Showing papers on "Message authentication code published in 2010"

Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey

Abstract: This paper provides a comprehensive review of the domain of physical layer security in multiuser wireless networks. The essential premise of physical-layer security is to enable the exchange of confidential messages over a wireless medium in the presence of unauthorized eavesdroppers without relying on higher-layer encryption. This can be achieved primarily in two ways: without the need for a secret key by intelligently designing transmit coding strategies, or by exploiting the wireless communication medium to develop secret keys over public channels. The survey begins with an overview of the foundations dating back to the pioneering work of Shannon and Wyner on information-theoretic security. We then describe the evolution of secure transmission strategies from point-to-point channels to multiple-antenna systems, followed by generalizations to multiuser broadcast, multiple-access, interference, and relay networks. Secret-key generation and establishment protocols based on physical layer mechanisms are subsequently covered. Approaches for secrecy based on channel coding design are then examined, along with a description of inter-disciplinary approaches based on game theory and stochastic geometry. The associated problem of physical-layer message authentication is also introduced briefly. The survey concludes with observations on potential research directions in this area.

A Scalable Robust Authentication Protocol for Secure Vehicular Communications

Abstract: Existing authentication protocols to secure vehicular ad hoc networks (VANETs) raise challenges such as certificate distribution and revocation, avoidance of computation and communication bottlenecks, and reduction of the strong reliance on tamper-proof devices. This paper efficiently copes with these challenges with a decentralized group-authentication protocol in the sense that the group is maintained by each roadside unit (RSU) rather than by a centralized authority, as in most existing protocols that are employing group signatures. In our proposal, we employ each RSU to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighboring groups). Later, if the message is found to be false, a third party can be invoked to disclose the identity of the message originator. Our protocol efficiently exploits the specific features of vehicular mobility, physical road limitations, and properly distributed RSUs. Our design leads to a robust VANET since, if some RSUs occasionally collapse, only the vehicles that are driving in those collapsed areas will be affected. Due to the numerous RSUs sharing the load to maintain the system, performance does not significantly degrade when more vehicles join the VANET; hence, the system is scalable.

HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

Abstract: This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.

Intrusion Detection for Grid and Cloud Computing

Abstract: Providing security in a distributed system requires more than user authentication with passwords or digital certificates and confidentiality in data transmission. The Grid and Cloud Computing Intrusion Detection System integrates knowledge and behavior analysis to detect intrusions.

Balanced Trustworthiness, Safety, and Privacy in Vehicle-to-Vehicle Communications

Abstract: Vehicular ad hoc networks (VANETs) are being designed to improve traffic safety and efficiency. To meet this goal, the messages disseminated in VANETs must be trustworthy. We propose a privacy-preserving system that guarantees message trustworthiness in vehicle-to-vehicle (V2V) communications. Vehicle privacy is provided as long as a vehicle does not attempt to endorse the same message more than once. In spite of a message having been validly endorsed, if it is later found to be false, the system offers the possibility of a posteriori tracing the message generator and its endorsers. Our proposal demonstrates a number of distinctive features. The system is equipped with both a priori and a posteriori countermeasures. The threshold used for a priori endorsement can adaptively change according to the message urgency and traffic context, rather than being preset in the system design stage as in existing schemes. The verification of authenticated V2V messages is accelerated by batch message-processing techniques. Simulation results illustrate that the system maintains its performance under various traffic conditions.

Attacks on physical-layer identification

Abstract: Physical-layer identification of wireless devices, commonly referred to as Radio Frequency (RF) fingerprinting, is the process of identifying a device based on transmission imperfections exhibited by its radio transceiver. It can be used to improve access control in wireless networks, revent device cloning and complement message authentication protocols. This paper studies the feasibility of performing impersonation attacks on the modulation-based and transient-based fingerprinting techniques. Both techniques are vulnerable to impersonation attacks; however, transient-based techniques are more difficult to reproduce due to the effects of the wireless channel and antenna in their recording process. We assess the feasibility of performing impersonation attacks by extensive measurements as well as simulations using collected data from wireless devices. We discuss the implications of our findings and how they affect current device identification techniques and related applications.

System and method for processing encoded messages for exchange with a mobile data communication device

Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.

Authenticated Group Key Transfer Protocol Based on Secret Sharing

Abstract: Key transfer protocols rely on a mutually trusted key generation center (KGC) to select session keys and transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. In this paper, we propose an authenticated key transfer protocol based on secret sharing scheme that KGC can broadcast group key information to all group members at once and only authorized group members can recover the group key; but unauthorized users cannot recover the group key. The confidentiality of this transformation is information theoretically secure. We also provide authentication for transporting this group key. Goals and security threats of our proposed group key transfer protocol will be analyzed in detail.

Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards

Abstract: By exploiting a smart card, this paper presents a robust and efficient password-authenticated key agreement scheme. This paper strengthens the security of the scheme by addressing untraceability property such that any third party over the communication channel cannot tell whether or not he has seen the same (unknown) smart card twice through the authentication sessions. The proposed remedy also prevents a kind of denial of service attack found in the original scheme. High performance and other good functionalities are preserved.

Anonymous Multireceiver Identity-Based Encryption

Abstract: Recently, many multireceiver identity-based encryption schemes have been proposed in the literature. However, none can protect the privacy of message receivers among these schemes. In this paper, we present an anonymous multireceiver identity-based encryption scheme where we adopt Lagrange interpolating polynomial mechanisms to cope with the above problem. Our scheme makes it impossible for an attacker or any other message receiver to derive the identity of a message receiver such that the privacy of every receiver can be guaranteed. Furthermore, the proposed scheme is quite receiver efficient since each of the receivers merely needs to perform twice of pairing computation to decrypt the received ciphertext. We prove that our scheme is secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks. Finally, we also formally show that every receiver in the proposed scheme is anonymous to any other receiver.

RIPPLE Authentication for Network Coding

Abstract: By allowing routers to randomly mix the information content in packets before forwarding them, network coding can maximize network throughput in a distributed manner with low complexity. However, such mixing also renders the transmission vulnerable to {\em pollution attacks}, where a malicious node injects corrupted packets into the information flow. In a worst case scenario, a single corrupted packet can end up corrupting {\it all} the information reaching a destination. In this paper, we propose RIPPLE, a symmetric key based in-network scheme for network coding authentication. RIPPLE allows a node to efficiently detect corrupted packets and encode only the authenticated ones. Despite using symmetric key based homomorphic Message Authentication Code (MAC) algorithms, RIPPLE achieves asymmetry by delayed disclosure of the MAC keys. Our work is the first symmetric key based solution to allow arbitrary collusion among adversaries. It is also the first to consider {\em tag pollution attacks}, where a single corrupted MAC tag can cause numerous packets to fail authentication farther down the stream, effectively emulating a successful pollution attack.

Performance evaluation of DWT based image steganography

Abstract: Steganography plays an important role in the field of information hiding. It is used in wide variety of applications such as internet security, authentication, copyright protection and information assurance etc. In Discrete Wavelet Transform (DWT) based steganography approaches the wavelet coefficients of the cover image are modified to embed the secret message. DWT based algorithm for image data hiding has been proposed in the recent past that embeds the secret message in CH band of cover image. This paper intends to observe the effect of embedding the secret message in different bands such as CH, CV and CD on the performance of stegano image in terms of Peak Signal to Noise Ratio (PSNR). Experimentation has been done using six different attacks. Experimental results reveal that the error block replacement with diagonal detail coefficients (CD) gives better PSNR than doing so with other coefficients.

Visual cryptographic steganography in images

Abstract: In today's information age, information sharing and transfer has increased exponentially. The threat of an intruder accessing secret information has been an ever existing concern for the data communication experts. Cryptography and steganography are the most widely used techniques to overcome this threat. Cryptography involves converting a message text into an unreadable cipher. On the other hand, steganography embeds message into a cover media and hides its existence. Both these techniques provide some security of data neither of them alone is secure enough for sharing information over an unsecure communication channel and are vulnerable to intruder attacks. Although these techniques are often combined together to achieve higher levels of security but still there is a need of a highly secure system to transfer information over any communication media minimizing the threat of intrusion. In this paper we propose an advanced system of encrypting data that combines the features of cryptography, steganography along with multimedia data hiding. This system will be more secure than any other these techniques alone and also as compared to steganography and cryptography combined systems Visual steganography is one of the most secure forms of steganography available today. It is most commonly implemented in image files. However embedding data into image changes its color frequencies in a predictable way. To overcome this predictability, we propose the concept of multiple cryptography where the data will be encrypted into a cipher and the cipher will be hidden into a multimedia image file in encrypted format. We shall use traditional cryptographic techniques to achieve data encryption and visual steganography algorithms will be used to hide the encrypted data.

Threshold attribute-based signcryption

Abstract: In this paper, we propose a new threshold attribute-based signcryption scheme secure in the standard model. The scheme provides message confidentiality, and authenticity of a message in addition to attesting the attributes of the sender. Such a property is useful in applications such as electronic card, digital prescription carrier devices, secure and authentic email service, etc. Our scheme relies on the intractability of the hashed modified decisional Diffie-Hellman and modified computational Diffie-Hellman assumptions, and is proven secure under adaptive chosen ciphertext attack and chosen message attack security notions of signcryption. Further, we achieve a tight reduction for both the security notions in the standard model.

Distributed Combined Authentication and Intrusion Detection With Data Fusion in High-Security Mobile Ad Hoc Networks

Abstract: Multimodal biometric technology provides potential solutions for continuous user-to-device authentication in high-security mobile ad hoc networks (MANETs). This paper studies distributed combined authentication and intrusion detection with data fusion in such MANETs. Multimodal biometrics are deployed to work with intrusion detection systems (IDSs) to alleviate the shortcomings of unimodal biometric systems. Since each device in the network has measurement and estimation limitations, more than one device needs to be chosen, and observations can be fused to increase observation accuracy using Dempster-Shafer theory for data fusion. The system decides whether user authentication (or IDS input) is required and which biosensors (or IDSs) should be chosen, depending on the security posture. The decisions are made in a fully distributed manner by each authentication device and IDS. Simulation results are presented to show the effectiveness of the proposed scheme.

Authenticated communication between security devices

Abstract: Apparatuses, computer readable media, and methods establishing and maintaining trust between security devices for distributing media content are provided. Two security devices bind to establish an initial trust so that security information can be exchanged. Subsequently, trust is refreshed to verify the source of a message is valid. In an embodiment, the security devices may comprise a security processor and a system on a chip (SoC) in a downloadable conditional access system. Trust may be refreshed by a security device inserting authentication information in a message to another security device, where authentication information may assume different forms, including a digital signature (asymmetric key) or a hash message authentication code (HMAC). Trust may also be refreshed by extracting header information from the message, determining state information from at least one parameter contained in the header information, and acting on message content only when the state information is valid.

Online banking authentication system using mobile-OTP with QR-code

Abstract: As a high-speed internet infrastructure is being developed and people are informationized, the financial tasks are also engaged in internet field. However, the existing internet banking system was exposed to the danger of hacking. Recently, the personal information has been leaked by a high-degree method such as Phishing or Pharming beyond snatching a user's ID and Password. Seeing that most of examples which happened in the domestic financial agencies were caused by the appropriation of ID or Password belonging to others, a safe user confirmation system gets much more essential. In this paper, we propose a new Online Banking Authentication system. This authentication system used Mobile OTP with the combination of QR-code which is a variant of the 2D barcode.

On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption

Abstract: A communication channel from an honest sender A to an honest receiver B can be described as a system with three interfaces labeled A, B, and E (the adversary), respectively, where the security properties of the channel are characterized by the capabilities provided at the E-interface.A security mechanism, such as encryption or a message authentication code (MAC), can be seen as the transformation of a certain type of channel into a stronger type of channel, where the term "transformation" refers to a natural simulation-based definition. For example, the main purpose of a MAC can be regarded as transforming an insecure into an authenticated channel, and encryption then corresponds to transforming an authenticated into a fully secure channel; this is the well-known Encrypt-then-Authenticate (EtA) paradigm.In the dual paradigm, Authenticate-then-Encrypt (AtE), encryption first transforms an insecure into a confidential channel, and a MAC transforms this into a secure channel. As pointed out by Bellare and Namprempre, and Krawczyk, there are encryption schemes for which AtE does not achieve the expected guarantees.We highlight two reasons for investigating nevertheless AtE as a general paradigm: First, this calls for a definition of confidentiality; what separates a confidential from a secure channel is its (potential) malleability. We propose the first systematic analysis of malleability for symmetric encryption, which, in particular, allows us to state a generic condition on encryption schemes to be sufficient for AtE. Second, AtE is used in practice, for example in TLS. We show that the schemes used in TLS (stream ciphers and CBC encryption) satisfy the condition. This is consistent with Krawczyk's results on similar instantiations of AtE in game-based models.

Secure and Efficient Broadcast Authentication in Wireless Sensor Networks

Abstract: Authenticated broadcast, enabling a base station to send commands and requests to low-powered sensor nodes in an authentic manner, is one of the core challenges for securing wireless sensor networks. μTESLA and its multilevel variants based on delayed exposure of one-way chains are well known valuable broadcast authentication schemes, but concerns still remain for their practical application. To use these schemes on resource-limited sensor nodes, a 64-bit key chain is desirable for efficiency, but care must be taken. We will first show, by both theoretical analysis and rigorous experiments on real sensor nodes, that if μTESLA is implemented in a raw form with 64-bit key chains, some of the future keys can be discovered through time-memory-data-tradeoff techniques. We will then present an extendable broadcast authentication scheme called X-TESLA, as a new member of the TESLA family, to remedy the fact that previous schemes do not consider problems arising from sleep modes, network failures, idle sessions, as well as the time-memory-data tradeoff risk, and to reduce their high cost of countering DoS attacks. In X-TESLA, two levels of chains that have distinct intervals and cross-authenticate each other are used. This allows the short key chains to continue indefinitely and makes new interesting strategies and management methods possible, significantly reducing unnecessary computation and buffer occupation, and leads to efficient solutions to the raised problems.

Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communication

Abstract: This paper introduces an efficient and spontaneous privacy-preserving protocol for vehicular ad-hoc networks based on revocable ring signature. The proposed protocol has three appealing characteristics: First, it offers conditional privacy-preservation: while a receiver can verify that a message issuer is an authorized participant in the system only a trusted authority can reveal the true identity of a message sender. Second, it is spontaneous: safety messages can be authenticated locally, without support from the roadside units or contacting other vehicles. Third, it is efficient: it offers fast message authentication and verification, cost-effective identity tracking in case of a dispute, and has low storage requirements. We use extensive analysis to demonstrate the merits of the proposed protocol and to compare it with previously proposed solutions.

An ECDSA Processor for RFID Authentication

Abstract: In the last few years, a lot of research has been made to bring asymmetric cryptography on low-cost RFID tags. Many of the proposed implementations include elliptic-curve based coprocessors to provide entity-authentication services through for example identification schemes. This paper presents first results of an 192-bit Elliptic Curve Digital Signature Algorithm (ECDSA) processor that allows both entity and also message authentication by digitally signing challenges from a reader. The proposed architecture enhances the state-of-the-art in designing a low-resource ECDSA-enabled RFID hardware implementation. A tiny microcontroller is integrated to provide protocol scalability and re-use of common algorithms. The proposed processor signs a message within 859 188 clock cycles (127,ms at 6.78,MHz) and has a total chip size of 19 115 gate equivalents.

Integrity Regions: Authentication through Presence in Wireless Networks

Abstract: Despite years of intensive research, the main deterrents of widely deploying secure communication between wireless nodes remains the cumbersome key setup process. In this paper, we address this problem and we introduce Integrity (I) regions, a novel security primitive that enables message authentication in wireless networks without the use of preestablished or precertified keys. Integrity regions are based on the verification of entity proximity through time-of-arrival ranging techniques. IRegions can be efficiently implemented with ultrasonic ranging, in spite of the fact that ultrasound ranging techniques are vulnerable to distance enlargement and reduction attacks. We further show how IRegions can be used for key establishment in mobile peer-to-peer wireless networks and we propose a novel automatic key establishment approach, largely transparent to users, by leveraging on IRegions and nodes' mobility. We analyze our proposals against a multitude of security threats and we validate our findings via extensive simulations.

History-free aggregate message authentication codes

Abstract: Aggregate message authentication codes, as introduced by Katz and Lindell (CT-RSA 2008), combine several MACs into a single value, which has roughly the same size as an ordinary MAC. These schemes reduce the communication overhead significantly and are therefore a promising approach to achieve authenticated communication in mobile ad-hoc networks, where communication is prohibitively expensive. Here we revisit the unforgeability notion for aggregate MACs and discuss that the definition does not prevent "mix-and-match" attacks in which the adversary turns several aggregates into a "fresh" combination, i.e., into a valid aggregate on a sequence of messages which the attacker has not requested before. In particular, we show concrete attacks on the previous scheme. To capture the broader class of combination attacks, we provide a stronger security notion of aggregation unforgeability. While we can provide stateful transformations lifting (non-ordered) schemes to meet our stronger security notion, for the statefree case we switch to the new notion of history-free sequential aggregation. This notion is somewhat between non-ordered and sequential schemes and basically says that the aggregation algorithm is carried out in a sequential order but must not depend on the preceding messages in the sequence, but only on the shorter input aggregate and the local message. We finally show that we can build an aggregation-unforgeable, history-free sequential MAC scheme based on general assumptions.

An Opportunistic Batch Bundle Authentication Scheme for Energy Constrained DTNs

Abstract: Bundle Authentication is a critical security service in Delay Tolerant Networks (DTNs) that ensures authenticity and integrity of bundles during multi-hop transmissions. Public key signatures, which have been suggested in existing bundle security protocol specification, achieve bundle authentication at the cost of an increased computational, transmission overhead and a higher energy consumption, which is not desirable for energy-constrained DTNs. On the other hand, the unique ``store-carry-and-forward'' transmission characteristic of DTNs implies that bundles from distinct/common senders can be buffered opportunistically at some common intermediate nodes. This ``buffering'' characteristic distinguishes DTN from any other traditional wireless networks, for which an intermediate cache is not supported. To exploit such a buffering characteristic, in this paper, we propose an Opportunistic Batch Bundle Authentication Scheme (OBBA) to achieve efficient bundle authentication. The proposed scheme adopts batch verification techniques, allowing a computational overhead to be bounded by the number of opportunistic contacts instead of the number of messages. Furthermore, we introduce a novel concept of a fragment authentication tree to minimize communication cost by choosing an optimal tree height. Finally, we implement OBBA in a specific DTN scenario setting: pocket-switched networks on campus. The simulation results in terms of computation time, transmission overhead and power consumption are given to demonstrate the efficiency and effectiveness of the proposed schemes.

PHY-Authentication Protocol for Spoofing Detection in Wireless Networks

Abstract: We propose a PHY-authentication protocol to detect spoofing attacks in wireless networks, exploiting the rapid-decorrelation property of radio channels with distance. In this protocol, a PHY-authentication scheme that exploits channel estimations that already exist in most wireless systems, cooperates with any existing---either simple or advanced---higher-layer process, such as IEEE 802.11i. With little additional system overhead, our scheme reduces the workload of the higher-layer process, or provides some degree of spoofing protection for ``naked" wireless systems, such as some sensor networks. We describe the performance of our approach as a function of the spoofing pattern and the snapshot performance that can be easily measured through field tests. We discuss the implementation issues of the authentication protocol on 802.11 testbeds and verify its performance via field tests in a typical office building.

Low cost multicast authentication via validity voting in time-triggered embedded control networks

Abstract: Wired embedded networks must include multicast authentication to prevent masquerade attacks within the network. However, unique constraints for these networks make most existing multicast authentication techniques impractical. Our previous work provides multicast authentication for time-triggered applications on embedded networks by validating truncated message authentication codes across multiple packets. In this work, we improve overall bandwidth efficiency and reduce authentication latency by using unanimous voting on message value and validity amongst a group of nodes. This technique decreases the probability of successful per-packet forgery by using one extra bit per additional voter, regardless of the number of total receivers. This can permit using fewer authentication bits per receiver. We derive an upper bound on the probability of successful forgery and experimentally verify it using simulated attacks. For example, we show that with two authentication bits per receiver, adding four additional bits per message to vote amongst four nodes reduces the probability of per-packet forgery by a factor of more than 100. When integrated with our prior work on time-triggered authentication, this technique reduces the number of authentication message rounds required for this example by a factor of three. Model-checking with AVISPA confirms data integrity and data origin authenticity for this approach.

Authenticating aviation augmentation system broadcasts

Abstract: This paper studies the feasibility and means by which authentication can be overlaid upon the existing SBAS and GBAS designs. It considers how to achieve the authentication that is compatible with the current augmentation system and its users. It also considers how to perform the security necessary to support authentication within the current NAS framework. One important issue is secure key distribution and the paper presents some options designed to be reasonable for aviation infrastructure and operations. One means is a key distribution protocol that utilizes the operation of the aircraft and air traffic to aid in key verification. This provides to distribute keys and provide some ability to validate them without significant additions to the NAS. Another issue is bandwidth. The paper presents ways of modifying protocols such as TESLA to reduce bandwidth use while maintaining an acceptable level of security. The paper uses the current L1 SBAS and GBAS as case studies. The paper presents reasonable method to provide authentication on the current SBAS using about ten percent of bandwidth. The method is compatible to current SBAS user equipment in that they will not be adversely affected. GBAS can employ similar means. As it has greater data bandwidth, a more critical issue for GBAS is key distribution to the ground stations.

Providing Security in 4G Systems: Unveiling the Challenges

Abstract: Several research groups are working on designing new security architectures for 4G networks such as Hokey and Y-Comm. Since designing an efficient security module requires a clear identification of potential threats, this paper attempts to outline the security challenges in 4G networks. A good way to achieve this is by investigating the possibility of extending current security mechanisms to 4G networks. Therefore, this paper uses the X.805 standard to investigate the possibility of implementing the 3G’s Authentication and Key Agreement (AKA) protocol in a 4G communication framework such as YComm. The results show that due to the fact that 4G is an open, heterogeneous and IP-based environment, it will suffer from new security threats as well as inherent ones. In order to address these threats without affecting 4G dynamics, Y-Comm proposes an integrated security module to protect data and security models to target security on different entities and hence protecting not only the data but, also resources, servers and users.