Showing papers on "Message authentication code published in 2011"

A Lightweight Message Authentication Scheme for Smart Grid Communications

Abstract: Smart grid (SG) communication has recently received significant attentions to facilitate intelligent and distributed electric power transmission systems. However, communication trust and security issues still present practical concerns to the deployment of SG. In this paper, to cope with these challenging concerns, we propose a lightweight message authentication scheme features as a basic yet crucial component for secure SG communication framework. Specifically, in the proposed scheme, the smart meters which are distributed at different hierarchical networks of the SG can first achieve mutual authentication and establish the shared session key with Diffie-Hellman exchange protocol. Then, with the shared session key between smart meters and hash-based authentication code technique, the subsequent messages can be authenticated in a lightweight way. Detailed security analysis shows that the proposed scheme can satisfy the desirable security requirements of SG communications. In addition, extensive simulations have also been conducted to demonstrate the effectiveness of the proposed scheme in terms of low latency and few signal message exchanges.

ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks

Abstract: In this paper, we introduce an anonymous batch authenticated and key agreement (ABAKA) scheme to authenticate multiple requests sent from different vehicles and establish different session keys for different vehicles at the same time. In vehicular ad hoc networks (VANETs), the speed of a vehicle is changed from 10 to 40 m/s (36-144 km/h); therefore, the need for efficient authentication is inevitable. Compared with the current key agreement scheme, ABAKA can efficiently authenticate multiple requests by one verification operation and negotiate a session key with each vehicle by one broadcast message. Elliptic curve cryptography is adopted to reduce the verification delay and transmission overhead. The security of ABAKA is based on the elliptic curve discrete logarithm problem, which is an unsolved NP-complete problem. To deal with the invalid request problem, which may cause the batch verification fail, a detection algorithm has been proposed. Moreover, we demonstrate the efficiency merits of ABAKA through performance evaluations in terms of verification delay, transmission overhead, and cost for rebatch verifications, respectively. Simulation results show that both the message delay and message loss rate of ABAKA are less than that of the existing elliptic curve digital signature algorithm (ECDSA)-based scheme.

CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus

Abstract: The Controller-Area Network (CAN) bus protocol [1] is a bus protocol invented in 1986 by Robert Bosch GmbH, originally intended for automotive use. By now, the bus can be found in devices ranging from cars and trucks, over lightning setups to industrial looms. Due to its nature, it is a system very much focused on safety, i.e., reliability. Unfortunately, there is no build-in way to enforce security, such as encryption or authentication. In this paper, we investigate the problems associated with implementing a backward compatible message authentication protocol on the CAN bus. We show which constraints such a protocol has to meet and why this eliminates, to the best of our knowledge, all the authentication protocols published so far. Furthermore, we present a message authentication protocol, CANAuth, that meets all of the requirements set forth and does not violate any constraint of the CAN bus. Keywords—CAN bus, embedded networks, broadcast authentication, symmetric cryptography

Grain-128a: a new version of Grain-128 with optional authentication

Abstract: A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for optional authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations.

A Distributed Key Management Framework with Cooperative Message Authentication in VANETs

Abstract: In this paper, we propose a distributed key management framework based on group signature to provision privacy in vehicular ad hoc networks (VANETs). Distributed key management is expected to facilitate the revocation of malicious vehicles, maintenance of the system, and heterogeneous security policies, compared with the centralized key management assumed by the existing group signature schemes. In our framework, each road side unit (RSU) acts as the key distributor for the group, where a new issue incurred is that the semi-trust RSUs may be compromised. Thus, we develop security protocols for the scheme which are able to detect compromised RSUs and their colluding malicious vehicles. Moreover, we address the issue of large computation overhead due to the group signature implementation. A practical cooperative message authentication protocol is thus proposed to alleviate the verification burden, where each vehicle just needs to verify a small amount of messages. Details of possible attacks and the corresponding solutions are discussed. We further develop a medium access control (MAC) layer analytical model and carry out NS2 simulations to examine the key distribution delay and missed detection ratio of malicious messages, with the proposed key management framework being implemented over 802.11 based VANETs.

Rapid identification of message authentication

Abstract: Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication.

On the Security of Chien's Ultralightweight RFID Authentication Protocol

Abstract: Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

A secure and reliable in-network collaborative communication scheme for advanced metering infrastructure in smart grid

Abstract: We consider various security vulnerabilities of deploying Advanced Metering Infrastructure (AMI) in smart grid, and explore the issues related to confidentiality for customer privacy and customer behavior as well as message authentication for meter reading and control messages There are only a very few research work on AMI authentications, and no work exists on confidentiality for user privacy and user behavior, from the best of our knowledge In this paper, we propose an in-network collaborative scheme to provide secure and reliable AMI communications in smart grid, with smart meters interconnected through a multihop wireless network In this approach, an AMI system can provide trust services, data privacy and integrity by mutual authentications whenever a new smart meter initiates and joins the smart grid AMI network Data integrity and confidentiality are fulfilled through message authentication and encryption services respectively using the corresponding keys established in the mutual authentications A transmission scheme is proposed to facilitate the data collection and management message delivery between smart meters and a local collector for AMI communications Simulation results show that the proposed method has a better end-to-end delay and packet losses comparing with a basic security method, and the proposed method can provide secure and reliable communications for AMI in smart grid systems

UBAPV2G: A Unique Batch Authentication Protocol for Vehicle-to-Grid Communications

Abstract: “Vehicle-to-grid” (V2G) power will be a new green energy scheme in which electric or plug-in hybrid vehicles communicate with the smart grid to sell demand response services by either delivering electricity into the grid or by throttling their charging rate. Due to high vehicular speed, sporadic connection, limited communication range, and large volume of data that need to be transmitted, V2G communications have the crucial requirements of fast authentication and encryption/decryption. This paper proposes a unique batch authentication protocol UBAPV2G that takes into account the characteristics of vehicle communication. The performance analysis shows that UBAPV2G can achieve less authentication delay, less computational cost, and less communication traffic, and security analysis shows that UBAPV2G is strong enough to defend against security attacks. The experimental results also demonstrate that UBAPV2G can achieve less authentication delay for large number of packets. Thus, UBAPV2G protocol is suitable for the stringent requirement of real time V2G communications.

On Ultralightweight RFID Authentication Protocols

Abstract: A recent research trend, motivated by the massive deployment of RFID technology, looks at cryptographic protocols for securing communication between entities in which some of the parties have very limited computing capabilities. In this paper, we focus our attention on SASI, a new RFID authentication protocol, designed for providing Strong Authentication and Strong Integrity. SASI is a good representative of a family of RFID authentication protocols, referred to as Ultralightweight RFID authentication protocols. These protocols, suitable for passive Tags with limited computational power and storage, involve simple bitwise operations such as and, or, exclusive or, modular addition, and cyclic shift operations. They are efficient, fit the hardware constraints, and can be seen as an example of the above research trend. However, the main concern is the real security of these protocols, which are often supported only by apparently reasonable and intuitive arguments. The contribution we provide with this work is the following: we start by showing some weaknesses in the SASI protocol, and then, we describe how such weaknesses, through a sequence of simple steps, can be used to compute in an efficient way all secret data used for the authentication process. Specifically, we describe three attacks: 1) a desynchronization attack, through which an adversary can break the synchronization between the RFID Reader and the Tag; 2) an identity disclosure attack, through which an adversary can compute the identity of the Tag; and 3) a full disclosure attack, which enables an adversary to retrieve all secret data stored in the Tag. Then, we present some experimental results, obtained by running several tests on an implementation of the protocol, in order to evaluate the performance of the proposed attacks, which confirm that the attacks are effective and efficient. It comes out that an active adversary by interacting with a Tag more or less three hundred times, makes the authentication protocol completely useless. Finally, we close the paper with some observations. The cryptoanalysis of SASI gets some new light on the ultralightweight approach, and can also serve as a warning to researchers working on the field and tempted to apply these techniques. Indeed, the results of this work, rise serious questions regarding the limits of the ultralightweight family of protocols, and on the benefits of these ad hoc protocol design strategies and informal security analysis.

Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network

Abstract: The 3rd Generation Partnership (3GPP) standard is developing System Architecture Evolution(SAE)/Long Term Evolution(LTE) architecture for the next generation mobile communication system. In the LTE/SAE architecture, EPS AKA(Evolved Packet System Authentication and Key Agreement) procedure is used to provide mutual authentication between the user and the network. However the EPS AKA has several vulnerabilities such as disclosure of user identity, man-in-middle attack, etc. Therefore, this paper analyzes the deficiencies of the EPS AKA, and proposes a Security Enhanced Authentication and Key agreement (SE-EPS AKA) based on Wireless Public Key Infrastructure (WPKI). Then, the new SE-EPS AKA has been proved with the formal verification method, and the proof result shows that the SE-EPS AKA can satisfy the security and efficiency propoerties in the LTE/SAE architecture.

PASS: Privacy-preserving authentication scheme for smart grid network

Abstract: A smart grid power system is capable of adjusting the amount of electricity generated based on real-time requests from the smart meters of customers, thus avoiding excess electricity generation and facilitating reliable and effective transmission of electricity. To ensure that requests are sent from a valid user, all request messages must be authenticated. On the other hand, by analyzing the electricity usage pattern of a customer, the daily habit of the customer, such as when he is away, may be revealed. Thus, a proper privacy preserving mechanism has to be adopted. This paper attempts to develop a scheme to address these two seemingly contradicting requirements efficiently. By using a tamper-resistant device at the smart appliance and pseudo identities, we derive a privacy preserving authentication scheme to solve the problem. The authentication process is made very efficient by means of Hash-based Message Authentication Code (HMAC). Through simulation, we show that with our scheme, the transmission and signature verification delay induced are very small and the message overhead is only 20 bytes per request message. With our efficient verification process, even under attack, the substation can effectively drop all attack messages, allowing 6 times more valid messages to reach the control center when compared to the case without any verification. Thus our scheme is both efficient and effective.

A New Efficient Threshold Ring Signature Scheme Based on Coding Theory

Abstract: Ring signatures were introduced by Rivest, Shamir, and Tauman in 2001. These signatures allow a signer to anonymously authenticate a message on behalf of a group of his choice. This concept was then extended by Bresson, Stern, and Szydlo into t-out-of-N (threshold) ring signatures in 2002. We propose in this article a generalization of Stern's code-based identification (and signature) scheme to design a practical t -out-of- N threshold ring signature scheme. The size of the resulting signatures is in O(N) and does not depend on t , contrary to most of the existing protocols. Our scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N). This protocol is the first efficient code-based ring signature scheme and the first code-based threshold ring signature scheme. Moreover it has a better complexity than number-theory based schemes which have a complexity in O(Nt). This paper is an extended version of a paper published in the conference PQCrypto 2008, with complete proofs and definitions.

Method for securing a computing device with a trusted platform module-tpm

Abstract: Methods, systems and computer program products for securing a computing device with data storage, power-on firmware—BIOS, geolocation and mobile data module—GPS/GSM, and a Trusted Platform Module—TPM, including establishing a shared-secret between the BIOS and the TPM, requesting the TPM to generate suitable encryption keys, namely for encrypting the data storage, supplying the user of the computing device suitable keys for external storage, calculating a hash-based message authentication codes over the BIOS, MBR, unique ID of the TPM, unique ID of the GPS/GSM module and unique ID of the BIOS; using user provided password and/or token device; using mobile data messages to secure the device if misplaced.

A Secure Smart-Metering Protocol Over Power-Line Communication

Abstract: A smart-metering system is a system that meters electricity, gas, and water consumption and manages their supply by controlling measuring devices remotely. Power-line communication (PLC) does not require a separate communication line and can be easily installed by utilizing power-line infrastructure. PLC also allows users to easily connect measuring devices to the PLC network by plugging the power cord into an electrical outlet. Therefore, a smart-metering system over PLC has been considered as one of the most appropriate technologies for meter reading and automatic control, which are essential in realization of a smart grid. We propose a secure smart-metering protocol including: 1) key materials generation and provisioning to devices without exposure; 2) initialization to authenticate devices in the network and share keys between devices before exchanging data, (3) secure transmission of meter-reading data, and 4) revocation management to handle discarded devices from the network. Especially, our protocol provides strong authentication of devices and data: It prevents a single point of failure by adopting secret sharing through multiple certificate authorities. It also reduces the risk of denial-of-service attacks on the server by hop-by-hop authentication for data transmitted from terminal nodes to the server.

OTP-Based Two-Factor Authentication Using Mobile Phones

Abstract: Two-factor authentication (2FA) provides improved protection, since users are prompted to provide something they know and something they have. This method delivers a higher-level of authentication assurance, which is essential for online banking security. Many banking systems have satisfied the2FA requirements by sending a One Time Password (OTP), something possessed, through an SMS to the user's phone device. Unfortunately, international roaming and SMS costs and delays put restrictions on this system reliability. This paper presents a novel two-factor authentication scheme whereby a user's device produces multiples OTPs from an initial seed using the proposed production scheme. The initial seed is produced by the communications partners' unique parameters. Applying the many from one function to a certain seed removes the requirement of sending SMS-based OTPs to users, and reduces the restrictions caused by the SMS system.

Credential-Based Privacy-Preserving Power Request Scheme for Smart Grid Network

Abstract: A smart grid network adjusts power allocation by collecting information about the power usage of the customers in real-time. Authentication and user privacy preservation are the two major concerns on smart grid security. Authentication schemes that preserve users' privacy from third parties, but not from the power operator, have been proposed. In this paper, we propose a scheme that preserves users' privacy information, including their daily electricity usage pattern from third parties as well as from the power operator. At the same time, the scheme ensures that authentication can be properly done. These two properties are achieved by using anonymous credential under the principle of blind signature. Basically, a customer generates a set of credentials by himself and asks the control center to blindly sign them. When the customer needs to request more power later on, he presents the signed credential to the control center as proof of his identity. Implementation and analysis show that our scheme is feasible in terms of a number of performance measures such as the signing time and the credential collision rate.

A new zero-knowledge code based identification scheme with reduced communication

Abstract: In this paper we present a new 5-pass identification scheme with asymptotic cheating probability ½ based on the syndrome decoding problem. Our protocol is related to the Stern identification scheme but has a reduced communication cost compared to previous code-based zero-knowledge schemes, moreover our scheme permits to obtain a very low size of public key and secret key. The contribution of this paper is twofold, first we propose a variation on the Stern authentication scheme which permits to decrease asymptotically the cheating probability to 1/2 rather than 2/3 (and very close to 1/2 in practice) but with less communication. Our solution is based on deriving new challenges from the secret key through cyclic shifts of the initial public key syndrome; a new proof of soundness for this case is given Secondly we propose a new way to deal with hashed commitments in zero-knowledge schemes based on Stern's scheme, so that in terms of communication, on the average, only one hash value is sent rather than two or three. Overall our new scheme has the good features of having a zero-knowledge security proof based on well known hard problem of coding theory, a small size of secret and public key (a few hundred bits), a small calculation complexity, for an overall communication cost of 19kb for authentication (for a 216 security) and a signature of size of 93kb (11.5kB) (for security 280), an improvement of 40% compared to previous schemes based on coding theory.

Another look at tightness

Abstract: We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.

OpenID authentication as a service in OpenStack

Abstract: The evolution of cloud computing is driving the next generation of internet services. OpenStack is one of the largest open-source cloud computing middleware development communities. Currently, OpenStack supports platform specific signatures and tokens for user authentication. In this paper, we aim to introduce a cloud platform independent, flexible, and decentralized authentication mechanism, using OpenID as an open-source authentication mechanism in OpenStack. OpenID allows a decentralized framework for user authentication. It has its own advantages for web services, which include improvements in usability and seamless Single-Sign-On experience for the users. This paper presents the OpenlD-Authentication-as-a-Service APIs in OpenStack for front-end GUI servers, and performs the authentication in the back-end at a single Policy Decision Point (PDP). Our implementation allows users to use their OpenID Identifiers from standard OpenTD providers and log into the Dashboard/Django-Nova graphical interface of OpenStack.

A New Version of Grain-128 with Authentication

Abstract: A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations.

Secure Routing for Wireless Mesh Networks

Abstract: This paper describes a Security Enhanced AODV routing protocol for wireless mesh networks (SEAODV) SEAODV employs Blom's key pre-distribution scheme to compute the pairwise transient key (PTK) through the flooding of enhanced HELLO message and subsequently uses the established PTK to distribute the group transient key (GTK) PTK and GTK are used for authenticating unicast and broadcast routing messages respectively In wireless mesh networks, a unique PTK is shared by each pair of nodes, while GTK is shared secretly between the node and all its one-hop neighbors A message authentication code (MAC) is attached as the extension to the original AODV routing message to guarantee the message's authenticity and integrity in a hop-by-hop fashion Security analysis and performance evaluation show that SEAODV is more effective in preventing identified routing attacks and outperforms ARAN and SAODV in terms of computation cost and route acquisition latency

Watermarking of chest CT scan medical images for content authentication

Abstract: Image processing techniques have played a very significant role in the past decades in the field of medical sciences for diagnosis and treatment purposes. In some applications, medical images are divided into region of interest (ROI) and region of non-interest (RONI). Important information regarding diagnosis is contained in the ROI, so its integrity must be assured. We propose a fragile watermarking technique to ensure the integrity of the medical image that avoids the distortion of the image in ROI by embedding the watermark information in RONI. The watermark is composed of patient information, hospital logo and message authentication code computed using a hash function. Earlier encryption of watermark is performed to ensure inaccessibility of embedded data to the adversaries.

Towards a light-weight message authentication mechanism tailored for Smart Grid communications

Abstract: Smart Grid (SG) technology, which aims at bringing the world's aging electric grids into the 21st century by utilizing intelligent transmission and distributed networks, has been gaining momentum in recent years. Despite its attractive features, the SG technology remains vulnerable to some security threats, such as spoofing and man-in-the-middle attacks. In this paper, to address these potential security issues, we propose a light-weight and secure message authentication mechanism. The proposed mechanism is based on Diffie-Hellman key establishment protocol and hash-based message authentication code, which allows various smart meters at different points of the SG to make mutual authentication and achieve message authentication with low latency and few signal message exchanges. Detailed security analysis shows it can satisfy the desirable security requirements. In addition, extensive computer-based simulation also demonstrates its efficiency.

MIMO Authentication via Deliberate Fingerprinting at the Physical Layer

Abstract: We consider authentication of a wireless multiple-input-multiple-output (MIMO) system by deliberately introducing a stealthy fingerprint at the physical layer. The fingerprint is superimposed onto the data and uniquely conveys an authentication message as a function of the transmitted data and a shared secret key. A symbol synchronous approach to fingerprint embedding provides low complexity operation. In comparison with a conventional tag-based authentication approach, fingerprinting conveys much less information on the secret key to an eavesdropper. We study the trade-offs between stealth, security, and robustness, and show that very good operating points exist. We consider the cases when deterministic or statistical channel state information is available to the transmitter, and show how precoding and channel mode power allocation can be applied to both the data and the fingerprint in combination to enhance the authentication process.

ID-based Safety Message Authentication for Security and Trust in Vehicular Networks

Abstract: We present a safety message authentication scheme for vehicular ad hoc networks using an ID-based signature and verification mechanism. An ID-based technique offers a certificate-less public key verification, while a proxy signature provides flexibilities in message authentication and trust management. In this scheme, we incorporate an ID-based proxy signature framework with the standard ECDSA for VANET's road-side unit (RSU) originated safety application messages. Also, forwarding of signed messages are specially handled to ensure the trust and authentication of RSU's application messages. We claim that this scheme is resilient against all major security threats and also efficient in terms of computation complexity.

Secure Boot Method and Method for Generating a Secure Boot Image

Abstract: In a secure boot method, an initial boot loader verifies a first digital signature included in a first boot loader using a public key. The first boot loader is executed if the first digital signature is valid. The first boot loader verifies a first message authentication code included in a second boot loader using a unique key. The second boot loader is executed if the first message authentication code is valid.

Leakage Tolerant Interactive Protocols.

Abstract: We put forth a framework for expressing security requirements from interactive protocols in the presence of arbitrary leakage. This allows capturing different levels of leakage tolerance of protocols, namely the preservation (or degradation) of security, under coordinated attacks that include various forms of leakage from the secret states of participating components. The framework extends the universally composable (UC) security framework. We also prove a variant of the UC theorem, that enables modular design and analysis of protocols even in face of general, non-modular leakage. We then construct leakage tolerant protocols for basic tasks, such as, secure message transmission, message authentication, commitment, oblivious transfer and zero knowledge. A central component in several of our constructions is the observation that resilience to adaptive party corruptions (in some strong sense) implies leakage-tolerance in an essentially optimal way. ∗Research supported by the Check Point Institute for Information Security. †School of Computer Science, Tel Aviv University. Supported by a Marie Curie reintegration grant and an ISF grant. ‡IBM T.J. Watson Research Center.

Secure Stochastic ECG Signals Based on Gaussian Mixture Model for $e$ -Healthcare Systems

Abstract: The blood circulation system in a human body provides a unique and natural trust zone for secure data communications in wireless healthcare systems such as body area networks. Unfortunately, biometric signal authentication using physiological attributes in wireless healthcare has not been extensively studied. In this paper, we propose a data authentication approach utilizing electrocardiography (ECG) signal patterns for reducing key exchange overhead. The major contribution of this research is to apply stochastic pattern recognition techniques in wireless healthcare. In the proposed approach, the inter-pulse interval (IPI) signal pattern at transmitter side is summarized as a biometric authentication key using Gaussian mixture model (GMM). At the receiver side, a light-weight signature verification scheme is adopted that uses IPI signals gathered locally at the receiver. The proposed authentication scheme has the advantage of high sample misalignment tolerance. In our earlier work, we had demonstrated the concept of stochastic authentication for ECG signal, but the signature verification process and GMM authentication performance under time synchronization and various sample points were not discussed. Here, we present a new set of analytical and experimental results to demonstrate that the proposed stochastic authentication approach achieves a low half total error rate in ECG signals verification.

A secure perceptual hash algorithm for image content authentication

Abstract: Perceptual hashing is a promising solution to image content authentication. However, conventional image hash algorithms only offer a limited authentication level for the protection of overall content. In this work, we propose an image hash algorithm with block level content protection. It extracts features from DFT coefficients of image blocks. Experiments show that the hash has strong robustness against JPEG compression, scaling, additive white Gaussian noise, and Gaussian smoothing. The hash value is compact, and highly dependent on a key. It has very efficient trade-offs between the false positive rate and the true positive rate.