Showing papers on "Message authentication code published in 2009"

Understanding Cryptography: A Textbook For Students And Practitioners

Abstract: Cryptography is now ubiquitous moving beyond the traditional environments, such as government communications and banking systems, we see cryptographic techniques realized in Web browsers, e-mail programs, cell phones, manufacturing systems, embedded software, smart buildings, cars, and even medical implants Today's designers need a comprehensive understanding of applied cryptography After an introduction to cryptography and data security, the authors explain the main techniques in modern cryptography, with chapters addressing stream ciphers, the Data Encryption Standard (DES) and 3DES, the Advanced Encryption Standard (AES), block ciphers, the RSA cryptosystem, public-key cryptosystems based on the discrete logarithm problem, elliptic-curve cryptography (ECC), digital signatures, hash functions, Message Authentication Codes (MACs), and methods for key establishment, including certificates and public-key infrastructure (PKI) Throughout the book, the authors focus on communicating the essentials and keeping the mathematics to a minimum, and they move quickly from explaining the foundations to describing practical implementations, including recent topics such as lightweight ciphers for RFIDs and mobile devices, and current key-length recommendations The authors have considerable experience teaching applied cryptography to engineering and computer science students and to professionals, and they make extensive use of examples, problems, and chapter reviews, while the books website offers slides, projects and links to further resources This is a suitable textbook for graduate and advanced undergraduate courses and also for self-study by engineers

Two-factor user authentication in wireless sensor networks

Abstract: Wireless sensor networks (WSN) are typically deployed in an unattended environment, where the legitimate users can login to the network and access data as and when demanded. Consequently, user authentication is a primary concern in this resource-constrained environment before accessing data from the sensor/gateway nodes. In this letter, we present a two-factor user authentication protocol for WSN, which provides strong authentication, session key establishment, and achieves efficiency.

Proofs of Storage from Homomorphic Identification Protocols

Abstract: Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where `tags' on multiple messages can be homomorphically combined to yield a `tag' on any linear combination of these messages. We provide a framework for building public-key HLAs from any identification protocol satisfying certain homomorphic properties. We then show how to turn any public-key HLA into a publicly-verifiable PoS with communication complexity independent of the file length and supporting an unbounded number of verifications. We illustrate the use of our transformations by applying them to a variant of an identification protocol by Shoup, thus obtaining the first unbounded-use PoS based on factoring (in the random oracle model).

TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs

Abstract: Vehicular Ad Hoc Networks (VANETs) require a mechanism to help authenticate messages, identify valid vehicles, and remove malevolent vehicles. A Public Key Infrastructure (PKI) can provide this functionality using certificates and fixed public keys. However, fixed keys allow an eavesdropper to associate a key with a vehicle and a location, violating drivers' privacy. In this work we propose a VANET key management scheme based on Temporary Anonymous Certified Keys (TACKs). Our scheme efficiently prevents eavesdroppers from linking a vehicle's different keys and provides timely revocation of misbehaving participants while maintaining the same or less overhead for vehicle-to-vehicle communication as the current IEEE 1609.2 standard for VANET security.

Flexible, extensible, and efficient VANET authentication

Abstract: Although much research has been conducted in the area of authentication in wireless networks, vehicular ad-hoc networks (VANETs) pose unique challenges, such as real-time constraints, processing limitations, memory constraints, frequently changing senders, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of the requirements for message and entity authentication in VANETs. After analyzing the requirements for viable VANET message authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET authentication using signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. Elliptic curve digital signature algorithm (ECDSA) signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based denial of service attacks. We analyze the security of our mechanism and simulate VAST in realistic highway conditions under varying network and vehicular traffic scenarios. Simulation results show that VAST outperforms either signatures or TESLA on its own. Even under heavy loads VAST is able to authenticate 100% of the received messages within 107ms. VANETs use certificates to achieve entity authentication (i.e., validate senders). To reduce certificate bandwidth usage, we use Hu et al.'s strategy of broadcasting certificates at fixed intervals, independent of the arrival of new entities. We propose a new certificate verification strategy that prevents denial of service attacks while requiring zero additional sender overhead. Our analysis shows that these solutions introduce a small delay, but still allow drivers in a worst case scenario over 3 seconds to respond to a dangerous situation.

Transient-based identification of wireless sensor nodes

Abstract: Identification of wireless sensor nodes based on the characteristics of their radio transmissions can provide an additional layer of security in all-wireless multi-hop sensor networks. Reliable identification can be means for the detection and/or prevention of wormhole, Sybil and replication attacks, and can complement cryptographic message authentication protocols. In this paper, we investigate the feasibility of transient-based identification of CC2420 wireless sensor nodes. We propose a new technique for transient-based identification and show that it enables reliable and accurate sensor node recognition with an Equal Error Rate as low as 0.0024 (0.24%). We investigate the performance of our technique in terms of parameters such as distance, antenna polarization and voltage and analyze how these parameters affect the recognition accuracy. Finally, we study the feasibility of certain types of impersonation attacks on the proposed technique.

Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics

Abstract: A three-factor authentication scheme combines biometrics with passwords and smart cards to provide high-security remote authentication. Most existing schemes, however, rely on smart cards to verify biometric characteristics. The advantage of this approach is that the user's biometric data is not shared with remote server. But the disadvantage is that the remote server must trust the smart card to perform proper authentication which leads to various vulnerabilities. To achieve truly secure three-factor authentication, a method must keep the user's biometrics secret while still allowing the server to perform its own authentication. Our method achieves this. The proposed scheme fully preserves the privacy of the biometric data of every user, that is, the scheme does not reveal the biometric data to anyone else, including the remote servers. We demonstrate the completeness of the proposed scheme through the GNY (Gong, Needham, and Yahalom) logic. Furthermore, the security of our proposed scheme is proven through Bellare and Rogaway's model. As a further benefit, we point out that our method reduces the computation cost for the smart card.

Vulnerable Cloud: SOAP Message Security Validation Revisited

Abstract: The service-oriented architecture paradigm is influencing modern software systems remarkably and Web Services are a common technology to implement such systems. However, the numerous Web Service standard specifications and especially their ambiguity result in a high complexity which opens the door for security-critical mistakes.This paper aims on raising awareness of this issue while discussing a vulnerability in Amazon’s Elastic Compute Cloud (EC2) services to XML wrapping attacks, which has since been resolved as a result of our findings and disclosure. More importantly, this paper discusses the verification steps required to effectively validate an incoming SOAP request. It reviews the available work in the light of the discovered Amazon EC2 vulnerability and provides a practical guideline for achieving a robust and effective SOAP message security validation mechanism.

Multi-User Broadcast Authentication in Wireless Sensor Networks

Abstract: Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Although symmetric-key-based solutions such as muTESLA and multilevel muTESLA have been proposed, they all suffer from severe energy-depletion attacks resulting from the nature of delayed message authentication. This paper presents several efficient public-key-based schemes to achieve immediate broadcast authentication and thus avoid the security vulnerability that is intrinsic to muTESLA-like schemes. Our schemes are built upon the unique integration of several cryptographic techniques, including the Bloom filter, the partial message-recovery signature scheme, and the Merkle hash tree. We prove the effectiveness and efficiency of the proposed schemes by a comprehensive quantitative analysis of their energy consumption in both computation and communication.

Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

Abstract: Preimage resistance of several hash functions has already been broken by the meet-in-the-middle attacks and they utilize a property that their message schedules consist of only permutations of message words. It is unclear whether this type of attacks is applicable to a hash function whose message schedule does not consist of permutations of message words. This paper proposes new attacks against reduced SHA-0 and SHA-1 hash functions by analyzing a message schedule that does not consist of permutations but linear combinations of message words. The newly developed cryptanalytic techniques enable the meet-in-the-middle attack to be applied to reduced SHA-0 and SHA-1 hash functions. The attacks find preimages of SHA-0 and SHA-1 in 2156.6 and 2159.3 compression function computations up to 52 and 48 steps, respectively, compared to the brute-force attack, which requires 2160 compression function computations. The previous best attacks find preimages up to 49 and 44 steps, respectively.

An Efficient Scheme for Securing XOR Network Coding against Pollution Attacks

Abstract: Network coding is promising to maximize throughput in various networking systems. Compared to normal network coding operated over large finite fields, XOR network coding has gained an increasing number of applications for its simplicity, especially in wireless networks. However, both types of network coding systems are vulnerable to pollution attacks in which the compromised forwarders inject polluted messages into the systems. Existing solutions to pollution attacks can protect only the normal network coding, but none of them is able to secure XOR network coding. In this paper, we propose an efficient scheme for securing XOR network coding against pollution attacks. Our scheme exploits probabilistic key pre-distribution and message authentication codes (MACs). In our scheme, the source appends multiple MACs to each message, where each MAC can authenticate only a part of the message and the parts authenticated by different MACs are overlapped. Thus, multiple forwarders can collaboratively verify different parts of messages using the MACs with their own shared keys. By carefully controlling the overlapping between the parts authenticated by different MACs, our scheme can filter polluted messages in a few hops with a high probability. To the best of our knowledge, this is the first solution to pollution attacks for XOR network coding. Experimental results show that it is 200 to 1000 times faster than existing ones, hence, it is particularly suitable for resource-constrained wireless networks.

Authentication Over Noisy Channels

Abstract: An authentication counterpart of Wyner's study of the wiretap channel is developed in this work. More specifically, message authentication over noisy channels is studied while impersonation and substitution attacks are investigated for both single- and multiple-message scenarios. For each scenario, information-theoretic lower and upper bounds on the opponent's success, or cheating, probability are derived. Remarkably, in both scenarios, the lower and upper bounds are shown to match, and hence, the fundamental limits on message authentication over noisy channels are fully characterized. The opponent's success probability is further shown to be smaller than that derived in the classical noiseless channel model. These results rely on a novel authentication scheme in which shared key information is used to provide simultaneous protection against both types of attacks. Finally, message authentication for the case in which the source and receiver possess only correlated sequences is studied.

Composability and On-Line Deniability of Authentication

Abstract: Protocols for deniable authentication achieve seemingly paradoxical guarantees: upon completion of the protocol the receiver is convinced that the sender authenticated the message, but neither party can convince anyone else that the other party took part in the protocol. We introduce and study on-line deniability , where deniability should hold even when one of the parties colludes with a third party during execution of the protocol. This turns out to generalize several realistic scenarios that are outside the scope of previous models. We show that a protocol achieves our definition of on-line deniability if and only if it realizes the message authentication functionality in the generalized universal composability framework; any protocol satisfying our definition thus automatically inherits strong composability guarantees. Unfortunately, we show that our definition is impossible to realize in the PKI model if adaptive corruptions are allowed (even if secure erasure is assumed). On the other hand, we show feasibility with respect to static corruptions (giving the first separation in terms of feasibility between the static and adaptive setting), and show how to realize a relaxation termed deniability with incriminating abort under adaptive corruptions.

Weaknesses in an anonymous authentication scheme for roaming service in global mobility networks

Abstract: Recently, Chang, Lee, and Chiu proposed an enhanced anonymous authentication scheme which permits mobile users to anonymously enjoy roaming service in global mobile networks. In this letter, we show that their scheme fails to achieve the anonymity by providing four attack strategies. Moreover, we show that anyone can recover a mobile user's session keys by using the identity of the mobile user. Hence, Chang et al.'s scheme cannot provide secure key establishing service since an adversary can recover the identity of a mobile user by performing one of our attacks.

Robust ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC

Abstract: In 2009, Yang and Chang proposed an ID-based remote mutual authentication with key agreement scheme on elliptic curve cryptosystem (ECC). Based upon ID-based concept, Yang and Chang scheme (YC scheme) does not require additional computations for certificate and is not constructed by bilinear-pairings, which is an expensive operation on elliptic curve. In addition, YC scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Therefore, YC scheme is more efficient and practical than the related works. However, we find YC scheme is vulnerable to an impersonation attack and does not provide perfect forwardsecrecy in spite of efforts to perform mutual authentication and session key agreement between the user and the remote server and reduce the computational costs than the related works. Therefore, this paper proposes an improved ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. Compared with YC scheme, the proposed scheme is more secure, efficient, and practical for mobile devices because the proposed scheme not only eliminates the security flaws of YC scheme but also reduces the computational costs between the user and the server.

Identity-Based Anonymous Remote Authentication for Value-Added Services in Mobile Networks

Abstract: Based on identity-based cryptography, this paper proposes a remote authentication protocol featured with client anonymity, nonrepudiation, and improved efficiency for value-added services in a mobile environment. First, an identity-based signature scheme is proposed, and the verification result of the signature is a constant with respect to the signer's identifier. Then, a remote authentication protocol is constructed by combining the proposed signature scheme with a new concept called the client account index, which helps to realize client anonymity with no encryption operations. A formal proof and a theoretical analysis are provided to show the security strength of the proposals. Performance evaluation shows that compared with previous identity-based remote authentication schemes, the new protocol reduces at least 21.7% of the overall running time with stronger security; the reductions in the overall running time and signaling traffic reach 31.9% and 82.0%, respectively, compared with previous Rivest-Shamir-Adleman-based schemes.

Flexible multicast authentication for time-triggered embedded control network applications

Abstract: Security for wired embedded networks is becoming a greater concern as connectivity to the outside world increases. Protocols used in these networks omit support for authenticating messages to prevent masquerade and replay attacks. The unique constraints of embedded control systems make incorporating existing multicast authentication schemes impractical. Our approach provides multicast authentication for time-triggered applications by validating truncated message authentication codes (MACs) across multiple packets. We extend this approach to tolerate occasional invalid MACs, analyze our approach through simulated at-tacks, and give an upper bound on the probability of successful attack. This approach allows a tradeoff among per-packet authentication cost, application le vel latency, tolerance to invalid MACs, and probability of induced failure, while satisfying typical embedded system constraints.

Jamming for good: a fresh approach to authentic communication in WSNs

Abstract: While properties of wireless communications are often considered as a disadvantage from a security perspective, this work demonstrates how multipath propagation, a broadcast medium, and frequency jamming can be used as valuable security primitives. Instead of conventional message authentication by receiving, verifying, and then discarding fake data, sensor nodes are prevented from receiving fake data at all. The erratic nature of signal propagation distributes the jamming activity over the network which hinders an adversary in predicting jamming nodes and avoids selective battery-depletion attacks. By conducting real-world measurements, we justify the feasibility of such a security design and provide details on implementing it within a realistic wireless sensor network.

MAAC: Message Authentication Acceleration Protocol for Vehicular Ad Hoc Networks

Abstract: Vehicular Ad Hoc Networks (VANETs) adopt the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) to reliably secure the network. In any PKI system, the authentication of a received message is performed by checking that the certificate of the sender is not included in the current CRL, and verifying the authenticity of the certificate and signature of the sender. In this paper, we propose a Message Authentication Acceleration (MAAC) protocol for VANETs, which replaces the time-consuming CRL checking process by an efficient revocation check process. The revocation check process uses a keyed Hash Message Authentication Code (HMAC), where the key used in calculating the HMAC is shared only between non-revoked On-Board Units (OBUs). In addition, the MAAC protocol uses a novel probabilistic key distribution, which enables non-revoked OBUs to securely share and update a secret key. By conducting security analysis and performance evaluation, the MAAC protocol is demonstrated to be secure and efficient.

An off-line dictionary attack on a simple three-party key exchange protocol

Abstract: Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.

Message Authentication in Vehicular Ad Hoc Networks: ECDSA Based Approach

Abstract: Vehicular Ad hoc Networks (VANETs) are promising approach for facilitating road safety, traffic management,and infotainment dissemination for drivers and passengers.However, it is subject to various malicious abuses and security attacks which hinder it from practical implementation.Effective and robust solutions for addressing security and privacy issues are critical for the wide-spread adoption of VANETs. In this paper, we propose an Elliptic Curve Digital Signature Algorithm (ECDSA) based message authentication in a VANET. The operation sequence of the proposed scheme is as follows: 1) Source vehicle generates private key and public key. 2) Public key is made available to all the vehicles in the VANET. 3) Source vehicle creates a hash of the message using secured hash algorithm. 4) Secured has his encrypted using private key in the source vehicle ands ends it to the destination vehicle. 5) At the destination vehicle, the received encrypted message is decrypted using the public key. The result of the decryption will be the hash of the message. 6) Destination vehicle can then hash the message in the same way as source vehicle did and compare the two hashes. Using this proposed scheme, strong authentication policy is provided for the destination vehicle.Because hashing is relatively unique, any changes in the message would change the message hash.

ACTION: Breaking the Privacy Barrier for RFID Systems

Abstract: In order to protect privacy, radio frequency identification (RFID) systems employ privacy-preserving authentication (PPA) to allow valid readers to explicitly authenticate their dominated tags without leaking private information. Typically, an RF tag sends an encrypted message to the reader, then the reader searches for the key that can decrypt the cipher to identify the tag. Due to the large-scale deployment of today's RFID systems, the key search scheme for any PPA requires a short response time. Previous designs construct balance-tree based key management structures to accelerate the search speed to 0(logN), where N is the number of tags. Being efficient, such approaches are vulnerable to compromising attacks. By capturing a small number of tags, compromising attackers are able to identify other tags that have not been corrupted. To address this issue, we propose an Anti- Compromising authenticaTION protocol, ACTION, which employs a novel sparse tree architecture, such that the key of every tag is independent from one another. The advantages of this design include: 1) resilience to the compromising attack, 2) reduction of key storage for tags from 0(logN) to 0(1), which is significant for resource critical tag devices, and 3) high search efficiency, which is 0(logN), as good as the best in the previous designs.

Randomizing RFID private authentication

Abstract: Privacy protection is increasingly important during authentications in Radio Frequency Identification (RFID) systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Such designs, being efficient, often fail to achieve forward secrecy and resistance to attacks, such as compromising and desynchronization. Indeed, these attacks may still take effect even after a tag successfully finishes the authentication and key-updating procedure. To address the issue, we propose a lightweight RFID private authentication protocol, RWP, based on the random walk concept. RWP also provides the forward security and temporal resistance to the tracking attack. The analysis results show that RWP effectively enhances the security protection for RFID private authentication, and increases the authentication efficiency from O(logN) to O(1).

SeGCom: Secure Group Communication in VANETs

Abstract: In this paper, we propose a novel scheme to achieve secure, and efficient vehicular communication. In particular, SegCom provides two mechanisms to perform successive authentication of the vehicle with the road-side infrastructure units to expedite authentication for Vehicle-to-Infrastructure (V2I) communication. Furthermore, to enhance the efficiency of Vehicle-to-Vehicle (V2V) communication, SeGCom permits the vehicles to form group, which are also used for performing multi-hop V2V communication without any assistance from a trusted authority. Comparison with other existing schemes in the literature has been performed to show the efficiency and applicability of our scheme.

Cooperative Black Hole Attack Prevention for Mobile Ad Hoc Networks

Abstract: The black hole attack is one of the security attacks that occur in mobile ad hoc networks (MANETs). In this article, the routing security issues and the problem of coordinated attack by multiple black holes acting in group in MANET are addressed in detail. Two authentication mechanisms, based on the hash function, the Message Authentication Code (MAC) and the Pseudo Random Function (PRF), are proposed to provide fast message verification and group identification, identify multiple black holes cooperating with each other and to discover the safe routing avoiding cooperative black hole attack.

SecSens - Security Architecture for Wireless Sensor Networks

Abstract: In recent years, the potential range of applications for sensor networks is expanding. Their use has been considered for safety critical areas such as: hospitals or power plants. The security comes more to the fore. This paper presents SecSens, an architecture that provides basic security components for wireless sensor networks. Since robust and strong security features require powerful nodes, SecSens uses a heterogeneous sensor network. In addition to a large number of simple (cheap) sensor nodes providing the actual sensor tasks, there are a few powerful nodes (cluster nodes) that implement the required security features. The basic component of SecSens offers authenticated broadcasts to allow recipients to authenticate the sender of a message. To protect the sensor network against routing attacks, SecSens includes a probabilistic multi-path routing protocol, which supports the key management and the authenticated broadcasts. SecSens also provides functions to detect forged sensor data by verifying data reports en-route. SecSens is successfully evaluated in a real test environment with two different kinds of sensor boards.

User authentication scheme with privacy-preservation for multi-server environment

Abstract: New user authentication schemes for multiple-servers environment were proposed by Liao-Wang and Tsai. In their schemes, application servers do not need to maintain a verification table and this admired merit is not addressed by previous scholarship. Besides, the privacy of users is also addressed in Liao-Wang's scheme. In this article, we show that their schemes are not secure against the server spoofing and the impersonation attacks. Then we propose a robust user authentication scheme to withstand these attacks and keep the same merits.

Keystroke dynamics authentication for collaborative systems

Abstract: We present in this paper a study on the ability and the benefits of using a keystroke dynamics authentication method for collaborative systems. Authentication is a challenging issue in order to guarantee the security of use of collaborative systems during the access control step. Many solutions exist in the state of the art such as the use of one time passwords or smart-cards We focus in this paper on biometric based solutions that do not necessitate any additional sensor. Keystroke dynamics is an interesting solution as it uses only the keyboard and is invisible for users. Many methods have been published in this field. We make a comparative study of many of them considering the operational constraints of use for collaborative systems.

System and method for an electronic signature for quick and efficient data authentication

Abstract: System and method for generating an electronic signature to authenticate data includes generating a private and a public key using the last value in a hash chain formed from the private key as a starting point, signing a message m, using a distinct set of hash chains using a second secure hash value of the message m and a counter c, selecting a block offset using the hash value of the selected chains, the message m, and the counter c, generating the signature from the selected seals and the counter. The electronic signature validity is verified by synchronizing a verification unit with a source of a signed message, computing expected chains by hashing the signed message m and a counter c with a first hash function, computing a set of expected block offsets by hashing the signed message m, counter c, and computed chains with a second hash function.

Method and system for on-screen authentication using secret visual message

Abstract: A method of authenticating a user includes providing a user key to an authentication authority, providing a transmission message from the authentication authority in response to the user key, providing a secret message using the transmission message, displaying the secret message to the user using a display screen, and providing a user response to the authentication authority in response to the user observing the secret message.