Showing papers on "Message authentication code published in 2004"

Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers

Abstract: Radio-frequency identification devices (RFID) may emerge as one of the most pervasive computing technologies in history. On the one hand, with tags affixed to consumer items as well as letters, packets or vehicles costs in the supply chain can be greatly reduced and new applications introduced. On the other hand, unique means of identification in each tag like serial numbers enable effortless traceability of persons and goods. But data protection and privacy are worthwhile civil liberties. We introduce a simple scheme relying on one way hash-functions that greatly enhances location privacy by changing traceable identifiers on every read getting by with only a single, unreliable message exchange. Thereby the scheme is safe from many threats like eavesdropping, message interception, spoofing, and replay attacks.

A dynamic ID-based remote user authentication scheme

Abstract: Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

The security and performance of the galois/counter mode (GCM) of operation

Abstract: The recently introduced Galois/Counter Mode (GCM) of operation for block ciphers provides both encryption and message authentication, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most efficient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet traffic in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these features are used. We also consider several of its important system-security aspects.

Public key cryptography in sensor networks—revisited

Abstract: The common perception of public key cryptography is that it is complex, slow and power hungry, and as such not at all suitable for use in ultra-low power environments like wireless sensor networks. It is therefore common practice to emulate the asymmetry of traditional public key based cryptographic services through a set of protocols [1] using symmetric key based message authentication codes (MACs). Although the low computational complexity of MACs is advantageous, the protocol layer requires time synchronization between devices on the network and a significant amount of overhead for communication and temporary storage. The requirement for a general purpose CPU to implement these protocols as well as their complexity makes them prone to vulnerabilities and practically eliminates all the advantages of using symmetric key techniques in the first place. In this paper we challenge the basic assumptions about public key cryptography in sensor networks which are based on a traditional software based approach. We propose a custom hardware assisted approach for which we claim that it makes public key cryptography feasible in such environments, provided we use the right selection of algorithms and associated parameters, careful optimization, and low-power design techniques. In order to validate our claim we present proof of concept implementations of two different algorithms—Rabin’s Scheme and NtruEncrypt—and analyze their architecture and performance according to various established metrics like power consumption, area, delay, throughput, level of security and energy per bit. Our implementation of NtruEncrypt in ASIC standard cell logic uses no more than 3,000 gates with an average power consumption of less than 20 μW. We envision that our public key core would be embedded into a light-weight sensor node architecture.

Secure transmission system

Abstract: A method and apparatus for transferring a message securely from a sender to a recipient over a network and includes at each transfer: creating a message; retrieving the public key of the recipient from an external key server just prior to sending the message; signing the message using the private key of the sender; encrypting the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message; generating an E-mail message addressed to the recipient; attaching the encrypted signed message as an attachment to the E-mail message; and, transmitting the E-mail message to the recipient.

Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

Abstract: Recently, Chien et al. proposed an efficient remote authentication scheme using smart cards. However, we find that their scheme is vulnerable to a reflection attack and an insider attack. In addition, their scheme lacks reparability. Herein, we first show the weaknesses of Chien et al.'s scheme, and then propose an improved scheme with better security strength.

A new authentication scheme with anonymity for wireless environments

Abstract: Wireless network is susceptible to security attacks because its openness of transmission media. Wireless network security is somewhat more concentrated and complex than that of wired network. Authentication is the most essential procedure to ensure that the service is properly used. But its limited resource, such as weak power supplies and limited bandwidth, must be taken into account in the design of security schemes. In this paper, we present a new and efficient wireless authentication protocol providing user anonymity. Our scheme is based on the hash function and smart cards, and mobile users only do symmetric encryption and decryption. In our protocol, it takes only one round of message exchange between the mobile user and the visited network, and one round of message exchange between the visited network and the corresponding home network. The most significant feature is one-time use of key between mobile user and visited network. Finally, the performance of our scheme is analyzed.

Efficient multi-server password authenticated key agreement using smart cards

Abstract: Remote user authentication and key agreement scheme using smart cards is a very practical solution to validate the eligibility of a remote user and provide secure communication later. Also, due to fast progress of networks and information technology, most of provided services are in multi-server environments. In this paper, we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. The major merits include: (1) users only need to register at the registration centre once and can use permitted services in eligible servers; (2) the scheme does not need a verification table: (3) users can freely choose their passwords; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the user and the server; and (7) it is a nonce-bayed scheme which does not have a serious time-synchronization problem.

Automatic proof of strong secrecy for security protocols

Abstract: We present a new automatic technique for proving strong secrecy for security protocols. Strong secrecy means that an adversary cannot see any difference when the value of the secret changes. Our technique relies on an automatic translation of the protocol into Horn clauses, and a resolution algorithm on the clauses. It requires important extensions with respect to previous work for the proof of (standard) secrecy and authenticity. This technique can handle a wide range of cryptographic primitives, and yields proofs valid for an unbounded number of sessions and an unbounded message space; it is also flexible and efficient. We have proved its correctness, implemented it, and tested it on several examples of protocols including JFK by W. Aiello et al. (2002).

Further improvement of an efficient password based remote user authentication scheme using smart cards

Abstract: Recently, Ku-Chen proposed an improvement to Chien et al.'s scheme to prevent from some weaknesses. However, the improved scheme is not only still susceptible to parallel session attack, but also insecure for changing the user's password in password change phase. Accordingly, the current paper presents an enhancement to resolve such problems. As a result, the proposed scheme enables users to change their passwords freely and securely without the help of a remote server, while also providing secure mutual authentication.

When seeing isn't believing [multimedia authentication technologies]

Abstract: Digital multimedia is ubiquitous today. Multimedia is easily reproduced and modified without any trace of manipulations. In most cases, a human will not be able to judge whether a multimedia signal is authentic by perceptual inspection. In this article we provide a compact yet fairly comprehensive introduction of multimedia authentication (MA) to the general signal processing audience. The article gives a brief discussion on the different MA technologies such as hard authentication, soft authentication, quality-based authentication, content-based authentication, block authentication, and lossless watermarking.

Selective and authentic third-party distribution of XML documents

Abstract: Third-party architectures for data publishing over the Internet today are receiving growing attention, due to their scalability properties and to the ability of efficiently managing large number of subjects and great amount of data. In a third-party architecture, there is a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publishers are responsible for managing (a portion of) the Owner information and for answering subject queries. A relevant issue in this architecture is how the Owner can ensure a secure and selective publishing of its data, even if the data are managed by a third-party, which can prune some of the nodes of the original document on the basis of subject queries and access control policies. An approach can be that of requiring the Publisher to be trusted with regard to the considered security properties. However, the serious drawback of this solution is that large Web-based systems cannot be easily verified to be secure and can be easily penetrated. For these reasons, we propose an alternative approach, based on the use of digital signature techniques, which does not require the Publisher to be trusted. The security properties we consider are authenticity and completeness of a query response, where completeness is intended with regard to the access control policies stated by the information Owner. In particular, we show that, by embedding in the query response one digital signature generated by the Owner and some hash values, a subject is able to locally verify the authenticity of a query response. Moreover, we present an approach that, for a wide range of queries, allows a subject to verify the completeness of query results.

Cryptographic authentication for telemetry with an implantable medical device

Abstract: Integrity of a wirelessly telemetered message communicated between an implantable medical device and an external programmer is authenticated by encoding the message. The message is encrypted based on a random number or time stamp and a secret key. The message is authenticated by encryption and decryption or by executing a hash function.

The Power of Verification Queries in Message Authentication and Authenticated Encryption.

Abstract: This paper points out that, contrary to popular belief, allowing a message authentication adversary multiple verification attempts towards forgery is not equivalent to allowing it a single one, so that the notion of security that most message authentication schemes are proven to meet does not guarantee their security in practice. We then show, however, that the equivalence does hold for strong unforgeability. Based on this we recover security of popular classes of message authentication schemes such as MACs (including HMAC and PRF-based MACs) and CWschemes. Furthermore, in many cases we do so with a tight security reduction, so that in the end the news we bring is surprisingly positive given the initial negative result. Finally, we show analogous results for authenticated encryption.

CWC: A High-Performance Conventional Authenticated Encryption Mode

Abstract: We introduce CWC, a new block cipher mode of operation for protecting both the privacy and the authenticity of encapsulated data. CWC is the first such mode having all five of the following properties: provable security, parallelizability, high performance in hardware, high performance in software, and no intellectual property concerns. We believe that having all five of these properties makes CWC a powerful tool for use in many performance-critical cryptographic applications. CWC is also the first appropriate solution for some applications; e.g., standardization bodies like the IETF and NIST prefer patent-free modes, and CWC is the first such mode capable of processing data at 10Gbps in hardware, which will be important for future IPsec (and other) network devices. As part of our design, we also introduce a new parallelizable universal hash function optimized for performance in both hardware and software.

Dual domain watermarking for authentication and compression of cultural heritage images

Abstract: This paper proposes an approach for the combined image authentication and compression of color images by making use of a digital watermarking and data hiding framework. The digital watermark is comprised of two components: a soft-authenticator watermark for authentication and tamper assessment of the given image, and a chrominance watermark employed to improve the efficiency of compression. The multipurpose watermark is designed by exploiting the orthogonality of various domains used for authentication, color decomposition and watermark insertion. The approach is implemented as a DCT-DWT dual domain algorithm and is applied for the protection and compression of cultural heritage imagery. Analysis is provided to characterize the behavior of the scheme under ideal conditions. Simulations and comparisons of the proposed approach with state-of-the-art existing work demonstrate the potential of the overall scheme.

On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks

Abstract: GSM suffers from various security weaknesses: Just recently, Barkan, Biham and Keller presented a ciphertext-only attack on the GSM encryption algorithm A5/2 which recovers the encryption key from a few dozen milliseconds of encrypted traffic within less than a second Furthermore, it is well-known that it is possible to mount a man-in-the-middle attack in GSM during authentication which allows an attacker to make a victim mobile station authenticate itself to a fake base station which in turn forwards the authentication traffic to the real network, thus impersonating the victim mobile station to a real network and vice versa We discuss the impact of GSM encryption attacks, that recover the encryption key, and the man-in-the-middle attack on the security of networks, which employ UMTS and GSM base stations simultaneously We suggest to protect UMTS connections from GSM attacks by integrating an additional authentication and key agreement on intersystem handovers between GSM and UMTS

Design and implementation of a private and public key crypto processor and its application to a security system

Abstract: This paper presents the design and implementation of a crypto processor, a special-purpose microprocessor optimized for the execution of cryptography algorithms. This crypto processor can be used for various security applications such as storage devices, embedded systems, network routers, security gateways using IPSec and SSL protocol, etc. The crypto processor consists of a 32-bit RISC processor block and coprocessor blocks dedicated to the AES, KASUMI, SEED, triple-DES private key crypto algorithms and ECC and RSA public key crypto algorithm. The dedicated coprocessor block permits fast execution of encryption, decryption, and key scheduling operations. The 32-bit RISC processor block can be used to execute various crypto algorithms such as Hash and other application programs such as user authentication and IC card interface. The crypto processor has been designed and implemented using an FPGA, and some parts of crypto algorithms has been fabricated as a single VLSI chip using 0.5 /spl mu/m CMOS technology. To test and demonstrate the capabilities of this chip, a custom board providing real-time data security for a data storage device has been developed.

Authentication between a cellular phone and an access point of a short-range network

Abstract: To render secure a connection between an access point of a short-range network and a mobile terminal within a cellular network while precluding acquisition of a PIN code, a platform transmits a confirming message, including a secret code and the access point address retrieved from a terminal request, to the terminal through the cellular network and a connection request message including the secret code and the mobile terminal address to the access point. The access point authenticates the terminal, or the terminals authenticate each other as a function of a session key determined as a function of the secret code retrieved from the connection request message and from the confirming message.

Password-based authentication: a system perspective

Abstract: User authentication in computer systems has been a cornerstone of computer security for decades. The concept of a user id and password is a cost effective and efficient method of maintaining a shared secret between a user and a computer system. One of the key elements in the password solution for security is a reliance on human cognitive ability to remember the shared secret. In early computing days with only a few computer systems and a small select group of users, this model proved effective. With the advent of the Internet, e-commerce, and the proliferation of PCs in offices and schools, the user base has grown both in number and in demographic base. Individual users no longer have single passwords for single systems, but are presented with the challenge of remembering numerous passwords for numerous systems, from email, to web accounts, to banking and financial services. This paper presents a conceptual model depicting how users and systems work together in this function and examines the consequences of the expanding user base and the use of password memory aids. A system model of the risks associated with password-based authentication is presented from a user centric point of view including the construct of user password memory aids. When confronted with too much data to remember, users develop memory aids to assist them in the task of remembering important pieces of information. These user password memory aids form a bridge between otherwise unconnected systems and have an effect on system level security across multiple systems interconnected by the user. A preliminary analysis of the implications of this user centric interconnection of security models is presented.

New remote user authentication scheme using smart cards

Abstract: In 1981, Lamport introduced a remote password authentication scheme using a password table. In 2000, Hwang and Li proposed a remote user authentication scheme using smart cards to solve the problems of Lamport scheme. First, Chan-Chang, Shen-Lin-Hwang and then Chang-Hwang pointed out some attacks on Hwang-Li's scheme. Shen-Lin-Hwang also proposed a modified scheme. In 2003, Leung-Cheng-Fong-Chan showed that a modified scheme proposed by Shen-Lin-Hwang is still vulnerable to all previous attacks. This paper presents a new remote user authentication scheme. This scheme is secure against Chan-Cheng and all the extended attacks.

Systems and methods for protecting data secrecy and integrity

Abstract: A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.

E-mail certification service

Abstract: A method is provided to handle an electronic mail message such that the receiver of the e-mail message can verify the integrity of the message. A request is provided from a sender's side to a service. The request includes information regarding the e-mail message. The service processes at least a portion of the request to generate a result. For example, the service may encrypt the portion of the request, according to a public/private key encryption scheme, to generate a digital signature as the result. The service provides the result to the sender's side. At the sender's side, the result is incorporated into the e-mail message and the result-incorporated message is transmitted via an e-mail system. At the receiver's side, the result-incorporated e-mail message is processed to assess the integrity of the received e-mail message.

Multicast authentication in fully adversarial networks

Abstract: We study a general version of the multicast authentication problem where the underlying network, controlled by an adversary, may drop chosen packets, rearrange the order of the packets in an arbitrary way, and inject new packets into the transmitted stream. Prior work on the problem has focused on less general models, where random, rather than adversarially-selected packets may be dropped and altered, or no additional packets may be injected into the stream. We describe an efficient and scalable authentication scheme that is based on a novel combination of error-correcting codes with standard cryptographic primitives. We prove the security of our scheme and analyze its performance in terms of the computational effort at the sender and receiver and the communication overhead. We also discuss specific design and implementation choices and compare our scheme with previously proposed approaches.

A steganographic scheme for secure communications based on the chaos and euler Theorem

Abstract: Steganography has been proposed as a methodology for transmitting messages through innocuous covers to conceal their existence. This work proposes an asymmetric image steganographic method based on a chaotic dynamic system and the Euler theorem. The hidden message can be recovered using orbits different from the embedding orbits, and the original image is not required to extract the hidden message. Experimental results and discussions reveal that the proposed scheme possesses security, imperceptibility and survivability.

Runtime execution monitoring (REM) to detect and prevent malicious code execution

Abstract: Many computer security threats involve execution of unauthorized foreign code on the victim computer. Viruses, network and email worms, Trojan horses, backdoor programs used in denial of service attacks are a few examples. In this paper, we present an architectural technique, which we call runtime execution monitoring (REM), to detect program flow anomalies associated with such malicious code. The key idea in REM is the verification of program code at the hash block (similar to a basic block) level. This is achieved by pre-computing keyed hashes (HMACs) for each hash block during program installation, and then verifying these values during program execution. By verifying program code integrity at the hash block level, REM can monitor instructions whose behavior is typically exploited by malicious code, such as branch, call, return instructions. Performance degradation with REM averages 6.4% on our benchmark programs, which can be reduced to under 5% by increasing the size of the L1 instruction cache.

CODEX: a robust and secure secret distribution system

Abstract: CODEX (COrnell Data Exchange) stores secrets for subsequent access by authorized clients. It also is a vehicle for exploring the generality of a relatively new approach to building distributed services that are both fault-tolerant and attack-tolerant. Elements of that approach include: embracing the asynchronous (rather than synchronous) model of computation, use of Byzantine quorum systems for storing state, and employing proactive secret sharing with threshold cryptography for implementing confidentiality and authentication of service responses. Besides explaining the CODEX protocols, experiments to measure their performance are discussed.

User's guide to cryptography and standards

Abstract: With the scope and frequency of attacks on valuable corporate data growing enormously in recent years, a solid understanding of cryptography is essential for anyone working in the computer/network security field. This timely book delivers the hands-on knowledge you need, offering comprehensive coverage on the latest and most-important standardized cryptographic techniques to help you protect your data and computing resources to the fullest. Rather than focusing on theory like other books on the market, this unique resource describes cryptography from an end-user perspective, presenting in-depth, highly practical comparisons of standards and techniques. You learn, in detail, what cryptography can achieve and discover how to choose cryptographic standards that ensure state-of-the-art protection and maximum interoperability. Moreover, the book explains how to select standardized techniques that are most suitable for your specific needs. From encryption, cryptographic hash-functions, and message authentication codes, to digital signatures, authentication protocols, and public key infrastructures, this authoritative reference gives you complete working knowledge of the critical cryptographic tools being utilized world-wide. The book concludes with a look at the future of cryptography, including discussions on crypto-modules and biometrics.

Impostor: a single sign-on system for use from untrusted devices

Abstract: At present, network users have to manage a set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single sign-on (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users need to manage only one set of authentication credentials in order to log into the services they subsequently use. This paper presents the design of an SSO system that is based on a trusted proxy, and that is suitable for use from an untrusted network access device. Unlike existing proxy-based SSO schemes, which require an infrastructure to be in place between the proxy and the service providers, the one presented here does not. An open-source implementation of the scheme, called 'Impostor', is also described. The prototype is implemented as an HTTP proxy, resulting in a system that works with common Web browsers.

Method and apparatus for authentication of data streams with adaptively controlled losses

Abstract: Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.