Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Rakesh Mohanty,Niharjyoti Sarangi,Sukant kumar Bishi

DOI: https://doi.org/10.48550/arXiv.1003.5787

2010-03-30

Abstract:Cryptographic hash functions for calculating the message digest of a message has been in practical use as an effective measure to maintain message integrity since a few decades. This message digest is unique, irreversible and avoids all types of collisions for any given input string. The message digest calculated from this algorithm is propagated in the communication medium along with the original message from the sender side and on the receiver side integrity of the message can be verified by recalculating the message digest of the received message and comparing the two digest values. In this paper we have designed and developed a new algorithm for calculating the message digest of any message and implemented t using a high level programming language. An experimental analysis and comparison with the existing MD5 hashing algorithm, which is predominantly being used as a cryptographic hashing tool, shows this algorithm to provide more randomness and greater strength from intrusion attacks. In this algorithm the plaintext message string is converted into binary string and fragmented into blocks of 128 bits after being padded with user defined padding bits. Then using a pseudo random number generator a key is generated for each block and operated with the respective block by a bitwise operator. This process is terated for the whole message and finally a fixed length message digest is obtained.

Cryptography and Security

Harshvardhan Tiwari,Dr. Krishna Asawa

DOI: https://doi.org/10.48550/arXiv.1003.1492

2010-03-08

Abstract:Cryptographic hash functions play a central role in cryptography. Hash functions were introduced in cryptology to provide message integrity and authentication. MD5, SHA1 and RIPEMD are among the most commonly used message digest algorithm. Recently proposed attacks on well known and widely used hash functions motivate a design of new stronger hash function. In this paper a new approach is presented that produces 192 bit message digest and uses a modified message expansion mechanism which generates more bit difference in each working variable to make the algorithm more secure. This hash function is collision resistant and assures a good compression and preimage resistance.

Cryptography and Security

Maamar Hamadouche,Zebbiche Khalil,Hanane TEBBI,Mohamed GUERROUMI,Youcef ZAFOUNE

DOI: https://doi.org/10.1007/s11042-023-15300-5

IF: 2.577

2023-06-13

Multimedia Tools and Applications

Abstract:Perceptual image hashing has mainly been used in the literature to authenticate images or to identify similar contents for image copy detection. In this work, we investigate the introduction of perceptual image hashing to protect biometric systems against digital replay attacks, and we propose a novel Replay Attack Detection (RAD) scheme that guarantees the authenticity of the received biometric image on the one hand, and identifies if it has been resubmitted on the other hand. The proposed scheme has the advantages of operating in an uncontrolled environment and does not need the cooperation of end users. It relies on the Challenge/Response principle and combines perceptual image hashing and data hiding techniques. Additionally, a new perceptual image hashing system that performs both content authentication and identification is proposed for fingerprint images. It is based on a shift-invariant calibration signal technique that uses the Discrete Cosine Transform (DCT) and Discrete Sine Transform (DST) of the Differential Block Luminance Mean (DBLM) features to compute the hash sequence. The performance of the proposed system has been evaluated through intensive experiments with real fingerprint images, and the obtained results have shown that the proposed system can provide high performance in terms of authentication and identification. Furthermore, the proposed system outperformed related state-of-the-art image hashing techniques.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

HM Sun,BC Chen,HT Yeh

DOI: https://doi.org/10.1016/j.jcss.2003.10.003

IF: 1.043

2004-01-01

Journal of Computer and System Sciences

Abstract:To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp we can neither trust signed documents when the signer's signature key, was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that he has accidentally lost his signature key. Based on relative temporal authentication, several linking schemes for digital time-stamping have been proposed to solve this problem. However, these schemes suffer from the forward forgery which is an attempt to stamp a present time-stamp on a past document by an unauthorized one. In addition, the verification cost in these schemes is too high because it is dependent upon the number of the issued time-stamps. In this paper, we propose four time-stamped signature schemes that are based on absolute temporal authentication. These proposed schemes are very efficient in verifying the validity of time-stamped signatures and are quite secure against the forward forgery. It is natural that the time-stamped signature schemes based on absolute temporal authentication suffer from the weakness when the signer colludes with the Time-Stamping Service. To combat the collusion problem, time-stamped signature schemes with hybrid temporal authentication are therefore proposed.

P Thanalakshmi,R Anitha,N Anbazhagan,Woong Cho,Gyanendra Prasad Joshi,Eunmok Yang

DOI: https://doi.org/10.3390/s21248417

2021-12-16

Abstract:As a standard digital signature may be verified by anybody, it is unsuitable for personal or economically sensitive applications. The chameleon signature system was presented by Krawczyk and Rabin as a solution to this problem. It is based on a hash then sign model. The chameleon hash function enables the trapdoor information holder to compute a message digest collision. The holder of a chameleon signature is the recipient of a chameleon signature. He could compute collision on the hash value using the trapdoor information. This keeps the recipient from disclosing his conviction to a third party and ensures the privacy of the signature. The majority of the extant chameleon signature methods are built on the computationally infeasible number theory problems, like integer factorization and discrete log. Unfortunately, the construction of quantum computers would be rendered insecure to those schemes. This creates a solid requirement for construct chameleon signatures for the quantum world. Hence, this paper proposes a novel quantum secure chameleon signature scheme based on hash functions. As a hash-based cryptosystem is an essential candidate of a post-quantum cryptosystem, the proposed hash-based chameleon signature scheme would be a promising alternative to the number of theoretic-based methods. Furthermore, the proposed method is key exposure-free and satisfies the security requirements such as semantic security, non-transferability, and unforgeability.

Guo‐Cai Wang

2010-01-01

Abstract:Hash chains are widely used for entity authentication or data-origin authentication in the field of information safety.However,finite length of a Hash chain limits its implementation.A two-way authentication signature scheme based on self-updating Hash chains is proposed.To avoid the computing complexity of the traditional public key algorithm,the scheme adopts Hash function to perform the authentication signature and significantly improves the speed of execution.The scheme achieves the automatic and smooth self-updating of Hash chain during the authentication process,and realizes the purpose of infinite utilization.In combination with the two-way authentication mechanism,the scheme can effectively resist the attack of replay and go-between,and enhance the security of the scheme.

Gautham SekarMabin JosephR. BalasubramanianGautham Sekar is the PGDM Chair at the Madras School of Economics,India,and a Director of Madras Fintech Services Pvt. Ltd,India. He holds a PhD from KU Leuven in the area of cryptology. His interests include information security,data science and financial technology.Mabin Joseph is working as a Scientist at Indira Gandhi Centre for Atomic Research,Tamil Nadu,India. He completed his Ph.D. from the Homi Bhabha National Institute,India. His research interests are in cryptology,network security and data analytics.R. Balasubramanian is a Retired Professor and former Director of the Institute of Mathematical Sciences,Chennai,India. He obtained his Ph.D. in Mathematics from the University of Bombay. His interests include number theory and cryptology. He is the recipient of several national and international accolades including the Padma Shri by the Government of India and the Chevalier de l'Ordre National du Merite by the Government of France.

DOI: https://doi.org/10.1080/01611194.2024.2328548

2024-04-16

Cryptologia

Abstract:Streebog is a family of hash functions defined in the Russian cryptographic standard GOST R 34.11–2012. HMAC-Streebog, which is defined in RFC 7836, is a Streebog-based message authentication code. It supports keys of size ranging from 256 bits to 512 bits. In this article, we present fault-assisted side channel attacks on HMAC-Streebog-256 and HMAC-Streebog-512 that can recover the keys in real-time with 212.98 and 214.97 average number of fault injections, respectively, to ensure 95% success. The attacker is assumed to be able to simultaneously flip at the most 181 chosen bits of the inner hash if it is a 256–bit variant and 361 chosen bits of the hash otherwise. In comparison to existing fault attacks on HMAC-Streebog, our attacks have a larger temporal window for fault injection, target a more accessible location, and cannot be mitigated with output redundancy countermeasures. Some of the latest hardware vulnerabilities make the HMAC-Streebog implementations vulnerable to our attacks.

mathematics, applied,computer science, theory & methods,history & philosophy of science

Ke Xu,Xiaowei Ma,Chunyu Liu

DOI: https://doi.org/10.1109/icc.2008.292

2008-01-01

Abstract:Being one of the leading signaling protocols of VoIP applications, SIP protocol becomes popular in IP-based multimedia services, and securing SIP has become a priority. In this paper, we develop a novel authentication scheme which relies only on one way hash functions. In contrast to the computationally expensive asymmetric RSA signature scheme, our scheme is efficient in signing and verifying procedures. And hash tree is exploited to store and verify key information. Our scheme can be used in SIP entities which have less computation power and limited memory.

Tanguy Gernot,Christophe Rosenberger

DOI: https://doi.org/10.1016/j.cose.2023.103586

IF: 5.105

2024-02-01

Computers & Security

Abstract:User authentication is an important issue on the Internet and usually solved through static and often unique passwords. Another method is to use biometrics, but biometric data are sensitive and need to be protected. Protection schemes such as cancelable biometric template generation have appeared, but they are sensitive to replay attacks. In this paper, we propose an original method to generate one-time biometric templates for user authentication applications. This proposed scheme limits replay attacks, consisting of an attacker maliciously retransmitting an intercepted user's identity proof. Our method is generic: any biometric modality could be used, the identity verification is realized by the service/identity provider to be realistic. Biometric features are extracted from captures using deep learning and then protected with biohashing, a cancelable biometric scheme. Finally, a step consisting of cryptographic hashing and symmetric encryption guarantees the generation of a one-time, non-replayable template. We have tested our scheme on two common biometric databases, from faces and fingerprints, and the results confirm its efficiency and robustness to attacks given a rigorous threat model.

computer science, information systems

Ye Yuan,Kai-ge Qu,Li-ji Wu,Jia-wei Ma,Xiang-min Zhang

DOI: https://doi.org/10.1631/fitee.1800312

IF: 2.526

2019-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Hash-based message authentication code (HMAC) is widely used in authentication and message integrity. As a Chinese hash algorithm, the SM3 algorithm is gradually winning domestic market value in China. The side channel security of HMAC based on SM3 (HMAC-SM3) is still to be evaluated, especially in hardware implementation, where only intermediate values stored in registers have apparent Hamming distance leakage. In addition, the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis. In this paper, a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation. Real attack experiments on a field programmable gate array (FPGA) board have been performed. Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.

Shenghui Su,Tao Xie,Shuwang Lu

DOI: https://doi.org/10.48550/arXiv.1408.5999

2017-04-30

Abstract:To examine the integrity and authenticity of an IP address efficiently and economically, this paper proposes a new non-Merkle-Damgard structural (non-MDS) hash function called JUNA that is based on a multivariate permutation problem and an anomalous subset product problem to which no subexponential time solutions are found so far. JUNA includes an initialization algorithm and a compression algorithm, and converts a short message of n bits which is regarded as only one block into a digest of m bits, where 80 <= m <= 232 and 80 <= m <= n <= 4096. The analysis and proof show that the new hash is one-way, weakly collision-free, and strongly collision-free, and its security against existent attacks such as birthday attack and meet-in-the- middle attack is to O(2 ^ m). Moreover, a detailed proof that the new hash function is resistant to the birthday attack is given. Compared with the Chaum-Heijst-Pfitzmann hash based on a discrete logarithm problem, the new hash is lightweight, and thus it opens a door to convenience for utilization of lightweight digital signing schemes.

Cryptography and Security

Tao Chen,Lei Wang,Xiaoqiang Ren,Zhitao Liu,Hongye Su

DOI: https://doi.org/10.1109/cdc49753.2023.10383555

2023-01-01

Abstract:In cyber-physical systems, replay attacks are a type of deception attacks that involve replaying previously recorded sensor data while injecting attack signals into the physical plant. The replay attacks are difficult to detect because the data being replayed is normal. To detect replay attacks, authentication signals are commonly used. However, injecting authentication signals may affect the performance of system states that are sensitive to noise or disturbance. To address this issue, the effect of authentication signals on sensitive states is measured in the sense of mean square error, and conditions that the authentication signal has a limited effect or even no effect on sensitive states are presented. Combining these conditions, optimization problems are constructed to design the authentication signal. Finally, the proposed method is validated through simulation results.

He Li,Vireshwar Kumar,Jung-Min Park,Yaling Yang

DOI: https://doi.org/10.48550/arXiv.2001.05211

2020-10-15

Abstract:In resource-constrained IoT networks, the use of conventional message authentication codes (MACs) to provide message authentication and integrity is not possible due to the large size of the MAC output. A straightforward yet naive solution to this problem is to employ a truncated MAC which undesirably sacrifices cryptographic strength in exchange for reduced communication overhead. In this paper, we address this problem by proposing a novel approach for message authentication called \textit{Cumulative Message Authentication Code} (CuMAC), which consists of two distinctive procedures: \textit{aggregation} and \textit{accumulation}. In aggregation, a sender generates compact authentication tags from segments of multiple MACs by using a systematic encoding procedure. In accumulation, a receiver accumulates the cryptographic strength of the underlying MAC by collecting and verifying the authentication tags. Embodied with these two procedures, CuMAC enables the receiver to achieve an advantageous trade-off between the cryptographic strength and the latency in processing of the authentication tags. Furthermore, for some latency-sensitive messages where this trade-off may be unacceptable, we propose a variant of CuMAC that we refer to as \textit{CuMAC with Speculation} (CuMAC/S). In addition to the aggregation and accumulation procedures, CuMAC/S enables the sender and receiver to employ a speculation procedure for predicting future message values and pre-computing the corresponding MAC segments. For the messages which can be reliably speculated, CuMAC/S significantly reduces the MAC verification latency without compromising the cryptographic strength. We have carried out comprehensive evaluation of CuMAC and CuMAC/S through simulation and a prototype implementation on a real car.

Cryptography and Security

Junhui Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2017.8126543

2017-01-01

Abstract:The Keyed-Hash Message Authentication Codes(HMAC) is a useful mechanism for message authentication. In this paper, a high-performance HMAC/SHA-3 processor which can generate HMAC message digest and hash message digest is presented. Not only the standard length (224,256,384,512) of the message digest can be generated, but also a length of 64-bit message digest. Due to the application of new generation Hash function, the performance, in term of area and throughput, achieve a greatly improvement.

Yanan Sun,Xiaohong Guan,Ting Liu,Yu Qu

DOI: https://doi.org/10.1109/trustcom.2012.80

2012-01-01

Abstract:In the identity authentication, many advanced encryption techniques are applied to confirm and protect the user identity. Although the identity information is transmitted as cipher text in the Internet, the attackers can theft and fraud the identity by eavesdropping, cryptanalysis and forging. In this paper, a new identity authentication mechanism is proposed, which exploits the Timing Covert Channel (TCC) to transmit the identity information. TCC was originally a hacker technique to leak information under supervising, which uses the sending time of packets to indicate the information. In our method, the intervals between packets are applied to indicate the authentication tags. It is difficult for the attackers to eavesdrop, crack and forge the TCC identity, since the packets are too huge to analyze and the noise is different between the users and the attackers. A platform is designed to verify our proposed method. The experiment shows that the intervals and the thresholds are the key factors on the accuracy and efficiency. And it also proves our method is a secure way for identity information, which could be implanted on various network applications.

Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Vivek Nair,Dawn Song

DOI: https://doi.org/10.1109/EuroSP57164.2023.00013

2023-06-14

Abstract:Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10^6 to 10^48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact.

Cryptography and Security

Ahmed Qasim Abd Alhasan,Mohd Foad Rohani,Mohammed Sabri Abu-Ali

DOI: https://doi.org/10.1109/access.2024.3386100

IF: 3.9

2024-04-16

IEEE Access

Abstract:The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so that the back-end server updates the secret keys while the RFID tag does not. The replay attack can send the last messages by continuing to render the back-end server and RFID tags unauthorized. The major problem faced by existing protocols, when using high cryptographic operations on low-cost RFID tags, requires more memory, and computational power makes them unusable for these types of tags. In addition, there are weaknesses in the design of the existing protocols that lead to the emergence of desynchronization, secret disclosure, and replay attacks. Therefore, this paper proposes the design and development of an ultra-lightweight mutual authentication protocol that overcomes the weaknesses in earlier protocols and builds by implementing the rotation operator, mechanism of the secret keys, T-function, and timestamp technique. The informal and formal analysis results using security protocol verification official tools (Scythe and AVISPA) show that the proposed protocol has the ability to prevent attacks, especially replay attacks. Experimental analyses of our protocol to measure the performance shows that the proposed protocol involves a lower overhead than previous protocols. The total execution time in milliseconds of the processes of the proposed protocol with the existing protocols is 0.031ms, and it achieves an average of 78.51% over other protocols. In addition, this paper provides a comparison with the most recent protocols on performance, privacy and security requirements. Our proposed protocol storage space requirement is lowest than the existing protocols, the cryptographic requirement is ultra-lightweight and efficient and shows that the communication messages for authentication in our protocol are lowest than existing protocols and our protocol fulfills the privacy and security requirements.

computer science, information systems,telecommunications,engineering, electrical & electronic