Skip to main content
main-content

Über dieses Buch

This book constitutes the thoroughly refereed post-conference proceedings of the 10th International Conference on Information Security and Cryptology, Inscrypt 2014, held in Beijing, China, in December 2014. The 29 revised full papers presented were carefully reviewed and selected from 93 submissions. The papers are organized in topical sections on privacy and anonymity, multiparty and outsource computation, signature and security protocols, lattice and public key cryptography, block cipher and hash function, authentication and encryption, elliptic curve, and cryptographic primitive and application.

Inhaltsverzeichnis

Frontmatter

Privacy and Anonymity

Frontmatter

An Efficient Privacy-Preserving E-coupon System

Abstract
Previous work on electronic coupon (e-coupon) systems mainly focused on security properties such as unforgeability, double-redemption detection, and anonymity/unlinkability. However, achieving both traceability against dishonest users and anonymity for honest users without involving any third party is an open problem that has not been solved by the previous work. Another desirable feature of an e-coupon system that has not been studied in the literature is user privacy, which means the shop cannot identify the good (among all the choices specified in the coupon) that has been chosen by the customer during the redemption process. In this paper, we present a novel e-coupon system that can achieve all these desirable properties. We define the formal security models for these new security requirements, and show that our new e-coupon system is proven secure in the proposed models.
Weiwei Liu, Yi Mu, Guomin Yang

Spatial Bloom Filters: Enabling Privacy in Location-Aware Applications

Abstract
The wide availability of inexpensive positioning systems made it possible to embed them into smartphones and other personal devices. This marked the beginning of location-aware applications, where users request personalized services based on their geographic position. The location of a user is, however, highly sensitive information: the user’s privacy can be preserved if only the minimum amount of information needed to provide the service is disclosed at any time. While some applications, such as navigation systems, are based on the users’ movements and therefore require constant tracking, others only require knowledge of the user’s position in relation to a set of points or areas of interest. In this paper we focus on the latter kind of services, where location information is essentially used to determine membership in one or more geographic sets. We address this problem using Bloom Filters (BF), a compact data structure for representing sets. In particular, we present an extension of the original Bloom filter idea: the Spatial Bloom Filter (SBF). SBF’s are designed to manage spatial and geographical information in a space efficient way, and are well-suited for enabling privacy in location-aware applications. We show this by providing two multi-party protocols for privacy-preserving computation of location information, based on the known homomorphic properties of public key encryption schemes. The protocols keep the user’s exact position private, but allow the provider of the service to learn when the user is close to specific points of interest, or inside predefined areas. At the same time, the points and areas of interest remain oblivious to the user.
Paolo Palmieri, Luca Calderoni, Dario Maio

Security of Direct Anonymous Authentication Using TPM 2.0 Signature

A Possible Implementation Flaw
Abstract
Direct Anonymous Attestation (DAA) is a digital signature scheme designed for anonymous authentication. A major application of DAA is privacy-preserving remote authentication of a trusted platform module (\(\mathsf{TPM}\)). The private key used by DAA is stored within the \(\mathsf{TPM}\). The resource of \(\mathsf{TPM}\) is limited, thus \(\mathsf{TPM}\) devices usually implement only necessary secret-related algorithms and only store sensitive data. Recently, in CCS 2013, Chen and Li proposed the notion of \(\mathsf{TPM}\) 2.0 signature, which implements a simple yet generic algorithm taking the private key as an input, for a wide range of higher applications such as DAA and others (e.g., Schnorr’s signature, U-Prove). However, the reuse of the same \(\mathsf{TPM}\) algorithm and private key for multiple purposes may introduce vulnerability, even within the same context of DAA. In particular, there are two situations in which the DAA scheme uses the same signature scheme and private key, namely, signing or authentication, and joining the system (for proving the knowledge of the private key to the issuer of the DAA credential). In this paper, we analyzed the current security model of DAA schemes with this in mind, identified the weakness and the corresponding implementation flaw which leads to insecurity, and suggested a fix. Our study provides more comprehensive security analysis for DAA which suggests a prudent practice of DAA implementation.
Tao Zhang, Sherman S. M. Chow

Multiparty and Outsource Computation

Frontmatter

Revocation in Publicly Verifiable Outsourced Computation

Abstract
The combination of software-as-a-service and the increasing use of mobile devices gives rise to a considerable difference in computational power between servers and clients. Thus, there is a desire for clients to outsource the evaluation of complex functions to an external server. Servers providing such a service may be rewarded per computation, and as such have an incentive to cheat by returning garbage rather than devoting resources and time to compute a valid result.
In this work, we introduce the notion of Revocable Publicly Verifiable Computation (RPVC), where a cheating server is revoked and may not perform future computations (thus incurring a financial penalty). We introduce a Key Distribution Center (KDC) to efficiently handle the generation and distribution of the keys required to support RPVC. The KDC is an authority over entities in the system and enables revocation. We also introduce a notion of blind verification such that results are verifiable (and hence servers can be rewarded or punished) without learning the value. We present a rigorous definitional framework, define a number of new security models and present a construction of such a scheme built upon Key-Policy Attribute-based Encryption.
James Alderman, Christian Janson, Carlos Cid, Jason Crampton

Private Aggregation with Custom Collusion Tolerance

Abstract
While multiparty computations are becoming more and more efficient, their performance has not yet reached the required level for wide adoption. Nevertheless, many applications need this functionality, while others need it for simpler computations; operations such as multiplication or addition might be sufficient. In this work we extend the well-known multiparty computation protocol (MPC) for summation of Kurswave et al. More precisely, we introduce two extensions of the protocol one which bases its security on the Decisional Diffie-Hellman hypothesis and does not use pairings, and one that significantly reduces the pairings of the original. Both protocols are proven secure in the semi-honest model. Like the original, the protocols are entirely broadcast-based and self-bootstrapping, but provide a significant performance boost, allowing them to be adopted by devices with low processing power and can also be extended naturally to achieve \(t\)-privacy in the malicious model, while remaining practical. Finally, the protocols can further improve their performance if users decide to decrease their collusion tolerance.
Constantinos Patsakis, Michael Clear, Paul Laird

Signature and Security Protocols

Frontmatter

Ring Signatures of Constant Size Without Random Oracles

Abstract
Ring signatures allow a signer to anonymously sign on behalf of a group of users, the so-called ring; the only condition is that the signer is a member of the ring. At PKC 2007, Shacham and Waters left an open problem, “obtain a ring signature secure without random oracles and its signature size is independent of the number of signers implicated in the ring”, which has not been solved yet. In this paper, by using a powerful tool, indistinguishability obfuscator (\(\mathsf i \mathcal {O}\)), we construct a constant size ring signature scheme without random oracles and thus answer Shacham et al.’s open problem. Furthermore, we construct an identity-based ring signature scheme which also has constant signature size in the standard model. However, we stress that due to the low efficiency of the existing \(\mathsf i \mathcal {O}\) candidates, we mainly focus on the existence of the constant size ring signature schemes without random oracles, but do not care about their practicability. A shortcoming of our approach is that the ring unforgeability merely is selective but not adaptive.
Fei Tang, Hongda Li

Universally Composable Identity Based Adaptive Oblivious Transfer with Access Control

Abstract
We propose the first identity based adaptive oblivious transfer protocol with access control (IBAOT-AC) secure in universal composable (UC) framework. The IBAOT-AC is run between multiple senders, multiple receivers and an issuer. Each sender incorporates its identity and access policies associated with the messages in the generation of ciphertext database. Receivers whose attribute sets satisfy the access policy associated with the message and who interact with a sender generating the corresponding ciphertext can only recover the message. The scheme supports access policy in disjunctive form, thereby, realizes disjunction of attributes. The proposed scheme is UC secure in the presence of malicious adversary under \(q\)-Strong Diffie-Hellman (SDH), Decision Bilinear Diffie-Hellman (DBDH), \(q\)-Decision Bilinear Diffie-Hellman Exponent (DBDHE) and Decision Linear (DLIN) assumptions. The scheme outperforms the existing similar schemes in terms of both communication and computation.
Vandana Guleria, Ratna Dutta

Three-Round Public-Coin Bounded-Auxiliary-Input Zero-Knowledge Arguments of Knowledge

Abstract
This paper investigates the exact round complexity of public-coin (bounded-auxiliary-input) zero-knowledge arguments of knowledge (ZKAOK). It is well-known that Barak’s non-black-box ZK [FOCS 01], which can be adapted to a ZKAOK, is the first one achieving constant-round, public-coin and strict-polynomial-time simulation properties, and admitting a 6-round implementation shown by Ostrovsky and Visconti [ECCC 12]. This achieves the best exact round complexity for public-coin ZKAOK ever known, to the best of our knowledge. As for a specific case of bounded-auxiliary-input verifiers, i.e. the auxiliary inputs are of bounded-size, no previous works explicitly considered to improve the general result on the exact round number of public-coin ZKAOK in this case. It is also noticeable that when ignoring the argument of knowledge property, Barak et al. [JCSS 06] showed based on two-round public-coin universal arguments which admit a candidate construction of the two-round variant of Micali’s CS-proof, there exists a two-round public-coin plain/bounded-auxiliary-input ZK argument.
So an interesting question in ZKAOK is how to improve the exact round complexity of public-coin ZKAOK in both the general and the above specific cases. This paper provides an improvement for the specific case. That is, we show that also based on two-round public-coin universal arguments, there exists a 3-round public-coin bounded-auxiliary-input ZKAOK for \(\mathbf {NP}\) which admits a strict-polynomial-time non-black-box simulator and an expected-polynomial-time extractor.
Ning Ding

A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC

Abstract
Attacks on unsecured systems result in important loses. Many of the causes are related to non-conformance of system architecture and implementation to the requirements. To reduce these conformity problems, Model Driven Engineering proposes using modelling languages for defining requirements and architecture and model transformations between them. We therefore introduce a modelling language extension/ profile for defining system requirements with basic security requirement concepts. We also formalize the model transformation between this profile and a security formal verification method. We exemplify our approach on a medical case study.
Denisse Muñante Arzapalo, Vanea Chiprianov, Laurent Gallon, Philippe Aniorté

Optimal Proximity Proofs

Abstract
Provably secure distance-bounding is a rising subject, yet an unsettled one; indeed, very few distance-bounding protocols, with formal security proofs, have been proposed. In fact, so far only two protocols, namely SKI (by Boureanu et al.) and FO (by Fischlin and Onete), offer all-encompassing security guaranties, i.e., resistance to distance-fraud, mafia-fraud, and terrorist-fraud. Matters like security, alongside with soundness, or added tolerance to noise do not always coexist in the (new) distance-bounding designs. Moreover, as we will show in this paper, efficiency and simultaneous protection against all frauds seem to be rather conflicting matters, leading to proposed solutions which were/are sub-optimal. In fact, in this recent quest for provable security, efficiency has been left in the shadow. Notably, the tradeoffs between the security and efficiency have not been studied. In this paper, we will address these limitations, setting the “security vs. efficiency” record straight.
Concretely, by combining ideas from SKI and FO, we propose symmetric protocols that are efficient, noise-tolerant and—at the same time—provably secure against all known frauds. Indeed, our new distance-bounding solutions outperform the two aforementioned provably secure distance-bounding protocols. For instance, with a noise level of \(5\,\%\), we obtain the same level of security as those of the pre-existent protocols, but we reduce the number of rounds needed from 181 to 54.
Ioana Boureanu, Serge Vaudenay

Lattice and Public Key Cryptography

Frontmatter

Simpler CCA-Secure Public Key Encryption from Lossy Trapdoor Functions

Abstract
In STOC’08, Peikert and Waters presented a black-box construction of CCA-secure public key encryption (PKE) scheme from lossy trapdoor functions (LTDFs) [20], and they mentioned in the paper that their construction is a hybrid of Naor-Yung [18] and Canetti-Halevi-Katz [5], since the twin encryption technique and a strongly one-time signature are simultaneously used. It is well-known that a one-time signature brings either large ciphertext overhead if built from general assumptions like one-way functions, or additional computation cost during key generation/signing if built from number theoretic assumptions.
In this paper, we demonstrate that one can actually remove the one-time signature from the PW-scheme, and the resulting KEM can also be proved CCA-secure. However, the resulting KEM is not good enough, in particular, applying the known parameters choices of [20], one obtains a session key with length only sub-linear to the security parameter, thus not a suitable key for subsequent cryptographic tasks. We then to further into the analysis and manage to instantiate our KEM with standard assumptions to obtain a valid key.
Bei Liang, Rui Zhang, Hongda Li

Attacking RSA with a Composed Decryption Exponent Using Unravelled Linearization

Abstract
Recently, Nitaj and Douh presented a new attack on RSA with a composed decryption exponent. To be specific, they assumed that the decryption exponent in RSA is of the form \(d=Md_1+d_0\) where \(M\) is a known positive integer and \(d_0\) and \(d_1\) are two suitably small unknown integers. They gave a lattice-based decryption exponent recovery attack on this kind of RSA when the exponent \(d\) is under a larger bound than the well-known one \(N^{0.292}\) given by Boneh and Durfee. In this paper, we reconsider the same problem and present a new attack by using the unravelled linearization technique proposed by Herrmann and May at Asiacrypt 2009. Our result is theoretically better than that of Nitaj and Douh and more importantly, is more efficient in terms of the dimension of lattice involved in the attack.
Zhangjie Huang, Lei Hu, Jun Xu

Fully Homomorphic Encryption with Auxiliary Inputs

Abstract
In this paper, we propose the first (leveled) fully homomorphic encryption (FHE) that remains secure even when the attacker is equipped with auxiliary inputs – any computationally hard-to-invert function of the secret key. It is more general than the tolerance of Berkoff and Liu’s leakage resilient fully homomorphic encryption, in which the leakage is bounded by an a priori number of bits of the secret key. Specifically, we first compile the dual of Regev’s public-key encryption scheme proposed by Gentry, Peikert and Vaikuntanathan in 2008 into a fully homomorphic encryption using Gentry, Sahai and Waters’ approximate eigenvector method. We then show that it is CPA (chosen-plaintext-attack) secure in the presence of hard-to-invert auxiliary inputs, assuming the hardness of learning with errors (LWE) problem.
Fuqun Wang, Kunpeng Wang

Trapdoors for Ideal Lattices with Applications

Abstract
There is a lack of more complicated ideal-lattice-based cryptosystems which require the use of lattice trapdoors, for the reason that currently known trapdoors are either only applicable to general lattices or not well-studied in the ring setting. To facilitate the development of such cryptosystems, we extend the notion of lattice trapdoors of Micciancio and Peikert (Eurocrypt ’12) into the ring setting with careful justification. As a demonstration, we use the new trapdoor to construct a new hierarchical identity-based encryption scheme, which allows us to construct public-key encryption with chosen-ciphertext security, signatures, and public-key searchable encryption.
Russell W. F. Lai, Henry K. F. Cheung, Sherman S. M. Chow

Block Cipher and Hash Function

Frontmatter

Speeding Up the Search Algorithm for the Best Differential and Best Linear Trails

Abstract
For judging the resistance of a block cipher to differential cryptanalysis or linear cryptanalysis it is necessary to establish an upper bound on the probability of the best differential or the bias of the best linear approximation. However, getting a tight upper bound is not a trivial problem. We attempt it by searching for the best differential and the best linear trails, which is a challenging task in itself. Based on some previous works, new strategies are proposed to speed up the search algorithm, which are called starting from the narrowest point, concretizing and grouping search patterns, and trialling in minimal changes order strategies. The efficiency of the resulting improved algorithms allows us to state that the probability (bias) of the best 4-round differential (linear) trail in NOEKEON is \(2^{-51}\) (\(2^{-25}\)) and the probability (bias) of the best 10-round (11-round) differential (linear) trail is at most \(2^{-131}\) (\(2^{-71}\)). For SPONGENT, the best differential trails for certain number of rounds in the permutation functions with width \(b\in \{88, 136, 176, 240\}\) are found. That allows us to update some results presented by its designers.
Zhenzhen Bao, Wentao Zhang, Dongdai Lin

The Boomerang Attacks on BLAKE and BLAKE2

Abstract
In this paper, we study the security margins of hash functions BLAKE and BLAKE2 against the boomerang attack. We launch boomerang attacks on all four members of BLAKE and BLAKE2, and compare their complexities. We propose 8.5-round boomerang attacks on both BLAKE-512 and BLAKE2b with complexities \(2^{464}\) and \(2^{474}\) respectively. We also propose 8-round attacks on BLAKE-256 with complexity \(2^{198}\) and 7.5-round attacks on BLAKE2s with complexity \(2^{184}\). We verify the correctness of our analysis by giving practical 6.5-round Type I boomerang quartets for each member of BLAKE and BLAKE2. According to our analysis, some tweaks introduced by BLAKE2 have increased its resistance against boomerang attacks to a certain extent. But on the whole, BLAKE still has higher a secure margin than BLAKE2.
Yonglin Hao

Second Preimage Analysis of Whirlwind

Abstract
Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of the Whirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity of \(2^{385}\) and memory complexity of \(2^{128}\). We also employ a guess and determine approach to extend the attack to 6 rounds with time and memory complexities of \(2^{496}\) and \(2^{112}\), respectively. Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of \(2^{449}\) and \(2^{505}\) and memory complexity of \(2^{128}\) and \(2^{112}\), respectively.
Riham AlTawy, Amr M. Youssef

Boomerang Attack on Step-Reduced SHA-512

Abstract
SHA-2 (SHA-224, SHA-256, SHA-384 and SHA-512) is hash function family issued by the National Institute of Standards and Technology (NIST) in 2002 and is widely used all over the world. In this work, we analyze the security of SHA-512 with respect to boomerang attack. Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of \(2^{51}\). A practical example of the distinguisher for 48-step SHA-512 is also given. As far as we know, it is the best practical attack on step-reduced SHA-512.
Hongbo Yu, Dongxia Bai

Collision Attack on 4-Branch, Type-2 GFN Based Hash Functions Using Sliced Biclique Cryptanalysis Technique

Abstract
In this work, we apply the sliced biclique cryptanalysis technique to show 8-round collision attack on a hash function \(H\) based on 4-branch, Type-2 Generalized Feistel Network (Type-2 GFN). This attack is generic and works on 4-branch, Type-2 GFN with any parameters including the block size, type of round function, the number of S-boxes in each round and the number of SP layers inside the round function. We first construct a 8-round distinguisher on 4-branch, Type-2 GFN and then use this distinguisher to launch 8-round collision attack on compression functions based on Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) modes. The complexity of the attack on 128-bit compression function is \(2^{56}\). The attack can be directly translated to collision attack on MP and MMO based hash functions and pseudo-collision attack on Davies-Meyer (DM) based hash functions. When the round function \(F\) is instantiated with double SP layer, we show the first 8 round collision attack on 4-branch, Type-2 GFN with double SP layer based compression function. The previous best attack on this structure was a 6-round near collision attack shown by Sasaki at Indocrypt’12. His attack cannot be used to generate full collisions on 6-rounds and hence our result can be regarded the best so far in literature on this structure.
Megha Agrawal, Donghoon Chang, Mohona Ghosh, Somitra Kumar Sanadhya

Rig: A Simple, Secure and Flexible Design for Password Hashing

Abstract
Password Hashing, a technique commonly implemented by a server to protect passwords of clients, by performing a one-way transformation on the password, turning it into another string called the hashed password. In this paper, we introduce a secure password hashing framework Rig which is based on secure cryptographic hash functions. It provides the flexibility to choose different functions for different phases of the construction. The design of the scheme is very simple to implement in software and is flexible as the memory parameter is independent of time parameter (no actual time and memory trade-off) and is strictly sequential (difficult to parallelize) with comparatively huge memory consumption that provides strong resistance against attackers using multiple processing units. It supports client-independent updates, i.e., the server can increase the security parameters by updating the existing password hashes without knowing the password. Rig can also support the server relief protocol where the client bears the maximum effort to compute the password hash, while there is minimal effort at the server side. We analyze Rig and show that our proposal provides an exponential time complexity against the low-memory attack.
Donghoon Chang, Arpan Jati, Sweta Mishra, Somitra Kumar Sanadhya

Authentication and Encryption

Frontmatter

Efficient Hardware Accelerator for AEGIS-128 Authenticated Encryption

Abstract
Security of transaction is of paramount importance in modern world of ubiquitous computing and data movement. To provide a framework of standard authenticated encryption techniques, CAESAR contest has been announced recently. Multiple entries in this contest are based on AES, which has been also, a popular choice as a primitive for authenticated encryption in the past. In this paper, we perform in-depth study of efficient hardware implementation for AES-based AEGIS-128 authenticated encryption, a prominent entry in the CAESAR contest. Through a complete study of possible throughput-area improvement techniques, we report multiple design points ranging from a high throughput of \(121.07\) Gbps design to a low-area implementation of \(18.72\) KGE, using commercial synthesis flows and 65 nm ASIC technology. We believe our results will serve as important design metric for the CAESAR contest as well as for efficient AEGIS-128 deployment.
Debjyoti Bhattacharjee, Anupam Chattopadhyay

Fully Collusion-Resistant Traceable Key-Policy Attribute-Based Encryption with Sub-linear Size Ciphertexts

Abstract
Recently a series of expressive, secure and efficient Attribute-Based Encryption (ABE) schemes, both in key-policy flavor and ciphertext-policy flavor, have been proposed. However, before being applied into practice, these systems have to attain traceability of malicious users. As the decryption privilege of a decryption key in Key-Policy ABE (resp. Ciphertext-Policy ABE) may be shared by multiple users who own the same access policy (resp. attribute set), malicious users might tempt to leak their decryption privileges to third parties, for financial gain as an example, if there is no tracing mechanism for tracking them down. In this work we study the traceability notion in the setting of Key-Policy ABE, and formalize Key-Policy ABE supporting fully collusion-resistant blackbox traceability. An adversary is allowed to access an arbitrary number of keys of its own choice when building a decryption-device, and given such a decryption-device while the underlying decryption algorithm or key may not be given, a blackbox tracing algorithm can find out at least one of the malicious users whose keys have been used for building the decryption-device. We propose a construction, which supports both fully collusion-resistant blackbox traceability and high expressivity (i.e. supporting any monotonic access structures). The construction is fully secure in the standard model (i.e. it achieves the best security level that the conventional non-traceable ABE systems do to date), and is efficient that the fully collusion-resistant blackbox traceability is attained at the price of making ciphertexts grow only sub-linearly in the number of users in the system, which is the most efficient level to date.
Zhen Liu, Zhenfu Cao, Duncan S. Wong

Integrating Ciphertext-Policy Attribute-Based Encryption with Identity-Based Ring Signature to Enhance Security and Privacy in Wireless Body Area Networks

Abstract
The technology of wireless body area network (WBAN) has attracted intensive attention in recent years. For widespread deployment of WBANs, security and privacy issues must be addressed properly. Recently, Hu et al. proposed a fuzzy attribute-based signcryption scheme with the aim to provide security and privacy mechanisms in WBANs. In this paper, we first show Hu et al.’s scheme cannot achieve the claimed security properties. In particular, an adversary is capable of generating private keys for any set of attributes. Then we introduce a new cryptographic primitive named ciphertext-policy attribute-based ring signcryption (CP-ABRSC) by integrating the notion of ciphertext-policy attribute-based encryption with identity-based ring signature. We give formal syntax and security definitions for CP-ABRSC and present a provable secure CP-ABRSC scheme from bilinear pairings. Finally, we propose a novel access control framework for WBANs by exploiting CP-ABRSC scheme, which can not only provide semantic security, unforgeability and public authenticity, but also can provide participants privacy and fine-grained access control on encrypted health data.
Changji Wang, Xilei Xu, Yuan Li, Dongyuan Shi

Elliptic Curve

Frontmatter

Parallelized Software Implementation of Elliptic Curve Scalar Multiplication

Abstract
Recent developments of multicore architectures over various platforms (desktop computers and servers as well as embedded systems) challenge the classical approaches of sequential computation algorithms, in particular elliptic curve cryptography protocols. In this work, we deploy different parallel software implementations of elliptic curve scalar multiplication of point, in order to improve the performances in comparison with the sequential counter parts, taking into account the multi-threading synchronization, scalar recoding and memory management issues. Two thread and four thread algorithms are tested on various curves over prime and binary fields, they provide improvement ratio of around 15 % in comparison with their sequential counterparts.
Jean-Marc Robert

A Note on Diem’s Proof

Abstract
Semaev’s summation polynomials are suggested to be used to construct Index Calculus for elliptic curves over extension fields. The complexity of the proposed algorithm was first studied by Diem with the help of Weil restriction and intersection theory. The key ingredient is to analyse the probability that a uniformly distributed point has an isolated decomposition over the factor base. Following his tactics, we present his result in a simple manner by recourse to the theory of function fields and generic resultant.
Song Tian, Kunpeng Wang, Bao Li, Wei Yu

Cryptographic Primitive and Application

Frontmatter

Stand-by Attacks on E-ID Password Authentication

Abstract
We show that despite the cryptographic strength of the password authentication, we cannot exclude an attack by an adversary that penetrates the reader device at some moment, but apart from this is passive and manipulates neither the reader nor the microcontroller of the identity document. So even the most careful examination and certification of the smart cards and the readers cannot prevent attacks of this kind. We present concrete attack scenarios for PACE-GM, PACE-IM and SPEKE protocols.
We show that the weaknesses can be easily and effectively eluded via changing a few implementation details on the side of the reader. Our second contribution is that immunity against the attacks can be tested by the operator of the reader, thus replacing costly and unreliable certification process of black box devices.
Our more general contribution is to draw attention on hidden penetration attacks and to show that effective countermeasures are possible.
Lucjan Hanzlik, Przemysław Kubiak, Mirosław Kutyłowski

Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps

Abstract
We discuss a class of smartphone malware that uses steganographic techniques to hide malicious executable components within their assets, such as documents, databases, or multimedia files. In contrast with existing obfuscation techniques, many existing information hiding algorithms are demonstrably secure, which would make such stegomalware virtually undetectable by static analysis techniques. We introduce various types of stegomalware attending to the location of the hidden payload and the components required to extract it. We demonstrate its feasibility with a prototype implementation of a stegomalware app that has remained undetected in Google Play so far. We also address the question of whether steganographic capabilities are already being used for malicious purposes. To do this, we introduce a detection system for stegomalware and use it to analyze around 55 K apps retrieved from both malware sources and alternative app markets. Our preliminary results are not conclusive, but reveal that many apps do incorporate steganographic code and that there is a substantial amount of hidden content embedded in app assets.
Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez

A Lightweight Security Isolation Approach for Virtual Machines Deployment

Abstract
Cloud computing has changed the way of IT services; virtualization technology is the foundation of it, which directly affects the security and reliability of the cloud computing platform. From the point of virtualization technology security, we study to integrate mandatory access control mechanism into virtual machines deployment to control resources available for virtual machines, design and implement a lightweight MAC-based strong isolation and migration approach between virtual machines. Experiments show that our method is effective in isolation and migration, and with less performance overload.
Hongliang Liang, Changyao Han, Daijie Zhang, Dongyang Wu

A Novel Approach to True Random Number Generation in Wearable Computing Environments Using MEMS Sensors

Abstract
Micro Electro Mechanical Systems (MEMS) sensors (accelerometer, gyroscope, and compass) offer a practical approach for true random number generation. Entropy values of 0.99 close to theoretical value of 1, and large Kullback-Leibler distances were obtained in this study [1]. The main contribution of this work was the generation of high quality random number strings, when the MEMS sensor was at complete rest, a configuration in which these sensors were heretofore considered to be inadequate. This was accomplished by using the initial noise in the sensing mechanisms for the MEMS sensors. The compass output stream passed the highest number of NIST Tests; 11/15 and 14/15 under stationary and complete motion, respectively [24]. Short burst (<1 s) strings passed 13 out of 15 NIST tests, and applying the Barak-Impagliazzo-Wigderson recursive extractor led to successful results in all 15 NIST tests. Interleaving MEMS output with audio resulted in a string that passed 14 out of 15 NIST tests.
Neel Bedekar, Chiranjit Shee

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise