Navya Chodisetti

DOI: https://doi.org/10.48550/arXiv.1406.2285

2014-06-09

Cryptography and Security

Abstract:This paper presents a quantum mechanical version of the piggy-bank cryptography protocol. The basic piggybank cryptography idea is to use two communications: one with the encrypted message, and the other regarding the encryption transformation which the receiver must decipher first. In the quantum mechanical version of the protocol, the encrypting unitary transformation information is sent separately but just deciphering it is not enough to break the system. The proposed quantum protocol consists of two stages.

Adnan Memon

DOI: https://doi.org/10.48550/arXiv.1608.05097

2016-08-18

Abstract:This paper presents a new scheme to distribute secret shares using two trusted third parties to increase security and eliminate the dependency on single trusted third party. This protocol for communication between a device and two trusted third parties uses the piggy bank cryptographic paradigm. We also present a protocol to give law enforcing agencies access to sensitive information present on a cell phone or a device using secret sharing scheme. The ideas for classical systems may also be applied to quantum schemes.

Cryptography and Security

YJ Wang,JH Li,L Tie

DOI: https://doi.org/10.1002/net.20062

2005-01-01

Abstract:Deniable authentication is different from traditional authentication in that the receiver cannot prove the source of a given message to a third party. This article presents a new deniable authentication protocol, based on ElGamal cryptography. The protocol meets the two properties of deniable authentication and can withstand person-in-middle (PIM) attacks. Compared with previous schemes, it is simpler and more efficient. © 2005 Wiley Periodicals, Inc. NETWORKS, Vol. 45(4), 193–194 2005

Shai Halevi,Hugo Krawczyk

DOI: https://doi.org/10.1145/322510.322514

1999-08-01

ACM Transactions on Information and System Security

Abstract:We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password authentication protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we describe ways to enhance these protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that strongly indicates that public key techniques are unavoidable for password protocols that resist off-line guessing attacks. As a further contribution, we introduce the notion of public passwords that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Public passwords serve as "hand-held certificates" that the user can carry without the need for specal computing devices.

English Else

Soumit Chowdhury,Ritesh Mukherjee,Nabin Ghoshal

DOI: https://doi.org/10.1007/s11277-017-4066-x

IF: 2.017

2017-03-11

Wireless Personal Communications

Abstract:The work highlights a secure and trusted data transmission protocol focusing on dynamic cum multi-phase authentication scenarios suitable for defense sector applications under wireless environments. Initially the user communicates a proprietary logo image chosen dynamically and marked visibly on a selected region of the authentic digital document. Receiver identifies two secret codes against this logo and its respective region number after sensing the logo from the document. In the second phase invisible fabrication of multiple ownership digitized signature shares on the document is governed by the generated secret data which dynamically decides the bit fabrication sequences, locations of fabrications and the proper ordering of the fabricated shares. This data is actually produced through the separate encryption of the user secret key with those tracked hidden codes and the underneath code of the acknowledgment message at the client side. Similarly the same data casting places and the exact share orientations are dynamically computed by the receiver using all those unexposed information for detecting the fabricated shares from the authenticated document. Finally the copyright signatures are constructed by merging those detected shares with their respective private shares only by the receiver. Random threshold reference point based distinctly separate bit coding policy on each transformed coefficients of the sub image block pixel bytes ensuring high security and robustness against attacks under wireless platform. Significantly the experimental results have fully confirmed the strong excellence and superiority of this scheme over existing approaches in various aspects with better handling of authentication, confidentiality, and non-repudiation issues.

telecommunications

Fagen Li,Jiaojiao Hong,Anyembe Andrew Omala

DOI: https://doi.org/10.1007/s11276-016-1317-9

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Pervasive computing environments allow users to get services anytime and anywhere. Security has become a great challenge in pervasive computing environments because of its heterogeneity, openness, mobility and dynamicity. In this paper, we propose two heterogeneous deniable authentication protocols for pervasive computing environments using bilinear pairings. The first protocol allows a sender in a public key infrastructure (PKI) environment to send a message to a receiver in an identity-based cryptography (IBC) environment. The second protocol allows a sender in the IBC environment to send a message to a receiver in the PKI environment. Our protocols admits formal security proof in the random oracle model under the bilinear Diffie–Hellman assumption. In addition, our protocols support batch verification that can speed up the verification of authenticators. The characteristic makes our protocols useful in pervasive computing environments.

Suyun Borjigin

2024-05-31

Abstract:Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is useless. If unauthorized inputs are invalidated, remote attacks can be disabled. Thus, credential secrets and account input fields can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks. Thus, the usability-security tradeoff and password reuse issues are resolved; local authentication password storage is no longer necessary. More importantly, the password converter acts as an open hashing algorithm, meaning that its intermediate elements can be used to define a truly unique identity for the login process to implement a novel dual-identity authentication scheme. In particular, the system-managed elements are concealed, inaccessible, and independent of any personal information and therefore can be used to define a perfect unforgeable process identifier to identify unauthorized inputs.

Cryptography and Security,Emerging Technologies,Systems and Control

Tianjie Cao,Yingying Kan

2009-01-01

Journal of Information and Computational Science

Abstract:On ICCSA 2007 and ICISS 2008, Lim et al.'s proposed two improved ID-based deniable authentication protocol from pairings to resist the key-compromise impersonation (KCI) attack. However in this paper, we show that both of Lim et al.'s protocols suffer from the KCI attack. In our attacks, when the longterm key of an entity A is compromised, the adversary may be able to masquerade not only as A but also to A as another party B. © 2009 Binary Information Press.

Muath Obaidat,Joseph Brown,Suhaib Obeidat,Majdi Rawashdeh

DOI: https://doi.org/10.3390/s20154212

2020-07-29

Abstract:A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client-server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client-server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

James M. Chappell,Lachlan J. Gunn,Derek Abbott

DOI: https://doi.org/10.1142/s201019451460355x

2014-01-01

Abstract:The idealized Kish-Sethuraman (KS) cipher is theoretically known to offer perfect security through a classical information channel. However, realization of the protocol is hitherto an open problem, as the required mathematical operators have not been identified in the previous literature. A mechanical analogy of this protocol can be seen as sending a message in a box using two padlocks; one locked by the Sender and the other locked by the Receiver, so that theoretically the message remains secure at all times. We seek a mathematical representation of this process, considering that it would be very unusual if there was a physical process with no mathematical description. We select Clifford's geometric algebra for this task as it is a natural formalism to handle rotations in spaces of various dimension. The significance of finding a mathematical description that describes the protocol, is that it is a possible step toward a physical realization having benefits in increased security with reduced complexity.

Naing Win Tun,Masahiro Mambo

DOI: https://doi.org/10.3390/s24165295

2024-08-15

Abstract:The Internet of Things faces significant security challenges, particularly in device authentication. Traditional methods of PUF-based authentication protocols do not fully address IoT's unique security needs and resource constraints. Existing solutions like Identity-Based Encryption with Physically Unclonable Functions enhance security but still struggle with protecting data during transmission. We show a new protocol that leverages PUFs for device authentication by utilizing Paillier homomorphic encryption or the plaintext equality test to enhance security. Our approach involves encrypting both the challenge-response pairs (CRPs) using Paillier homomorphic encryption scheme or ElGamal encryption for plaintext equality testing scheme. The verifier does not need access to the plaintext CRPs to ensure that sensitive data remain encrypted at all times and our approach reduces the computational load on IoT devices. The encryption ensures that neither the challenge nor the response can be deciphered by potential adversaries who obtain them during the transmission. The homomorphic property of the Paillier scheme or plaintext equality testing scheme allows a verifier to verify device authenticity without decrypting the CRPs, preserving privacy and reducing the computational load on IoT devices. Such an approach to encrypting both elements of the CRP provides resistance against CRP disclosure, machine learning attacks, and impersonation attacks. We validate the scheme through security analysis against various attacks and evaluate its performance by analyzing the computational overhead and the communication overhead. Comparison of average computational and communication time demonstrates Paillier scheme achieves approximately 99% reduction while the plaintext equality test achieves approximately 94% reduction between them.

X Deng,CH Lee,H Zhu

DOI: https://doi.org/10.1049/ip-cdt:20010207

2001-01-01

IEE Proceedings - Computers and Digital Techniques

Abstract:Two deniable authentication schemes have been developed. One is based on the intractability of the factoring problem, and the other is based on the intractability of the discrete logarithm problem. The computation cost of the first scheme is about (t+2)/2s. The second scheme requires about (2t+3)/4s of a previous scheme; s is the length of a message block and t is the cost of multiplication mod N operations. It is shown that both protocols reserve all cryptographic characterisations of the previous scheme.

Yalin Chen,Jue-Sam Chou*,Chun-Hui Huang

DOI: https://doi.org/10.48550/arXiv.1007.0060

2010-07-01

Abstract:In this paper, we analyze four authentication protocols of Bindu et al., Goriparthi et al., Wang et al. and Hölbl et al.. After investigation, we reveal several weaknesses of these schemes. First, Bindu et al.'s protocol suffers from an insider impersonation attack if a malicious user obtains a lost smart card. Second, both Goriparthi et al.'s and Wang et al.'s protocols cannot withstand a DoS attack in the password change phase, i.e. an attacker can involve the phase to make user's password never be used in subsequent authentications. Third, Hölbl et al.'s protocol is vulnerable to an insider attack since a legal but malevolent user can deduce KGC's secret key.

Cryptography and Security

R. L. Rivest,A. Shamir,L. Adleman

DOI: https://doi.org/10.1145/359340.359342

IF: 22.7

1978-02-01

Communications of the ACM

Abstract:An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .

computer science, theory & methods, software engineering, hardware & architecture

Shundong Li,Daoshun Wang,Yiqi Dai

DOI: https://doi.org/10.4236/iim.2009.13026

2009-01-01

Abstract:This paper studies how to take advantage of other's computing ability to sign a message with one's private key without disclosing the private key.A protocol to this problem is presented, and it is proven, by well known simulation paradigm, that this protocol is private.

Piotr Krasnowski,Jerome Lebrun,Bruno Martin

DOI: https://doi.org/10.5281/zenodo.6791340

2022-11-14

Abstract:Motivated by an increasing need for privacy-preserving voice communications, we investigate here the original idea of sending encrypted data and speech in the form of pseudo-speech signals in the audio domain. Being less constrained than military ``Crypto Phones'' and allowing genuine public evaluation, this approach is quite promising for public unsecured voice communication infrastructures, such as 3G cellular network and VoIP.A cornerstone of secure voice communications is the authenticated exchange of cryptographic keys with sole resource the voice channel, and neither Public Key Infrastructure (PKI) nor Certificate Authority (CA). In this paper, we detail our new robust double authentication mechanism based on signatures and Short Authentication Strings (SAS) ensuring strong authentication between the users while mitigating errors caused by unreliable voice channels and also identity protection against passive eavesdroppers. As symbolic model, our protocol has been formally proof-checked for security and fully validated by Tamarin Prover.

Cryptography and Security,Signal Processing

Joseph Kilcullen

DOI: https://doi.org/10.48550/arXiv.1512.00351

2016-10-03

Abstract:Counterfeiting of manufactured goods is presented as the theft of intellectual property, patents, copyright etc. accompanied by identity theft. The purpose of the identity theft is to facilitate the intellectual property theft. Without it the intellectual property theft would be obvious and the products would be confiscated and destroyed. Authentication solutions, to prevent identity theft, were then developed for the two categories of manufactured goods i.e. goods which can be subjected to destructive screening strategies and goods which cannot e.g. pharmaceutical drugs and currencies, respectively. The solutions developed were found to be analogous to digital signatures. Tamper proof packaging on pharmaceutical drugs is analogous to encryption because it prevents Mallory from interfering with the product. Breaking the tamper proof packaging is a one-way function. Concealed inside the packaging a one-time password, which can be used to authenticate the product over the internet. The name of the authentication website must be common knowledge, just like a public key for authenticating digital signatures. Otherwise the counterfeiters will specify their own authentication website. This solution can be altered for currencies i.e. the one-way function, equivalent to opening the tamper proof packaging, becomes the method of manufacture of the currency.

Cryptography and Security

Xiangyang Wang,Chunxiang Gu,Siqi Lu,Xi Chen

DOI: https://doi.org/10.1117/12.2628502

2022-04-22

Abstract:This paper studies the password-based strong authentication key exchange protocol in the cross-domain scenario, and gives an end-to-end highly secure C2C-PAKE protocol, in which the server shares a password with the client and also has a pair of private/public keys. In contrast, the client has the shared password and the server's public-key. Specifically, we combine the ECQV implicit certificate scheme with the ECDH key exchange protocol to give a highly secure cross-domain protocol. Considering the application of the ECQV implicit certificate scheme in the Internet of Things (IoT), we give an analysis the possibility of the proposed protocol applied in the cross-domain scenario of the IoT. Finally, based on some common attacks, we show a security analysis of our protocol, which achieves perfect forward security and resists dictionary attacks, KCI attacks, replay attacks, Insider-Assisted attacks, and so on.

Shafi Goldwasser,Silvio Micali,Andrew Chi-chih Yao

DOI: https://doi.org/10.1007/978-1-4757-0602-4_20

1982-01-01

Abstract:The design of cryptographic protocols using trapdoor and one-way functions has received considerable attention in the past few years [1–8]. More recently, attention has been paid to provide rigorous correctness proofs based on simple mathematical assumptions, for example, in coin flipping (Blum [1]), mental poker (Goldwasser and Micali [4]). It is perhaps reasonable to speculate at this time that all cryptographic protocols can eventually be designed to be provably secure under simple assumptions, such as factoring large numbers or inverting RSA functions are computationally intractable in the appropriate sense.

Marwa Mouallem,Ittay Eyal

2024-06-26

Abstract:A myriad of authentication mechanisms embody a continuous evolution from verbal passwords in ancient times to contemporary multi-factor authentication. Nevertheless, digital asset heists and numerous identity theft cases illustrate the urgent need to revisit the fundamentals of user authentication. We abstract away credential details and formalize the general, common case of asynchronous authentication, with unbounded message propagation time. Our model, which might be of independent interest, allows for eventual message delivery, while bounding execution time to maintain cryptographic guarantees. Given credentials' fault probabilities (e.g., loss or leak), we seek mechanisms with the highest success probability. We show that every mechanism is dominated by some Boolean mechanism -- defined by a monotonic Boolean function on presented credentials. We present an algorithm for finding approximately optimal mechanisms. Previous work analyzed Boolean mechanisms specifically, but used brute force, which quickly becomes prohibitively complex. We leverage the problem structure to reduce complexity by orders of magnitude. The algorithm is readily applicable to practical settings. For example, we revisit the common approach in cryptocurrency wallets that use a handful of high-quality credentials. We show that adding low-quality credentials improves security by orders of magnitude.

Cryptography and Security,Distributed, Parallel, and Cluster Computing