密码协议基于遍历的分析方法

文献[1]提出用两方密码协议的运行模式对协议进行分析,文章证明该方法未能列举出全部运行模式,因此一些协议的漏洞不能被发现。文章提出一种遍历分析法,让导致攻击成功的假冒消息遍历攻击者在各种情况下消息接收集来对协议进行分析,从而发现协议漏洞。     

ElGamal知识证明及其在授权签名系统中的应用

离散对数签名方案的本质是密钥持有者给出了已知公钥的离散对数的知识证明,提出了ElGamal知识证明的概念,并给出了相应的性质,给出了用ElGamal知识证明实现授权签名的一种方案。     

一种基于双向Hash认证的RFID安全协议

射频识别(RFID)系统是使用无线射频技术在开放系统环境中进行对象识别,但由于RFID系统及其设备的特殊性和局限性带来了很多安全问题,针对这些问题,在分析了几种现有的典型RFID安全协议的特点和缺陷的基础上,提出了一种新的方法——基于双向Hash认证的RFID安全协议,最后建立该协议的理想化模型,利用BAN逻辑对该协议进行了形式化分析,在理论上证明其安全性。     

A three round authenticated group key agreement protocol for ad hoc networks

Group Key Agreement (GKA) protocols enable the participants to derive a key based on each one’s contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application.     

Short Non-Interactive Cryptographic Proofs

We show how to produce short proofs of theorems such that a distrusting Verifier can be convinced that the theorem is true yet obtains no information about the proof itself. We assume the theorem is represented by a boolean circuit, of size m gates, which is satisfiable if and only if the theorem holds. We use bit commitments of size k and bound the probability of false proofs going undetected by 2 ^-r . We obtain non-interactive zero-knowledge proofs of size O(mk( log m +r)) bits. In the random oracle model, we obtain non-interactive proofs of size O(m( log m+r) + rk) bits. By simulating a random oracle, we obtain non-interactive proofs which are short enough to be used in practice. We call the latter proofs ``discreet.' Received 30 March 1998 and revised 29 November 1999 Online publication 18 August 2000     

Why current secure scan designs fail and how to fix them?

Scan design has become another side channel of leaking confidential information inside cryptographic chips. Methods based on obfuscating scan chain order have been proposed as countermeasures for such scan-based attacks. In this paper, we first analyze the existing secure scan designs from the angle that whether they need a complete chain state or rely on any specific scan chain order. We show that all existing attacks do not rely on specific scan chain order and therefore any secure scan design with obfuscated scan chain order cannot provide sufficient security. We then propose a new approach which clears the states of all sensitive scan cells whenever the circuit under test is switched to test mode. It will also block the access to cipher key throughout the entire testing process. Our experimental results show that the proposed scan design can effectively insulate all the information related to cipher key from the scan chain with little design overhead, thus it can successfully defend all the existing scan-based attacks.     

Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography

Byzantine agreement requires a set of parties in a distributed system to agree on a value even if some parties are maliciously misbehaving. A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of new cryptographic protocols, specifically protocols for threshold signatures and coin-tossing. These cryptographic protocols have practical and provably secure implementations in the random oracle model. In particular, a coin-tossing protocol based on the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical and theoretically optimal because it tolerates the maximum number of corrupted parties, runs in constant expected rounds, has message and communication complexity close to the optimum, and uses a trusted dealer only once in a setup phase, after which it can process a virtually unlimited number of transactions. The protocol is formulated as a transaction processing service in a cryptographic security model, which differs from the standard information-theoretic formalization and may be of independent interest.     

Security by typing

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.     

Protecting the computation results of free-roaming agents

When mobile agents do comparison shopping for their owners, they are subject to attacks of malicious hosts executing the agents. We present a family of protocols that protect the computation results established by free-roaming mobile agents. Our protocols enable the owner of the agent to detect upon its return whether a visited host has maliciously altered the state of the agent, thus providing forward integrity and truncation resilience. In an environment without public-key infrastructure, the protocols are based only on a secret hash chain. With a public-key infrastructure, the protocols also guarantee non-repudiability.     

Cryptoviral extortion using Microsoft's Crypto API

This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data. Adam L. Young received a B.S. in Electrical Engineering from Yale in 1994 and a M.S. and Ph.D. in Computer Science from Columbia University in 1996 and 2002, respectively. He served as a MTS at Lucent under Michael Reiter, a Principal Engineer at Lockheed Martin, and has conducted research for the US DoD. Adam Young and Moti Yung authored the Wiley book “Malicious Cryptography:Exposing Cryptovirology,” that was published in 2004.