检索结果-内蒙古大学图书馆

Sponge-Based Parallel Authenticated Encryption With Variable Tag Length and Side-Channel Protection

IEEE ACCESS 2023年 11卷 59661-59674页

作者： Jimale, Mohamud Ahmed Abdullah, Nor Aniza Kiah, Miss Laiha Binti Mat Idris, Mohd Yamani Idna Z'Aba, Muhammad Reza Jamil, Norziana Rohmad, Mohd Saufy Univ Malaya Fac Comp Sci & Informat Technol Dept Comp Syst & Technol Kuala Lumpur 50603 Malaysia MIMOS Berhad Informat Secur Lab Kuala Lumpur 57000 Malaysia Univ Tenaga Nas Coll Comp & Informat Kajang 430000 Selangor Malaysia Univ Teknol MARA Fac Elect Engn Shah Alam 40450 Selangor Malaysia

Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge construction is based on an iterated permutation or transformation that can be used to implement hashing, and AE schemes, among others. Sponge-based AE schemes offer desirable characteristics like parallelizability and incrementality. In addition, they provide security features such as protection against Chosen Plaintext Attacks, Chosen-Ciphertext Attacks, and Side-Channel Attacks (SCAs). Traditionally AE schemes assume the tag length, also called the stretch, as a fixed parameter per key, and the security is proved according to that assumption. However, the variable tag length per key could happen due to misconfiguration or misuse. In that case, the security would be violated, so it is vital to accommodate variable tag length without sacrificing other desirable features. Reyhanitabar et al. proposed Key Equivalent Separation by Stretch feature and concretized it for protection against tag length misuse attacks in block cipher-based AE schemes. However, the problem remains unresolved for sponge-based constructions, where current sponge-based schemes are vulnerable to tag length variation under the same key attacks. This work aims to bridge this gap by proposing a parallel, sponge-based AE scheme with a variable tag length per key that protects against SCAs and suggesting a lower bound for the recommended tag length. Finally, the security of the proposed scheme is discussed, and its performance is analyzed after implementing the proposed AE scheme in the C programming language.

关键词： Authenticated encryption integrity message authentication code nonce-based AE parallel AE privacy side-channel attacks sponge-based AE tag length variable stretch

来源：评论

学校读者我要写书评

暂无评论

P4Chaskey: An Efficient MAC Algorithm for PISA Switches 32

P4Chaskey: An Efficient MAC Algorithm for PISA Switches

引用

32nd International Conference on Network Protocols

作者： Francisco, Martim Ferreira, Bernardo Ramos, Fernando M., V Marin, Eduard Signorello, Salvatore Univ Lisbon Fac Ciencias LASIGE Lisbon Portugal Univ Lisbon Inst Super Tecn INESC ID Lisbon Portugal Telefonica Res Barcelona Spain

ISBN: (纸本)9798350351712;9798350351729

Cryptographic primitives are of paramount importance to guarantee security properties in communication networks. The associated computational complexity of cryptography standards makes it prohibitive to execute these primitives at line rate in the network core. Existing implementations of cryptographic MAC algorithms in P4 for programmable switches impose a severe performance penalty due to packet recirculation, which may not be tolerable at those network speeds. In this paper, we propose the first data plane design in P4 of the Chaskey algorithm, a widely used secure and lightweight cryptographic MAC algorithm, tailored for the PISA switch architecture. Our P4CHASKEY is the first solution to compute MACs using 128-bit keys without packet recirculation, guaranteeing line rate Terabit speeds. As state-of-the-art solutions require recirculations for the same key size (reducing throughput performance) or offer weaker security (smaller keys), P4CHASKEY is now, to our knowledge, the most efficient MAC design for the target switch architecture.

关键词： P4 Chaskey PISA cryptography message authentication code

来源：评论

学校读者我要写书评

暂无评论

Investigating the Avalanche Effect of Various Cryptographically Secure Hash Functions and Hash-Based Applications

引用

IEEE ACCESS 2022年 10卷 112472-112486页

作者： Upadhyay, Darshana Gaikwad, Nupur Zaman, Marzia Sampalli, Srinivas Dalhousie Univ Fac Comp Sci Halifax NS B3H 1W5 Canada Cistel Technol Inc Res & Dev Dept Ottawa ON K2E 7V7 Canada

In modern cryptography, hash functions are considered as one of the key components for secure communication. They play a vital role in a wide range of applications such as ensuring the authentication and integrity of the data, in forensic investigation, password storage, random number generations for unique session keys, and for creating a unified view in blockchain. The Avalanche effect (also known as diffusion) is an important characteristic of a hash function where a minor change in the hash function's input will result in a significantly different output. The absence of this property implies that the hash function is vulnerable to various attacks such as collision attack, length extension attack, and preimage attack. Through this research, we have investigated the Avalanche effect of sixteen hash functions and two hash-based applications, namely Hash-based message authentication code (HMAC) and Public Key Cryptography Standards (PKCS). To measure the performance of these hash functions and hash-based applications, we have implemented a generic circuit using CrypTool for automating the simulation process for multiple trials. Simulation results indicate that around half of the inputs of each hash function failed to exhibit the Strict Avalanche Criterion (SAC) and, Bit Independence Criterion (BIC). Moreover, we ranked the hash functions based on Multi Criteria Decision Metrics (MCDM) using intermediate states of simulation results. Furthermore, a total of fifteen statistical tests were carried out to evaluate the randomization property of the hash functions using NIST (National Institute of Standards and Technology) toolkit. This study is aimed to open up a future scope of research to the need for improvement of various hash functions by analyzing the randomization and non-correlation properties of existing functions in terms of the Avalanche effect.

关键词： Cryptography Encryption Resistance Cryptographic hash function Passwords codes Public key cryptography authentication Avalanche effect cryptographically secure hash functions SAC (Strict Avalanche Criterion) BIC (Bit Independence Criterion) message authentication code collision attack preimage resistance attack hash-based message authentication code public key cryptography standards

来源：评论

学校读者我要写书评

暂无评论

Implementation of Secure Sampled Value (SeSV) messages in Substation Automation System

引用

IEEE TRANSACTIONS ON POWER DELIVERY 2022年第1期37卷 405-414页

作者： Hong, Junho Karnati, Ramya Ten, Chee-Wooi Lee, Soonwoo Choi, Sungsoo Univ Michigan Dept Elect & Comp Engn Dearborn MI 48128 USA Michigan Technol Univ Dept Elect & Comp Engn Houghton MI 49931 USA Korea Electrotechnol Res Inst KERI Ansan 426170 South Korea

IEC61850 is the mainstream of the development for substation automation. This paper presents a practical consideration and analysis for implementing a secure sampled measured value (SeSV) message in substation automation system. Due to the lack of security features in the standard, IEC Working Group 15 of Technical Committee 57 published IEC62351 on security for IEC61850 profiles. However, the use of authentication methods for SV based on IEC62351 standards are still not integrated, and computational capabilities and performance are not validated and tested with commercial grade equipment. Hence, this paper shows the performance of security feature enabled SeSV packets transmitted between protection and control devices by appending a message authentication code (MAC) to the extended IEC61850 packets. A prototype implementation on a low cost commodity embedded system has proved that the MAC-enabled SV message can fully secure the process bus communication in the digital substation with negligible time delay.

关键词： Security Standards Monitoring Protocols Substation automation message authentication Hardware Digital relays ethical hacking IEC61850 IEC62351 message authentication code substation security

来源：评论

学校读者我要写书评

暂无评论

Authenticated Encryption Schemes: A Systematic Review

引用

IEEE ACCESS 2022年 10卷 14739-14766页

作者： Jimale, Mohamud Ahmed Z'aba, Muhammad Reza Kiah, Miss Laiha Binti Mat Idris, Mohd Yamani Idna Jamil, Norziana Mohamad, Moesfa Soeheila Rohmad, Mohd Saufy Univ Malaya Fac Comp Sci & Informat Technol Dept Comp Syst & Technol Kuala Lumpur 50603 Malaysia Univ Tenaga Nas Coll Comp & Informat Kajang 43000 Selangor Malaysia MIMOS Berhad Informat Secur Lab Kuala Lumpur 57000 Malaysia Univ Teknol MARA Fac Elect Engn Shah Alam 40450 Selangor Malaysia

Authenticated encryption (AE) is a cryptographic construction that simultaneously protects confidentiality and integrity. A considerable amount of research has been devoted to the area since its formal inception in 2000. Different lines of research have been proposed to enhance the available schemes in terms of security, efficiency, and design and to implement new ideas. However, a comprehensive systematic literature review (SLR) of the topic has not been provided to the best of the authors' knowledge. This study fills this gap in the literature by proposing a framework for classifying AE schemes and highlighting past contributions to help researchers familiarize themselves with the current state and directions for future research in the area. This SLR covered AE schemes proposed from 2000 to 2020. A total of 217 articles, selected from eight sources, were categorized into independent schemes, CAESAR competition schemes, and NIST lightweight competition schemes. These schemes were then classified according to their design approaches, security-related properties, and functional features. Our analysis reveals that a significant outstanding challenge in AE is to balance security, efficiency, and the provision of desirable features.

关键词： Encryption Cryptography Security NIST authentication Systematics Classification algorithms Authenticated encryption CAESAR competition confidentiality integrity message authentication code NIST-LW competition

来源：评论

学校读者我要写书评

暂无评论

Forgery Attacks on Several Beyond-Birthday-Bound Secure MACs 29th

Forgery Attacks on Several Beyond-Birthday-Bound Secure MACs

引用

29th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT)

作者： Shen, Yaobin Standaert, Francois-Xavier Wang, Lei UCLouvain ICTEAM Crypto Grp Louvain La Neuve Belgium Shanghai Jiao Tong Univ Shanghai Peoples R China

ISBN: (纸本)9789819987269;9789819987276

At CRYPTO'18, Datta et al. proposed nPolyMAC and proved the security up to 2(2n/3) authentication queries and 2(n) verification queries. At EUROCRYPT'19, Dutta et al. proposed CWC+ and showed the security up to 2(2n/3) queries. At FSE'19, Datta et al. proposed PolyMAC and its key-reduced variant 2k-PolyMAC, and showed the security up to 2(2n/3) queries. This security bound was then improved by Kim et al. (EUROCRYPT'20) and Datta et al. (FSE'23) respectively to 2(3n/4) and in the multi-user setting. At FSE'20, Chakraborti et al. proposed PDM*MAC and 1k-PDM*MAC, and showed the security up to 2(2n/3) queries. Recently, Chen et al. proposed nEHtM(p)(+) and showed the security up to 2(2n/3) queries. In this paper, we show forgery attacks on nPolyMAC, CWC+, PolyMAC, 2k-PolyMAC, PDM* MAC, 1k-PDM*MAC and nEHtM(p)(+). Our attacks exploit some vulnerability in the underlying polynomial hash function Poly, and (i) require only one authentication query and one verification query;(ii) are nonce-respecting;(iii) succeed with probability 1. Thus, our attacks disprove the provable high security claims of these schemes. We then revisit their security analyses and identify what went wrong. Finally, we propose two solutions that can restore the beyond-birthday-bound security.

关键词： message authentication code Beyond-birthday-bound security Polynomial hash function Forgery attack

来源：评论

学校读者我要写书评

暂无评论

Parallel Sponge-Based Authenticated Encryption With Side-Channel Protection and Adversary-Invisible Nonces

引用

IEEE ACCESS 2022年 10卷 50819-50838页

Since its birth in 2000, authenticated encryption (AE) has been a hot research topic, and many new features have been proposed to boost its security or performance. The Block cipher was the dominant primitive in constructing AE schemes, followed by stream ciphers and compression functions until the sponge construction emerged in 2011. Sponge-based AE schemes provide functional characteristics such as parallelizability, incrementality, and being online. They also offer security features for protection against active or passive adversaries. Currently, there exist parallel sponge-based AE schemes, but they are not protected against simple power analysis (SPA) and differential power analysis (DPA). On the other hand, sponge-based AE schemes that protect against such attacks are serial and cannot be parallelized. Furthermore, sponge-based AE schemes handle the nonces in a way that could allow misuse. So, sponge-based AE schemes that hide the nonce from adversaries are also an open problem. This work aims to bridge these gaps by proposing a parallel sponge-based AE with side-channel protection and adversary-invisible nonces (PSASPIN), using parallel fresh rekeying and the duplex mode of the sponge construction. A leveled implementation is used to implement the key generation part using a pseudorandom function (PRF) based on the Galois field multiplication. The data processing (the rekeyed) part is implemented using the sponge-based duplex mode. Finally, the security proof of the proposed scheme is provided using game-based theory according to the PRP/PRF switching lemma, and its performance is analyzed.

关键词： Cryptography Security Encryption Ciphers NIST codes authentication Integrity authenticated encryption authentication confidentiality CAESAR competition message authentication code NIST-LW competition cryptographic sponge function

来源：评论

学校读者我要写书评

暂无评论

Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols 48

Retrofitting Integrity Protection into Unused Header Fields ...

引用

48th Conference on Local Computer Networks

作者： Wagner, Eric Rothaug, Nils Wolsing, Konrad Bader, Lennart Wehrlet, Klaus Henze, Martin Fraunhofer FKIE Cyber Anal & Def Bonn Germany Rhein Westfal TH Aachen Commun & Distributed Syst Aachen Germany Rhein Westfal TH Aachen Secur & Privacy Ind Cooperat Aachen Germany

ISBN: (纸本)9798350300741;9798350300734

Industrial networks become increasingly interconnected, which opens the floodgates for cyberattacks on legacy networks designed without security in mind. Consequently, the vast landscape of legacy industrial communication protocols urgently demands a universal solution to integrate security features retroactively. However, current proposals are hardly adaptable to new scenarios and protocols, even though most industrial protocols share a common theme: Due to their progressive development, previously important legacy features became irrelevant and resulting unused protocol fields now offer a unique opportunity for retrofitting security. Our analysis of three prominent protocols shows that headers offer between 36 and 63 bits of unused space. To take advantage of this space, we designed the REtrofittable ProtEction Library (RePeL), which supports embedding authentication tags into arbitrary combinations of unused header fields. We show that RePeL incurs negligible overhead beyond the cryptographic processing, which can be adapted to hit performance targets or fulfill legal requirements.

关键词： industrial control systems retrofitting integrity protection message authentication code

来源：评论

学校读者我要写书评

暂无评论

Key-Reduced Variants of 3kf9 with Beyond-Birthday-Bound Security 28th

Key-Reduced Variants of 3kf9 with Beyond-Birthday-Bound Secu...

引用

28th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT)

作者： Shen, Yaobin Sibleyras, Ferdinand Shanghai Jiao Tong Univ Shanghai Peoples R China UCLouvain Crypto Grp ICTEAM Louvain La Neuve Belgium NTT Social Informat Labs Tokyo Japan

ISBN: (纸本)9783031229657;9783031229664

3kf9 is a three-key CBC-type MAC that enhances the standardized integrity algorithm f9 (3GPP-MAC). It has beyond-birthdaybound security and is expected to be a possible candidate in constrained environments when instantiated with lightweight blockciphers. Two variants 2kf9 and 1kf9 were proposed to reduce key size for efficiency, but recently, Leurent et al. (CRYPTO'18) and Shen et al. (CRYPTO'21) pointed out critical flaws on these two variants and invalidated their security proofs with birthday-bound attacks. In this work, we revisit previous constructions of key-reduced variants of 3kf9 and analyze what went wrong in security analyses. Interestingly, we find that a single doubling near the end restores the intended beyondbirthday-bound security of both 2kf9 and 1kf9. We then propose two new key-reduced variants of 3kf9, called n2kf9 and n1kf9. By leveraging previous attempts, we prove that n2kf9 is secure up to 2(2n/3) queries, and prove that n1kf9 is secure up to 22n/3 queries when the message space is prefix-free. We also provide beyond-birthday analysis of n2kf9 in the multi-user setting. Note that compared to EMAC and CBC-MAC, the additional cost to provide a higher security guarantee is expected to be minimal for n2kf9 and n1kf9. It only requires one additional blockcipher call and one doubling.

关键词： message authentication code CBC-MAC 3kf9 Beyond-birthday-bound security

来源：评论

学校读者我要写书评

暂无评论

BEC Defender: QR code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

引用

SENSORS 2024年第5期24卷 1676页

作者： Papathanasiou, Anastasios Liontos, George Paparis, Georgios Liagkou, Vasiliki Glavas, Euripides Hellen Police Cyber Crime Div 173 Alexandras Ave Athens 11522 Greece Univ Ioannina Dept Informat & Telecommun Arta 47150 Greece Univ Ioannina Dept Mat Sci & Engn Ioannina 45110 Greece

In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.

关键词： business email compromise (BEC) email security QR code encryption cryptography digital communication security message authentication code cybersecurity MAC address physical properties authentication

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：