Passive Adversary Research Articles

Achieving protection against man-in-the-middle attack in HB family protocols implemented in RFID tags

Purpose In the past few years, HB-like protocols have gained much attention in the field of lightweight authentication protocols due to their efficient functioning and large potential applications in low-cost radio frequency identification tags, which are on the other side spreading so fast. However, most published HB protocols are vulnerable to man-in-the-middle attacks such as GRS or OOV attacks. The purpose of this research is to investigate security issues pertaining to HB-like protocols with an aim of improving their security and efficiency. Design/methodology/approach In this paper, a new and secure variant of HB family protocols named HB-MP* is proposed and designed, using the techniques of random rotation. The security of the proposed protocol is proven using formal proofs. Also, a prototype of the protocol is implemented to check its applicability, test the security in implementation and to compare its performance with the most related protocol. Findings The HB-MP* protocol is found secure against passive and active adversaries and is implementable within the tight resource constraints of today’s EPC-type RFID tags. Accordingly, the HB-MP* protocol provides higher security than previous HB-like protocols without sacrificing performance. Originality/value This paper proposes a new HB variant called HB-MP* that tries to be immune against the pre-mentioned attacks and at the same time keeping the simple structure. It will use only lightweight operations to randomize the rotation of the secret.

On the Security of Key Extraction From Measuring Physical Quantities

Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this paper, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional min-entropy available to the parties given the view of the eavesdropper. We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity, and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way, we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this paper.

Collusion-Tolerable and Efficient Privacy-Preserving Time-Series Data Aggregation Protocol

Many miraculous ideas have been proposed to deal with the privacy-preserving time-series data aggregation problem in pervasive computing applications, such as mobile cloud computing. The main challenge consists in computing the global statistics of individual inputs that are protected by some confidentiality mechanism. However, those works either suffer from collusive attack or require time-consuming initialization at every aggregation request. In this paper, we proposed an efficient aggregation protocol which tolerates up to k passive adversaries that do not try to tamper the computation. The proposed protocol does not require a trusted key dealer and needs only one initialization during the whole time-series data aggregation. We formally analyzed the security of our protocol and results showed that the protocol is secure if the Computational Diffie-Hellman (CDH) problem is intractable. Furthermore, the implementation showed that the proposed protocol can be efficient for the time-series data aggregation.

Out-of-Band Covert Channels—A Survey

A novel class of covert channel, out-of-band covert channels, is presented by extending Simmons’ prisoners’ problem . This new class of covert channel is established by surveying the existing covert channel, device-pairing, and side-channel research. Terminology as well as a taxonomy for out-of-band covert channels is also given. Additionally, a more comprehensive adversarial model based on a knowledgeable passive adversary and a capable active adversary is proposed in place of the current adversarial model, which relies on an oblivious passive adversary. Last, general protection mechanisms are presented, and an argument for a general measure of “covertness” to effectively compare covert channels is given.

TAPCS: Traffic-aware pseudonym changing strategy for VANETs

Location privacy is one of the main challenges in Vehicular Ad-hoc Networks (VANETs), since weak protection may hinder the public acceptance of this technology. Frequently changing pseudonyms are commonly accepted as a solution to protect the location privacy in VANETs. However, a simple pseudonym change is not enough to provide the required protection. Although many pseudonym changing strategies have been proposed to enhance the location privacy protection provided by this approach, the development of an effective strategy is not yet achieved. In this paper, we propose a new pseudonym changing strategy called Traffic-Aware Pseudonym Changing Strategy (TAPCS). The aim of this strategy is to provide an effective location privacy protection against the different types of pseudonyms linking attacks that can be performed by a strong passive adversary model. TAPCS is a distributed pseudonym changing strategy and is one of the strategies that use the radio silence technique. Unlike the existing distributed pseudonym changing strategies that use this technique, TAPCS aims to provide a high level of location privacy protection without impacting the safety in the VANETs. The analytical evaluation and simulation results demonstrate the effectiveness of the proposed strategy.

Concealed data aggregation in wireless sensor networks: A comprehensive survey

The objectives of concealed data aggregation are end-to-end privacy preservation and en route aggregation of reverse multicast traffic in wireless sensor networks. Privacy homomorphism has been used to realize these objectives together. Although privacy homomorphism helps in achieving conflicting objectives, namely, privacy and data aggregation, it negatively affects other security objectives such as integrity and freshness. Privacy homomorphism, which protects sensor readings from passive adversaries, makes sensor readings vulnerable against active adversaries whose aim is to modify or to inject malicious data packets in the network. In this article, we present a comprehensive survey of the state-of-the-art concealed data aggregation protocols in wireless sensor networks. We investigate the need for en route aggregation, encrypted data processing, en route and end-to-end integrity verification, and replay protection. We discuss the challenges and their proposed solutions that achieve the conflicting objectives, such as in-network aggregation, privacy, integrity, and replay protection, together. We comparatively evaluate the performance of concealed data aggregation protocols to measure their respective strengths and weaknesses. In addition, we provide a detailed insight into the open research issues in concealed data aggregation and conclude with possible future research directions.

LinkA: A Link Layer Anonymization Method Based on Bloom Filter for Authenticated IoT Devices

AbstractIn point-to-point communication channels, an anonymization mechanism is necessary for a data link layer because link layer IDs such as MAC addresses can reveal further private information about communicating devices, which may threaten cyber security. Previous mechanisms based on heavy cryptographic operations are not suitable for link layer that needs to immediately accept or drop frames, particularly in resource-constrained IoT. In this paper, we study a link layer anonymization method that functions efficiently for the current existing systems using 48-bit or 64-bit MAC addresses. Our method called LinkA is based on the Bloom Filter and the use of pre-authenticated structure regarding MAC addresses. LinkA can efficiently frustrate passive adversaries to distinguish unicast from multicast frames. We also implement and analyze LinkA.

Anonymous Authentication Scheme for Intercommunication in the Internet of Things Environments

Authentication and privacy protection are important security mechanisms for keeping things safe in the Internet of Things environments. In particular, an anonymous authentication scheme is a privacy preserving authentication technique which provides both authentication and privacy preservation. An authentication scheme with anonymity in mobility networks was proposed recently. However, it was proven that it failed to provide anonymity against passive adversaries and malicious users and security against known session key attacks and side channel attacks. We propose an anonymous authentication scheme for intercommunication between the things in the Internet of Things environments. The proposed scheme provides not only anonymity and security, but also untraceability for the thing. Moreover, we only use low cost functions, such as hash functions and exclusive-OR operations in consideration of limited computing power of the thing.

Malleability Resilient Concealed Data Aggregation in Wireless Sensor Networks

The objective of concealed data aggregation is to achieve the privacy preservation at intermediate nodes while supporting in-network data aggregation. The need for privacy preservation at intermediate nodes and the need for data aggregation at intermediate nodes can be simultaneously realized using privacy homomorphism. Privacy homomorphism processes the encrypted data without decrypting them at intermediate nodes. However, privacy homomorphism is inherently malleable. Although malicious adversaries cannot view transmitted sensor readings, they can manipulate them. Hence, it is a formidable challenge to realize conflicting requirements, such as end-to-end privacy and end-to-end integrity, while performing en route aggregation. In this paper, we propose a malleability resilient concealed data aggregation protocol for protecting the network against active and passive adversaries. In addition, the proposed protocol protects the network against insider and outsider adversaries. The proposed protocol simultaneously realizes the conflicting objectives like privacy at intermediate nodes, end-to-end integrity, replay protection, and en route aggregation. As per our knowledge, the proposed solution is the first that achieves end-to-end security and en route aggregation of reverse multicast traffic in the presence of insider, as well as outsider adversaries.

Formal analysis of privacy in Direct Anonymous Attestation schemes

This article introduces a definition of privacy for Direct Anonymous Attestation schemes. The definition is expressed as an equivalence property which is suited to automated reasoning using Blanchet's ProVerif. The practicality of the definition is demonstrated by analysing the RSA-based Direct Anonymous Attestation protocol by Brickell, Camenisch & Chen. The analysis discovers a vulnerability in the RSA-based scheme which can be exploited by a passive adversary and, under weaker assumptions, corrupt issuers and verifiers. A security fix is identified and the revised protocol is shown to satisfy our definition of privacy.

Design of Two-Party Authenticated Key Agreement Protocol Based on ECC and Self-Certified Public Keys

A two-party authenticated key agreement (2PAKA) protocol based on Elliptic curve cryptography (ECC) and the self-certified public key (SC-PKC) of the user is proposed in this paper. Although several ECC-based 2PAKA protocols using either public key infrastructure (PKI) or Identity-based cryptosystem (IBC) have been proposed recently, they suffer from certain limitations. For instance, the former requires heavy computation and management of public key certificate (PKC) and the latter induces a private key escrow problem as the private key is generated by a trusted third party, called private key generator (PKG). Also the man-in-the-middle attack may occur from a malicious PKG and the resilience against such an attack for an authenticated key agreement protocol is needed. In this paper, we proposed the design of a 2PAKA protocol using ECC and SC-PKC that removes all the limitations as mentioned above. In SC-PKC, a trusted third party, called system authority (SA) generates the public key of a user based on user identity signed by SA and user generated signature based on the private key of the user. The proposed scheme is provably secure in the random oracle model under the Computational Diffie---Hellman assumption. Also the formal security validation of our scheme using Automated Validation of Internet Security Protocols and Applications software is done and simulation results prove that it is safe against both the active and passive adversaries. In addition, our protocol is computationally efficient and may be considered as an alternative of the PKI- or IBC-based 2PAKA protocol.

Probabilistic receiver-location privacy protection in wireless sensor networks

Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.

Collusion-Tolerable Privacy-Preserving Sum and Product Calculation without Secure Channel

Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We first propose several protocols that successfully guarantee data privacy under semi-honest model, and then present advanced protocols which tolerate up to k passive adversaries who do not try to tamper the computation. Under this weak assumption, we limit both the communication and computation complexity of each participant to a small constant. At the end, we present applications which solve several interesting problems via our protocols.

A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor

In this paper, we devise a new and efficient biometric-based password authentication scheme (BIO-PWA) for the client-server environment. Our scheme uses the elliptic curve cryptography (ECC) along with the fuzzy extractor. Through the rigorous security analysis, we show that our scheme is secure against various known attacks. We further show that our scheme is secure in the generic group model through the formal security analysis. In addition, the formal security verification of our scheme using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool is performed against active and passive adversaries and the simulation results clearly demonstrate that our scheme is secure against active and passive attacks, including the replay and man-in-the-middle attacks. Finally, we show that our scheme is also efficient in computation against the existing related ECC-based authentication schemes for the client-server environment.

A new method for ensuring anonymity and security in network coding

We propose a method for providing anonymity and security of data transmission in networks with network coding with multiple sources and receivers. An external passive adversary is assumed to be present in the network. It is required to organize message transmission in such a manner that the adversary cannot trace a message route. The proposed method is a modification of a secure transmission scheme based on coset coding. We show that using an additional operation at relaying nodes enables to remove statistical dependence between incoming and outgoing messages of the relaying nodes. This makes tracing message routes impossible. An overlay network between a source and a receiver must be constructed due to restrictions on routes between the source and receiver: the minimum cut between two successive nodes must be not less than the number of packets in the encoded source message.

A Formally Verified Mutual Authentication Protocol for Low-Cost RFID Tags

In this paper, we propose a lightweight mutual authentication protocol for low-cost Radio Frequency IDentification (RFID) tags. Although RFID systems promise a fruitful future, security and privacy concerns have affected the proliferation of the RFID technology. The proposed protocol aims to protect RFID tags against a wide variety of attacks and especially Denial of Service (DoS) attacks. We found that the majority of the proposed protocols failed to resist this kind of attack. To analyse our proposed protocol, we provide an informal analysis. In addition, we formally analyse the security of the proposed protocol via using automated formal verification tools such as CasperFDR and AVISPA. We also employed an up-to-date privacy model to evaluate the privacy of the RFID protocol. The results show that the proposed protocol achieves tag’s data secrecy, privacy and authentication under the presence of a passive adversary.

Study on Commitment Schemes of Secure Multi-party Computation

The problem of secure multi-party computation(SMPC) is one of the most fundamental problems in information security. First, we introduce the basic concept of SMPC and four SMPC basic agreement: key distribution,oblivious transfer, bit commitment and zero knowledge proof. Secondly, we separately illustrate commitment schemes commitment transfer protocol, commitment sharing protocol and commitment multiplication protocol. Finally, we present unconditionally secure multi-party computation with a passive adversary, an active adversary, general adversary structures.

A distributed secret share update scheme with public verifiability for ad hoc network

AbstractIn this paper, a distributed secret share update scheme with public verifiability for ad hoc network is proposed, in which the system secret key is collaboratively generated by k nodes or more, instead of by a centralized key generation center. To prevent a passive adversary from collecting other nodes' shares to compromise the system key over a long period, each node can periodically refresh its share without changing the system key. At the same time, to resist an active adversary to forge partial share and even to solve the accusation problem, any one can publicly verify the correctness of partial shares submitted by other nodes in the share update phase. To achieve our goals, we explore the technique of verifiable encryption with additive homomorphism and that of threshold cryptography. The analysis shows that the proposed scheme is more secure and efficient than the previous schemes for ad hoc networks. Copyright © 2014 John Wiley & Sons, Ltd.

A New Scalable RFID Delegation Protocol

The radio frequency identification (RFID) protocols are vulnerable to va rious attacks from an active or passive adversary. We shed light upon some existing security flaws in these delegation protocols . It is useful to mitigate many security weaknesses in such delegation protocols to promote the acceptance of RFID tags. We propose that a scalable RFID delegation protocol will be against traceability attacks with a stateful variant so that it provides the claimed secu rity requirements. Compared with the previous schemes, we emphasize three critical distinctions in our protocol. First, the reader an d the tag decrease one bitwise XOR of the message and reduce the computational complexity. Second, a solution to reducing the maximum search complexity can be that add two different flags to the tags responses in order to distinguish delegation request from delegation update. Third, the number of exchanged flows during different cases of our revision is same. Finally, the proposed s cheme achieves scalability and untraceability property without leading to a security collision.

On the security of a simple three-party key exchange protocol without server's public keys.

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.