Wyniki wyszukiwania - BazTech

1

CTRL-PACE : Controlled Randomness for e-Passport Password Authentication

Hanzlik Lucjan, Kluczniak Kamil, Kutyłowski Mirosław

Fundamenta Informaticae

|

2019

|

Vol. 169, nr 4

295--330

EN

Security of many cryptographic protocols is conditioned by the quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in a black box solution. Unfortunately, black box random number generators may enable creating backdoors for stealing signing keys, breaking authentication protocols and encrypted communication. In this paper we deal with this problem and extend our approach proposed during MYCRYPT’2016. The solution discussed is generating random parameters so that: (a) the protocols are backwards compatible (a user gets additional data that can be simply ignored), (b) verification of randomness might be executed any time without notice, so a device is forced to behave honestly, (c) the solution makes almost no intrusion in the existing protocols and is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that may even predict the output of the generator. In this paper we focus on a case when Diffie-Hellman protocol is executed for a generator that itself is a secret – this case has not been solved in our paper from MYCRYPT’2016. On the other hand, exactly this case occurs for the PACE protocol from the ICAO standard specifying electronic travel documents. For the sake of the proof we develop a framework of nested security games that aims to enable security proofs of modified protocols without redoing the proofs designed for their original versions.

2

A Provably Secure Anonymous Two-Factor Authenticated Key Exchange Protocol for Cloud Computing

Wei F., Zhang R., Ma C

Fundamenta Informaticae

|

2018

|

Vol. 157, nr 1/2

201--220

EN

Two-factor authenticated key exchange (TFAKE) protocols are critical tools for ensuring identity authentication and secure data transmission for cloud computing. Until now, numerous TFAKE protocols based on smart cards and passwords are proposed under this circumstance. Unfortunately, most of them are found insecure against various attacks. Researchers focus on cryptanalysis of these protocols and then fixing the loopholes. Little attention has been paid to design rationales and formal security models of these protocols. In this paper, we summarize the security requirements and put forward a formal security model for TFAKE protocols for cloud computing. We then present an efficient TFAKE protocol without using expensive asymmetric cryptology mechanisms to achieve high efficiency. Our protocol can be proven secure in the random oracle model and achieves user anonymity. Compared with other TFAKE protocols, our protocol is more efficient and enjoys provable security.

3

Efficient Dynamic Data Encryption Algorithm for Mobile Ad Hoc Network

Zhang L., Wu Q., Hu Y.

Przegląd Elektrotechniczny

|

2012

|

R. 88, nr 9b

42-46

EN

Two proper threshold broadcast encryption schemes are proposed for the mobile ad hoc network. The initial scheme achieves constant size private keys and O(n-t)-size ciphertexts. Under n+1-Decision Bilinear Diffie-Hellman Exponent (n+1-BDHE) assumption, it is provable security in the selective-identity model. Based on the dual system encryption, we propose our main construction. It also has constant size private keys and O(nt)- size ciphertexts. But it achieves full security under the static assumptions which are more natural than them in the existing schemes.

PL

W artykule zaprezentowano dwie metody szyfrowania danych w mobilnych sieciach Ad Hoc.

4

Asymmetric cryptography and practical security

Pointcheval D.

Journal of Telecommunications and Information Technology

|

2002

|

nr 4

41-56

EN

Since the appearance of public-key cryptography in Diffie-Hellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for many people, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken. A much more convincing line of research has tried to provide "provable" security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, very few practical schemes can be proven in this so-called "standard model" because such a security level rarely meets with efficiency. A convenient but recent way to achieve some kind of validation of efficient schemes has been to identify some concrete cryptographic objects with ideal random ones: hash functions are considered as behaving like random functions, in the so-called "random oracle model", block ciphers are assumed to provide perfectly independent and random permutations for each key in the "ideal cipher model", and groups are used as black-box groups in the "generic model". In this paper, we focus on practical asymmetric protocols together with their "reductionist" security proofs. We cover the two main goals that public-key cryptography is devoted to solve: authentication with digital signatures, and confidentiality with public-key encryption schemes.