the NoC to compel the acceptance of data and the allocation of an appropriate buffer. Messages sent to the agent may also have a priority associated with the message, wherein higher priority messages have automatic bandwidth allocation and lower priority messages are processed using a handshake protocol.

(De-)Constructing TLS.

Abstract: TLS is one of the most widely deployed cryptographic protocols on the Internet; it is used to protect the confidentiality and integrity of transmitted data in various client-server protocols. Its non-standard use of cryptographic primitives, however, makes it hard to formally assess its security. It is in fact difficult to use traditional (well-understood) security notions for the key-exchange (here: handshake) and the encryption/authentication (here: record layer) parts of the protocol due to the fact that, on the one hand, traditional gamebased notions do not easily support composition, and on the other hand, all TLS versions up to and including 1.2 combine the two phases in a non-standard way. In this paper, we provide a modular security analysis of the handshake in TLS version 1.2 and a slightly sanitized version of the handshake in the current draft of TLS version 1.3, following the constructive cryptography approach of Maurer and Renner (ICS 2011). We provide a deconstruction of the handshake into modular sub-protocols and a security proof for each such sub-protocol. We also show how these results can be combined with analyses of the respective record layer protocols, and the overall result is that in all cases the protocol constructs (unilaterally) secure channels between the two parties from insecure channels and a public-key infrastructure. This approach ensures that (1) each sub-protocol is proven in isolation and independently of the other sub-protocols, (2) the overall security statement proven can easily be used in higher-level protocols, and (3) TLS can be used in any composition with other secure protocols. In more detail, for the key-exchange step of TLS 1.2, we analyze the RSA-based and both Diffie-Hellman-based variants (with static and ephemeral server key share) under a non-randomizability assumption for RSA-PKCS and the Gap Diffie-Hellman assumption, respectively; in all cases we make use of random oracles. For the respective step of TLS 1.3, we prove security under the Decisional Diffie-Hellman assumption in the standard model. In all statements, we require additional standard computational assumptions on other primitives. In general, since the design of TLS is not modular, the constructive decomposition is less fine-grained than one might wish to have and than it is for a modular design. This paper therefore also suggests new insights into the intrinsic problems incurred by a non-modular protocol design such as that of TLS. ∗Part of the work done while at ETH Zurich. Author is supported by the Swiss National Science Foundation (SNF). †Part of the work done while at Aarhus University supported by the Danish Council for Independent Research via DFF Starting Grant 10-081612.

Vehicle-specific computation management system for cloud computing

Abstract: A vehicle control and computation system interfaces a task controller in the vehicle with a vehicle-specific computation manager in a cloud network. A wireless data channel couples the task controller and the cloud network. The task controller performs operational tasks in the vehicle using data-related resources in the cloud network. Upon initiating one of the operational tasks, the task controller sends a handshake signal to the computation manager as a resource request. The computation manager calls at least one cloud-based agent from a database of predetermined agents in response to the handshake signal. The task controller completes the operational task via communication with the called agent.

Analysis of synchrony of a handshake between humans

Abstract: Physical and social interaction between humans and robots are important for humanoid robotics. In this article the characteristics of a handshake between humans are physically examined aiming at future experiments with a handshake between a human and a robot. A special pair of data gloves has been designed to measure quantitative characteristics of a handshake ritual such as duration, strength of the grip, and frequency of the rhythmic movements. Experiment results show that handshaking consists of four phases. After a physical contact, a mutual synchrony appears between the two persons. A statistical analysis shows that the frequency of this synchronization is around 4 Hz and average strength of the grip is 2.5 N.

A slot-asynchronous MAC protocol design for blind rendezvous in cognitive radio networks

Abstract: In cognitive radio networks (CRNs), two users have to rendezvous on a common available channel before communications. Most existing rendezvous papers focus on the channel-hopping (CH) sequence design. However, rendezvous may suffer from the handshake failure on the rendezvous channel, especially in unsynchronized-slot scenarios. In this paper, the challenge of slot-asynchronous rendezvous in CRNs is addressed for the first time. A protocol aiming to improve the handshake performance during the CH process is proposed. By analyzing the potential factors leading to the handshake failure, we design a novel MAC protocol with an optimal size of a time slot which can mitigate the effects of these factors and provide the shortest time for rendezvous. In addition, we also propose a probabilistic model for estimating the average rendezvous time under different CRNs. Simulation results validate our analytical model and demonstrate that our proposed protocol can achieve the rendezvous time close to the theoretical value under slot-asynchronous scenarios.

Analysis and implementation of a 3-Way handshake signaling protocol for highly dynamic transport networks

Abstract: A 3-Way handshake signaling protocol was previously developed that meets DARPA CORONET program requirements for highly dynamic transport networks. Presented here are extensions to OTN-based networks, and protocol validation in a 100-node emulation testbed.

Security authentication method, equipment and system based on transport layer security protocol

Abstract: The embodiment of the invention discloses a security authentication method, related equipment and a communication system based on transport layer security (TLS). The security authentication method based on a TLS protocol includes the steps that a client sends client initialization handshake information to a server, the client initialization handshake information carries N algorithm set identifications, and an algorithm set corresponding to each one of M algorithm set identifications of the N algorithm set identifications comprises an SM2 algorithm; server initialization handshake information sent by the server is received, and the server initialization handshake information carries a first algorithm set identification which is one of the M algorithm set identifications; security authentication is carried out on the basis of a first algorithm set corresponding to the first algorithm set identification and the server. A mechanism for data transmission through the SM2 algorithm is provided, so that advantages of the SM2 algorithm in the security factor are brought into full play, and safety and performance of security authentication and data transmission are improved.

TLS protocol extension

Abstract: A handshake communication method between a client (1) and a server (4) comprising a sending step of a client hello message from the client (1) to the server (4), said client hello message including a name of the client so that the server (4) is aware of the identity of the said client (1) from the client hello message.

Methods and systems for detection and classification of multimedia content in secured transactions

Abstract: An apparatus is provided for detecting the presence of multimedia content in one or more transactions and for classifying the multimedia content in the one or more transactions. The apparatus can include a traffic processor configured to acquire one or more handshake messages associated with the transactions. The apparatus can also include a multimedia detector configured to determine a domain name requested by a specific terminal based on the one or more handshake messages, and to detect the presence of the multimedia content data in the transactions using the determined domain name. The detection of the presence of the multimedia content can be used for at least one of optimizing or reporting of the multimedia content before the multimedia content is provided to the specific terminal.

Mobile terminal authentication method, service access method and equipment

Abstract: The invention discloses a mobile terminal authentication method, a service access method and equipment. During the process when a mobile terminal and a security gateway carry out the first authentication handshake, a communication key is generated by the security gateway, the communication key is encrypted and sent to the mobile terminal, the mobile terminal carries out decryption and acquires the communication key, the communication key is used for carrying out encryption on the second handshake request, the security gateway uses the communication key to carry out decryption authentication on the second handshake request, and authentication security is ensured. According to the above authentication scheme, the user only needs one interaction, the whole authentication can be finished even without interaction, operations such as preregistration, manual login information filling or manual verification code filling can be omitted, and convenience of mobile terminal authentication can be enhanced.

Method and device for recognizing Android simulator

Abstract: The invention discloses a method and device for recognizing an Android simulator, and belongs to the technical field of terminals. The method comprises the steps of receiving a connecting request sent by a terminal, and obtaining a handshake data packet in the connecting request; analyzing the handshake data packet, and obtaining information inside a designated field in the handshake data packet; when the information inside the designated field in the handshake data packet meets the preset condition, determining that the Android simulator used for the terminal is recognized. According to the method and device for recognizing the Android simulator, the operation of recognizing the Android simulator is carried out by a server side according to the connecting request after the server side receives the connecting request of the terminal, no extra communication processes are needed, then the phenomenon that the feedback information for recognizing the terminal is not accurate due to extra communication does not exist, and the efficiency for recognizing the terminal is improved.

TLS connection abandoning

Abstract: A network-based appliance includes a mechanism to enable the appliance to extract itself from man-in-the-middle (MITM) processing during a client-server handshake and without interrupting that connection. The mechanism enables the appliance to decide (e.g., based on a rule match against a received server certificate) to stop performing MITM during the handshake and thus to de-insert itself transparently, i.e., without interfering or signaling to either end of the session that this operation is occurring. Once the connection is abandoned in the manner, the appliance ignores additional traffic flow and thus can free up processing resources (CPU, memory, and the like) that would otherwise be required to decrypt the connection (even if no further inspection or rewrite processing would be expected to occur).

Method for recognizing mobile data service based on HTTPS

Abstract: The invention provides a method for recognizing a mobile data service based on an HTTPS. The method is characterized by comprising the first step of recognizing the protocol with the TCP conversation as unit caching data, wherein if the protocol is the Handshake protocol, the Client Hello message and the Certificate message are recognized according to the Handshake Type; the second step of extracting the corresponding HOST message according to the recognized Client Hello message and the Certificate message; the third step of finishing the recognition on the type of the service according to the extracted HOST message. The recognition on the type of the HTTPS service can be achieved in an initiative mode, the HOST extraction is achieved at the Handshake stages of different versions of protocols of the SSL/TLS of the HTTPS mode, the service type can be obtained through the preset HOST and service type corresponding list in an expanded mode, and the service recognition breadth can be effectively improved.

RS485 communication interface automatic baud rate and communication address detection method

Abstract: The invention discloses an RS485 communication interface automatic baud rate and communication address detection method. The method includes the steps that when a mainframe is connected with a single slave, the mainframe sends a fixed handshake protocol in a broadcast mode at one baud rate each time till the slave resounds so as to set up communication connection; when the mainframe is connected with multiple slaves, the mainframe sends a handshake protocol to each slave address, when the slave conducts decoding and determines that the handshake protocol is sent to the slave, the salve responds to a station number given by the mainframe, and when the slave conducts decoding and determines that the handshake protocol is not sent to the slave, the slave does not respond; when the mainframe receives the response from the slave, decoding is conducted, communication connection is set up, the baud rate and the station number which are in communication with the slave are recorded, and next circulation is started if no response is received. According to the method, the automatic baud rate and the communication address of an RS485 port can be accurately detected, communication connection between the mainframe and the slaves can be conveniently achieved, extra expenses of hardware are omitted, and errors caused by interference during communication are avoided as well.

A Physical Hand Tremor Simulator for Use With Inclusive Design Research

Abstract: Essential Tremor (ET) is the most common movement disorder among adults. This paper presents a device to induce the effects of ET in the wrists and hands of otherwise healthy research participants for use in inclusive design studies. The device, called “The HandShake,” reproduces the functional impairment of ET sufferers on design study participants. Existing solutions can require complex or expensive equipment. The HandShake uses a novel low-cost system based around a single RC servo. Users of the device in validation testing were found to be impaired in a manner similar to ET sufferers. This tool is intended to aid future inclusive design research regarding upper extremity disabilities. We present results regarding the validity of the simulated tremors versus data from those suffering with ET.Copyright © 2014 by ASME

Data message transmission method, related equipment and system

Abstract: The embodiment of the invention relates to the field of computer network, and discloses a data message transmission method, related equipment and a system. According to the method, the handshake process of a traditional communication protocol (such as TCP) is optimized so that data message transmission can be implemented in the handshake process, and data message transmission does not depend on completion of handshake, thereby effectively reducing data message transmission delay caused by RTT delay existing in the handshake process.

A handshake response motion model during active approach to a human

Abstract: A handshake is an embodied interaction for displaying closeness through physical contact. In this study, we develop a handshake response motion model for a handshake during active approach to a human on the basis of analysis of handshake motions between humans. We also develop a handshake robot system that uses the proposed model. A sensory evaluation is performed for analyzing the time lag preferred by humans between the approaching motion and the hand motion generated by the robot system. Another sensory evaluation is performed for determining the preferred timing of a handshake motion that is accompanied by a voice greeting. The evaluation results demonstrate that the proposed model can generate a handshake response motion during active approach that is preferred by humans. Furthermore, the effectiveness of the proposed model is demonstrated.

Haptic effect handshake unlocking

Abstract: A system that unlocks itself or another device or electronic media enters an unlocked mode by playing a predetermined haptic effect and in response receiving a gesture based interaction input from a user. The system compares the interaction input to a stored predefined interaction input and transitions to the unlocked mode if the interaction input substantially matches the stored predefined interaction input.

An IEEE 802.11 quantum handshake using the three-stage protocol

Abstract: This paper presents a model of integration of the Three-stage quantum cryptography protocol and its variants into the IEEE 802.11 wireless communication standard. The three-stage protocol is introduced during the quantum handshake as a replacement to the BB'84 protocol. Compared to the quantum handshake using BB'84, integrating the three-stage protocol offers several benefits such as enhanced data rates, fewer steps needed to establish the final key, longer distances, and increased number of photons that can be used during the transmission process. In addition, this paper presents a multi-agent software approach to implement the quantum handshake using the three-stage protocol.

Optimizing secure communications between a client authenticating server and a mobile client

Abstract: Systems and techniques are described for optimizing secure communications. Specifically, a first intermediary and a second intermediary can split-terminate a secure connection handshake or a handshake renegotiation between two computing devices. The first and second intermediaries can then optimize secure communications between the two computing devices.

A four-way-handshake protocol for energy forwarding networks in the smart grid

Abstract: Distributed mobile energy storage (DMES) units, which have been recently available in the form of Plug-in Electric Vehicle (PEV) batteries, provide unique opportunities to enhance the efficiency of the smart grid. On the other hand, without communications, uncoordinated supply may risk the stability of the grid, while mobility and variable availability of the batteries make the planning task challenging for the utilities. In this paper, we propose a four-way handshake protocol and a token-based energy forwarding network model for the electricity distribution system that allows energy to be supplied in a store-and-forward fashion similar to packet delivery in delay-tolerant networks. Based on this model, we develop a novel vehicle-to-grid power flow coordination approach, where the power acquired by the delay-tolerant loads is aggregated into tokens which are then matched with the available capacity of the PEV batteries. Energy transactions between delay-tolerant loads and PEVs rely on their communications with the energy management system at the distribution level. Our four-way handshake protocol assures tokens coming from loads and grants coming from storage are matched properly at the distribution level. Our approach provides a convenient supply for loads via PEV batteries while addressing the mobility of vehicles and preserving fairness. We provide a mathematical analysis of the proposed approach and conduct simulations showing that the proposed protocol is able to provide fair access opportunity to PEV owners. Furthermore, by introducing the queuing theory perspective, we enhance the planning capabilities of utilities.