Showing papers on "Message authentication code published in 2018"

VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System

Abstract: The proliferation of computerized functions aimed at enhancing drivers’ safety and convenience has increased the number of vehicular attack surfaces accordingly. The fundamental vulnerability is caused by the fact that the controller area network protocol, a de facto standard for in-vehicle networks, does not support message origin authentication. Several methods to resolve this problem have been suggested. However, most of them require modification of the CAN protocol and have their own vulnerabilities. In this paper, we focus on securing in-vehicle CAN networks, proposing a novel automotive intrusion detection system (so-called VoltageIDS). The system leverages the inimitable characteristics of an electrical CAN signal as a fingerprint of the electronic control units. The noteworthy contributions are that VoltageIDS does not require any modification of the current system and has been validated on actual vehicles while driving on the road. VoltageIDS is also the first automotive intrusion detection system capable of distinguishing between errors and the bus-off attack. Our experimental results on a CAN bus prototype and on real vehicles show that VoltageIDS detects intrusions in the in-vehicle CAN network. Moreover, we evaluate VoltageIDS while a vehicle is moving.

A Provably-Secure Cross-Domain Handshake Scheme with Symptoms-Matching for Mobile Healthcare Social Network

Abstract: With rapid developments of sensor, wireless and mobile communication technologies, Mobile Healthcare Social Networks (MHSNs) have emerged as a popular means of communication in healthcare services. Within MHSNs, patients can use their mobile devices to securely share their experiences, broaden their understanding of the illness or symptoms, form a supportive network, and transmit information (e.g., state of health and new symptoms) between users and other stake holders (e.g., medical center). Despite the benefits afforded by MHSNs, there are underlying security and privacy issues (e.g., due to the transmission of messages via a wireless channel). The handshake scheme is an important cryptographic mechanism, which can provide secure communication in MHSNs (e.g., anonymity and mutual authentication between users, such as patients). In this paper, we present a new framework for the handshake scheme in MHSNs, which is based on hierarchical identity-based cryptography. We then construct an efficient Cross-Domain HandShake (CDHS) scheme that allows symptoms-matching within MHSNs. For example, using the proposed CDHS scheme, two patients registered with different healthcare centers can achieve mutual authentication and generate a session key for future secure communications. We then prove the security of the scheme, and a comparative summary demonstrates that the proposed CDHS scheme requires fewer computation and lower communication costs. We also implement the proposed CDHS scheme and three related schemes in a proof of concept Android app to demonstrate utility of the scheme. Findings from the evaluations demonstrate that the proposed CDHS scheme achieves a reduction of 18.14 and 5.41 percent in computation cost and communication cost, in comparison to three other related handshake schemes.

SYNERGY: Rethinking Secure-Memory Design for Error-Correcting Memories

Abstract: Building trusted data-centers requires resilient memories which are protected from both adversarial attacks and errors. Unfortunately, the state-of-the-art memory security solutions incur considerable performance overheads due to accesses for security metadata like Message Authentication Codes (MACs). At the same time, commercial secure memory solutions tend to be designed oblivious to the presence of memory reliability mechanisms (such as ECC-DIMMs), that provide tolerance to memory errors. Fortunately, ECC-DIMMs possess an additional chip for providing error correction codes (ECC), that is accessed in parallel with data, which can be harnessed for security optimizations. If we can re-purpose the ECC-chip to store some metadata useful for security and reliability, it can prove beneficial to both. To this end, this paper proposes Synergy, a reliability-security co-design that improves performance of secure execution while providing strong reliability for systems with 9-chip ECC-DIMMs. Synergy uses the insight that MACs being capable of detecting data tampering are also useful for detecting memory errors. Therefore, MACs are best suited for being placed inside the ECC chip, to be accessed in parallel with each data access. By co-locating MAC and Data, Synergy is able to avoid a separate memory access for MAC and thereby reduce the overall memory traffic for secure memory systems. Furthermore, Synergy is able to tolerate 1 chip failure out of 9 chips by using a parity that is constructed over 9 chips (8 Data and 1 MAC), which is used for reconstructing the data of the failed chip. For memory intensive workloads, Synergy provides a speedup of 20% and reduces system Energy Delay Product by 31% compared to a secure memory baseline with ECC-DIMMs. At the same time, Synergy increases reliability by 185x compared to ECC-DIMMs that provide Single-Error Correction, Double-Error Detection (SECDED) capability. Synergy uses commercial ECC-DIMMs and does not incur any additional hardware overheads or reduction of security.

Decentralized and Scalable Privacy-Preserving Authentication Scheme in VANETs

Abstract: Existing authentication schemes are based on either symmetric or asymmetric cryptography such as public-key infrastructure (PKI). These PKI-based authentication schemes are highly recommended to address the security challenges in VANETs. However, they have certain shortcomings such as: 1) lack of privacy-preservation due to revealing of vehicle identity and broadcasting of safety-message and 2) lengthy certificates leading to communication and computation overheads. The symmetric cryptography based schemes on the other hand are faster because they use a single secret key and are very simple; however, it does not ensure nonrepudiation. In this paper, we present a decentralized and scalable privacy-preserving authentication (DSPA) scheme for secure vehicular ad hoc networks. The proposed scheme employs a hybrid cryptography. In DSPA, the asymmetric identity-based (ID-based) cryptography and the symmetric hash message authentication code (HMAC) based authentication are adopted during vehicle to infrastructure and vehicle to vehicle communications, respectively. Extensive simulations are conducted to validate the proposed DSPA scheme by comparing the existing works based on PKI, ID-based, group signature, batch verification, and HMAC. The performance analysis showed that DSPA is more efficient, decentralized, scalable, and also a privacy-preserving secured scheme than the existing authentication schemes.

BlockCAM: A Blockchain-Based Cross-Domain Authentication Model

Abstract: In a distributed network environment, companies and institutions have their own sharing resource. To prevent unauthorized users to access these shared resources, cross-domain authentication is necessary. For ensuring the safety and efficiency to access resources in different domain, we propose a blockchain-based cross-domain authentication model called BlockCAM and designed the cross-domain authentication protocol. BlockCAM employs consortium blockchain technology to construct a decentralized network with the root Certificate Authorities as the verification nodes. The hash values of the authorized certificates are stored in each block and the verification process only needs to compare whether the hash calculated by the certificate provided by the user is consistent with the hash stored in the blockchain. The authentication process omits the key encryption and decryption overhead. BlockCAM has the characteristics of decentralization, anonymity and temper-resistant. Analyses show that BlockCAM has the advantage over the existing public key infrastructure (PKI) cross-domain authentication schemes at efficiency.

Reliable Cooperative Authentication for Vehicular Networks

Abstract: Vehicular ad-hoc networks (VANETs) have been researched with regard to enhance driver’s safety and comfort. In VANETs, all vehicles share their status and road conditions with neighboring nodes by periodically generating safety messages. To provide reliable VANET services, message authentication is an important feature. In particular, anonymous message authentication has attracted considerable interest, because periodic broadcast messages from a vehicle can be used to track its location. Unfortunately, previously proposed anonymous message authentication protocols had serious practical shortcomings, including high communication, authentication, and revocation costs, as well as reliability issues. Thus, in this paper, we propose an anonymous authentication protocol based on a cooperative authentication method. The proposed method does not require mode synchronization between cooperative and non-cooperative authentication. In addition, we design a two-layer pseudo-identity generation method and construct a key update tree for efficient revocation. Simulations show that our protocol does not result in packet losses caused by authentication overheads, even when the vehicle density is 200/km2.

A Secure and Efficient Authentication Technique for Vehicular Ad-Hoc Networks

Abstract: Vehicular ad-hoc networks (VANETs) are under active development, thanks in part to recent advances in wireless communication and networking technologies. The most fundamental part in VANETs is to enable message authentications between vehicles and roadside units. Message authentication using proxy vehicles has been proposed to reduce the computational overhead of roadside units significantly. In this message authentication scheme, proxy vehicles that verify multiple messages at the same time improve roadside units’ efficiency. In this paper, first we show that the only proxy-based authentication scheme (PBAS) presented for this goal by Liu et al. cannot guarantee message authenticity, and also it is not resistant against impersonation and modification attacks and false acceptance of batched invalid signatures. Next, we propose a new identity-based message authentication scheme using proxy vehicles (ID-MAP). Then, to guarantee that it can satisfy the message authentication requirement, existential unforgeability of underlying signature against adaptively chosen-message and identity attack is proved under elliptic curve discrete logarithm problem in the random oracle model. It should be highlighted that ID-MAP not only is more efficient than PBAS since it is pairing-free and identity-based, and also it does not use map-to-point hash functions, but also it satisfies security and privacy requirements of VANETs. Furthermore, analysis shows that the required time to verify 3000 messages in ID-MAP is reduced by 76% compared to that of PBAS.

PASTA: PASsword-based Threshold Authentication

Abstract: Token-based authentication is commonly used to enable a single-sign-on experience on the web, in mobile applications and on enterprise networks using a wide range of open standards and network authentication protocols: clients sign on to an identity provider using their username/password to obtain a cryptographic token generated with a master secret key, and store the token for future accesses to various services and applications. The authentication server(s) are single point of failures that if breached, enable attackers to forge arbitrary tokens or mount offline dictionary attacks to recover client credentials. Our work is the first to introduce and formalize the notion of password-based threshold token-based authentication which distributes the role of an identity provider among n servers. Any t servers can collectively verify passwords and generate tokens, while no t-1 servers can forge a valid token or mount offline dictionary attacks. We then introduce PASTA, a general framework that can be instantiated using any threshold token generation scheme, wherein clients can "sign-on" using a two-round (optimal) protocol that meets our strong notions of unforgeability and password-safety. We instantiate and implement our framework in C++ using two threshold message authentication codes (MAC) and two threshold digital signatures with different trade-offs. Our experiments show that the overhead of protecting secrets and credentials against breaches in PASTA, i.e. compared to a naive single server solution, is extremely low (1-5%) in the most likely setting where client and servers communicate over the internet. The overhead is higher in case of MAC-based tokens over a LAN (though still only a few milliseconds) due to public-key operations in PASTA. We show, however, that this cost is inherent by proving a symmetric-key only solution impossible.

An LDPC Code Based Physical Layer Message Authentication Scheme With Prefect Security

Abstract: In this paper, we study physical layer message authentication with perfect security for wireless networks, regardless of the computational power of adversaries. Specifically, we propose an efficient and feasible authentication scheme based on low-density parity-check (LDPC) codes and $\epsilon $ -AU2 hash functions over binary-input wiretap channel. First, a multi-message authentication scheme for noiseless main channel case is presented by leveraging a novel $\epsilon $ -AU2 hash function family and the dual of large-girth LDPC codes. Concretely, the sender Alice first generates a message tag $T$ with message $M$ and key $K$ by using a lightweight $\epsilon $ -AU2 hash functions; then Alice encodes $T$ to a codeword $X^{n}$ with the dual of large-girth LDPC codes; finally, Alice sends $(M,X^{n})$ to the receiver Bob noiselessly. An adversary Eve has infinite computational capacity, and he can obtain $M$ and the output $Z^{n}$ of the BEC with input $X^{n}$ . Then, an authentication scheme over binary erasure channel and binary-input wiretapper’s channel is further developed, which can reduce the noisy main channel case to noiseless main channel case by leveraging public discussion. We theoretically prove that, the proposed schemes are perfect secure if the number of attacks from Eve is upper bounded by a polynomial times in terms of $n$ . Furthermore, the simulation results are provided to demonstrate that the proposed schemes can achieve high authentication rate with low time latency.

Security Shortcomings and Countermeasures for the SAE J1939 Commercial Vehicle Bus Protocol

Abstract: In the recent years, countless security concerns related to automotive systems were revealed either by academic research or real life attacks. While current attention was largely focused on passenger cars, due to their ubiquity, the reported bus-related vulnerabilities are applicable to all industry sectors where the same bus technology is deployed, i.e., the CAN bus. The SAE J1939 specification extends and standardizes the use of CAN to commercial vehicles where security plays an even higher role. In contrast to empirical results that attest such vulnerabilities in commercial vehicles by practical experiments, here, we determine that existing shortcomings in the SAE J1939 specifications open road to several new attacks, e.g., impersonation, denial of service (DoS), distributed DoS, etc. Taking the advantage of an industry-standard CANoe based simulation, we demonstrate attacks with potential safety critical effects that are mounted while still conforming to the SAE J1939 standard specification. We discuss countermeasures and security enhancements by including message authentication mechanisms. Finally, we evaluate and discuss the impact of employing these mechanisms on the overall network communication.

Review of Secure Communication Approaches for In-Vehicle Network

Abstract: In the connected vehicles, connecting interfaces bring threats to the vehicles and they can be hacked to impact the vehicles and drivers Compared with traditional vehicles, connected vehicles require more information transfer Sensor signals and critical data must be protected to ensure the cyber security of connected vehicles The communications among ECUs, sensors, and gateways are connected by in-vehicle networks This paper discussed the state-of-art techniques about secure communication for in-vehicle networks First, the related concepts in automotive secure communication have been provided Then we have compared and contrasted existing approaches for secure communication We have analyzed the advantages/disadvantages of MAC and digital signatures for message authentication and compared the performance and limitations of different cryptographic algorithms Firewall and intrusion detection system are introduced to protect the networks The constraints and features of different intrusion detection approaches are presented After that, the technical requirements for cryptographic mechanism and intrusion detection policy are concluded Based on the review of current researches, the future development directions of the automotive network security have been discussed The purpose of this paper is to review current techniques on automotive secure communication and suggest suitable secure approaches to implement on the in-vehicle networks

Lightweight one-time password authentication scheme based on radio-frequency fingerprinting

Abstract: The energy-constrained devices such as the mobile terminals and nodes of the Internet of Things make lightweight security schemes an urgent need. The traditional identity authentication techniques can provide protection for the user's privacy and information to a certain extent, but they suffer from heavy cost. Non-cryptographic authentication mechanisms based on the physical layer characteristics are new techniques, which have a higher security level. The recognition technique of radio transmitter based on radio-frequency fingerprint ( RFF ) is one of the non-cryptographic authentication techniques. The authors propose a lightweight one-time password (OTP) authentication scheme based on RFF (RFF-OTP), which is a novel cross-layer secure authentication scheme and can provide mutual authentication between the mobile terminal and server, by combining RFF recognition algorithm with a hash encryption algorithm. By theoretical analysis and Syverson and van Oorschot logic verification, they prove that the RFF-OTP scheme is simple, efficient, flexible and independent of trusted-party while it also can resist the cloning attack and satisfy the anonymity compared with the OTP authentication scheme. Besides, it only requires the password to log into the system in the authors' scheme in comparison to the OTP scheme that needs both ID and password for the same purpose.

A Realistic Distributed Conditional Privacy- Preserving Authentication Scheme for Vehicular Ad Hoc Networks

Abstract: Nowadays, the research of tradeoff between reliance on the tamper-proof device (TPD) and storage space in authentication scheme has become an interesting topic for vehicular ad hoc networks (VANETs). Most recently, to minimize the dependencies of TPDs and reduce the storage space, Zhang et al. proposed a conditional privacy-preserving authentication scheme based on a multiple trusted authority one-time identity-based aggregate signature technique. It is more practical than other related schemes due to not depending on ideal TPDs. However, Zhang et al. ’s scheme requires a fully trusted third party to participate in the authentication and member secrets generate phase, which may suffer from security bottleneck. To overcome this weakness, in this paper, we construct a realistic distributed conditional privacy-preserving authentication scheme for VANETs using identity-based cryptography and short lifetime region-based certificate. Comparing with Zhang et al. ’s scheme, the proposed scheme has more security features but does not reduce computation and communication efficiency. The security analysis shows that our scheme is provably secure in the random oracle model.

Quantum-secure message authentication via blind-unforgeability

Abstract: Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of "predicting an unqueried value" when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with 0 divulges the value of the function on an input that starts with 1. We then propose a new definition, which we call "blind-unforgeability" (or BU.) This notion matches "intuitive unpredictability" in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use "partially blinded" oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.

Certificate Based Authentication Mechanism for PMU Communication Networks Based on IEC 61850-90-5

Abstract: Smart grids are becoming increasingly popular thanks to their ability to operate with higher precision and smaller margins. Dynamic operation control in smart grids can be achieved with phasor measurement unit (PMU) based wide area monitoring and control systems. The data communication requirements for the PMU based applications are well addressed in the IEEE C37.118.2 and IEC 61850-90-5 standards. Due to the higher probability of cyberattacks and the scale of their impact, data security is a critical requirement in PMU communication networks. The IEC 61850-90-5 communication standard addresses this security concern and proposes the HMAC (hash based message authentication code) with key distribution center (KDC) scheme for achieving information authentication and integrity. However, these IEC 61850-90-5 security recommendations do not consider the mechanism for attacks such as man-in-the-middle (MITM) attacks during KDC key exchanges. MITM attacks can be easily implemented and may have a large impact on the grid operation. This paper proposed an explicit certificate-based authentication mechanism to mitigate MITM attacks in PMU communication networks. The proposed certificate-based authentication mechanisms were implemented in real-time using Python-based terminals to observe their performance with different signature algorithms.

Keyless Authentication and Authenticated Capacity

Abstract: We consider the problem of keyless message authentication over noisy channels in the presence of an active adversary. Different from the existing models, in our model, the legitimate users do not have any pre-shared key for authentication. Instead, we use the noisy channel connecting the legitimate users for authentication. The main idea is to utilize the noisy channel connecting the legitimate users to distinguish a legitimate message from a fake message, by generating an output at the receiver that is difficult for the adversary to replicate through its noisy channel. By interpreting the message authentication as a hypothesis testing problem, we investigate the authentication exponent and the authenticated channel capacity of the noisy channel. In the authentication exponent problem, for a given message rate, we investigate the speed at which the optimal successful attack probability can be driven to zero. We fully characterize the authentication exponent for the zero-rate message case and provide both an upper bound and a lower bound on the exponent for the non-zero message rate case. In the authenticated capacity problem, we study the largest data transmission rate under which the attacker’s optimal successful attack probability can still be made arbitrarily small. We establish an all or nothing result. In particular, we show that the authenticated channel capacity is the same as the classic channel capacity if a simulatability condition is not satisfied, while the authenticated capacity will be zero if this condition is satisfied. We also provide efficient algorithms to check this condition. We further show that our results are robust to modeling uncertainties about the eavesdropper’s channels.

An Extensive Formal Analysis of Multi-factor Authentication Protocols

Abstract: Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. This motivated the use of additional authentication mechanisms used in so-called multi-factor authentication protocols. In this paper we define a detailed threat model for this kind of protocols: while in classical protocol analysis attackers control the communication network, we take into account that many communications are performed over TLS channels, that computers may be infected by different kinds of malwares, that attackers could perform phishing, and that humans may omit some actions. We formalize this model in the applied pi calculus and perform an extensive analysis and comparison of several widely used protocols — variants of Google 2-step and FIDO’s U2F. The analysis is completely automated, generating systematically all combinations of threat scenarios for each of the protocols and using the P ROVERIF tool for automated protocol analysis. Our analysis highlights weaknesses and strengths of the different protocols, and allows us to suggest several small modifications of the existing protocols which are easy to implement, yet improve their security in several threat scenarios.

Secure Communication of Intelligent Electronic Devices in Digital Substations

Abstract: This paper presents a communication “bump-in-the-wire” Security Filter device connected between the digital relays and the IEC 61850 communication buses to secure digital substation communications. Security Filter authenticates and verifies the designated Ethernet packets transmitted between protection and control devices by appending a message authentication code based on symmetric cryptography, which is compliant with the new mechanisms described in IEC 61850 and suitable for embedded system implementation. A prototype development and testing on a low cost commodity embedded system has proved that Security Filter can fully protect digital substation communication against replay attacks with time delays within the range of the most stringent IEC 61580 performance class requirements. The paper also presents multimode Security Filter operation design, which provides a practical interoperable way to upgrade and secure legacy substations with minimal modification or interruption to the existing systems.

Interactive surgical systems with encrypted communication capabilities

Abstract: A surgical hub is configured to transmit generator data associated with a surgical procedure from a generator of the surgical hub to a cloud-based system. The surgical hub comprises a processor and a memory storing instructions executable by the processor to: receive generator data; encrypt the generator data; generate a message authentication code based on the generator data; generate a datagram comprising: the encrypted generator data, the generated message authentication code, a source identifier and a destination identifier; and transmit the datagram to the cloud-based system. The datagram allows for the cloud-based system to: decrypt the encrypted generator data; verify the integrity of the generator data based on the message authentication code; authenticate the surgical hub as the source of the datagram; and validate a transmission path followed by the datagram between the surgical hub and the cloud based system.

A Lightweight Protocol for Secure Video Streaming

Abstract: The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing “Fog Node-End Device” layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Channel Precoding Based Message Authentication in Wireless Networks: Challenges and Solutions

Abstract: Due to the broadcast characteristic of the wireless medium, message impersonation and substitution attacks can possibly be launched by an adversary with low cost in wireless communication networks. As an ingenious solution, physical layer based message authentication can achieve perfect security by leveraging channel precoding techniques to meet high level security requirements. In this article, we focus on channel-precoding- based message authentication (CPC-based authentication) over a binary-input wiretap channel (BIWC). Specifically, message authentication with physical layer techniques is first reviewed. Then, a CPC-based authentication framework and its security requirements are presented. Based on the proposed framework, an authentication scheme with polar codes over a binary symmetric wiretap channel (BSWC) is developed. Moreover, a case study is provided as an example of message authentication with polar codes over BSWC. Finally, open research topics essential to CPC-based authentication are discussed.

Resilient End-to-End Message Protection for Cyber-Physical System Communications

Abstract: Cyber-physical system (CPS) communications for safely and effectively operating a mission-critical infrastructure must be securely protected to prevent the infrastructure from becoming vulnerable. The protection scheme used must be resilient and light-weighted for CPS field devices having constrained computing and communicating resources, and also scalable for control servers associating with a large number of the field devices. In addition, CPS applications such as smart metering require end-to-end privacy protection. However, as shown in this paper, none of conventional security schemes comprehensively meets the above requirements; group security schemes scale well for a massive number of devices but are weak in terms of privacy protection and resilience; point-to-point security schemes such as IPsec inherently have resilience but are limited to address scalability and thinness requirements. Motivated by the limitations of conventional security schemes, we design new group security scheme, resilient end-to-end message protection (REMP), exploiting the following notions: long-term keys per-node that are given by REMP authentication server, encryption keys per message sent that are probabilistically derived from a long-term key, and end-to-end authenticators per message sent that consist of a message sender’s identity and a message authentication code. Compared with conventional group security schemes, we improve end-to-end security strength in terms of confidentiality, integrity, message source authentication, and key exposure resilience, while preserving scalability and extensibility.

Message Authentication Based on Cryptographically Secure CRC without Polynomial Irreducibility Test

Abstract: In this paper, we present a message authentication scheme based on cryptographically secure cyclic redundancy check (CRC). Similarly to previously proposed cryptographically secure CRCs, the presented one detects both random and malicious errors without increasing bandwidth. The main difference from previous approaches is that we use random instead of irreducible generator polynomials. This eliminates the need for irreducibility tests. We provide a detailed quantitative analysis of the achieved security as a function of message and CRC sizes. The results show that the presented scheme is particularly suitable for the authentication of short messages.

Recommendation for Key-Derivation Methods in Key-Establishment Schemes

Abstract: This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key-establishment scheme defined in NIST Special Publications 800-56A or 800-56B.

Two-Factor Authentication with End-to-End Password Security

Abstract: We present a secure two-factor authentication (TFA) scheme based on the possession by the user of a password and a crypto-capable device. Security is “end-to-end” in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users’ passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-Enhanced PAKE, defined by Jarecki et al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation the modular, generic construction we give is not PAKE-agnostic because it doesn’t even use PAKE, but the instantiation of this scheme which instantiates DE-PAKE with PTR+PAKE is PAKE-agnostic as you say of this modular construction which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model.

Securing IoT Monitoring Device using PUF and Physical Layer Authentication

Abstract: IoT is rapidly becoming a reality. Forecasts predict more than 20 billion connected devices in 2020. These devices bring many benefits, but securing them in IoT environment can be a quandary. With the advent of technology, it is very easy for an adversary to clone a device and replace it, or tamper the data. In the context of wireless communications in IoT, the definition of message authentication should be extended to include verification of the device along with the integrity of the message it produced. In this paper we propose a device- and data-dependent physical layer authentication scheme by using a device-specific, dynamically variable key to generate a data-dependent tag. This tag is embedded in the data transmission using an information hiding scheme to reliably extract it at the receiver, and without compromising the performance of the underlying wireless communication system. Simulation results show that our scheme can achieve high authentication rate while rejecting the tampered transmissions in typical noisy communication channel.

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security

Abstract: Assuring integrity of information (e.g., data and/or software) is usually accomplished by cryptographic means, such as hash functions or message authentication codes (MACs). Computing such integrity-ensuring functions can be time-consuming if the amount of input data is large and/or the computing platform is weak. At the same time, in real-time or safety-critical settings, it is often impractical or even undesirable to guarantee atomicity of computing a time-consuming integrity-ensuring function. Meanwhile, standard correctness and security definitions of such functions assume that input data (regardless of its size) remains consistent throughout computation. However, temporal consistency may be lost if another process interrupts execution of an integrity-ensuring function and modifies portions of input that either or both: (1) were already processed, or (2) were not processed yet. Lack of temporal consistency might yield an integrity result that is non-sensical or simply incorrect. Such subtleties and discrepancies between (implicit) assumptions in definitions and implementations can be a source of inconsistenceies, which might lead to vulnerabilities. In this paper, we systematically explore the notion of temporal consistency of cryptographic integrity-ensuring functions. We show that its lack in implementations of such functions can lead to inconsistent results and security violations in protocols and systems using them, e.g., remote attestation, remote updates and secure resets. We consider several mechanisms that guarantee temporal consistency of implementations of integrity-ensuring functions in embedded systems with a focus on remote attestation. We also assess performance of proposed mechanisms on two commodity hardware platforms: I.MX6-SabreLite and ODROID-XU4.

Non-adaptive Group-Testing Aggregate MAC Scheme

Abstract: This paper applies non-adaptive group testing to aggregate message authentication code (MAC) and introduces non-adaptive group-testing aggregate MAC. After formalization of its syntax and security requirements, simple and generic construction is presented, which can be applied to any aggregate MAC scheme formalized by Katz and Lindell in 2008. Then, two instantiations of the construction is presented. One is based on the aggregate MAC scheme by Katz and Lindell and uses addition for tag aggregate. The other uses cryptographic hashing for tag aggregate. Provable security of the generic construction and two instantiations are also discussed.