检索结果-内蒙古大学图书馆

22nd International Conference on Applied Cryptography and Network Security (ACNS)

作者： Wagner, Eric Serror, Martin Wehrle, Klaus Henze, Martin Fraunhofer FKIE Cyber Anal & Def Wachtberg Germany Rhein Westfal TH Aachen Commun & Distributed Syst Aachen Germany Rhein Westfal TH Aachen Secur & Privacy Ind Cooperat Aachen Germany

ISBN: (纸本)9783031547720;9783031547737

Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves band-width, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing over-head, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings.

关键词： message authentication code MAC Aggregation IoT

来源：评论

学校读者我要写书评

暂无评论

Efficient message authentication codes with Combinatorial Group Testing 20th

Efficient Message Authentication Codes with Combinatorial Gr...

引用

20th European Symposium on Research in Computer Security (ESORICS)

作者： Minematsu, Kazuhiko NEC Corp Ltd Kawasaki Kanagawa 213 Japan

ISBN: (纸本)9783319241746;9783319241739

message authentication code, MAC for short, is a symmetric-key cryptographic function for authenticity. A standard MAC verification only tells whether the message is valid or invalid, and thus we can not identify which part is corrupted in case of invalid message. In this paper we study a class of MAC functions that enables to identify the part of corruption, which we call group testing MAC (GTM). This can be seen as an application of a classical (non-adaptive) combinatorial group testing to MAC. Although the basic concept of GTM (or its keyless variant) has been proposed in various application areas, such as data forensics and computer virus testing, they rather treat the underlying MAC function as a black box, and exact computation cost for GTM seems to be overlooked. In this paper, we study the computational aspect of GTM, and show that a simple yet non-trivial extension of parallelizable MAC (PMAC) enables O(m + t) computation for m data items and t tests, irrespective of the underlying test matrix we use, under a natural security model. This greatly improves efficiency from naively applying a black-box MAC for each test, which requires O(mt) time. Based on existing group testing methods, we also present experimental results of our proposal and observe that ours runs as fast as taking single MAC tag, with speed-up from the conventional method by factor around 8 to 15 for m = 10(4) to 10(5) items.

关键词： message authentication code Combinatorial group testing Data corruption Provable security

来源：评论

学校读者我要写书评

暂无评论

Efficient In-Vehicle Delayed Data authentication Based on Compound message authentication codes

Efficient In-Vehicle Delayed Data Authentication Based on Co...

引用

68th IEEE Vehicular Technology Conference

作者： Nilsson, Dennis K. Larson, Ulf E. Jonsson, Erland Chalmers Univ Technol Dept Comp Sci & Engn SE-41296 Gothenburg Sweden

ISBN: (纸本)9781424417223;9781424417216

Modern vehicles contain an in-vehicle network consisting of a number of electronic control units (ECUs). These ECUs are responsible for most of the functionality in the vehicle, including vehicle control and maneuverability. To date, no security features exist in this network since it has been isolated. However, an upcoming trend among automobile manufacturers is to establish a wireless connection to the vehicle to provide remote diagnostics and software updates. As a consequence, the in-vehicle network is exposed to external communication, and a potential entry point for attackers is introduced. messages sent on the in-vehicle network lack integrity protection and data authentication;thus, the network is vulnerable to injection and modification attacks. Due to the real-time constraints and the limited resources in the ECUs, achieving data authentication is a challenge. In this paper, we propose an efficient delayed data authentication using compound message authentication codes. A message authentication code is calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication. This data authentication could be used to detect and possibly recover from injection and modification attacks in the in-vehicle network.

关键词： In-vehicle network data authentication message authentication code detect recover attacks

来源：评论

学校读者我要写书评

暂无评论

Integrity coded databases- protecting data integrity for outsourced databases

引用

COMPUTERS & SECURITY 2024年 136卷

作者： Yeh, Jyh-haw Arifin, Md Mashrur Shen, Ning Karki, Ujwal Xie, Yi Nanjundarao, Archana Boise State Univ Dept Comp Sci Boise ID 83725 USA Boise State Univ Comp Sci Boise ID USA Kathmandu Univ Comp Sci & Engn Dhulikhel Nepal

In recent years, cloud storage has become a viable option for businesses to store and retrieve information. This storage service allows its clients releasing from financial burden of hiring professionals to maintain local databases. However, it comes at a cost of requiring the clients to relinquish control of their data to cloud service providers. There remains the possibility of malicious attacks to make the data no longer correct, fresh nor complete. This paper presents a novel database model called the Integrity coded Database (ICDB), where the model allows the client to insert Integrity codes (ICs), as well as fake tuples, to an outsourced database, run queries against the server, and verify that the queried data from the cloud is both correct, fresh and complete. We have benchmarked and evaluated six ICDB schemes with different combinations of three IC generation algorithms and two integrity verification modes.

关键词： Database integrity Database outsourcing Integrity code message authentication code Aggregate verification

来源：评论

学校读者我要写书评

暂无评论

A new design of the hash functions with all-or-nothing property

引用

JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 2001年第6期17卷 945-957页

作者： Shin, SU Rhee, KH Elect & Telecommun Res Inst Yusong Gu Taejon 305350 South Korea PuKyong Natl Univ Div Elect Comp & Telecommun Engn Nam Gu Pusan 608737 South Korea

All-or-nothing property is a new encryption mode proposed by Rivest and has the property that one must decrypt the entire ciphertext to determine any plaintext block. In this paper, we propose hash functions with all-or-nothing property. The proposed schemes use the existing hash functions without changing their structures, and they are secure against known attacks. Moreover, the proposed methods can be easily extended to the MAC (message authentication code) for providing message confidentiality as well as authentication.

关键词： cryptography hash function message authentication code all-or-nothing transform authentication

来源：评论

学校读者我要写书评

暂无评论

RAGuard: An Efficient and User-Transparent Hardware Mechanism against ROP Attacks

引用

ACM TRANSACTIONS ON ARCHITECTURE AND code OPTIMIZATION 2019年第4期15卷 1-21页

作者： Zhang, Jun Hou, Rui Song, Wei Mckee, Sally A. Jia, Zhen Zheng, Chen Chen, Mingyu Zhang, Lixin Meng, Dan Chinese Acad Sci ICT State Key Lab Comp Architecture Beijing Peoples R China Hubei Univ Arts & Sci Xiangyang 441053 Peoples R China Chinese Acad Sci Inst Informat Engn State Key Lab Informat Secur Beijing Peoples R China Clemson Univ Elect & Comp Engn Clemson SC 29630 USA Chinese Acad Sci Inst Comp Technol Beijing 100190 Peoples R China Chinese Acad Sci Inst Informat Engn Beijing 100190 Peoples R China

Control-flow integrity (CFI) is a general method for preventing code-reuse attacks, which utilize benign code sequences to achieve arbitrary code execution. CFI ensures that the execution of a program follows the edges of its predefined static Control-Flow Graph: any deviation that constitutes a CFI violation terminates the application. Despite decades of research effort, there are still several implementation challenges in efficiently protecting the control flow of function returns (Return-Oriented Programming attacks). The set of valid return addresses of frequently called functions can be large and thus an attacker could bend the backward-edge CFI by modifying an indirect branch target to another within the valid return set. This article proposes RAGuard, an efficient and user-transparent hardware-based approach to prevent Return-Oreiented Programming attacks. RAGuard binds a message authentication code (MAC) to each return address to protect its integrity. To guarantee the security of the MAC and reduce runtime overhead: RAGuard (1) computes the MAC by encrypting the signature of a return address with AES-128, (2) develops a key management module based on a Physical Unclonable Function (PUF) and a True Random Number Generator (TRNG), and (3) uses a dedicated register to reduce MACs' load and store operations of leaf functions. We have evaluated our mechanism based on the open-source LEON3 processor and the results show that RAGuard incurs acceptable performance overhead and occupies reasonable area.

关键词： code-reuse attacks return-oriented programming attacks message authentication code AES-128 key management PUF

来源：评论

学校读者我要写书评

暂无评论

Dropping False Packet to Increase the Network Lifetime of Wireless Sensor Network using EFDD Protocol

引用

WIRELESS PERSONAL COMMUNICATIONS 2013年第4期70卷 1697-1709页

作者： Kumar, S. Manoj Rajkumar, N. Mary, W. Catherine Christinal Karunya Univ Dept Informat Technol Coimbatore Tamil Nadu India Sri Ramakrishna Engn Coll Dept Comp Sci & Engn Coimbatore Tamil Nadu India WIPRO Technol Madras Tamil Nadu India

In Wireless Sensor Network (WSN) sensors are densely deployed where the intruders can compromise some sensor nodes and inject false data in order to raise false alarms, reduce network lifetime, utilize bandwidth resources and so on. False Data Injection can possibly occur in Data Aggregation (DA) and Data Forwarding (DF). This paper analyses EFDD Protocol- Early False Data Detection Protocol which addresses the two possibilities in a simple and secure way considering the constraints of sensor nodes. The main idea is the selection of the network structure;this protocol will work effectively in Spatial/Semantic Correlation Tree Structure (SCT). False Data Detection in DA is done using some monitoring nodes which will monitor the Data Aggregator. EFDD in SCT structure reduce the counterfeit data transmission when compared to other structure in a better way. The result shows that EFDD reduce data transmission by dropping false data earlier and it also reduces computation when compared to the existing schemes.

关键词： Wireless sensor networks Data aggregation SCT Load balancing Data integrity message authentication code

来源：评论

学校读者我要写书评

暂无评论

A secure image sharing scheme with high quality stego-images based on steganography

引用

MULTIMEDIA TOOLS AND APPLICATIONS 2017年第6期76卷 7677-7698页

作者： He, Junhui Lan, Weiqiang Tang, Shaohua South China Univ Technol Sch Comp Sci & Engn Guangzhou Higher Educ Mega Ctr Guangzhou 510006 Guangdong Peoples R China

Image sharing can be utilized to protect important commercial, military or private images against a single point of failure. Many existing image sharing schemes may have one or more of the security weaknesses as follows: First, noise-like image shares may easily arouse the attackers' attention;Second, cheating in the recovery of the secret image cannot be prevented effectively;Third, the requisite size of cover images may be very large;Finally, poor quality of the stego-images may lessen camouflage effects. In this paper, a novel secure image sharing scheme with high quality stego-images is proposed. With the use of LOCO-I compression as a preprocessing approach, the statistical correlations between neighboring pixels of a secret image drop significantly, which may greatly enhance the visual security of the proposed scheme. And the necessary size of cover images is reduced. Moreover, the PSNR values of stego-images are much higher than the related works. In order to detect three kinds of deception during secret image reconstruction, the hash-based message authentication codes of an image share, the value of argument x and the identity ID of a participant are embedded into a cover image together with the image share. In addition, the application of dynamic embedding with a random strategy further enhance the security of our scheme.

关键词： Image sharing Steganography LOCO-I compression message authentication code Dynamic embedding

来源：评论

学校读者我要写书评

暂无评论

Investigating the Avalanche Effect of Various Cryptographically Secure Hash Functions and Hash-Based Applications

引用

IEEE ACCESS 2022年 10卷 112472-112486页

作者： Upadhyay, Darshana Gaikwad, Nupur Zaman, Marzia Sampalli, Srinivas Dalhousie Univ Fac Comp Sci Halifax NS B3H 1W5 Canada Cistel Technol Inc Res & Dev Dept Ottawa ON K2E 7V7 Canada

In modern cryptography, hash functions are considered as one of the key components for secure communication. They play a vital role in a wide range of applications such as ensuring the authentication and integrity of the data, in forensic investigation, password storage, random number generations for unique session keys, and for creating a unified view in blockchain. The Avalanche effect (also known as diffusion) is an important characteristic of a hash function where a minor change in the hash function's input will result in a significantly different output. The absence of this property implies that the hash function is vulnerable to various attacks such as collision attack, length extension attack, and preimage attack. Through this research, we have investigated the Avalanche effect of sixteen hash functions and two hash-based applications, namely Hash-based message authentication code (HMAC) and Public Key Cryptography Standards (PKCS). To measure the performance of these hash functions and hash-based applications, we have implemented a generic circuit using CrypTool for automating the simulation process for multiple trials. Simulation results indicate that around half of the inputs of each hash function failed to exhibit the Strict Avalanche Criterion (SAC) and, Bit Independence Criterion (BIC). Moreover, we ranked the hash functions based on Multi Criteria Decision Metrics (MCDM) using intermediate states of simulation results. Furthermore, a total of fifteen statistical tests were carried out to evaluate the randomization property of the hash functions using NIST (National Institute of Standards and Technology) toolkit. This study is aimed to open up a future scope of research to the need for improvement of various hash functions by analyzing the randomization and non-correlation properties of existing functions in terms of the Avalanche effect.

关键词： Cryptography Encryption Resistance Cryptographic hash function Passwords codes Public key cryptography authentication Avalanche effect cryptographically secure hash functions SAC (Strict Avalanche Criterion) BIC (Bit Independence Criterion) message authentication code collision attack preimage resistance attack hash-based message authentication code public key cryptography standards

来源：评论

学校读者我要写书评

暂无评论

A combined approach to ensure data security in cloud computing

引用

JOURNAL OF NETWORK AND COMPUTER APPLICATIONS 2012年第6期35卷 1831-1838页

作者： Sood, Sandeep K. GNDU Dept Comp Sci & Engn Gurdaspur 143521 Punjab India

Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e.. Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (message authentication code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3. (c) 2012 Elsevier Ltd. All rights reserved.

关键词： Cloud security Encryption message authentication code Virtualization Secured socket layer

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：