Showing papers on "Message authentication code published in 2012"

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

Abstract: We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.

Bitter to Better — How to Make Bitcoin a Better Currency

Abstract: Bitcoin is a distributed digital currency which has attracted a substantial number of users. We perform an in-depth investigation to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment. We ask also how Bitcoin could become a good candidate for a long-lived stable currency. In doing so, we identify several issues and attacks of Bitcoin, and propose suitable techniques to address them.

SipHash : a fast short-input PRF

Abstract: SipHash is a family of pseudorandom functions optimized for short inputs. Target applications include network traffic authentication and hash-table lookups protected against hash-flooding denial-of-service attacks. SipHash is simpler than MACs based on universal hashing, and faster on short inputs. Compared to dedicated designs for hash-table lookup, SipHash has well-defined security goals and competitive performance. For example, SipHash processes a 16-byte input with a fresh key in 140 cycles on an AMD FX-8150 processor, which is much faster than state-of-the-art MACs. We propose that hash tables switch to SipHash as a hash function.

ECG-Cryptography and Authentication in Body Area Networks

Abstract: Wireless body area networks (BANs) have drawn much attention from research community and industry in recent years. Multimedia healthcare services provided by BANs can be available to anyone, anywhere, and anytime seamlessly. A critical issue in BANs is how to preserve the integrity and privacy of a person's medical data over wireless environments in a resource efficient manner. This paper presents a novel key agreement scheme that allows neighboring nodes in BANs to share a common key generated by electrocardiogram (ECG) signals. The improved Jules Sudan (IJS) algorithm is proposed to set up the key agreement for the message authentication. The proposed ECG-IJS key agreement can secure data commnications over BANs in a plug-n-play manner without any key distribution overheads. Both the simulation and experimental results are presented, which demonstrate that the proposed ECG-IJS scheme can achieve better security performance in terms of serval performance metrics such as false acceptance rate (FAR) and false rejection rate (FRR) than other existing approaches. In addition, the power consumption analysis also shows that the proposed ECG-IJS scheme can achieve energy efficiency for BANs.

Slender PUF Protocol: A Lightweight, Robust, and Secure Authentication by Substring Matching

Abstract: We introduce Slender PUF protocol, an efficient and secure method to authenticate the responses generated from a Strong Physical Unclonable Function (PUF). The new method is lightweight, and suitable for energy constrained platforms such as ultra-low power embedded systems for use in identification and authentication applications. The proposed protocol does not follow the classic paradigm of exposing the full PUF responses (or a transformation of the full string of responses) on the communication channel. Instead, random subsets of the responses are revealed and sent for authentication. The response patterns are used for authenticating the prover device with a very high probability. We perform a thorough analysis of the method's resiliency to various attacks which guides adjustment of our protocol parameters for an efficient and secure implementation. We demonstrate that Slender PUF protocol, if carefully designed, will be resilient against all known machine learning attacks. In addition, it has the great advantage of an inbuilt PUF error tolerance. Thus, Slender PUF protocol is lightweight and does not require costly additional error correction, fuzzy extractors, and hash modules suggested in most previously known PUF-based robust authentication techniques. The low overhead and practicality of the protocol are confirmed by a set of hardware implementation and evaluations.

LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks

Abstract: Security in vehicular networks established itself as a highly active research area in the last few years. However, there are only a few results so far on assuring security for communication buses inside vehicles. Here we advocate the use of a protocol based entirely on simple symmetric primitives that takes advantage of two interesting procedures which we call key splitting and MAC mixing. Rather than achieving authentication independently for each node, we split authentication keys between groups of multiple nodes. This leads to a more efficient progressive authentication that is effective especially in the case when compromised nodes form only a minority and we believe such an assumption to be realistic in automotive networks. To gain more security we also account an interesting construction in which message authentication codes are amalgamated using systems of linear equations. We study several protocol variants which are extremely flexible allowing different trade-offs on bus load, computational cost and security level. Experimental results are presented on state-of-the-art Infineon TriCore controllers which are contrasted with low end controllers with Freescale S12X cores, all these devices are wide spread in the automotive industry. Finally, we discuss a completely backward compatible solution based on CAN+, a recent improvement of CAN.

oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks

Abstract: Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users' passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, keyloggers and malware. In this paper, we design a user authentication protocol named oPass which leverages a user's cellphone and short message service to thwart password stealing and password reuse attacks. oPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms.

Message authentication, revisited

Abstract: Traditionally, symmetric-key message authentication codes (MACs) are easily built from pseudorandom functions (PRFs). In this work we propose a wide variety of other approaches to building efficient MACs, without going through a PRF first. In particular, unlike deterministic PRF-based MACs, where each message has a unique valid tag, we give a number of probabilistic MAC constructions from various other primitives/assumptions. Our main results are summarized as follows: — We show several new probabilistic MAC constructions from a variety of general assumptions, including CCA-secure encryption, Hash Proof Systems and key-homomorphic weak PRFs. By instantiating these frameworks under concrete number theoretic assumptions, we get several schemes which are more efficient than just using a state-of-the-art PRF instantiation under the corresponding assumption. — For probabilistic MACs, unlike deterministic ones, unforgeability against a chosen message attack (uf-cma ) alone does not imply security if the adversary can additionally make verification queries (uf-cmva ). We give an efficient generic transformation from any uf-cma secure MAC which is "message-hiding" into a uf-cmva secure MAC. This resolves the main open problem of Kiltz et al. from Eurocrypt'11; By using our transformation on their constructions, we get the first efficient MACs from the LPN assumption. — While all our new MAC constructions immediately give efficient actively secure, two-round symmetric-key identification schemes, we also show a very simple, three-round actively secure identification protocol from any weak PRF. In particular, the resulting protocol is much more efficient than the trivial approach of building a regular PRF from a weak PRF.

Quantitative Measurement and Design of Source-Location Privacy Schemes for Wireless Sensor Networks

Abstract: Wireless sensor networks (WSNs) have been widely used in many areas for critical infrastructure monitoring and information collection. While confidentiality of the message can be ensured through content encryption, it is much more difficult to adequately address source-location privacy (SLP). For WSNs, SLP service is further complicated by the nature that the sensor nodes generally consist of low-cost and low-power radio devices. Computationally intensive cryptographic algorithms (such as public-key cryptosystems), and large scale broadcasting-based protocols may not be suitable. In this paper, we first propose criteria to quantitatively measure source-location information leakage in routing-based SLP protection schemes for WSNs. Through this model, we identify vulnerabilities of some well-known SLP protection schemes. We then propose a scheme to provide SLP through routing to a randomly selected intermediate node (RSIN) and a network mixing ring (NMR). Our security analysis, based on the proposed criteria, shows that the proposed scheme can provide excellent SLP. The comprehensive simulation results demonstrate that the proposed scheme is very efficient and can achieve a high message delivery ratio. We believe it can be used in many practical applications.

Cycling attacks on GCM, GHASH and other polynomial MACs and hashes

Abstract: The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide single-pass authenticated encryption. The GHASH authentication component of GCM belongs to a class of Wegman-Carter polynomial hashes that operate in the field GF(2128). We present message forgery attacks that are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. GCM uses the same block cipher key K to both encrypt data and to derive the generator H of the authentication polynomial for GHASH. In present literature, only the trivial weak key H=0 has been considered. We show that GHASH has much wider classes of weak keys in its 512 multiplicative subgroups, analyze some of their properties, and give experimental results on AES-GCM weak key search. Our attacks can be used not only to bypass message authentication with garbage but also to target specific plaintext bits if a polynomial MAC is used in conjunction with a stream cipher. These attacks can also be applied with varying efficiency to other polynomial hashes and MACs, depending on their field properties. Our findings show that especially the use of short polynomial-evaluation MACs should be avoided if the underlying field has a smooth multiplicative order.

Leakage-Tolerant interactive protocols

Abstract: We put forth a framework for expressing security requirements from interactive protocols in the presence of arbitrary leakage. The framework allows capturing different levels of leakage-tolerance of protocols, namely the preservation (or degradation) of security, under coordinated attacks that include various forms of leakage from the secret states of participating components. The framework extends the universally composable (UC) security framework. We also prove a variant of the UC theorem that enables modular design and analysis of protocols even in face of general, non-modular leakage. We then construct leakage-tolerant protocols for basic tasks, such as secure message transmission, message authentication, commitment, oblivious transfer and zero-knowledge. A central component in several of our constructions is the observation that resilience to adaptive party corruptions (in some strong sense) implies leakage-tolerance in an essentially optimal way.

Single RFID Tag Ownership Transfer Protocols

Abstract: Security/privacy issues are of paramount importance for widespread acceptance and use of radio-frequency identification (RFID) tags. Over the last few years, researchers have addressed this issue through lightweight cryptographic means. While a majority of existing RFID security/privacy protocols address authentication issues, the ability to change as well as share ownership of these tagged objects is equally important. We consider a few RFID ownership transfer variations and propose protocols that are lightweight and secure. We consider ownership transfer scenarios for single tag-single owner with and without a trusted third party (TTP). We provide security analysis to evaluate the accuracy, confidentiality, and forward security of the proposed protocols from a cryptography perspective.

Assessment of node trustworthiness in VANETs using data plausibility checks with particle filters

Abstract: In Vehicular Ad-Hoc Networks (VANETs), the exchange of location data (i.e. absolute position, heading, time) for traffic safety applications plays an important role. The trustworthiness of this information is crucial as false data affects applications heavily and might endanger human lives. Beside cryptographic solutions that ensure sender authenticity and message integrity, the data plausibility check is an important mechanism to ensure positional reliability. In this paper, we show that a particle filter is an appropriate instrument to perform plausibility checks in order to assess the trustworthiness of neighbor nodes. Our approach allows the aggregation of information from different data sources directly in one particle filter per neighbor. Thus, dependencies and relationships between individual sources can be fully accounted for and the framework is easily extensible and scales well. The concept is implemented as a Java-OSGi bundle for a field operational test framework and evaluated using both manually generated traces and recorded data from real vehicle trips. We show that the detection of several types of location-based attacks is possible under consideration of errors and system inherent deviations in sensor data.

Message authentication method in communication system and communication system

Abstract: Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol.

Strong authentication token with visual output of PKI signatures

Abstract: A handheld authentication device comprising a data processor and a display is adapted to: generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display. A method for securing computer-based applications remotely accessed by a user comprises capturing images displayed on the display of an authentication device of the user whereby these images have been encoded with an authentication message generated by the authentication device and whereby the authentication message comprises the result of an asymmetric cryptographic operation on an input value; decoding the images to retrieve the authentication message; retrieving the result of the asymmetric cryptographic operation from the authentication message; verifying the authentication message.

Low-Data Complexity Attacks on AES

Abstract: The majority of current attacks on reduced-round variants of block ciphers seeks to maximize the number of rounds that can be broken, using less data than the entire codebook and less time than exhaustive key search. In this paper, we pursue a different approach, restricting the data available to the adversary to a few plaintext/ciphertext pairs. We argue that consideration of such attacks (which received little attention in recent years) improves our understanding of the security of block ciphers and of other cryptographic primitives based on block ciphers. In particular, these attacks can be leveraged to more complex attacks, either on the block cipher itself or on other primitives (e.g., stream ciphers, MACs, or hash functions) that use a small number of rounds of the block cipher as one of their components. As a case study, we consider the Advanced Encryption Standard (AES)-the most widely used block cipher. The AES round function is used in many cryptographic primitives, such as the hash functions Lane, SHAvite-3, and Vortex or the message authentication codes ALPHA-MAC, Pelican, and Marvin. We present attacks on up to four rounds of AES that require at most three known/chosen plaintexts. We then apply these attacks to cryptanalyze an AES-based stream cipher (which follows the leak extraction methodology), and to mount the best known plaintext attack on six-round AES.

A Secret-Sharing-Based Method for Authentication of Grayscale Document Images via the Use of the PNG Image With a Data Repair Capability

Abstract: A new blind authentication method based on the secret sharing technique with a data repair capability for grayscale document images via the use of the Portable Network Graphics (PNG) image is proposed. An authentication signal is generated for each block of a grayscale document image, which, together with the binarized block content, is transformed into several shares using the Shamir secret sharing scheme. The involved parameters are carefully chosen so that as many shares as possible are generated and embedded into an alpha channel plane. The alpha channel plane is then combined with the original grayscale image to form a PNG image. During the embedding process, the computed share values are mapped into a range of alpha channel values near their maximum value of 255 to yield a transparent stego-image with a disguise effect. In the process of image authentication, an image block is marked as tampered if the authentication signal computed from the current block content does not match that extracted from the shares embedded in the alpha channel plane. Data repairing is then applied to each tampered block by a reverse Shamir scheme after collecting two shares from unmarked blocks. Measures for protecting the security of the data hidden in the alpha channel are also proposed. Good experimental results prove the effectiveness of the proposed method for real applications.

Unconditionally-Secure robust secret sharing with compact shares

Abstract: We consider the problem of reconstructing a shared secret in the presence of faulty shares, with unconditional security. We require that any t shares give no information on the shared secret, and reconstruction is possible even if up to t out of the n shares are incorrect. The interesting setting is n/3≤t

System and method for message verification in broadcast and multicast networks

Abstract: In a network device, a method for verified communication includes generating a network communication message using a selection of predetermined message elements having digital signatures generated with a private key. The network device generates a signature for the message by applying a homomorphic operation to the digital signatures of the selected predetermined message elements and to a one-time signature corresponding to a random number. The network device transmits the message in association with the signature for the message and the random number to at least one other network device.

A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems

Abstract: We present a theoretical framework for the analysis of privacy and security trade-offs in secure biometric authentication systems. We use this framework to conduct a comparative information-theoretic analysis of two biometric systems that are based on linear error correction codes, namely fuzzy commitment and secure sketches. We derive upper bounds for the probability of false rejection (PFR) and false acceptance (PFA) for these systems. We use mutual information to quantify the information leaked about a user's biometric identity, in the scenario where one or multiple biometric enrollments of the user are fully or partially compromised. We also quantify the probability of successful attack (PSA) based on the compromised information. Our analysis reveals that fuzzy commitment and secure sketch systems have identical PFR, PFA, PSA, and information leakage, but secure sketch systems have lower storage requirements. We analyze both single-factor (keyless) and two-factor (key-based) variants of secure biometrics, and consider the most general scenarios in which a single user may provide noisy biometric enrollments at several access control devices, some of which may be subsequently compromised by an attacker. Our analysis highlights the revocability and reusability properties of key-based systems and exposes a subtle design trade-off between reducing information leakage from compromised systems and preventing successful attacks on systems whose data have not been compromised.

A Novel Group-Based Handover Authentication Scheme with Privacy Preservation for Mobile WiMAX Networks

Abstract: This letter proposes an efficient group-based handover authentication scheme for mobile WiMAX networks. When the first Mobile Station (MS) of the handover group moves from the service Base Station (BS) to a target BS, the service BS transmits all the handover group members security context to the target BS. Thus the rest of the MSs in the same handover group can bypass the Extensible Authentication Protocol (EAP) and the security context transfer phases to directly perform the handover authentication, which obviously reduces handover latency. Moreover, the proposed scheme not only meets the essential security requirements in handover authentication semantics (such as mutual authentication and resisting the domino effect) but also achieves privacy preservation.

Systems and methods for authenticating users accessing unsecured wifi access points

Abstract: Systems and methods system for a user accessing an unsecure Wifi access point are provided. In an embodiment, the present invention requests that the customer perform authentication of the access point to which he is connected. On initial connection to the access point, the customer provides his username/password and chooses a memorable information element (e.g., image or phrase). A site specific cookie is delivered to the customer device after a successful authentication. On subsequent connections, the site specific cookie is validated and the MAC address of the customer device is used to retrieve the memorable information element. If the customer recognizes his memorable image, he confirms that he is on a bona fide access point. In a further embodiment, if the customer connects at a location and/or time of day which breaks a previously observed pattern, MAC authentication is not accepted and a full authentication (e.g., user/password) is required.

Robust Video Hashing via Multilinear Subspace Projections

Abstract: The goal of video hashing is to design hash functions that summarize videos by short fingerprints or hashes. While traditional applications of video hashing lie in database searches and content authentication, the emergence of websites such as YouTube and DailyMotion poses a challenging problem of anti-piracy video search. That is, hashes or fingerprints of an original video (provided to YouTube by the content owner) must be matched against those uploaded to YouTube by users to identify instances of “illegal” or undesirable uploads. Because the uploaded videos invariably differ from the original in their digital representation (owing to incidental or malicious distortions), robust video hashes are desired. We model videos as order-3 tensors and use multilinear subspace projections, such as a reduced rank parallel factor analysis (PARAFAC) to construct video hashes. We observe that, unlike most standard descriptors of video content, tensor-based subspace projections can offer excellent robustness while effectively capturing the spatio-temporal essence of the video for discriminability. We introduce randomization in the hash function by dividing the video into (secret key based) pseudo-randomly selected overlapping sub-cubes to prevent against intentional guessing and forgery. Detection theoretic analysis of the proposed hash-based video identification is presented, where we derive analytical approximations for error probabilities. Remarkably, these theoretic error estimates closely mimic empirically observed error probability for our hash algorithm. Furthermore, experimental receiver operating characteristic (ROC) curves reveal that the proposed tensor-based video hash exhibits enhanced robustness against both spatial and temporal video distortions over state-of-the-art video hashing techniques.

A Novel En-route Filtering Scheme against False Data Injection Attacks in Cyber-Physical Networked Systems

Abstract: In Cyber-Physical Networked Systems (CPNS), attackers could inject false measurements to the controller through compromised sensor nodes, which not only threaten the security of the system, but also consumes network resources. To deal with this issue, a number of en-route filtering schemes have been designed for wireless sensor networks. However, these schemes either lack resilience to the number of compromised nodes or depend on the statically configured routes and node localization, which are not suitable for CPNS. In this paper, we propose a Polynomial-based Compromised-Resilient En-route Filtering scheme (PCREF), which can filter false injected data effectively and achieve a high resilience to the number of compromised nodes without relying on static routes and node localization. Particularly, PCREF adopts polynomials instead of MACs (message authentication codes) for endorsing measurement reports to achieve the resilience to attacks. Each node stores two types of polynomials: authentication polynomial and check polynomial derived from the primitive polynomial, and used for endorsing and verifying the measurement reports. Via extensive theoretical analysis and simulation experiments, our data show that PCREF achieves better filtering capacity and resilience to the large number of compromised nodes in comparison to the existing schemes.

A Detailed look of Audio Steganography Techniques using LSB and Genetic Algorithm Approach

Abstract: This paper is the study of various techniques of audio steganography using different algorithmis like genetic algorithm approach and LSB approach. We have tried some approaches that helps in audio steganography. As we know it is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. In steganography, the message used to hide secret message is called host message or cover message. Once the contents of the host message or cover message are modified, the resultant message is known as stego message. In other words, stego message is combination of host message and secret message. Audio steganography requires a text or audio secret message to be embedded within a cover audio message. Due to availability of redundancy, the cover audio message before steganography, stego message after steganography remains same. for information hiding.

System and method for automatically generating computer code for message flows

Abstract: Computer-executable code is automatically generated for a message flow in a message queuing infrastructure by determining a type of the message flow, inputting message flow parameters, and generating the computer-executable code based on the type of the message flow and the message flow parameters. The generation of code can also implement a design pattern, which is input based on the determined type of message flow. The computer-executable code can be, for example, Extended Structured Query Language (ESQL) code. The type of the message flow can identify, for example, a transformation requirement of the message flow. The transformation requirement can be, for example, one of (i) transformation from a first Extensible Markup Language (XML) message to a second XML message, (ii) transformation from an XML message to a Message Repository Manager (MRM) message, and (iii) transformation from a first MRM message to a second MRM message.

A Batch-Authenticated and Key Agreement Framework for P2P-Based Online Social Networks

Abstract: Online social networks (OSNs) such as Facebook and MySpace are flourishing because more and more people are using OSNs to share their interests with friends. Because security and privacy issues on OSNs are major concerns, we propose a security framework for simultaneously authenticating multiple users to improve the efficiency and security of peer-to-peer (P2P)-based OSNs. In the proposed framework, three batch authentication protocols are proposed, adopting the one-way hash function, ElGamal proxy encryption, and certificates as the underlying cryptosystems. The hash-based authentication protocol requires lower computational cost and is suitable for resource-limited devices. The proxy-based protocol is based on asymmetric encryption and can be used to exchange more information among users. The certificate-based protocol guarantees nonrepudiation of transactions by signatures. Without a centralized authentication server, the proposed framework can therefore facilitate the extension of an OSN with batched verifications. In this paper, we formally prove that the proposed batch authentication protocols are secure against both passive adversaries and impersonator attacks, can offer implicit key authentication, and require fewer messages to authenticate multiple users. We also show that our protocols can meet important security requirements, including mutual authentication, reputation, community authenticity, nonrepudiation, and flexibility. With these effective security features, our framework is appropriate for use in P2P-based OSNs.

Design and Implementation of Improved Authentication System for Android Smartphone Users

Abstract: The devices most often used for IT services are changing from PCs and laptops to smart phones and tablets. These devices need to be small for increased portability. These technologies are convenient, but as the devices start to contain increasing amounts of important personal information, better security is required. Security systems are rapidly being developed, as well as solutions such as remote control systems. However, even with these solutions, major problems could still result after a mobile device is lost. In this thesis, we present our upgraded Lock Screen system, which is able to support authentication for the user's convenience and provide a good security system for smart phones. We also suggest an upgraded authentication system for Android smart phones.