nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

19.03.2020

A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks

verfasst von: Amir Hassani Karbasi, Siyamak Shahpasand

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 5/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Ethereum is a public, open-source, decentralized, and peer-to-peer blockchain-based computing network which is involving to the usefulness of smart contract. It gives a distributed Turing-complete virtual machine in which some codes can be executed by utilizing a worldwide and public network of nodes. The compelled certificate creation and Man-In-The-Middle (MITM) attacks are two major attacks on End-to-End Encryption (EEE) and SSL/TLS. A portion of the real attacks on end-to-end encryption and SSL/TLS is IP/ARP poisoning and the phishing attack. MITM attack makes the client difficult to understand, whether they are associated with a unique verified and secured connection or not. Since the certificate and public-key that is being passed during the connection setup is unreliable and insecure, the attacker can undoubtedly change the data in the certificate and leaves the endorsement of the certificate and public-key to the client. The purpose of this paper is to present a solution of providing the legitimacy and authenticity of freely shared and published online digital data, e.g., digital certificates, cryptographic keys, and common reference strings such as shared passwords using a mix of recently developed innovations which primary include blockchain, smart contract, InterPlanetary File System (IPFS), and quantum-resistant Password-based Authenticated Key Exchange (PAKE) protocol over rings and ideal lattices. Ethereum smart contract is utilized to manage, surveil, and give detectability and visibility into the history of digital data from its beginning to the most recent variant, in a way that it is decentralized and internationally accessed with high integrity, resiliency, and transparency, that we should thank to the immutability and irreversibility of the blockchain. The full code of our smart contract is given, with a discourse on the execution and testing of its key functionalities.

Vorheriger Artikel RPRTD: Routing protocol based on remaining time to encounter nodes with destination node in delay tolerant network using artificial neural network

Nächster Artikel A realized on-demand cross-layer connection strategy for wireless self-organization link based on WLAN

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Zimmermann PR (1995) The official PGP User’s Guide., MIT Press, Cambridge

OpenSSL. http://www.openssl.org

Karbasi AH, Atani RE, Atani SE (2019) A new ring-based SPHF and PAKE protocol on ideal lattices. ISC Int J Inf Secur (ISeCure) 11(1):75–86

Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: 41st ACM STOC. ACM Press, Bethesda, pp 169–178

Lyubashevsky V, Peikert C, Regev O (2013) On ideal lattices and learning with errors over rings. J ACM 60(6):43:1–43:35MathSciNetCrossRef

Lyubashevsky V, Peikert C, Regev O (2013) A toolkit for ring-LWE cryptography. In: Johansson T, Nguyen PQ (eds) Eurocrypt 2013, Vol. 7881 of LNCS. Springer, pp 35–54

Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Eurocrypt. Springer Press, Amsterdam, pp 45–64

Gennaro R, Lindell Y (2003) A framework for password-based authenticated key exchange. In: Eurocrypt. Springer Press, Warsaw, pp 524–543

Abdalla M, Chevalier C, Pointcheval D (2009) Smooth projective hashing for conditionally extractable commitments. In: CRYPTO. Springer Press, Santa Barbara, pp 671–689

10.

Blazy O, Pointcheval D, Vergnaud D (2012) Round-optimal privacy-preserving protocols with smooth projective hash functions. In: TCC. Springer Press, Taormina, pp 94–111

11.

Katz J, Ostrovsky R, Yung M (2001) Efficient password-authenticated key exchange using human-memorable passwords. In: Eurocrypt. Springer Press, Innsbruck, pp 475–494

12.

Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Eurocrypt. Springer press, Bruges, pp 139–155

13.

SPEKE: RFC5931, RFC6617, IEEE P1363.2, U.S. Patent 6,226,383

14.

J-PAKE Implemented in OpenSSL, NSS, used by FIREFOX-SYNC. https://wiki.mozilla.org/Services/KeyExchange

15.

Gong L, Lomas TMA, Needham RM, Saltzer JH (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Area Comm 11(5):648–656CrossRef

16.

Halevi S, cryptography H. Krawczyk. (1999) Public-key cryptography and password protocols. ACM Trans Inf Syst Secur 2(3):230–268CrossRef

17.

Bellovin SM, Merritt M (1992) Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: IEEE Symposium on security and privacy. IEEE Press, pp 72–84

18.

MacKenzie PD, Patel S, Swaminathan R (2000) Password-authenticated key exchange based on RSA. In: Asiacrypt. Springer Press, pp 599–613

19.

Goldreich O, Lindell Y (2006) Session-key generation using human passwords only. J Cryptol 19(3):241–340MathSciNetCrossRef

20.

Boyko V, MacKenzie PD, Patel S (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. In: Eurocrypt. Springer Press, pp 156–171

21.

Nguyen MH, Vadhan S (2008) Simpler session-key generation from short random passwords. J Cryptol 21 (1):52–96MathSciNetCrossRef

22.

Benhamouda F, Blazy O, Chevalier C, Pointcheval D, Vergnaud D (2013) New techniques for SPHFs and efficient one-round PAKE protocols. In: Crypto. Springer Press, Santa Barbara, pp 449–475

23.

Gennaro R (2008) Faster and shorter passwordauthenticated key exchange. In: TCC. Springer Press, pp 589–606

24.

Katz J, MacKenzie PD, Taban G, Gligor VD (2005) Two-server password-only authenticated key exchange. In: 3Rd international conference on applied cryptography and network security (ACNS). Springer Press, pp 1–16

25.

Canetti R, Halevi S, Katz J, Lindell Y, MacKenzie PD (2005) Universally composable password-based key exchange. In: Eurocrypt. Springer Press, pp 404–421

26.

Gennaro R (2006) Y. Lindell. A framework for password-based authenticated key exchange. ACM Trans Inf Syst Secur 9(2):181–234CrossRef

27.

Jiang S, Gong G (2004) Password based key exchange with mutual authentication. In: 11Th annual international workshop on selected areas in cryptography (SAC). Springer Press, pp 267– 279

28.

Katz J, Vaikuntanathan V (2009) Smooth projective hashing and password-based authenticated key exchange from lattices. In: Asiacrypt. Springer Press, Tokyo, pp 636–652

29.

Rivest RL, Shamir A, Adleman LM (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126MathSciNetCrossRef

30.

Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inf Theory, IT- 22(6):644–654MathSciNetCrossRef

31.

Zhang J, Zhang Z, Ding J, Snook M, Dagdelen O (2015) Authenticated key exchange from ideal lattices. In: Oswald E., Fischlin M (eds) Eurocrypt 2015. LNCS, vol 9057. Springer, Berlin, pp 719–751

32.

Ding J, Alsayigh S, Lancrenon J (2017) Provably secure password authenticated key exchange based on RLWE for the Post-Quantum world. CT-RSA, pp 183–204

33.

Benhamouda F, Blazy O, Ducas L, Quach W (2018) Hash proof systems over lattices revisited. Public-Key Cryptography (PKC), pp 644–674

34.

Travers J, Milgram S (1967) The small world problem. In: Phychology today 1, pp 61–67

35.

Penning HP Analysis of the strong set in the PGP web of trust. https://pgp.cs.uu.nl/plot/ (visited on 02/16/2019)

36.

Pors M Understanding the IPFS White Paper part 2. url=https://decentralized.blog/ understanding-the-ipfs-white-paper-part-2.html. (visited on 02/16/2019)

37.

Nakamoto S Bitcoin: a peer-to-peer electronic cash system. White paper

38.

Opara EU, Soluade OA (2015) Straddling the next cyber frontier: the empirical analysis on network security, exploits, and vulnerabilities. Int J Electron Inf Eng 3(1):10–18

39.

Singh J (2014) Cyber-attacks in cloud computing: a case study. Int J Electron Inf Eng 1(2):78–87

40.

Garay J, Kiayias A, Leonardos N (2015) The bitcoin backbone protocol: analysis and applications. Springer, Berlin, pp 281–310MATH

41.

Gervais A, Karame GO, Capkun V, Capkun S (2014) Is bitcoin a decentralized currency? IEEE Secur Privacy 12:54–60CrossRef

42.

Buterin V, et al. (2013) Ethereum white paper

43.

Wood G (2014) Ethereum: a secure decentralised generalised transaction ledger. In: Ethereum project yellow paper 151

44.

Solidity Language. https://solidity.readthedocs.io/en/develop/ (visited on 02/18/2019)

45.

Remix-Solidity IDE. https://remix.readthedocs.io/en/latest/(visitedon02/18/2019)

46.

Serpent Language. https://github.com/ethereum/wiki/wiki/ Serpent (visited on 02/18/2019)

47.

Schneier B (2007) Applied cryptography: protocols, algorithms, and source code in C. Wiley, New YorkMATH

48.

McKinley HL (2003) SSL And TLS: a beginners guide SANS institute

49.

Huawei Z, Ruixia L (2009) A scheme to improve security of SSL. In: Proceedings of the Pacific-Asia Conference on Circuits, Communications and System, (PACCS’ 09)

50.

Stevens M, Sotirov A, Appelbaum J, Lenstra A, Molnar D, Osvik DA, Weger B (2009) Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology. Springer, Berlin, pp 55–69

51.

Kaminsky D, Patterson ML, Sassaman L (2010) PKI Layer cake: new collision attacks against the global x.509 infrastructure. In: Proceedings of Financial Cryptography and Data Security - 14th International Conference (FC 2010)

52.

Sotirov A, Zusman M. Breaking the Security Myths of Extended Validation SSL Certificates. BlackHat USA, 2009. www.blackhat.com/presentations/bhusa-09/SOTIROV/BHUSA09-SotirovAttackExtSSL-SLIDES.pdf (visited on 02/23/2019)

53.

Marlinspike M. More Tricks for Defeating SSL in Practice. BlackHat USA, 2009. www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-MarlinspikeDefeatSSL-SLIDES.pdf (visited on 02/23/2019)

54.

Ray M, Dispensa S. Renegotiating TLS. 2009. https://kryptera.se/Renegotiating%20TLS.pdf (visited on 02/23/2019).

55.

Schechter SE, Dhamija R, Ozment A, Fischer I (2007) The emperor’s new security indicators. In: SP ’07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp 51–65, Washington, DC, USA

56.

Marlinspike M. sslsniff, 2009. https://moxie.org/software/sslsniff/ (visited on 02/23/2019)

57.

Marlinspike M. sslsniff, 2009. https://moxie.org/software/sslstrip/ (visited on 02/23/2019)

58.

Lee Y, Hur S, Won D, Kim S (2009) Cipher suite setting problem of SSL protocol and it’s solutions. In: Proceedings of the International Conference on Advanced Information Networking and Applications Workshops, (WAINA ’09)

59.

Christopher S, Stamm S (2011) Certified lies: Detecting and defeating government interception attacks against SSL (short paper). International Conference on Financial Cryptography and Data Security. Springer, Berlin

60.

Wagner R, Bryner J (2006) Address resolution protocol spoofing and MITM attacks SANS institute

61.

Joshi Y, Das D, Saha S (2009) Mitigating man in the middle attack over secure sockets layer. In: Proceedings of the International Conference on Internet Multimedia Services Architecture and Applications, (IMSAA ’09)

62.

Cheng K, Gao M, Guo R (2010) Analysis and research on HTTPS hijacking attacks. In: Proceedings of the Second International Conference Networks Security Wireless Communications and Trusted Computing, (NSWCTC ’10)

63.

Jiang D, Xinghui L, Hua H. (2011) A Study of Man-in-the-Middle Attack Based on SSL Certificate Interaction. In: Proceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control, (IMCCC ’11)

Titel: A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks
verfasst von: Amir Hassani Karbasi
Siyamak Shahpasand
Publikationsdatum: 19.03.2020
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 5/2020
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-020-00901-w

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2020

A system for real-time intervention in negative emotional contagion in a smart classroom deployed under edge computing service infrastructure

RPRTD: Routing protocol based on remaining time to encounter nodes with destination node in delay tolerant network using artificial neural network

An energy aware clustering and data gathering technique based on nature inspired optimization in WSNs

RAIAP: renewable authentication on isolated anonymous profiles

Revenue-optimal task scheduling and resource management for IoT batch jobs in mobile edge computing

Power control of D2D communication based on quality of service assurance under imperfect channel information