Showing papers on "Message authentication code published in 2005"

Energy analysis of public-key cryptography for wireless sensor networks

Abstract: In this paper, we quantify the energy cost of authentication and key exchange based on public-key cryptography on an 8-bit microcontroller platform. We present a comparison of two public-key algorithms, RSA and elliptic curve cryptography (ECC), and consider mutual authentication and key exchange between two untrusted parties such as two nodes in a wireless sensor network. Our measurements on an Atmel ATmega128L low-power microcontroller indicate that public-key cryptography is very viable on 8-bit energy-constrained platforms even if implemented in software. We found ECC to have a significant advantage over RSA as it reduces computation time and also the amount of data transmitted and stored.

The Poly1305-AES message-authentication code

Abstract: Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The security of Poly1305-AES is very close to the security of AES; the security gap is at most 14D⌈L/16⌉/2106 if messages have at most L bytes, the attacker sees at most 264 authenticated messages, and the attacker attempts D forgeries. Poly1305-AES can be computed at extremely high speed: for example, fewer than 3.1l+780 Athlon cycles for an l-byte message. This speed is achieved without precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Special-purpose hardware can compute Poly1305-AES at even higher speed. Poly1305-AES is parallelizable, incremental, and not subject to any intellectual-property claims.

Attack-resistant location estimation in sensor networks

Abstract: Many sensor network applications require sensors' locations to function correctly. Despite the recent advances, location discovery for sensor networks in hostile environments has been mostly overlooked. Most of the existing localization protocols for sensor networks are vulnerable in hostile environments. The security of location discovery can certainly be enhanced by authentication. However, the possible node compromises and the fact that location determination uses certain physical features (e.g., received signal strength) of radio signals make authentication not as effective as in traditional security applications. This paper presents two methods to tolerate malicious attacks against beacon-based location discovery in sensor networks. The first method filters out malicious beacon signals on the basis of the "consistency" among multiple beacon signals, while the second method tolerates malicious beacon signals by adopting an it era lively refined voting scheme. Both methods can survive malicious attacks even if the attacks bypass authentication, provided that the benign beacon signals constitute the majority of the "consistent" beacon signals. This paper also presents the implementation of these techniques on MICA2 motes running TinyOS, and the evaluation through both simulation and field experiments. The experimental results demonstrate that the proposed methods are promising for the current generation of sensor networks.

Secure communications over insecure channels based on short authenticated strings

Abstract: We propose a way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings, e.g. 15 bits.We call this SAS-based authentication as for authentication based on Short Authenticated Strings. The extra channel uses a weak notion of authentication in which strings cannot be forged nor modified, but whose delivery can be maliciously stalled, canceled, or replayed. Our protocol is optimal and relies on an extractable or equivocable commitment scheme. This approach offers an alternative (or complement) to public-key infrastructures, since we no longer need any central authority, and to password-based authenticated key exchange, since we no longer need to establish a confidential password. It can be used to establish secure associations in ad-hoc networks. Applications could be the authentication of a public key (e.g. for SSH or PGP) by users over the telephone, the user-aided pairing of wireless (e.g. Bluetooth) devices, or the restore of secure associations in a disaster case, namely when one remote peer had his long-term keys corrupted.

User authentication through typing biometrics features

Abstract: This paper uses a static keystroke dynamics in user authentication. The inputs are the key down and up times and the key ASCII codes captured while the user is typing a string. Four features (key code, two keystroke latencies, and key duration) were analyzed and seven experiments were performed combining these features. The results of the experiments were evaluated with three types of user: the legitimate, the impostor and the observer impostor users. The best results were achieved utilizing all features, obtaining a false rejection rate of 1.45% and a false acceptance rate of 1.89%. This approach can be used to improve the usual login-password authentication when the password is no more a secret. This paper innovates using four features to authenticate users.

Secure time synchronization service for sensor networks

Abstract: In this paper, we analyze attacks on existing time synchronization protocols for wireless sensor networks. We propose a secure time synchronization toolbox to counter these attacks. This toolbox includes protocols for secure pairwise and group synchronization of nodes that lie in each other's power ranges and of nodes that are separated by multiple hops. We provide an in-depth analysis of security and energy overhead of the proposed protocols.

A Computationally Sound Mechanized Prover for Security Protocols.

Abstract: We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Our tool produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of examples of protocols from the literature.

Robust video hashing based on radial projections of key frames

Abstract: Robust signal hashing defines a feature vector that characterizes the signal, independently of "nonsignificant" distortions of its content. When dealing with images, the considered distortions are typically due to compression or small geometrical manipulations. In other words, robustness means that images that are visually indistinguishable should produce equal or similar hash values. To discriminate image contents, a hash function should produce distinct outputs for different images. Our paper first proposes a robust hashing algorithm for still images. It is based on radial projection of the image pixels and is denoted the Radial hASHing (RASH) algorithm. Experimental results provided on the USC-SIPI dataset reveal that the proposed RASH feature vector is more robust and provides much stronger discrimination than a conventional histogram-based feature vector. The RASH vector appears to be a good candidate to build indexing algorithms, copy-detection systems, or content-based authentication mechanisms. To take benefit from the RASH vector capabilities, video content is summarized into key frames, each of them characterizing a video shot and described by its RASH vector. The resulting video hashing system works in real time and supports most distortions due to common spatial and temporal video distortions.

Security enhancement for a dynamic ID-based remote user authentication scheme

Abstract: In a paper recently published in the IEEE transaction on consumer electronics, Das, Saxena, and Gulati proposed a dynamic ID-based remote user authentication scheme using smart cards that allows the users to choose and change their passwords freely, and does not maintain any verifier table. It can protect against ID-theft, replaying, forgery, guessing, insider, and stolen verifier attacks. However, this paper shows that Das, Saxena, and Gulati's scheme has some attacks. Therefore, we propose a slight modification to their scheme to improve their weaknesses. As a result, the improved scheme can enhance the security of Das, Saxena, and Gulati's scheme. In addition, the proposed scheme does not add many computational costs additionally. Compare with their scheme, our scheme is also efficient.

Practical broadcast authentication in sensor networks

Abstract: Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. /spl mu/TESLA and multi-level /spl mu/TESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders. Though multi-level /spl mu/TESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes, or require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using /spl mu/TESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders. The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical, and can achieve better performance than the previous approaches.

Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM

Abstract: This paper presents a novel framework for generic construction of hybrid encryption schemes secure against chosen ciphertext attack. Our new framework yields new and more efficient CCA-secure schemes, and provides insightful explanations about existing schemes that do not fit into the previous frameworks. This could result in finding future improvements. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a hybrid one without considerable overhead, which is not possible in the previous approaches. Finally we present an improved security proof of the Kurosawa-Desmedt scheme, which removes the original need for information-theoretic key derivation and message authentication functions. We show that the scheme can be instantiated with any computationally secure such functions, thus extending the applicability of their paradigm, and improving its efficiency.

A remote authentication scheme preserving user anonymity

Abstract: Many smart card-based remote authentication schemes have been proposed, due to its convenience and secure computation of the smart card. However, these schemes didn't protect the users' identities while authenticating the users, even though user anonymity is an important issue in many e-commerce applications. In 2004, Das et al. proposed a remote authentication scheme to authenticate users while preserving the users' anonymity. Their scheme adopted dynamic identification to achieve this function. This article points out Das et al.'s scheme fails to protect the user's anonymity, and propose a new scheme to conquer the weakness.

Defending against Sybil attacks in sensor networks

Abstract: Sybil attack is a harmful threat to sensor networks, in which a malicious node illegally forges an unbounded number of identities to defeat redundancy mechanisms. Digital certificates are a way to prove identities. However, they are not viable in sensor networks. In this paper, we propose a light-weight identity certificate method to defeat Sybil attacks. Our proposed method uses one-way key chains and Merkle hash trees. The method thereby avoids the need for public key cryptography. In addition, the method provides a means for authentication of all data messages. A variant of this method is presented that has lower computational requirements under certain conditions. The security of each method is analyzed, and is as good or better than previously-proposed approaches, with fewer assumptions. The overhead (computation, storage, and messages) is also shown to be acceptable for use in sensor networks.

Method and apparatus for managing secure collaborative transactions

Abstract: Different levels of security are provided in a security system so that users can decide the security level of their own communications. Users can choose a low level of security and maintain the security overhead as low as possible. Alternatively, they can choose higher levels of security with attendant increases in security overhead. The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data. Two keys are used to avoid re-encrypting the encrypted data for each member of the telespace. In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace. For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace. In another embodiment, subgroups called “tribes” can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides.

Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem

Abstract: This paper presents simple (SEMA) and differential (DEMA) electromagnetic analysis attacks on an FPGA implementation of an elliptic curve processor Elliptic curve cryptography is a public key cryptosystem that is becoming increasingly popular Implementations of cryptographic algorithms should not only be fast, compact and power efficient, but they should also resist side channel attacks One of the side channels is the electromagnetic radiation out of an integrated circuit Hence it is very important to assess the vulnerability of implementations of cryptosystems against these attacks A SEMA attack on an unprotected implementation can find all the key bits with only one measurement We also describe a DEMA attack on an improved implementation and demonstrate that a correlation analysis requires 1000 measurements to find the key bits

Security and privacy in ad-hoc and sensor networks : Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005 : revised selected papers

Abstract: Efficient Verifiable Ring Encryption for Ad Hoc Groups.- SKiMPy: A Simple Key Management Protocol for MANETs in Emergency and Rescue Operations.- Remote Software-Based Attestation for Wireless Sensors.- Spontaneous Cooperation in Multi-domain Sensor Networks.- Authenticated Queries in Sensor Networks.- Improving Sensor Network Security with Information Quality.- One-Time Sensors: A Novel Concept to Mitigate Node-Capture Attacks.- Randomized Grid Based Scheme for Wireless Sensor Network.- Influence of Falsified Position Data on Geographic Ad-Hoc Routing.- Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks.- Statistical Wormhole Detection in Sensor Networks.- RFID System with Fairness Within the Framework of Security and Privacy.- Scalable and Flexible Privacy Protection Scheme for RFID Systems.- RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks.- Location Privacy in Bluetooth.- An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices.- Side Channel Attacks on Message Authentication Codes.

Implementation of the SHA-2 Hash Family Standard Using FPGAs

Abstract: The continued growth of both wired and wireless communications has triggered the revolution for the generation of new cryptographic algorithms. SHA-2 hash family is a new standard in the widely used hash functions category. An architecture and the VLSI implementation of this standard are proposed in this work. The proposed architecture supports a multi-mode operation in the sense that it performs all the three hash functions (256, 384 and 512) of the SHA-2 standard. The proposed system is compared with the implementation of each hash function in a separate FPGA device. Comparing with previous designs, the introduced system can work in higher operation frequency and needs less silicon area resources. The achieved performance in the term of throughput of the proposed system/architecture is much higher (in a range from 277 to 417%) than the other hardware implementations. The introduced architecture also performs much better than the implementations of the existing standard SHA-1, and also offers a higher security level strength. The proposed system could be used for the implementation of integrity units, and in many other sensitive cryptographic applications, such as, digital signatures, message authentication codes and random number generators.

Evaluation of security mechanisms in wireless sensor networks

Abstract: Ad hoc and wireless sensor networks have recently emerged as successful technologies in a number of application domains. The need to build security services into them remains however a considerable challenge as the hardware used often shows serious processing and energy limitations. This work evaluates the impact of a number of security mechanism on sensor nodes and the network as a whole. Hence a number of actual measurements were undertaken in a real sensor platform in order to accurately establish energy consumption for various encryption algorithms; as well the baseline scenario obtained when none of these is used. Measurements have shown that integrity code length added to application messages using some cryptography algorithms and MAC (message authentication code) is acceptable for a sensor node with 128 kB of ROM memory and 4 kB of RAM (MICA2). We also were able to check that power consumption of the encryption process does not in itself cause representative impact, since it is in the micro-joules range.

Identity-based ring signcryption schemes: cryptographic primitives for preserving privacy and authenticity in the ubiquitous world

Abstract: In this paper, we present a new concept called an identity based ring signcryption scheme (IDRSC,). We argue that this is an important cryptographic primitive that must be used to protect privacy and authenticity of a collection of users who are connected through an ad-hoc network, such as Bluetooth. We also present an efficient IDRSC scheme based on bilinear pairing. As a regular signcryption scheme, our scheme combines the functionality of signature and encryption schemes. However, the idea is to have an identity based system. In our scheme, a user can anonymously sign-crypts a message on behalf of the group. We show that our scheme outperforms a traditional identity based scheme, that is obtained by a standard sign-then-encrypt mechanism, in terms of the length of the ciphertext. We also provide a formal proof of our scheme with the chosen cipher-text security under the decisional bilinear Diffie-Hellman assumption, which is believed to be intractable.

The second-preimage attack on MD4

Abstract: In Eurocrypt’05, Wang et al. presented new techniques to find collisions of Hash function MD4. The techniques are not only efficient to search for collisions, but also applicable to explore the second- preimage of MD4. About the second-preimage attack, they showed that a random message was a weak message with probability 2−122 and it only needed a one-time MD4 computation to find the second-preimage corresponding to the weak message. A weak message means that there exits a more efficient attack than the brute force attack to find its second-preimage. In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. For any random message, it is a weak message with probability 2−56, and it can be converted into a weak message by message modification techniques with about 227 MD4 computations. Furthermore, the original message is close to the resulting message (weak message), i.e, the Hamming weight of the difference for two messages is about 44.

One-pass GPRS and IMS authentication procedure for UMTS

Abstract: Universal Mobile Telecommunications System (UMTS) supports Internet protocol (IP) multimedia services through IP multimedia core network subsystem (IMS). Since the IMS information is delivered through the general packet radio service (GPRS) transport network, a UMTS mobile station (MS) must activate GPRS packet data protocol (PDP) context before it can register to the IMS network. In the Third-Generation Partnership Project (3GPP) specifications, authentication is performed at both the GPRS and the IMS networks before an MS can access the IMS services. We observe that many steps in this 3GPP "two-pass" authentication procedure are identical. Based on our observation, this paper proposes an one-pass authentication procedure that only needs to perform GPRS authentication. At the IMS level, authentication is implicitly performed in IMS registration. Our approach may save up to 50% of the IMS registration/authentication traffic, as compared with the 3GPP two-pass procedure. We formally prove that the one-pass procedure correctly authenticate the IMS users.

SENSS: security enhancement to symmetric shared memory multiprocessors

Abstract: With the increasing concern of the security on high performance multiprocessor enterprise servers, more and more effort is being invested into defending against various kinds of attacks. This paper proposes a security enhancement model called SENSS, that allows programs to run securely on a symmetric shared memory multiprocessor (SMP) environment. In SENSS, a program, including both code and data, is stored in the shared memory in encrypted form but is decrypted once it is fetched into any of the processors. In contrast to the traditional uniprocessor XOM model (Lie et al., 2000), the main challenge in developing SENSS lies in the necessity for guarding the clear text communication between processors in a multiprocessor environment. In this paper we propose an inexpensive solution that can effectively protect the shared bus communication. The proposed schemes include both encryption and authentication for bus transactions. We develop a scheme that utilizes the cipher block chaining mode of the advanced encryption standard (CBC-AES) to achieve ultra low latency for the shared bus encryption and decryption. In addition, CBC-AES can generate integrity checking code for the bus communication over time, achieving bus authentication. Further, we develop techniques to ensure the cryptographic computation throughput meets the high bandwidth of gigabyte buses. We performed full system simulation using Simics to measure the overhead of the security features on a SMP system with a snooping write invalidate cache coherence protocol. Overall, only a slight performance degradation of 2.03% on average was observed when the security is provided at the highest level.

Anatomy and Performance of SSL Processing

Abstract: A wide spectrum of e-commerce (B2B/B2C), banking, financial trading and other business applications require the exchange of data to be highly secure. The Secure Sockets Layer (SSL) protocol provides the essential ingredients of secure communications - privacy, integrity and authentication. Though it is well-understood that security always comes at the cost of performance, these costs depend on the cryptographic algorithms. In this paper, we present a detailed description of the anatomy of a secure session. We analyze the time spent on the various cryptographic operations (symmetric, asymmetric and hashing) during the session negotiation and data transfer. We then analyze the most frequently used cryptographic algorithms (RSA, AES, DES, 3DES, RC4, MD5 and SHA-1). We determine the key components of these algorithms (setting up key schedules, encryption rounds, substitutions, permutations, etc) and determine where most of the time is spent. We also provide an architectural analysis of these algorithms, show the frequently executed instructions and discuss the ISA/hardware support that may be beneficial to improving SSL performance. We believe that the performance data presented in this paper is useful to performance analysts and processor architects to help accelerate SSL performance in future processors

Accelerated throughput synchronized word stream cipher, message authenticator and zero-knowledge output random number generator

Abstract: Systems and methods are disclosed, especially designed for very compact hardware implementations, to generate random number strings with a high level of entropy at maximum speed. For immediate deployment of software implementations, certain permutations have been introduced to maintain the same level of unpredictability which is more amenable to hi-level software programming, with a small time loss on hardware execution; typically when hardware devices communicate with software implementations. Particular attention has been paid to maintain maximum correlation immunity, and to maximize non-linearity of the output sequence. Good stream ciphers are based on random generators which have a large number of secured internal binary variables, which lead to the page synchronized stream ciphering. The method for parsed page synchronization which is presented is especially valuable for Internet applications, where occasionally frame sequences are often mixed. The large number of internal variables with fast diffusion of individual bits wherein the masked message is fed back into the machine variables is potentially ideal for message authentication procedures.

Secure loading and storing of data in a data processing device

Abstract: Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

Energy scalable universal hashing

Abstract: Message authentication codes (MACs) are valuable tools for ensuring the integrity of messages. MACs may be built around a universal hash function (NH) which was explored in the construction of UMAC. In this paper, we use a variation on NH called WH. WH reaches optimally in the sense that it is universal with half the hash length of NH and it achieves perfect serialization in hardware implementation. We achieved substantial power savings of up to 59 percent and a speedup of up to 7.4 times over NH. Moreover, we show how the technique of multihashing and the Toeplitz approach can be combined to reduce the power and energy consumption even further while maintaining the same security level with a very slight increase in the amount of the key material. At low frequencies, the power and energy reductions are achieved simultaneously while keeping the hashing time constant. We developed formulae for estimation of the leakage and dynamic power consumptions as well as the energy consumption based on the frequency and the Toeplitz parameter t. We introduce a powerful method for scaling WH according to specific energy and power consumption requirements. Our implementation of WH-16 consumes only 2.95 /spl mu/W at 500 kHz. It can therefore be integrated into a self-powered device.

Methods and apparatus managing secure collaborative transactions

Abstract: Different levels of security are provided in a security system so that users can decide the security level of their own communications Users can choose a low level of security and maintain the security overhead as low as possible Alternatively, they can choose higher levels of security with attendant increases in security overhead The different levels of security are created by the use of one or more of two keys: an encryption key is used to encrypt plaintext data in a delta and a message authentication key is used to authenticate and insure integrity of the data Two keys are used to avoid re-encrypting the encrypted data for each member of the telespace In one embodiment, the security level is determined when a telespace is created and remains fixed through out the life of the telespace For a telespace, the security level may range from no security at all to security between the members of the telespace and outsiders to security between pairs of members of the telespace In another embodiment, subgroups called “tribes” can be formed within a telespace and each tribe adopts the security level of the telespace in which it resides METHOD AND APPARATUS FOR MANAGING SECURE COLLABORATIVE TRANSACTIONS

An encapsulated authentication logic for reasoning about key distribution protocols

Abstract: Authentication and secrecy properties are proved by very different methods: the former by local reasoning, leading to matching knowledge of all principals about the order of their actions, the latter by global reasoning towards the impossibility of knowledge of some data. Hence, proofs conceptually decompose in two parts, each encapsulating the other as an assumption. From this observation, we develop a simple logic of authentication that encapsulates secrecy requirements as assumptions. We apply it within the derivational framework to derive a large class of key distribution protocols based on the authentication properties of their components.

A lightweight mutual authentication protocol for RFID networks

Abstract: Radio frequency identification (RFID) technology is expected to become an important and ubiquitous infrastructure technology of supply chain processes and customer service. The low-cost tag, or so-called passive tag, will be likely the factor for widespread adoption of the technology. It must be noticed that the deployment of such tags may create new threats to user privacy due to the powerful tracking capability of the tags. As a result, some sort of security issues must be imposed on the passive tags for addressing the privacy problem. However, providing security in such tags is a challenging task because they are highly resource constrained and cannot support strong cryptography. This paper provides both discussion on the requirements and restrictions of security implementation of a RFID system. It also examines the features and issues pertinent to several existing RFID security solution. Finally, this paper suggests the use of our proposed lightweight security protocol based on Ohkubo's scheme, which protects user privacy using a hash chain mechanism and also provides an analysis of the protocol

Signal authentication and integrity schemes for next generation global navigation satellite systems

Abstract: This paper describes a number of techniques for GNSS navigation message authentication A detailed analysis of the security facilitated by navigation message authentication is given The analysis takes into consideration the risk of critical applications that rely on GPS including transportation, finance and telecommunication networks We propose a number of cryptographic authentication schemes for navigation data authentication These authentication schemes provide authenticity and integrity of the navigation data to the receiver Through software simulation, the performance of the schemes is quantified The use of software simulation enables the collection of authentication performance data of different data channels, and the impact of various schemes on the infrastructure and receiver Navigation message authentication schemes have been simulated at the proposed data rates of Galileo and GPS services, for which the resulting performance data is presented This paper concludes by making recommendations for optimal implementation of navigation message authentication for Galileo and next generation GPS systems