Information Security Applications

A group key agreement protocol is designed to allow a group of parties communicating over an insecure, public network to agree on a common secret key. Recently, in WISA’04, Ren et al. proposed an efficient group key agreement scheme for dynamic groups, which can be built on any of secure two-party key establishment protocols. In the present work we study the main EGAKA-KE protocol of the scheme and point out a critical security flaw in the protocol. We show that the security flaw leads to a vulnerability to an active attack mounted by two colluding adversaries.

A proxy signature scheme allows an entity to delegate its signing power to another entity. Since the notion of proxy signatures was first introduced, many proxy signature schemes and various extensions have been considered. As an example, the notion of threshold proxy signature or proxy multi-signature was introduced as a group-oriented variant. In this paper, we show that the threshold proxy signature scheme proposed by Hsu and Wu, and the proxy multi-signature schemes independently proposed by Chen et al. and Hsu et al. are all insecure against the malicious original singer(s). Our result provides a simple example that the way to put the secret parts together should be carefully considered.

Time/memory trade-off (TMTO) attacks require the generation of a sequence of functions which are obtained as minor modifications of a one-way function to be inverted. We carefully examine the requirements for such function generation. A counter based method is used to generate the functions for the rainbow method. We show that there are functions for which the counter method fails. This is similar to the example given by Fiat and Naor for the Hellman TMTO. Our main contribution is to suggest the use of LFSR sequences for function generation to be used in the rainbow TMTO. Properties of LFSR sequences such as long period, pseudorandomness properties and efficient forward and backward generation make such sequences useful for the intended application. One specific advantage is that it is not possible to a priori construct a Fiat-Naor type example for the LFSR based rainbow method.

Intrusion detection techniques have been developed to protect computer and network systems against malicious attacks.  However, there are no perfect intrusion detection systems or mechanisms, because it is impossible for the intrusion detection systems to get all the packets in the network system. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generation of a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems usually generate a large amount of alerts. And actual alerts may be mixed with false alerts and unmanageable. As a result, it is difficult for users or intrusion response systems to understand the intrusion behind the alerts and take appropriate actions. The standard format of alert messages is not yet defined. Alerts from heterogeneous sensors have different types although they are actually same. Also false alarms and frequent alarms can be used as Denial of Service attack as alarm messages by themselves and cause alert flooding. So we need to minimize false alarm rate and prevent alert flooding through analyzing and merging of alarm data. In this paper, we propose a data mining framework for the management of alerts in order to improve the performance of the intrusion detection systems. The proposed alert data mining framework performs alert correlation analysis by using mining tasks such as axis-based association rule, axis-based frequent episodes and order-based clustering. It also provides the capability of classifying false alarms in order to reduce false alarms from intrusion detection system. The final rules that were generated by alert data mining framework can be used to the real time response of the intrusion detection system and to the reduction of the volume of alerts.

Worms are a key vector of computer attacks that produce great damage of enterprise networks. Little is known about either the effect of host and network configuration factors influencing worm infection or the approach to predict the number of infected hosts. In this paper we present the results of real worm attacks to determine the factors influencing worm infection, and to propose the prediction model of worm damage. Significant factors are extracted from host and network configuration: openness, homogeneity, and trust. Based on these different factors, fuzzy decision is used to produce the accurate prediction of worm damage. The contribution of this work is to understand the effect of factors and the risk level of infection for preparing the protection, responsiveness, and containment to lessen the damage that may occur. Experimental results show that the selected parameters are strongly correlated with actual infection, and the proposed model produces accurate estimates.

By using wireless communications, conferees can join a teleconference at any time and any place. In order to hold a secure teleconference, they must share a conference key before holding the conference. Up to date, public key cryptosystems are used in all proposed conference key distribution schemes for protecting the privacy of conferees’ locations during the conference. The computation cost and communication cost of these schemes is still high. In this paper, we propose a simple and efficient conference scheme for mobile communications. The main merits of our scheme include: (1) conferees can share a common conference key to hold a secure teleconference over a public channel; (2) the location of a particular conferee is protected to prevent a tracking attack; (3) it allows a user to join or quit a mobile teleconference dynamically; (4) only secure one-way hash functions and symmetric key cryptosystems are used, and the computation and communication cost is very low; (5) there needs no passwords or shared keys table in the network center.

This paper proposes a hash-chain based authentication scheme for fast handover in wireless network (HAS). The full authentication procedure described in IEEE 802.11 is inappropriate to be applied to a handover, since it has heavy operation and delay time during handover. Though various methods were proposed to solve the problem, the existing schemes degrade the security of authentication or impose the entire administrative burden of the authentication on the authentication server. The main focus of this paper is on reducing the administrative burden of the authentication server and enhances the security strength of the fast handover authentication. The proposed scheme in this paper is robust to the attack by a compromised AP by using hash key chain between a mobile station and the authentication server. The scheme also decentralizes the administrative burden of the authentication server to other network entities.

We consider the stream authentication problem when an adversary has the ability to drop, reorder or inject data packets in the network. We propose a coding approach for multicast stream authentication using the list-decoding property of Reed-Solomon codes. We divide the data to be authenticated into a stream of packets and associate a single signature for every λn packets where λ and n are predesignated parameters. Our scheme, which is also joinable at the boundary of any n-packet block, can be viewed as an extension of Lysyanskaya, Tamassia and Triandopoulos’s technique in which λ = 1. We show that by choosing λ and n appropriately, our scheme outperforms theirs in both signature and verification time.

In the vision of 4G networks there is a strong demand for universal wireless access and ubiquitous computing through consistent personal and terminal mobility supports. The ability to provide seamless and adaptive QoS guarantees is key to the success of 4G systems. This paper proposes the novel concept of the elastic security QoS provisioning and the autonomous context transfer scheme in the future wireless networks, taking into account the specific requirements for highly dynamic vehicular users. We designed Mobile Manager that can make the autonomous and user transparent decision for the context-aware secure handover. To demonstrate the effectiveness of the proposed security mechanism, we also analyze the performance of our handover scheme by using the multi-class queuing network model. Our scheme can obtain the performance improvement of seamless security services and can be used as an intelligent add-on model to existing networking systems like mobile networks for telematics applications and home networks for efficient mobility-aware applications.

This paper studies an improved algorithm to watermark numeric attributes in relational databases for copyright protection. It reviews related researches and presents an improved insertion algorithm, a detection algorithm and a recover algorithm. We introduce a varied-size grouping method in our insertion algorithm to insert a meaningful watermark. We also introduce a new mechanism to insert watermarks using the mark itself to decide marked positions. This insertion mechanism can be validated in our detection algorithm to decide whether a watermark exists or not. A badly destroyed marked relation or only a small part of it could still be detected successfully. Our recover algorithm introduces a competing mechanism to help recover the exact meaningful watermark after the detection result confirms the existence of the watermark. The experiments show it’s robust to various attacks.

In this paper, we present a video fingerprinting system to identify the source of illegal copies. Content is distributed along a specified tree, with the seller as the root of the tree, the legitimate users as the leaves, and the internal nodes as content buyer or seller. Because there is a limited number of user areas available in each tree, we propose to build sub-trees, where each sub-tree has a distinctive logo. In this paper, we will use logos which are bit mapped images of the tree number. The extracted logo shows better performance visually using ECC. The fingerprinting step is achieved by the insertion of a unique information in the video wavelet coefficients by temporal wavelet transform. Our fingerprinting system is able to detect unique fingerprinting information in video content even if it has been distorted. In addition, our method does not need original video frame for extraction step.

A new method of secure digital watermarking detection protocol is proposed in this paper. Our methodology applies to the protection of the digital contents against illegal use. Based upon the principle of our methodological induction, an improvement of protecting copyright contents has been achieved by means of allowing watermark verifier to detect the embedded information with no secret information exposed in extraction process. We set force our method by applying such a combination of patchwork watermark and public-key encryption protocol. Furukawa proposed a secure watermark detection scheme [4] in 2004 using Paillier encryption, but its drawback is the heavy overhead in processing time. We replace the cryptosystem with El Gamal encryption to improve performance, and clarify improvement in processing time and robustness against attacks based on experimental results.

We propose a binary rewriting system called Kimchi that modifies binary programs to protect them from format string attacks in runtime. Kimchi replaces the machine code calling conventional printf with code calling a safer version of printf, safe_printf, that prevents its format string from accessing arguments exceeding the stack frame of the parent function. With the proposed static analysis and binary rewriting method, it can protect binary programs even if they do not use the frame pointer register or link the printf code statically. In addition, it reduces the performance overhead of the patched program by not modifying the calls to printf with the format string argument located in the read-only memory segment, which are not vulnerable to the format string attack.

Reverse engineering of executable programs, by disassembling them and then using program analyses to recover high level semantic information, plays an important role in attacks against software systems, and can facilitate software piracy. This paper introduces a novel technique to complicate reverse engineering. The idea is to change the program code repeatedly as it executes, thereby thwarting correct disassembly. The technique can be made as secure as the least secure component of opaque variables and pseudorandom number generators.

Elliptic curve cryptography (ECC) was discovered by Koblitz and Miller, and there has been a vast amount of research on its secure and efficient implementation. To implement ECC, three kinds of finite fields are being widely used, i.e. prime field GF(p), binary field GF(2 ^m ) and optimal extension field GF(p ^m ). There is an extensive literature on hardware implementation of prime fields and binary fields, but almost nothing is known about hardware implementation of OEFs. At a first glance, this may seem natural because OEF has been devised originally for efficient software implementation of ECC. However, we still need its hardware implementation for the environments where heterogeneous processors are communicating with each other using a single cryptographic protocol. Since the ECC software implementation over the weaker processor may not guarantee reasonable performance, a customized ECC coprocessor would be a good solution.

In this paper, we propose an ECC coprocessor over GF(p ^m ) on an FPGA. Since the most resource-consuming operation is inversion, we focus on the efficient design of inversion modules. First we provide four different implementations for inversion operation, i.e. three variants of Extended Euclidian Algorithm and inversion using the iterative Frobenius map. We use them as the building blocks of our ECC coprocessor over OEF. According to our analysis, inversion using the iterative Frobenius map shows the best performance among the four choices, from the viewpoints of speed and area.

This paper describes a technique for tracing attacks back toward the attackers somewhere in the Internet. There are many solutions existing for IP traceback problem, such as packet marking and algebraic approach. Many of them are not efficient and work under some unreasonable assumptions. The “Island Hopping Packet Marking (IHPM)” algorithm, truly incorporating the combination of the best features of the edge/node sampling and the cut vertex, is able to counter those disputed assumptions and provides great performance to reconstruct attacking paths with fewer collected packets under multiple attacks. The assessing of IHPM performance on IXP425 network processor shows the practical feasibility in routers implementations. Such a technique can provide a key answer required for advancing the state-of-the-art in DDoS mitigation and defenses in a realistic environment.

Recently, dedicated factoring devices have attracted much attention since they might be a threat for a current RSA-based cryptosystems. In some devices, the clockwise transposition routing is used as a key technique, however, because of the lack of theoretic proof of the termination, some additional circuits are required. In this paper, we analyze the packet exchanging rule for the clockwise transposition and propose some possible alternatives with keeping the “farthest-first” property. Although we have no theoretic proof of the termination, experimental results show practical availability in the clockwise transposition. We also propose an improvement on the routing algorithm for the relation finding step in the number field sieve method of factorization, which establishes two times speed-up.

This paper presents a new 64-bit block cipher mCrypton with three key size options (64 bits, 96 bits and 128 bits), specifically designed for use in resource-constrained tiny devices, such as low-cost RFID tags and sensors. It’s designed by following the overall architecture of Crypton but with redesign and simplification of each component function to enable much compact implementation in both hardware and software. A simple hardware implementation of mCrypton is also presented to demonstrate its suitability to our target applications. Our prototype implementation based on the straightforward 1 cycle/round architecture just requires about 3500 to 4100 gates for both encryption and decryption, and about 2400 to 3000 gates for encryption only (under 0.13μm CMOS technology). The result shows that the hardware complexity of mCrypton is quite well within an economic range of low-cost RFID tags and sensors. A more compact implementation under development promises that further size reduction around 30% could be achievable using the 5 cycles/round architecture.

In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA [1, 2, 4, 31] that Leadbitter et al. have proposed in [12]. To apply the analyses, we assume that the window method is used in the exponentiation (EC scalar multiplication) calculation and the side-channel information described in Section [2] can be collected. So far, the method in [12] haven’t been effective when q is 160 bit long and the window size w < 9. We show that the modified method we propose in this paper is effective even when q is 160 bit long and w=4, that is, in the case of frequent implementation. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.

There have been various methods to prevent DPA (Differential Power Analysis) on elliptic curve cryptosystems. As for the curves with efficient endomorphisms, Hasan suggested several countermeasures on anomalous binary curves, and Ciet, Quisquater and Sica proposed a countermeasure on GLV curves. Ciet et al.’s method is based on random decomposition of a scalar, and it is a two-dimensional generalization of Coron’s method. Hasan’s and Ciet et al.’s countermeasures are applied only to a small class of elliptic curves.

In this paper, we enlarge the class of DPA-resistant curves by proposing a DPA countermeasure applicable to any curve where the Frobenius expansion method can be used. Our analysis shows that our countermeasure can produce a probability of collision around O (2^− 20) with only 15.4–34.0% extra computation for scalar multiplications on various practical settings.

The Ha-Moon algorithm [4] is a countermeasure against power analysis using a randomized addition chain. It has two drawbacks in that it requires an inversion and has a right-to-left approach. Recently, Yen et al. improved the algorithm by removing these drawbacks [11]. Their new algorithm is inversion-free, has a left-to-right approach, and employs a window method. They insisted that their algorithm leads to a more secure countermeasure in computing modular exponentiation against side-channel attacks. This algorithm, however, still has a similar weakness observed in [2, 10]. This paper shows that the improved Ha-Moon algorithm is vulnerable to differential power analysis even if we employ their method in selecting s _i .

The development of masking schemes to secure AES implementations against power-analysis attacks is a topic of ongoing research. The most challenging part in masking an AES implementation is the SubBytes operation because it is a non-linear operation. The current solutions are expensive to implement especially on small 8-bit processors; they either need many large tables or require a large amount of operations. In this article, we present a masking scheme that requires considerably less tables and considerably less operations than the previously presented schemes. We give a theoretical proof of security for our scheme and confirm it with actually performed DPA attacks.

In this paper, we develop a secure multi-attribute procurement auction, in which a sales item is defined by several attributes called quality, the buyer is the auctioneer (e.g., a government), and the sellers are the bidders. Our goal is to develop a protocol in which acting honestly is a dominant strategy for sellers and that does not leak the true cost of the sellers, which is highly classified information that the sellers want to keep private. We first present a Vickrey-type protocol that can be used for multi-attribute procurement auctions. Next, we show how this protocol can be executed securely.

We propose a protocol for implementing secure function evaluation based on the homomorphic threshold ElGamal encryption scheme. To the best of our knowledge, our solution is more efficient in terms of computational complexity than previous solutions existent in the literature.

Most of DBMS adopt Role-Based Access Control (RBAC) model. Administrative Role-Based Access Control (ARBAC) model intends to decentralize authority management with plural security administrators. They have their work range on the role hierarchy. One problem with this is that legal modification of a role hierarchy may induce unexpected side effects. The Role-Role Assignment 97 (RRA97) model introduced some geometry-based integrity principles to prevent unexpected side effects. They are complex and ambiguous. We analyze the reasons of shortcoming of RRA97 model, and introduce a new concept of authority range for flexible management of role hierarchy.

Ubiquitous computing is characterized by freedom of movement in both time and location, which means users expect to receive services anytime and anywhere. Therefore, the security service should consider the factor of location and time. As a basic authorization service mechanism, RBAC has been used in the security community for access control model. In order to apply RBAC to ubiquitous computing environment, it is necessary to add both location and time dimension. In this paper, we propose new access control model supporting time and location dimensions. The proposed access control model can effectively support various ubiquitous computing environments.

The most of users of personal computer use web browsers such as MS(Microsoft) Internet Explorer, Mozilla Firefox, and so on for accessing to internet. Especially MS Internet Explorer which is used for internet access is a module to execute local files and to install softwares that are activated by install shield. Also Explorer is the same as Shell. Analyzing “index.dat” log which is the history of executing files and accessing web sites makes security audit effective. In this paper, by analyzing Windows “index.dat” and Mozilla Firefox cache files with time analysis, we suggest a method to perform auditing of cyber crimes such as information leakage and hard disk vulnerability.