Ping Zhang

DOI: https://doi.org/10.3390/math12071011

IF: 2.4

2024-03-29

Mathematics

Abstract:COPA, introduced by Andreeva et al., is the first online authenticated encryption (AE) mode with nonce-misuse resistance, and it is covered in COLM, which is one of the final CAESAR portfolios. However, COPA has been proven to be insecure in the releasing unverified plaintext (RUP) setting. This paper mainly focuses on the integrity under RUP (INT-RUP) defect of COPA. Firstly, this paper revisits the INT-RUP security model for adaptive adversaries, investigates the possible factors of INT-RUP insecurity for "Encryption-Mix-Encryption"-type checksum-based AE schemes, and finds that these AE schemes with INT-RUP security vulnerabilities utilize a common poor checksum technique. Then, this paper introduces an improved checksum technique named polynomial intermediate checksum (PIC) for INT-RUP security and emphasizes that PIC is a sufficient condition for guaranteeing INT-RUP security for "Encryption-Mix-Encryption"-type checksum-based AE schemes. PIC is generated by a polynomial sum with full terms of intermediate internal states, which guarantees no information leakage. Moreover, PIC ensures the same level between the plaintext and the ciphertext, which guarantees that the adversary cannot obtain any useful information from the unverified decryption queries. Again, based on PIC, this paper proposes a modified scheme COPA-PIC to fix the INT-RUP defect of COPA. COPA-PIC is proven to be INT-RUP up to the birthday-bound security if the underlying primitive is secure. Finally, this paper discusses the properties of COPA-PIC and makes a comparison for AE modes with distinct checksum techniques. The proposed work is of good practical significance. In an interactive system where two parties communicate, the receiver can effectively determine whether the information received from the sender is valid or not, and thus perform the subsequent operation more effectively.

mathematics

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Chris J Mitchell

2024-06-17

Abstract:This paper re-examines the security of three related block cipher modes of operation designed to provide authenticated encryption. These modes, known as PES-PCBC, IOBC and EPBC, were all proposed in the mid-1990s. However, analyses of security of the latter two modes were published more recently. In each case one or more papers describing security issues with the schemes were eventually published, although a flaw in one of these analyses (of EPBC) was subsequently discovered - this means that until now EPBC had no known major issues. This paper establishes that, despite this, all three schemes possess defects which should prevent their use - especially as there are a number of efficient alternative schemes possessing proofs of security.

Cryptography and Security

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Zhishuo Zhang,Wen Huang,Lin Yang,Yongjian Liao,Shijie Zhou

DOI: https://doi.org/10.1109/jiot.2023.3268699

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Outsourced Decryption Attribute-based Encryption (OD-ABE) is emerging as a promising cryptographic tool to provide efficient fine-grained access control for data accessing and sharing in cloud-assisted Intelligent Internet of Mobile Things (IIoMT). Decryption verification is an essential property of OD-ABE to enable the mobile user to verify the precision of the decryption data. Unfortunately, the most representative verification (commitment) algorithms have various security flaws. In this paper, we first indicate that the two state-of-art key-based commitment schemes are vulnerable to “Commitment Extract(Decrypt)-then-Reuse Attack” and “Commitment Impersonation Attack” which demolish the unforgeability of the commitment. Then to cover all the existing attacks to commitment algorithms, we re-define a robuster verifiable security model for verifiable OD-ABE. Subsequently, we invent a ciphertext fingerprint (CTfp) based commitment scheme and give rigorous proof to the proposed commitment scheme including binding, hiding, unforgeability, and non-repudiation (traceability) in the random oracle. Next, we apply our CTfp-based commitment to the widely used OD-ABE schemes to provide them robuster verifiability. Finally, the theoretical comparison and simulation experiments are presented to show our new type of commitment algorithm is more secure and practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaoyu Ma,Fan Zhang,Yan Han

DOI: https://doi.org/10.1088/1742-6596/2221/1/012047

2022-01-01

Abstract:Abstract An authenticated encryption chip with novel nonce generation circuit was developed. This circuit associates the nonce generation with the contents and receiving time of plaintext. It will also generate overlapping power compensation for the whole chip. The integrated chip was fabricated under SMIC 180nm technology. Under 1.8V VDD, 100MHz global clock, the power consumption is about 14mW within 50k gates. The test result exhibits more than 10 times the strength in resistance to side-channel attack than the unprotected version without increasing hardware cost.

Yansong Gao,Said F. Al-Sarawi,Derek Abbott,Ahmad-Reza Sadeghi,Damith C. Ranasinghe

DOI: https://doi.org/10.48550/arXiv.1706.06232

2017-06-20

Abstract:Physical unclonable functions (PUFs), as hardware security primitives, exploit manufacturing randomness to extract hardware instance-specific secrets. One of most popular structures is time-delay based Arbiter PUF attributing to large number of challenge response pairs (CRPs) yielded and its compact realization. However, modeling building attacks threaten most variants of APUFs that are usually employed for strong PUF-oriented application---lightweight authentication---without reliance on the securely stored digital secrets based standard cryptographic protocols. In this paper, we investigate a reconfigurable latent obfuscation technique endowed PUF construction, coined as OB-PUF, to maintain the security of elementary PUF CRPs enabled authentication where a CRP is never used more than once. The obfuscation---determined by said random patterns---conceals and distorts the relationship between challenge-response pairs capable of thwarting a model building adversary needing to know the exact relationship between challenges and responses. A bit further, the obfuscation is hidden and reconfigured on demand, in other words, the patterns are not only invisible but also act as one-time pads that are only employed once per authentication around and then discarded. As a consequence, the OB-PUF demonstrates significant resistance to the recent revealed powerful Evaluation Strategy (ES) based modeling attacks where the direct relationship between challenge and response is even not a must. The OB-PUF's uniqueness and reliability metrics are also systematically studied followed by formal authentication capability evaluations.

Cryptography and Security

Abdalla Hadabi,Zheng Qu,Rashad Elhabob,Sachin Kumar,Saru Kumari,Hu Xiong

DOI: https://doi.org/10.1002/ett.4990

IF: 3.6

2024-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Many different sectors are beginning to deploy cyber-physical systems (CPS) and industrial Internet of Things (IIoT) devices, including wearables, sensors, and critical infrastructure. In order to ensure that the device's data remains confidential, it must be encrypted prior to transmission. However, obtaining authenticity and integrity in IIoT data is also crucial, and signcryption has been proposed as a solution to this challenge. An additional obstacle is how to search for signcrypted cloud data using plaintext keywords. In this paper, we suggest a plaintext-checkable identity-based signcryption for CPS towards IIoT (IBSC-PCE), which enables plaintext searching of signcrypted cloud-based data. We provide both confidentiality and integrity and also demonstrate the security of our approach under the q-Diffie-Hellman inversion problem (q-DHIP). This problem has been shown to be secure in the random oracle model (ROM), which further reinforces the robustness of our approach. Compared to current state-of-the-art methods, our proposed approach outperforms them. The IBSC-PCE scheme is founded on an identity-based setup, enabling authorized users to query signcrypted data using plaintext keywords. Security is ensured by achieving EUF-CMA security and Unlinkability, and it is more efficient for CPS deployments within IIoT settings compared to existing literature. image

Masoud Kaveh,Mohammad Reza Mosavi,Diego Martin,Saeed Aghapour

2023-07-24

Abstract:Security has become a main concern for the smart grid to move from research and development to industry. The concept of security has usually referred to resistance to threats by an active or passive attacker. However, since smart meters (SMs) are often placed in unprotected areas, physical security has become one of the important security goals in the smart grid. Physical unclonable functions (PUFs) have been largely utilized for ensuring physical security in recent years, though their reliability has remained a major problem to be practically used in cryptographic applications. Although fuzzy extractors have been considered as a solution to solve the reliability problem of PUFs, they put a considerable computational cost to the resource-constrained SMs. To that end, we first propose an on-chip-error-correcting (OCEC) PUF that efficiently generates stable digits for the authentication process. Afterward, we introduce a lightweight authentication protocol between the SMs and neighborhood gateway (NG) based on the proposed PUF. The provable security analysis shows that not only the proposed protocol can stand secure in the Canetti-Krawczyk (CK) adversary model but also provides additional security features. Also, the performance evaluation demonstrates the significant improvement of the proposed scheme in comparison with the state-of-the-art.

Cryptography and Security

Zahid Mehmood,Gongliang Chen,Jianhua Li,Aiiad Albeshri

DOI: https://doi.org/10.3837/tiis.2017.03.027

2017-01-01

Abstract:Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.' s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.' s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.' s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.' s protocol, the proposed scheme is lightweight with improved security.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Lijun Yan,Huaxiong Wang,Hung-Min Sun

2014-01-01

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure RFID systems with untraceability, which is one of the most critical privacy issues on RFID. In this paper, we demonstrate that their scheme is insecure against two kinds of tracing attacks. We also analyze the success probability of our attacks.

Momeng Liu,Yupu Hu,Qiqi Lai,Shanshan Zhang,Huiwen Jia,Wen Gao,Baocang Wang

DOI: https://doi.org/10.1049/2024/5513292

2024-02-15

IET Information Security

Abstract:Universal composability (UC) is a primary security flavor for designing oblivious transfer (OT) due to its advantage of arbitrary composition. However, the study of UC-secure OT over lattices is still far behind compared with constructions over prequantum assumptions. Relying on the learning with errors (LWE) assumption, Quach proposes a dual-mode encryption scheme (SCN’20) for deriving a two-round OT whose security is provably UC-secure in the common reference string (CRS) model. Due to its use of a randomized rounding function proposed by Benhamouda et al. (PKC’18), this OT can only be limited to transmitting single-bit messages. Therefore, conducting trivial repetitions of Quach’s OT when transmitting multibit strings would be very costly. In this work, we put forward a modified dual-mode encryption cryptosystem under the decisional LWE assumption, from which we can derive a UC-secure string OT with both full-fledged dual-mode security and better efficiency on transmitting strings. The key technique we adopt is a key reconciliation scheme proposed by Jiang et al. (PKC’20), which is utilized to extend the single-bit symmetric encryption key (produced by the aforementioned rounding function) to a multibit case. Through a comprehensive performance analysis, we demonstrate that our proposal can indeed strike a balance between security and efficiency.

computer science, information systems, theory & methods

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Hu Zhenyu,Lin Dongdai,Wu Wenling,Feng Dengguo

IF: 1.019

2007-01-01

Chinese Journal of Electronics

Abstract:A security notion of Message authentication (MAC) named Tag-secrecy was abstracted from the pseudo-randomness of tagging algorithm, to characterize the security that is very different from the unforgeability (which is the traditional security notion of MAC). The Tag-secrecy is weaker than the pseudo-randomness and can be met by widely used authentication schemes. Under the assumption of Tag-secrecy, it is showed that the Encryptand-MAC can preserve Indistinguishability under Chosen-plaintext attacks (IND-CPA) and Integrity of Plaintext (INT-PTXT) in general.A security notion of encryption called Un-trivial forgeability of Ciphertext (UTF-CTXT) was presented to characterize that for any given ciphertext C, the adversary cannot forge a new ciphertext C' to decrypt to the same plaintext as C (named trivial forgery). This UTF-CTXT was to guarantee that any modification about the ciphertext must correspond to some change of the plaintext. It is proved to be much weaker than Integrity of Ciphertext (INT-CTXT) and satisfied by many popular encryption schemes and modes.With a Tag-secrecy MAC and an UTF-CTXT-secure encryption, Encrypt-and-MAC can satisfy the both strongest security requirements-Indistinguishability under Chosen-ciphertext attacks (IND-CCA) and INT-CTXT.

Ee-Chien Chang,Jia Xu

DOI: https://doi.org/10.1007/978-3-540-88313-5_15

2008-01-01

Abstract:We are interested in this problem: a verifier, with a small and reliable storage, wants to periodically check whether a remote server is keeping a large file x. A dishonest server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document}) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC. This scheme can be deployed as a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and it also serves as an example of an effective \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system whose “extraction” is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and seems to be a secure \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}. In-so-far, all schemes that have been proven secure can also be adopted as \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Ping Zhang,Honggang Hu

DOI: https://doi.org/10.1109/DSC.2017.37

2017-01-01

Abstract:This paper focuses on the security of permutation-based tweakable on-line ciphers against related-key attacks. We firstly formalize syntaxes of tweakable on-line ciphers and tweakable on-line authenticated encryption modes, and set up their security models, respectively. Then we propose the first new parallelizable permutation-based tweakable on-line cipher PTOC, which is constructed by a public random permutation and a universal hash function family with a tweak and a key. We prove that PTOC achieves related-key strong tweakable on-line pseudorandom permutation security using H-coefficients technique. Finally, this paper introduces a provably secure permutation-based tweakable on-line authenticated encryption scheme PTOAE, which provides both decryption-misuse resistance and related-key security. Tweakable on-line schemes can be widely applied to the data storage security, database security, cloud security, big data security, and so on.

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yao Wang,Zhengtai Chang

DOI: https://doi.org/10.48550/arXiv.2007.10755

2020-07-21

Cryptography and Security

Abstract:With the expansion of the Internet of Things industry, the information security of Internet of Things devices attracts much attention. Traditional encryption algorithms require sensitive information such as keys to be stored in memory, and also need the support of operating system, which is obviously unacceptable for resource-constrained Internet of Things terminals. Physical not cloning function by extracting the chip is inevitable in the process of manufacturing process deviation, the introduction of the corresponding function relationship between incentive and response, not to need the storage user sensitive information, and only when electricity will respond, in power response immediately disappear, this can save a lot of resources of equipment and the power consumption. However, PUF is vulnerable to modeling attacks, and the traditional methods such as the challenge obfuscation method are time-invariant, which is equivalent to adding a fixed function to the front stage of a traditional APUF circuit. Therefore, it can be potentially modelling attacked with sufficient CRPs. In order to further enhance APUF circuit resistance to modelling attack, this paper proposes a dual-LFSR-based APUF circuit with time-variant challenge obfuscation. Besides, traditional authentication scheme generally adopts the one-time key scheme to enhance resistance to man-in-the-middle attack. The two-time authentication scheme proposed in this paper can improve the ability of RFID system to resist man-in-the-middle attack without sacrificing CRPs.