Substitution Attack Research Articles

On the security of the Courtois-Finiasz-Sendrier signature

Abstract We prove that a variant of the Courtois-Finiasz-Sendrier signature is strongly existentially unforgeable under chosen message attack in the random oracle model, assuming hardness of the Permuted Goppa Syndrome Decoding Problem (also known as the Niederreiter problem). In addition, we explicitly show that security against key substitution attacks can be arranged by a standard technique of Menezes and Smart, hashing the public key.

New constructions of systematic authentication codes from three classes of cyclic codes

Recently, several classes of cyclic codes with three nonzero weights were constructed. With the generic construction presented by C. Ding, T. Helleseth, T. Klove and X. Wang, we present new systematic authentication codes based on these cyclic codes. In this paper, we study three special classes of cyclic codes and their authentication codes. With the help of exponential sums, we calculate the maximum success probabilities of the impersonation and substitution attacks on the authentication codes. Our results show that these new authentication codes are better than some of the authentication codes in the literature. As a byproduct, the number of times that each element occurs as the coordinates in the codewords of the cyclic codes is settled, which is a difficult problem in general.

Generalized Key Substitution Attacks on Message Recovery Signatures

Abstract The generalized key substitution attacks were proposed as a generalization of the key substitution attacks to examine the security of the signature schemes adopted in ISO/IEC (1st CD) 14888-3, which standardizes appendix- -type signature schemes based on the discrete logarithm problem. This paper examines the message recovery signature schemes based on the discrete logarithm problem, adopted in ISO/IEC 9796-3:2006, and shows that all but one scheme are vulnerable to the generalized key substitution attacks.

New Security Concurrent Signature Design

The rapid growth of the Internet has accelerated e-commerce application development. Numerous problems involving Internet trade transaction security remain. Therefore, security and transaction fairness establishment in e-commerce applications is a crucial research topic. A fair exchange protocol enables users to securely obtain information from each other. This has become a widely applied research topic in e-commerce. A concurrent signature eliminates the need for a trusted third party (TTP) or substantial mutual communication between two parties, to provide fair exchange protocol with e-commerce ideas. The concurrent signature concept was proposed by Chen et al. in 2004 EUROCRYPT. Some researchers improved the concurrent signature susceptibility to the message substitution attack defect, but there are still identify authentication and information exchange procedure security issues. This paper proposes a concurrent signature scheme based on elliptic curve cryptography (ECC) that uses the same security strength shorter key length, reduces public storage costs and the calculation and management risks. We strengthen the identity authentication mechanisms to prevent the counterfeiting identity attacks and provide a more confidential protocol through a self-certified mechanism.

A speech content authentication algorithm based on a novel watermarking method

Some audio watermark schemes robust against desynchronization attacks are based on synchronization code embedded by quantifying signal energy, which have some shortcomings. Such as, (1) they do not verify the authenticity of watermarked signal detected. (2) They are vulnerable to substitution attack. To address the shortcomings and considering the background, a speech content authentication algorithm is proposed in this paper. Firstly, the original speech signal is framed, and each frame is cut into some segments. Secondly, samples of the segments are scrambled, and self-correlation of the scrambled signal is calculated. Lastly, watermark bit generated by frame number is embedded by quantifying the self-correlation. If watermarked signal is attacked, the attacked frames can be detected according to the frame number extracted. Theoretical analysis and experiments demonstrate that the scheme is robust against desynchronization attacks, improves the security, and has a good performance in ability of tampering location.

On the Basic Limits of RF-Fingerprint-Based Authentication

RF fingerprinting exploits the variations in the RF chain of radios to uniquely identify transmitters, and distinguish adversarial transmissions from the transmissions of legitimate nodes. We provide a systematic approach rooted from the information theory to evaluate the basic performance limits of RF fingerprinting. We develop a novel channel model for RF fingerprinting, where the imperfections in the RF chain are modeled as a fingerprint channel, cascaded to the actual physical channel. We address the authentication problem in the presence of an adversary, where both the legitimate transmitter and the adversary are equipped with unique fingerprint channels, in addition to a possible secret key available at the legitimate nodes. We provide bounds for the error exponents for reliable communication of the legitimate nodes, and the success exponent for impersonation and substitution attacks of the adversary, as a function of certain parameters based on their RF-fingerprints, and the shared key rate. We illustrate that keyless authentication is possible via RF fingerprints when the legitimate channel is not simulatable. We also show that the probability of these attacks can be reduced significantly by employing additional dedicated authenticated nodes.

Chaff point generation mechanism for improving fuzzy vault security

A combination of cryptographic and biometric systems, by performing specific binding technique on cryptographic key and biometric template, the fuzzy vault framework enhances the security level of current biometric cryptographic systems in terms of hiding secret key and protecting the template. Although the original scheme suggests the use of error-correction techniques (e.g. the Reed–Solomon code) to reconstruct the original polynomial, recent implementations do not share the same point of view. Instead, cyclic redundant code (CRC) is applied to identify the genuine polynomial from a set of candidates due to its simplicity. Within the scope of this study, the authors address a significant flaw of current CRC-based fuzzy vault schemes, which allows the potential of successful blend substitution attack. To overcome this problem, an integration of two novel modules into general fuzzy vault scheme, namely chaff point generator and verifier, is proposed. The new modules are designed to be integrated easily into the existing systems as well as simple to enhance. The proposed scheme can detect any modification in vault and, as a result, eliminate the blend substitution attack to improve general security. Moreover, the experimental results of this study with real-world datasets show an increase in genuine acceptance rates.

A Secure Speech Content Authentication Algorithm Based on Discrete Fractional Fourier Transform

Watermark schemes content-based provide one way to solve the veracity and integrity of speech content. Some existed content-based schemes are vulnerable to feature-analysed substitution attack. Aiming to solve the problems, a secure speech content authentication algorithm is proposed, on the basic of the undeterminate angle of discrete fractional fourier transform. In the paper, the definition and calculation of discrete fractional fourier transform are given. And the watermark generation method based on discrete fractional fourier transform is analyzed. Frame number and watermark bits are embedded into hybrid domain of scrambled signals. Compared with the existed watermark schemes, the features for watermark generation and embedding are secret, which improves the security of watermark system. Theoretical analysis and experimental evaluation results show that the proposed algorithm is inaudible, robust to desynchronous attacks and has the excellent ability of tamper detection and tamper location.

Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited

Abstract Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our key observation is that, in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. Based on this observation, we provide a security analysis of Fehr et al.’s scheme, showing that its NC-CCA security proof is flawed. We also point out that the scheme of Fehr et al. encrypting a single-bit plaintext can be refined to achieve NC-CCA security, free of the cross-authentication code. Furthermore, we propose the notion of “strong cross-authentication code”, apply it to Fehr et al.’s scheme, and show that the new version of the latter achieves NC-CCA security for multi-bit plaintexts.

Message Authentication over Noisy Channels

The essence of authentication is the transmission of unique and irreproducible information. In this paper, the authentication becomes a problem of the secure transmission of the secret key over noisy channels. A general analysis and design framework for message authentication is presented based on the results of Wyner’s wiretap channel. Impersonation and substitution attacks are primarily investigated. Information-theoretic lower and upper bounds on the opponent’s success probability are derived, and the lower bound and the upper bound are shown to match. In general, the fundamental limits on message authentication over noisy channels are fully characterized. Analysis results demonstrate that introducing noisy channels is a reliable way to enhance the security of authentication.

基于身份的跨域直接匿名认证机制

In view of the shortcomings of high computational overhead and failure in cross-domain anonymous authentication existed in TCG DAA program, this paper proposes a cross-domain direct anonymous attestation scheme based on identity, in which the proxy signature and direct anonymous attestation technology are employed for the trusted mobile platform (TMP) in mobile Internet. On the base of the legitimacy of the DAA signature, the verifier of remote domain identifies the authenticity of TMP, during which the remote attestation system is security-enhanced by a key agreement. Analyzed in Canetti-Krawczyk (CK) model, this authentication scheme is anonymous, unrelated and high-performance. We demonstrate that it can resist masquerade attacks, reply attacks and platform substitution attacks. It is effective and more suitable for the mobile Internet and other wireless networks.

Cyber–Physical Device Authentication for the Smart Grid Electric Vehicle Ecosystem

Entity authentication and related key management is an active research topic in smart grid security. However, existing works seem to have overlooked the significance that the smart grid is a cyber-physical system, which entails more considerations in the integration of its cyber and physical domains. Ignoring this could possibly undermine security since the effects of cyber authorization in the smart grid are usually extended into the physical domain. The substitution attack, a kind of the man-in-the-middle attack, has been demonstrated using this gap. This paper proposes a two-factor cyber-physical device authentication protocol to defend against coordinated cyber-physical attacks in the smart grid. The idea is to combine a novel contextual factor based on physical connectivity in the power grid with the conventional authentication factor in the challenge-response protocol, widely used in cybersecurity. The resulting protocol provides assurance on not only the digital identity of a device but also the device's controllability in the physical domain. While the design is for the electric vehicle ecosystem, the framework could be readily extended to other smart grid subsystems.

A CONSTRUCTION OF CARTESIAN AUTHENTICATION CODE FROM SINGULAR SYMPLECTIC SPACES OVER A FINITE FIELD

In this paper, we construct a Cartesian authentication code from subspaces of singular symplectic space [Formula: see text] and compute its parameters. Assuming that the encoding rules of the transmitter and the receiver are chosen according to a uniform probability distribution, the probabilities of successful impersonation attack and substitution attack are also computed.

Security Analysis and the Improvement of Multi-Proxy Multi-Signature Scheme

Many original signers can put a delegation of powers to many proxy signers, it is a representation of all the original signers to generate a plurality of proxy signers in the multi-proxy multi-signature scheme. It is analyzed to the existing multi-proxy multi-signature schemes in this paper , the verification equation is improved. A new secure and efficient scheme is proposed. The security analysis shows that the verification equations of the new scheme is more safe. The new scheme can resist the public-key substitution attack, can resist the coalition attack.

On the relationships between perfect nonlinear functions and universal hash families

In this paper, the relationships between perfect nonlinear (in brief, PN) functions and optimal universal hash families are discussed. We point out the equivalence of constructions between them, i.e., from PN functions, one can obtain optimal universal hash families and vice versa. As an application of our construction, a message authentication code is proposed, which provides better resistance to substitution attack than a known construction given by Carlet et al. in 2006. More generally, the connections between functions with given differential uniformity and some universal hash families are studied.

Construction of Multi-receiver Multi-fold Authentication Codes from Singular Symplectic Geometry over Finite Fields

As an extension of the basic model of MRA-codes, multi-receiver multi-fold authentication codes can use a single key distribution phase for multiple message transmission. A multi-receiver multi-fold authentication code is constructed from the singular symplectic geometry over finite fields in this paper. The parameters and probabilities of success in impersonation and substitution attacks by malicious groups of receivers of this code are computed.

Two constructions of optimal cartesian authentication codes from unitary geometry over finite fields

Two constructions of cartesian authentication codes from unitary geometry are given in this paper. Their size parameters and their probabilities of successful impersonation attack and successful substitution attack are computed. They are optimal under some cases.

Equivalent public keys and a key substitution attack on the schemes from vector decomposition

ABSTRACTThe vector decomposition problem has been considered as a hard problem, which is applicable to cryptography. Okamoto and Takashima proposed various types of public key cryptographic schemes based on the VDP. In this paper, we study the cryptographic implications of Okamoto‐Takashima schemes with respect to the properties of public keys. In the public key cryptography, one public key is associated to a unique private key, and an action using the public key implicitly assumes that the corresponding private action can be done only with the corresponding private key. We formalize this security issue by introducing the notion of equivalent public keys. We show that equivalent public keys exist in the Okamoto‐Takashima basic signature scheme and the homomorphic encryption scheme. We present a strong key substitution attack to their basic signature. We suggest how to prevent equivalent public keys and strong key substitution attack in their signature scheme. We point out that there are cases with no efficient methods to prevent equivalent public keys in their encryption scheme. Copyright © 2013 John Wiley & Sons, Ltd.

Message and Key Substitution Attacks on Verifiably Encrypted Signature Schemes

Message and Key Substitution Attacks on Verifiably Encrypted Signature Schemes

Pseudo-zernike moments-based audio content authentication algorithm robust against feature-analysed substitution attack

Content-based audio content authentication algorithms provide a method to solve the veracity and integrity of audio content. On the basic of pseudo-Zernike moments, an audio content authentication algorithm robust against feature-analysed substitution attack is proposed, which is aimed at some insecure issues in the existing content-based audio content authentication schemes. Firstly, the audio signal is cut into non-overlapping frames and each frame is divided into two segments, and each segment is scrambled. Then, synchronization codes generated by pseudo random sequence and watermark bits generated by pseudo-Zernike moments are embedded in the first and second segment, respectively, which are completed by quantizing the modulus of pseudo-Zernike moments. The scrambled segments used to generate and extract watermark are unknown to attackers. So, it is difficult for attackers to get the watermark generated and extracted to perform feature-analysed substitution attack. The synchronization code and watermark embedding method proposed is inaudible and has excellent ability to tolerance against common signal processing operations. Compared with the existing audio watermark algorithms based on pseudo-Zernike moments, the algorithm increases the embedding capacity and improves the security of the watermarking system.