Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results

The notion of off-line/on-line digital signature scheme was introduced by Even, Goldreich and Micali. Informally such signatures schemes are used to reduce the time required to compute a signature using some kind of preprocessing. Even, Goldreich and Micali show how to realize off-line/on-line digital signature schemes by combining regular digital signatures with efficient one-time signatures. Later, Shamir and Tauman presented an alternative construction (which produces shorter signatures) obtained by combining regular signatures with chameleon hash functions. In this paper, we study off-line/on-line digital signature schemes both from a theoretic and a practical perspective. More precisely, our contribution is threefold. First, we unify the Shamir–Tauman and Even et al. approaches by showing that they can be seen as different instantiations of the same paradigm. We do this by showing that the one-time signatures needed in the Even et al. approach only need to satisfy a weak notion of security. We then show that chameleon hashing is basically a one-time signature which satisfies such a weaker security notion. As a by-product of this result, we study the relationship between one-time signatures and chameleon hashing, and we prove that a special type of chameleon hashing (which we call double-trapdoor) is actually a fully secure one-time signature. Next, we consider the task of building, in a generic fashion, threshold variants of known schemes: Crutchfield et al. proposed a generic way to construct a threshold off-line/on-line signature scheme given a threshold regular one. They applied known threshold techniques to the Shamir–Tauman construction using a specific chameleon hash function. Their solution introduces additional computational assumptions which turn out to be implied by the so-called one-more discrete logarithm assumption. Here, we propose two generic constructions that can be based on any threshold signature scheme, combined with a specific (double-trapdoor) chameleon hash function. Our constructions are efficient and can be proven secure in the standard model using only the traditional discrete logarithm assumption. Finally, we ran experimental tests to measure the difference between the real efficiency of the two known constructions for non-threshold off-line/on-line signatures. Interestingly, we show that, using some optimizations, the two approaches are comparable in efficiency and signature length.     

Type inference in stack based languages

We consider a language of operations which pass parameters by means of a stack. An algebra over the set of type signatures is introduced, which allows the type signature of a program to be obtained from the type signatures of its constituent operations.Although the theories apply in principle to any stack based language, they have been evolved with particular regard to the proposed ANSI Standard Forth language, which is currently implemented in a type free manner. We hope this work will stimulate an interest in Forth amongst those applying algebraic techniques in software engineering, and we hope to lay the theoretical foundations for implementing practical type checkers to support Forth.     

基于攻击特征签名的自动生成

签名可以基于攻击特征的相关信息生成。在栈上针对控制流攻击中对函数调用返回值和函数调用指针的攻击以及非控制流中对与判断相关联的数据的攻击,结合动态分析技术生成二进制签名。首先,识别出漏洞相关指令;然后,用虚拟机监控运行上述指令;最后,修改虚拟机以在监控到恶意写行为时报警并生成签名。同时生成的补丁文件记录恶意写指令以便后继执行时跳过。签名可迅速分发给其他主机,在轻量级虚拟机上监测程序运行。实验表明,二进制签名具有准确、精简的优点,可以防御多态攻击,同时具有较低漏报率,结合使用轻量级虚拟机可使签名生成和后继检测都快速高效。     

Malware detection using assembly and API call sequences

One of the major problems concerning information assurance is malicious code. To evade detection, malware has also been encrypted or obfuscated to produce variants that continue to plague properly defended and patched networks with zero day exploits. With malware and malware authors using obfuscation techniques to generate automated polymorphic and metamorphic versions, anti-virus software must always keep up with their samples and create a signature that can recognize the new variants. Creating a signature for each variant in a timely fashion is a problem that anti-virus companies face all the time. In this paper we present detection algorithms that can help the anti-virus community to ensure a variant of a known malware can still be detected without the need of creating a signature; a similarity analysis (based on specific quantitative measures) is performed to produce a matrix of similarity scores that can be utilized to determine the likelihood that a piece of code under inspection contains a particular malware. Two general malware detection methods presented in this paper are: Static Analyzer for Vicious Executables (SAVE) and Malware Examiner using Disassembled Code (MEDiC). MEDiC uses assembly calls for analysis and SAVE uses API calls (Static API call sequence and Static API call set) for analysis. We show where Assembly can be superior to API calls in that it allows a more detailed comparison of executables. API calls, on the other hand, can be superior to Assembly for its speed and its smaller signature. Our two proposed techniques are implemented in SAVE) and MEDiC. We present experimental results that indicate that both of our proposed techniques can provide a better detection performance against obfuscated malware. We also found a few false positives, such as those programs that use network functions (e.g. PuTTY) and encrypted programs (no API calls or assembly functions are found in the source code) when the thresholds are set 50% similarity measure. However, these false positives can be minimized, for example by changing the threshold value to 70% that determines whether a program falls in the malicious category or not.     

Online Signature Verification and Recognition: An Approach Based on Symbolic Representation

In this paper, we propose a new method of representing on-line signatures by interval valued symbolic features. Global features of on-line signatures are used to form an interval valued feature vectors. Methods for signature verification and recognition based on the symbolic representation are also proposed. We exploit the notions of writer dependent threshold and introduce the concept of feature dependent threshold to achieve a significant reduction in equal error rate. Several experiments are conducted to demonstrate the ability of the proposed scheme in discriminating the genuine signatures from the forgeries. We investigate the feasibility of the proposed representation scheme for signature verification and also signature recognition using all 16500 signatures from 330 individuals of the MCYT bimodal biometric database. Further, extensive experimentations are conducted to evaluate the performance of the proposed methods by projecting features onto Eigenspace and Fisherspace. Unlike other existing signature verification methods, the proposed method is simple and efficient. The results of the experimentations reveal that the proposed scheme outperforms several other existing verification methods including the state-of-the-art method for signature verification.     

Robust Threshold DSS Signatures

We present threshold DSS (digital signature standard) signatures where the power to sign is shared by n players such that for a given parameter t<n/2 any subset of 2t+1 signers can collaborate to produce a valid DSS signature on any given message, but no subset of t corrupted players can forge a signature (in particular, cannot learn the signature key). In addition, we present a robust threshold DSS scheme that can also tolerate n/3 payers who refuse to participate in the signature protocol. We can also endure n/4 maliciously faulty players that generate incorrect partial signatures at the time of signature computation. This results in a highly secure and resilient DSS signature system applicable to the protection of the secret signature key, the prevention of forgery, and increased system availability. Assuming that secret communication between the players is available, we prove the security of our protocols solely based on the hardness of forging a regular DSS signature.     

Efficient verifiably encrypted signatures from lattices

Verifiably encrypted signature schemes can convince a verifier that a given ciphertext is an encryption of an ordinary signature on a given message and the ordinary signature can be recovered by the third party, called adjudicator. In 2010, Rückert et al. proposed a general construction for the verifiably encrypted signatures, and then, they also showed that there exist the lattice-based verifiably encrypted signature schemes. Their constructions are very insightful, but their schemes need an extra adjudication setup phase and Merkle trees, so they have large parameters and keys, that is, they are inefficient. Also, their schemes provide only the limited signature capacity because the signing keys should be reissued after generating \(k\) th verifiably encrypted signatures. To overcome the weaknesses of Rückert et al.’s scheme, we construct a verifiably encrypted signature scheme based on the hard lattice problems. Our scheme provides the full functionality, i.e., the signatures can be generated without any limitations and does not need any extra adjudication setup phases. Moreover, the size of the secret keys in our scheme is constant. Our scheme provides unforgeability, opacity, extractability, and abuse-freeness in the random oracle model.     

A note on an identity-based ring signature scheme with signer verifiability

Recently, Herranz presented an identity-based ring signature scheme featuring signer verifiability where a signer can prove that he or she is the real signer by releasing an authorship proof. In this paper we show that this scheme is vulnerable to a key recovery attack in which a user’s secret signing key can be efficiently recovered through the use of two known ring signatures and their corresponding authorship proofs. In addition, we present a simple method to fix this security vulnerability by slightly modifying the authorship proof. Our modified scheme simplifies the original scheme and improves performance. To show that the modified scheme is unforgeable, we define two types of unforgeability notions for both signatures and authorship proofs. In these notions an adversary has opening capability to confirm the real signers of ring signatures and thus can manipulate authorship proofs in an adaptive way. We then prove that our modified scheme is secure in terms of these unforgeability notions.     

Pose-oblivious shape signature

A 3D shape signature is a compact representation for some essence of a shape. Shape signatures are commonly utilized as a fast indexing mechanism for shape retrieval. Effective shape signatures capture some global geometric properties which are scale, translation, and rotation invariant. In this paper, we introduce an effective shape signature which is also pose-oblivious. This means that the signature is also insensitive to transformations which change the pose of a 3D shape such as skeletal articulations. Although some topology-based matching methods can be considered pose-oblivious as well, our new signature retains the simplicity and speed of signature indexing. Moreover, contrary to topology-based methods, the new signature is also insensitive to the topology change of the shape, allowing us to match similar shapes with different genus. Our shape signature is a 2D histogram which is a combination of the distribution of two scalar functions defined on the boundary surface of the 3D shape. The first is a definition of a novel function called the local-diameter function. This function measures the diameter of the 3D shape in the neighborhood of each vertex. The histogram of this function is an informative measure of the shape which is insensitive to pose changes. The second is the centricity function that measures the average geodesic distance from one vertex to all other vertices on the mesh. We evaluate and compare a number of methods for measuring the similarity between two signatures, and demonstrate the effectiveness of our pose-oblivious shape signature within a 3D search engine application for different databases containing hundreds of models     

Signature Detection and Matching for Document Image Retrieval

As one of the most pervasive methods of individual identification and document authentication, signatures present convincing evidence and provide an important form of indexing for effective document image processing and retrieval in a broad range of applications. However, detection and segmentation of free-form objects such as signatures from clustered background is currently an open document analysis problem. In this paper, we focus on two fundamental problems in signature-based document image retrieval. First, we propose a novel multiscale approach to jointly detecting and segmenting signatures from document images. Rather than focusing on local features that typically have large variations, our approach captures the structural saliency using a signature production model and computes the dynamic curvature of 2D contour fragments over multiple scales. This detection framework is general and computationally tractable. Second, we treat the problem of signature retrieval in the unconstrained setting of translation, scale, and rotation invariant nonrigid shape matching. We propose two novel measures of shape dissimilarity based on anisotropic scaling and registration residual error and present a supervised learning framework for combining complementary shape information from different dissimilarity metrics using LDA. We quantitatively study state-of-the-art shape representations, shape matching algorithms, measures of dissimilarity, and the use of multiple instances as query in document image retrieval. We further demonstrate our matching techniques in offline signature verification. Extensive experiments using large real-world collections of English and Arabic machine-printed and handwritten documents demonstrate the excellent performance of our approaches.     

THE CHURCHYARD CIPHERS

Shared generation of secure signatures, called threshold signatures, was introduced by Desmedt and Frankel in 1991. A threshold signature scheme is not only a threshold scheme but also a signature scheme. Therefore, it should possess the properties of both threshold scheme and digital signature scheme. In this paper, we investigate conspiracy attacks, that can impersonate any group to generate a signature, on the Desmedt-Frankel threshold RSA signature scheme. We also discuss the requirements of secure threshold signature schemes.     

Server-aided signatures verification secure against collusion attack

Wireless handheld devices are increasingly popular. The authenticity of the information or a program to be downloaded is important, especially for business uses. In server-aided verification (SAV), a substantial part of the verification computation can be offloaded to an untrusted server. This allows resource-constrained devices to enjoy the security guarantees provided by cryptographic schemes, such as pairing-based signatures, which may be too heavyweight to verify otherwise.To gain unfair advantage, an adversary may bribe (or collude with) the server either to convince that an invalid signature is a valid one or to claim that a valid signature is invalid (say for providing repudiable information/commitment, or spoiling an opponent's offer). However, these concerns are not properly captured by existing models.In this paper, we infer the meaning behind and point out the subtleties in existing models; and propose a new model to capture the collusion attack. We also show that two existing schemes are insecure in their own model. Finally, we provide a generic pairing-based SAV protocol. Compared with the protocol of Girault–Lefranc in Asiacrypt '05, ours provides a higher level of security yet applicable to a much wider class of pairing-based cryptosystems. In particular, it suggests SAV protocols for short signatures in the standard model and aggregate signatures which have not been studied before.     

Attack and improvements of fair quantum blind signature schemes

Blind signature schemes allow users to obtain the signature of a message while the signer learns neither the message nor the resulting signature. Therefore, blind signatures have been used to realize cryptographic protocols providing the anonymity of some participants, such as: secure electronic payment systems and electronic voting systems. A fair blind signature is a form of blind signature which the anonymity could be removed with the help of a trusted entity, when this is required for legal reasons. Recently, a fair quantum blind signature scheme was proposed and thought to be safe. In this paper, we first point out that there exists a new attack on fair quantum blind signature schemes. The attack shows that, if any sender has intercepted any valid signature, he (she) can counterfeit a valid signature for any message and can not be traced by the counterfeited blind signature. Then, we construct a fair quantum blind signature scheme by improved the existed one. The proposed fair quantum blind signature scheme can resist the preceding attack. Furthermore, we demonstrate the security of the proposed fair quantum blind signature scheme and compare it with the other one.     

On the Use of Hash Functions as Preprocessing Algorithms to Detect Defects on Repeating Definite Textures

Hash functions are one way functions and often used in cryptography to ensure the integrity of files by creating a binary signature specific to that file. In a similar way, a family of special hash functions can be developed and used to generate one dimensional signatures of an image. The resultant signatures can then be used to compare the image either to a golden template or, if the image consists of repeating definite patterns, then to the texture itself. While such hash functions are sensitive enough to detect small changes and defects in repeating texture, they are immune to changes in illumination and contrast. In this paper we discuss the generation of suitable hash functions for textured images, which are simple enough to fit into a very small FPGA, and provide several examples of their use.     

Short signature scheme for multi-source network coding

It has been proven that network coding can provide significant benefits to networks. However, network coding is very vulnerable to pollution attacks. In recent years, many schemes have been designed to defend against these attacks, but as far as we know almost all of them are inapplicable for multi-source network coding system. This paper proposed a novel homomorphic signature scheme based on bilinear pairings to stand against pollution attacks for multi-source network coding, which has a broader application background than single-source network coding. Our signatures are publicly verifiable and the public keys are independent of the files so that our scheme can be used to authenticate multiple files without having to update public keys. The signature length of our proposed scheme is as short as the shortest signatures of a single-source network coding. The verification speed of our scheme is faster than those signature schemes based on elliptic curves in the single-source network.     

SeBROP: blind ROP attacks without returns

Currently, security-critical server programs are well protected by various defense techniques, such as Address Space Layout Randomization(ASLR), eXecute Only Memory(XOM), and Data Execution Prevention(DEP), against modern code-reuse attacks like Return-oriented Programming(ROP) attacks. Moreover, in these victim programs, most syscall instructions lack the following ret instructions, which prevents attacks to stitch multiple system calls to implement advanced behaviors like launching a remote shell. Lacking this kind of gadget greatly constrains the capability of code-reuse attacks. This paper proposes a novel code-reuse attack method called Signal Enhanced Blind Return Oriented Programming(SeBROP) to address these challenges. Our SeBROP can initiate a successful exploit to server-side programs using only a stack overflow vulnerability. By leveraging a side-channel that exists in the victim program, we show how to find a variety of gadgets blindly without any pre-knowledges or reading/disassembling the code segment. Then, we propose a technique that exploits the current vulnerable signal checking mechanism to realize the execution flow control even when ret instructions are absent. Our technique can stitch a number of system calls without returns, which is more superior to conventional ROP attacks. Finally, the SeBROP attack precisely identifies many useful gadgets to constitute a Turing-complete set. SeBROP attack can defeat almost all state-of-the-art defense techniques. The SeBROP attack is compatible with both modern 64-bit and 32-bit systems. To validate its effectiveness, We craft three exploits of the SeBROP attack for three real-world applications, i.e., 32-bit Apache 1.3.49, 32-bit ProFTPD 1.3.0, and 64-bit Nginx 1.4.0. Experimental results demonstrate that the SeBROP attack can successfully spawn a remote shell on Nginx, ProFTPD, and Apache with less than 8500/4300/2100 requests, respectively.     

An Automated Signature-Based Approach against Polymorphic Internet Worms

Capable of infecting hundreds of thousands of hosts, worms represent a major threat to the Internet. However, the defense against them is still an open problem. This paper attempts to answer an important question: How can we distinguish polymorphic worms from normal background traffic? We propose a new worm signature, called the position-aware distribution signature (PADS), which fills the gap between traditional signatures and anomaly-based intrusion detection systems. The new signature is a collection of position-aware byte frequency distributions. It is more flexible than the traditional signatures of fixed strings while it is more precise than the position-unaware statistical signatures. We propose two algorithms based on expectation-maximization (EM) and Gibbs sampling to efficiently compute PADS from a set of polymorphic worm samples. We also discuss how to separate a mixture of different polymorphic worms such that their respective PADS signatures can be calculated. We perform extensive experiments to demonstrate the effectiveness of PADS in separating new worm variants from normal background traffic.     

Protocols useful on the Internet from distributed signature schemes

Distributed cryptography deals with scenarios where a cryptographic operation is performed by a collective of persons. In a distributed signature scheme, a group of players share some secret information in such a way that only authorized subsets of players can compute valid signatures. We propose methods to construct some computationally secure protocols from distributed signature schemes, namely, we construct metering schemes from distributed noninteractive signature schemes. We also show that distributed deterministic signature schemes can be used to design distributed key distribution schemes. In particular, we construct the first metering and distributed key distribution schemes based on the RSA primitive.     

Program verification with interacting analysis plugins

In this paper we propose and argue for a modular framework for interprocedural program analysis, where multiple program analysis tools are combined in order to exploit the particular advantages of each. This allows for “plugging together” such tools as required by each verification task and makes it easy to integrate new analyses. Our framework automates the sharing of information between plugins using a first order logic with transitive closure, in a way inspired by the open product of Cortesi et al. We describe a prototype implementation of our framework, which performs static assertion checking on a simple language for heap-manipulating programs. This implementation includes plugins for three existing approaches—predicate abstraction, 3-valued shape analysis and a decidable pointer analysis—and for a simple type system. We demonstrate through a detailed example the increase in precision that our approach can provide. Finally we discuss the design decisions we have taken, in particular the tradeoffs involved in the choice of language by which the plugins communicate, and identify some future directions for our work. R. Lazic, R. Nagarajan and J. C. P. Woodcock