To see the other types of publications on this topic, follow the link: Message adversary.
Journal articles on the topic 'Message adversary'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Message adversary.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
TONIEN, DONGVU, REIHANEH SAFAVI-NAINI, and PETER WILD. "ON "THE POWER OF VERIFICATION QUERIES" IN UNCONDITIONALLY SECURE MESSAGE AUTHENTICATION." Discrete Mathematics, Algorithms and Applications 03, no. 03 (September 2011): 287–303. http://dx.doi.org/10.1142/s1793830911001218.
Full textAbstract:
In this paper, we consider authentication codes where the adversary has access to a verification oracle. We formally study two attack games: offline attack and online attack. In an offline impersonation attack with verification query of order i, the adversary launches its attack through two stages. In the first stage — the query stage — the adversary can adaptively choose i distinct messages to query the verification oracle. The verification oracle will answer whether these queried messages are valid or invalid under the secret encoding rule agreed by the transmitter and the receiver. In the later stage — the spoofing stage — the adversary creates a fraudulent message which is different from all its queried messages and sends this message to the receiver. The adversary wins if the receiver accepts the fraudulent message as a valid message. In an online impersonation attack with verification query of order i, the adversary has i + 1 chances to query the verification oracle and wins as soon as one of the queries is a valid message. We make use of strategy trees, which allow optimal strategies in both attack games to be identified, to establish a number of relationships between the value of the two games. This allows us to formally prove a relationship between the value of the game when the adversary has i queries, and the one in which he does not have any. The relationship, though widely believed to be true, was only recently proved for computationally secure systems. Our result complements this latter work for the information theoretic setting.
2
Haroutunian, Mariam, Parandzem Hakobyan, and Arman Avetisyan. "Two-Stage Optimal Hypotheses Testing for a Model of Stegosystem with an Active Adversary." JUCS - Journal of Universal Computer Science 29, no. 11 (November 28, 2023): 1254–73. http://dx.doi.org/10.3897/jucs.112913.
Full textAbstract:
We study the information-theoretic model of stegosystem with an active adversary, where unlike a passive adversary he can not only read but also write. The legitimate sender as well as the adversary can embed or not a message in the sending data. The receiver’s first task is to decide whether the communication is a covertext, data with no hidden message, or a stegotext, modified data with a hidden secret message. In case of stegotext, the receiver’s second task is to decide whether the message was sent by a legitimate sender or from an adversary. For this purpose an authenticated encryption from the legitimate sender is considered. In this paper we suggest two-stage statistical hypothesis testing approach from the receivers point of view. We propose the logarithmically asymptotically optimal testing for this model. As a result the functional dependence of reliabilities of the first and second kind of errors in both stages is constructed. A comparison of overall error probabilities with the situation of one stage hypotheses testing is discussed and the behaviour of functional dependences of reliabilities are illustrated.
3
Akhmetzyanova, Liliya R., and Alexandra A. Babueva. "On the unforgeability of the Chaum - Pedersen blind signature scheme." Prikladnaya Diskretnaya Matematika, no. 65 (2024): 41–65. http://dx.doi.org/10.17223/20710410/65/3.
Full textAbstract:
The paper is devoted to the analysis of the unforgeability property of the Chaum - Pedersen blind signature scheme in case an adversary is able to initiate parallel sessions of the signature generation protocol. It is shown that the scheme does not ensure strong unforgeability, i.e., it allows to create the forgeries for “old” messages that were legitimately signed. An analysis of the weak unforgeability property (the adversary’s task is to create a forgery for a new message) is also conducted. Using the reduction method, we obtain a security bound on the weak unforgeability property in the algebraic group model and random oracle model. This estimation identifies the base problems whose complexity underpins the scheme security.
4
Guo, Li, and Gang Yao. "Protocols for Message Authentication from a Weak Secret." Applied Mechanics and Materials 380-384 (August 2013): 2892–96. http://dx.doi.org/10.4028/www.scientific.net/amm.380-384.2892.
Full textAbstract:
An authentication protocol is a procedure by which a sender tries to convey n bits of information, which we call an input message, to a receiver. An adversary controls the network over which the sender and the receiver talk and may change any message before it reaches its destination. This paper deals with the simple scenario where two parties, Alice and Bob, communicate and want to assure that the message received by Bob is the one sent by Alice. Unconditional cryptographic security cannot be generated simply from scratch, but must be based on some given primitive to start with. In this paper, we introduce a message authentication protocol with unconditional cryptographic security. More precisely, we give protocols using a weakly secret key allowing for the exchange of authenticated messages.
5
Ryabko, Boris. "Unconditionally Secure Ciphers with a Short Key for a Source with Unknown Statistics." Entropy 25, no. 10 (September 30, 2023): 1406. http://dx.doi.org/10.3390/e25101406.
Full textAbstract:
We consider the problem of constructing an unconditionally secure cipher with a short key for the case where the probability distribution of encrypted messages is unknown. Note that unconditional security means that an adversary with no computational constraints can only obtain a negligible amount of information (“leakage”) about an encrypted message (without knowing the key). Here, we consider the case of a priori (partially) unknown message source statistics. More specifically, the message source probability distribution belongs to a given family of distributions. We propose an unconditionally secure cipher for this case. As an example, one can consider constructing a single cipher for texts written in any of the languages of the European Union. That is, the message to be encrypted could be written in any of these languages.
6
Patra, Arpita, Ashish Choudhary, C. Pandu Rangan, Kannan Srinathan, and Prasad Raghavendra. "Perfectly reliable and secure message transmission tolerating mobile adversary." International Journal of Applied Cryptography 1, no. 3 (2009): 200. http://dx.doi.org/10.1504/ijact.2009.023467.
Full text
7
Hu, Zhi Wen, Xian Ming Wang, Tao Tao Lv, Shan Shan Zhao, and Rui Jun Jing. "Random Linear Network Coding with Probabilistic Polynomial-Time Wiretap Adversary." Applied Mechanics and Materials 556-562 (May 2014): 6354–57. http://dx.doi.org/10.4028/www.scientific.net/amm.556-562.6354.
Full textAbstract:
Linear network coding can achieve the network capacity in the single source multicast case. For the single source multicast network with wiretap adversary, the paper of Cai and Yeung constructs an information-secure linear coding which tightly achieves the transmitting rate upper bound , where is the capacity of the network and is the maximum number of edges the adversary can wiretap. The current paper considers the cryptographic security for the messages in the random linear network coding setting. The indistinguishability under chosen-message-attack (or CMA-Security) from probabilistic polynomial-time (PPT) wiretap adversary is defined. With a pseudorandom generator against linear cryptanalysis, an end-to-end protocol is constructed for multicast network using random linear network coding. When the adversary wiretap less than edges, the protocol is CMA-Secure and attains transmitting rate approaching the network’s capacity from below, asymptotically in the expanding ratio (i.e., length of output string/length of input string) of the pseudorandom generator. Compared with secret-key based scheme, no secret is needed by the receiver nodes, which means the key managing issues for dynamic networks would never come up.
8
Zhong, Sheng. "An Efficient and Secure Cryptosystem for Encrypting Long Messages." Fundamenta Informaticae 71, no. 4 (January 2006): 493–97. https://doi.org/10.3233/fun-2006-71407.
Full textAbstract:
Traditionally, due to efficiency considerations, when encrypting long messages using an asymmtric cryptosystem, one needs to use a symmetric cryptosystem in addition. To eliminate this requirement, Hwang, Chang, and Hwang introduced an asymmetric cryptosystem for encrypting long messages. However, they did not give any formal proof of the security of this cryptosystem. In this paper, we propose an improved asymmetric cryptosystem for encrypting long messages, which is both efficient and secure. In the aspect of efficiency, our cryptosystem is about twice as fast as the Hwang-Chang-Hwang cryptosystem. In the aspect of security, besides providing an informal analysis, we rigorously show that computing any part of the plaintext message encrypted using our cryptosystem is as hard as breaking the ElGamal cryptosystem, even if all other parts of the message are already known to the adversary.
9
Bishara, Azmi. "The Quest for Strategy." Journal of Palestine Studies 32, no. 2 (January 1, 2003): 41–49. http://dx.doi.org/10.1525/jps.2003.32.2.41.
Full textAbstract:
After critiquing what have become the main axes of political debate in the occupied territories——suicide bombings, armed operations, and reform——the author emphasizes the imperative need for a comprehensive, inclusive resistance strategy. Elaborating upon five major ingredients that must be taken into account when developing a sound strategy——cost to the adversary, cost to Palestinian society, political discourse, a clear message to the adversary, and a clear message to the world——he argues that in the present phase a resistance strategy is not at odds with state building, and that the two should be pursued in tandem.
10
Priya R., Sathiya, and V. Gokulakrishnan. "Effectively Secure Data Retrieving for Using Three Different Level Security." International Journal of Advance Research and Innovation 3, no. 2 (2015): 49–53. http://dx.doi.org/10.51976/ijari.321512.
Full textAbstract:
The efficient message authentication is one of the most effective ways to thwart unauthorized and corrupted messages from being forwarded in wireless sensor networks. For this reason, many message authentication schemes have been developed, based on either symmetric key cryptosystems or parallel cryptosystems. Most of them, however, have the limitations of high complex and communication overhead in addition to lack of scalability and resilience to node compromise attacks. To solve these issues, a polynomial-based scheme was recently introduced. However, this scheme and its extensions all have the weakness of a built-in threshold determined by the degree of the polynomial based scheme: when the number of messages transmitted is larger than this threshold, the adversary can fully recover the polynomial. In this paper, we propose a scalable authentication scheme based on elliptic curve cryptography. While enabling intermediate nodes authentication, our proposed scheme allows any node to transmit an unlimited number of messages without suffering the threshold problem. In addition, our scheme can also provide message source privacy.
11
TONIEN, DONGVU, REIHANEH SAFAVI-NAINI, and PETER NICKOLAS. "BREAKING AND REPAIRING AN APPROXIMATE MESSAGE AUTHENTICATION SCHEME." Discrete Mathematics, Algorithms and Applications 03, no. 03 (September 2011): 393–412. http://dx.doi.org/10.1142/s1793830911001292.
Full textAbstract:
Traditional hash functions are designed to protect against even the slightest modification of a message. Thus, one bit changed in a message would result in a totally different message digest when a hash function is applied. This feature is not suitable for applications whose message spaces admit a certain fuzziness, such as multimedia communications or biometric authentication applications. In these applications, approximate hash functions must be designed so that the distance between messages are proportionally reflected in the distance between message digests. Most of the previous designs of approximate hash functions employ traditional hash functions. In an ingenious approximate message authentication scheme for an N-ary alphabet recently proposed by Ge, Arce and Crescenzo, the approximate hash functions are based on the majority selection function. This scheme is suitable for N-ary messages with arbitrary alphabet size N. In this paper, we show a hidden property of the majority selection function, which allows us to successfully break this scheme. We show that an adversary, by observing just one message and digest pair, without any knowledge of the secret information, can generate N - 1 new valid message and digest pairs. In order to resist the attack, we propose some modifications to the original design. The corrected scheme is as efficient as the original scheme and it is secure against the attack. By a new combinatorial approach, we calculate explicitly the security parameters of the corrected scheme.
12
Kurosawa, Kaoru. "Round-efficient perfectly secure message transmission scheme against general adversary." Designs, Codes and Cryptography 63, no. 2 (July 17, 2011): 199–207. http://dx.doi.org/10.1007/s10623-011-9546-5.
Full text
13
Liu, Muhua, and Ping Zhang. "An Adaptively Secure Functional Encryption for Randomized Functions." Computer Journal 63, no. 8 (August 2020): 1247–58. http://dx.doi.org/10.1093/comjnl/bxz154.
Full textAbstract:
Abstract Functional encryption (FE) can provide a fine-grained access control on the encrypted message. Therefore, it has been applied widely in security business. The previous works about functional encryptions most focused on the deterministic functions. The randomized algorithm has wide application, such as securely encryption algorithms against chosen ciphertext attack, privacy-aware auditing. Based on this, FE for randomized functions was proposed. The existing constructions are provided in a weaker selective security model, where the adversary is forced to output the challenge message before the start of experiment. This security is not enough in some scenes. In this work, we present a novel construction for FE, which supports the randomized functionalities. We use the technology of key encapsulated mechanism to achieve adaptive security under the simulated environment, where the adversary is allowed to adaptively choose the challenge message at any point in time. Our construction is built based on indistinguishability obfuscation, non-interactive witness indistinguishable proofs and perfectly binding commitment scheme.
14
CAI, XIAO-QIU, and QING-QING LIU. "ROBUST MESSAGE AUTHENTICATION OVER A COLLECTIVE-NOISE CHANNEL." International Journal of Quantum Information 10, no. 06 (September 2012): 1250064. http://dx.doi.org/10.1142/s0219749912500645.
Full textAbstract:
We give two robust message authentication schemes over a collective-noise channel. Each logical qubit is made up of two physical qubits and it is invariant over a collective-noise channel. We also analyze the security and show that it is not possible to forge valid message authentication codes for an adversary even if he/she has unlimited computational resources in the two schemes.
15
Omolara, Abiodun Esther, and Aman Jantan. "Modified honey encryption scheme for encoding natural language message." International Journal of Electrical and Computer Engineering (IJECE) 9, no. 3 (June 1, 2019): 1871. http://dx.doi.org/10.11591/ijece.v9i3.pp1871-1878.
Full textAbstract:
Conventional encryption schemes are susceptible to brute-force attacks. This is because bytes encode utf8 (or ASCII) characters. Consequently, an adversary that intercepts a ciphertext and tries to decrypt the message by brute-forcing with an incorrect key can filter out some of the combinations of the decrypted message by observing that some of the sequences are a combination of characters which are distributed non-uniformly and form no plausible meaning. Honey encryption (HE) scheme was proposed to curtail this vulnerability of conventional encryption by producing ciphertexts yielding valid-looking, uniformly distributed but fake plaintexts upon decryption with incorrect keys. However, the scheme works for only passwords and PINS. Its adaptation to support encoding natural language messages (e-mails, human-generated documents) has remained an open problem. Existing proposals to extend the scheme to support encoding natural language messages reveals fragments of the plaintext in the ciphertext, hence, its susceptibility to chosen ciphertext attacks (CCA). In this paper, we modify the HE schemes to support the encoding of natural language messages using Natural Language Processing techniques. Our main contribution was creating a structure that allowed a message to be encoded entirely in binary. As a result of this strategy, most binary string produces syntactically correct messages which will be generated to deceive an attacker who attempts to decrypt a ciphertext using incorrect keys. We evaluate the security of our proposed scheme.
16
Boddu, Naresh Goud, and Upendra Kapshikar. "Tamper Detection against Unitary Operators." Quantum 7 (November 8, 2023): 1178. http://dx.doi.org/10.22331/q-2023-11-08-1178.
Full textAbstract:
Security of a storage device against a tampering adversary has been a well-studied topic in classical cryptography. Such models give black-box access to an adversary, and the aim is to protect the stored message or abort the protocol if there is any tampering.In this work, we extend the scope of the theory of tamper detection codes against an adversary with quantum capabilities. We consider encoding and decoding schemes that are used to encode a k-qubit quantum message |m⟩ to obtain an n-qubit quantum codeword |ψm⟩. A quantum codeword |ψm⟩ can be adversarially tampered via a unitary U from some known tampering unitary family UAdv (acting on C2n).Firstly, we initiate the general study of quantum tamper detection codes, which detect if there is any tampering caused by the action of a unitary operator. In case there was no tampering, we would like to output the original message. We show that quantum tamper detection codes exist for any family of unitary operators UAdv, such that |UAdv|<22αn for some constant α∈(0,1/6); provided that unitary operators are not too close to the identity operator. Quantum tamper detection codes that we construct can be considered to be quantum variants of classical tamper detection codes studied by Jafargholi and Wichs ['15], which are also known to exist under similar restrictions.Additionally, we show that when the message set M is classical, such a construction can be realized as a non-malleable code against any UAdv of size up to 22αn.
17
Noh, Geontae, Ji Young Chun, and Ik Rae Jeong. "Strongly Unforgeable Ring Signature Scheme from Lattices in the Standard Model." Journal of Applied Mathematics 2014 (2014): 1–12. http://dx.doi.org/10.1155/2014/371924.
Full textAbstract:
In a ring signature scheme, a user selects an arbitrary ring to be able to sign a message on behalf of the ring without revealing the signer’s identity. Whistle-blowers especially find this useful. To date, various ring signature schemes have been proposed, all considered to be secure as existentially unforgeable with respect to insider corruption; that is, an adversary who chooses ring-message pairs for which he requests signatures, corrupts honest users, and obtains their signing keys can not produce forgeries for new ring-message pairs. Lattice-based ring signature schemes offer lower computational overhead and security from quantum attacks. In this paper, we offer a lattice-based scheme. We begin by showing that the existing ring signature schemes are not sufficiently secure, because existential unforgeability still permits a signer to potentially produce a new signature on previously signed messages. Furthermore, we show that existing ring signature schemes from lattices are not even existentially unforgeable with respect to insider corruption. We then improve previous schemes by applying, for the first time, the concept of strong unforgeability with respect to insider corruption to a ring signature scheme in lattices. This offers more security than any previous ring signature scheme: adversaries cannot produce new signatures for any ring-message pair, including previously signed ring-message pairs.
18
Shi, Wenbo, Debiao He, and Peng Gong. "On the Security of a Certificateless Proxy Signature Scheme with Message Recovery." Mathematical Problems in Engineering 2013 (2013): 1–4. http://dx.doi.org/10.1155/2013/761694.
Full textAbstract:
A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. It has lots of practical applications in distributed systems, grid computing, mobile agent applications, distributed shared object systems, global distribution networks, and mobile communications. Recently, Padhye et al. proposed a certificateless proxy signature scheme with message recovery and claimed the scheme is secure against both of the two types of adversaries. However, in this paper, we will show that Padhye et al.’s scheme is not secure against the Type I adversary. The analysis shows their scheme is not secure for practical applications.
19
Andrighetto, Luca, Samer Halabi, and Arie Nadler. "Fostering trust and forgiveness through the acknowledgment of others’ past victimization." Journal of Social and Political Psychology 5, no. 2 (February 1, 2018): 651–64. http://dx.doi.org/10.5964/jspp.v5i2.728.
Full textAbstract:
The present work examines the acknowledgment of past ingroup victimization by adversary outgroup leaders as an effective means to promote intergroup trust. More specifically, through an experimental study we demonstrated that Israeli-Jewish participants who were exposed to Palestinian leaders’ messages acknowledging the Jews’ suffering from anti-Semitic persecutions (past victimization condition) displayed more trust toward outgroup leaders than participants who were exposed to messages acknowledging the Jews’ sufferings from the ongoing conflict (present victimization condition) and participants who were exposed to a control message condition. Further, trust mediated the relationship between acknowledgment of past victimization by rivals and forgiveness toward the outgroup as a whole. The implications of these results for restoring fractured intergroup relations are discussed.
20
Huang, Chin-Tser, Mohamed G. Gouda, and E. N. Elnozahy. "Convergence of IPsec in presence of resets." Journal of High Speed Networks 15, no. 2 (January 2006): 173–83. https://doi.org/10.3233/hsn-2006-285.
Full textAbstract:
IPsec is the current security standard for the Internet Protocol IP. According to this standard, a selected computer pair (p, q) in the Internet can be designated a “security association”. This designation guarantees that all sent IP messages whose original source is computer p and whose ultimate destination is computer q cannot be replayed in the future (by an adversary between p and q) and still be received by computer q as fresh messages from p. This guarantee is provided by adding increasing sequence numbers to all IP messages sent from p to q. Thus, p needs to always remember the sequence number of the last sent message, and q needs to always remember the sequence number of the last received message. Unfortunately, when computer p or q is reset these sequence numbers can be forgotten, and this leads to two bad possibilities: unbounded number of fresh messages from p can be discarded by q, and unbounded number of replayed messages can be accepted by q. In this paper, we propose two operations, “SAVE” and “FETCH”, to prevent these possibilities. The SAVE operation can be used to store the last sent sequence number in persistent memory of p once every Kp sent messages, and can be used to store the last received sequence number in persistent memory of q once every Kq received messages. The FETCH operation can be used to fetch the last stored sequence number for a computer when that computer wakes up after a reset. We show that the following three conditions hold when SAVE and FETCH are adopted in both p and q. First, when p is reset, at most 2Kp sequence numbers will be lost but no fresh message sent from p to q will be discarded if no message reorder occurs. Second, when q is reset, the number of discarded fresh messages is bounded by 2Kq. In either case, no replayed message will be accepted by q.
21
Franzoni, Federico, and Vanesa Daza. "Clover: An anonymous transaction relay protocol for the bitcoin P2P network." Peer-to-Peer Networking and Applications 15, no. 1 (October 6, 2021): 290–303. http://dx.doi.org/10.1007/s12083-021-01241-z.
Full textAbstract:
AbstractThe Bitcoin P2P network currently represents a reference benchmark for modern cryptocurrencies. Its underlying protocol defines how transactions and blocks are distributed through all participating nodes. To protect user privacy, the identity of the node originating a message is kept hidden. However, an adversary observing the whole network can analyze the spread pattern of a transaction to trace it back to its source. This is possible thanks to the so-called rumor centrality, which is caused by the symmetry in the spreading of gossip-like protocols. Recent works try to address this issue by breaking the symmetry of the Diffusion protocol, currently used in Bitcoin, and leveraging proxied broadcast. Nonetheless, the complexity of their design can be a barrier to their adoption in real life. In this work, we propose Clover, a novel transaction relay protocol that protects the source of transaction messages with a simple, yet effective, design. Compared to previous solutions, our protocol does not require building propagation graphs, and reduces the ability of the adversary to gain precision by opening multiple connections towards the same node. Experimental results show that the deanonymization accuracy of an eavesdropper adversary against Clover is up to 10 times smaller compared to Diffusion.
22
Gu, Chen, Arshad Jhumka, and Carsten Maple. "Silence is Golden: A Source Location Privacy Scheme for Wireless Sensor Networks Based on Silent Nodes." Security and Communication Networks 2022 (November 18, 2022): 1–16. http://dx.doi.org/10.1155/2022/5026549.
Full textAbstract:
Source location privacy (SLP) is an important property for security-critical wireless sensor network applications such as monitoring and tracking. However, cryptology-based schemes cannot protect the SLP effectively since an adversary can capture the source node regardless of the contents of messages. Most techniques use fake sources or message delay to provide SLP, but at the cost of high energy consumption or high message delivery latency. In this paper, we present a new technique to address SLP by selecting sets of nodes that are to be silent for a short period, forcing an attacker to either be delayed or to trace back to the source along a longer route. As such, we make a number of important contributions: (i) we formalise the silent nodes selection (SiNS) problem, (ii) we prove it to be NP-complete, and (iii) to circumvent the high complexity of SiNS, we propose a novel SLP-aware routing protocol. Results from extensive simulations show that our proposed routing protocol provides a high level of SLP under appropriate parameterization at the expense of only negligible latency and messages overhead.
23
Hosseini Beghaeiraveri, Seyed Amir, Mohammad Izadi, and Mohsen Rezvani. "Broadcast Complexity and Adaptive Adversaries in Verifiable Secret Sharing." Security and Communication Networks 2020 (August 1, 2020): 1–10. http://dx.doi.org/10.1155/2020/9428457.
Full textAbstract:
Verifiable secret sharing (VSS) is one of the basic problems in the theory of distributed cryptography and has an important role in secure multiparty computation. In this case, it is tried to share a confidential data as secret, between multiple nodes in a distributed system, in the presence of an active adversary that can destroy some nodes, such that the secret can be reconstructed with the participation of certain size of honest nodes. A dynamic adversary can change its corrupted nodes among the protocol. So far, there is not a formal definition and there are no protocols of dynamic adversaries in VSS context. Also, another important question is, would there exist a protocol to share a secret with a static adversary with at most 1 broadcast round? In this paper, we provide a formal definition of the dynamic adversary. The simulation results prove the efficiency of the proposed protocol in terms of the runtime, the memory usage, and the number of message exchanges. We show that the change period of the dynamic adversary could not happen in less than 4 rounds in order to have a perfectly secure VSS, and then we establish a protocol to deal with this type of adversary. Also, we prove that the lower bound of broadcast complexity for the static adversary is (2,0)-broadcast rounds.
24
Huang, Zhenjie, Runlong Duan, Qunshan Chen, Hui Huang, and Yuping Zhou. "Secure Outsourced Attribute-Based Signatures with Perfect Anonymity in the Standard Model." Security and Communication Networks 2021 (October 16, 2021): 1–14. http://dx.doi.org/10.1155/2021/7884007.
Full textAbstract:
Outsourced attribute-based signatures (OABS) enable users to sign messages without revealing specific identity information and are suitable for scenarios with limited computing power. Recently, Mo et al. proposed an expressive outsourced attribute-based signature scheme (Peer-to-Peer Networking and Applications, 11, 2017). In this paper, we show that Mo et al.’s scheme does not achieve any of the three security properties. Their scheme is incorrect. The adversary can collude with the malicious signing-cloud service provider (S-CSP) to forge valid signatures on any message and any attribute set. And the S-CSP could trace the access structures used to generate the signatures. Then, we treat the S-CSP as an adversary and present more accurate unforgeability and anonymity models for OABS to remedy the drawbacks of the previous ones. Finally, we propose a simple but significant improvement to fix our attacks. The improved scheme achieves correctness, unforgeability, and perfect anonymity while keeping the efficiency almost unchanged. We also prove the security of the improved scheme under the standard model.
25
Cahyadi, Eko Fajar, and Min-Shiang Hwang. "An improved efficient anonymous authentication with conditional privacy-preserving scheme for VANETs." PLOS ONE 16, no. 9 (September 10, 2021): e0257044. http://dx.doi.org/10.1371/journal.pone.0257044.
Full textAbstract:
The study of security and privacy in vehicular ad hoc networks (VANETs) has become a hot topic that is wide open to discussion. As the quintessence of this aspect, authentication schemes deployed in VANETs play a substantial role in providing secure communication among vehicles and the surrounding infrastructures. Many researchers have proposed a variety of schemes related to information verification and computation efficiency in VANETs. In 2018, Kazemi et al. proposed an evaluation and improvement work towards Azees et al.’s efficient anonymous authentication with conditional privacy-preserving (EAAP) scheme for VANETs. They claimed that the EAAP suffered from replaying attacks, impersonation attacks, modification attacks, and cannot provide unlinkability. However, we also found out if Kazemi et al.’s scheme suffered from the unlinkability issue that leads to a forgery attack. An adversary can link two or more messages sent by the same user by applying Euclid’s algorithm and derives the user’s authentication key. To remedy the issue, in this paper, we proposed an improvement by encrypting the message using a shared secret key between sender and receiver and apply a Nonce in the final message to guarantee the unlinkability between disseminated messages.
26
Kong, Fan Yu, and Jia Yu. "Key Substitution Attack and Malleability of a Short Signature Scheme with Batch Verification." Applied Mechanics and Materials 55-57 (May 2011): 1605–8. http://dx.doi.org/10.4028/www.scientific.net/amm.55-57.1605.
Full textAbstract:
At IWSEC 2008, F. Guo et al. proposed an efficient short signature scheme with batch verification based on C. Gentry’s scheme. In this paper, we firstly propose the key substitution attack on F. Guo et al.’s digital signature scheme and show that the malicious adversary can forge a valid signature, which can be verified with a substituted public key. Secondly, we prove that F. Guo et al.’s scheme is malleable and the attacker can produce a new valid signature on the message if he/she has known some valid signatures on the same message.
27
Lisova, Elena, Marina Gutiérrez, Wilfried Steiner, Elisabeth Uhlemann, Johan Åkerberg, Radu Dobrin, and Mats Björkman. "Protecting Clock Synchronization: Adversary Detection through Network Monitoring." Journal of Electrical and Computer Engineering 2016 (2016): 1–13. http://dx.doi.org/10.1155/2016/6297476.
Full textAbstract:
Nowadays, industrial networks are often used for safety-critical applications with real-time requirements. Such applications usually have a time-triggered nature with message scheduling as a core property. Scheduling requires nodes to share the same notion of time, that is, to be synchronized. Therefore, clock synchronization is a fundamental asset in real-time networks. However, since typical standards for clock synchronization, for example, IEEE 1588, do not provide the required level of security, it raises the question of clock synchronization protection. In this paper, we identify a way to break synchronization based on the IEEE 1588 standard, by conducting a man-in-the-middle (MIM) attack followed by a delay attack. A MIM attack can be accomplished through, for example, Address Resolution Protocol (ARP) poisoning. Using the AVISPA tool, we evaluate the potential to perform a delay attack using ARP poisoning and analyze its consequences showing both that the attack can, indeed, break clock synchronization and that some design choices, such as a relaxed synchronization condition mode, delay bounding, and using knowledge of environmental conditions, can make the network more robust/resilient against these kinds of attacks. Lastly, a Configuration Agent is proposed to monitor and detect anomalies introduced by an adversary performing attacks targeting clock synchronization.
28
Kumar, Boddupalli Anvesh, and V. Bapuji. "Efficient privacy preserving communication protocol for IOT applications." Brazilian Journal of Development 10, no. 1 (January 5, 2024): 402–19. http://dx.doi.org/10.34117/bjdv10n1-025.
Full textAbstract:
The proliferation of Internet of Things (IoT) devices has led to an unprecedented increase in data generation and communication, raising concerns about the security and privacy of transmitted information. This paper presents a novel Message Authentication Protocol (MAP) specifically designed for IoT devices, addressing the dual challenges of ensuring data integrity and preserving user privacy. The proposed protocol employs advanced cryptographic techniques to authenticate messages securely while incorporating privacy-preserving mechanisms to safeguard sensitive user information.The protocol utilizes a hybrid approach, combining symmetric and asymmetric cryptographic primitives to achieve efficient and robust message authentication. Symmetric key algorithms are employed for fast and lightweight authentication, ensuring minimal computational overhead for resource-constrained IoT devices. Additionally, asymmetric key techniques are integrated to facilitate secure key exchange and protect against key compromise.Privacy preservation is a paramount concern in IoT ecosystems, where devices often handle sensitive data. The protocol incorporates anonymization and differential privacy techniques to conceal the identity of users and the specific content of transmitted messages. This ensures that even if an adversary intercepts communication, extracting meaningful information about the users or their data remains a formidable challenge.To evaluate the effectiveness of the proposed protocol, we conducted comprehensive simulations and real-world experiments. The results demonstrate that the protocol achieves a balance between security, efficiency, and privacy preservation. It outperforms existing solutions in terms of computational efficiency and provides a robust defence against various common attacks, such as replay attacks and message tampering.In conclusion, the presented Secure and Efficient Message Authentication Protocol for IoT Devices with Privacy Preservation offers a viable solution to the evolving security and privacy challenges in IoT environments. By leveraging cryptographic techniques and privacy-preserving mechanisms, the protocol provides a strong foundation for safeguarding sensitive information while ensuring the integrity of communication in the vast and interconnected landscape of IoT devices.
29
Feng, Tao, and Hong-Ru Bei. "Evaluation and Improvement of Internet Printing Protocol Based on HCPN Model Detection Method." Applied Sciences 13, no. 6 (March 8, 2023): 3467. http://dx.doi.org/10.3390/app13063467.
Full textAbstract:
The Internet Printing Protocol (IPP) is a bridge between hosts and printers, and is supported by more than 98 percent of printers today. In addition to supporting local use, the IPP protocol also supports online use. Although this can expand the scope of its application, it has also introduced potential risks to user data. IPP has security components that should be able to guarantee confidentiality, integrity, and non-repudiation. In order to verify whether its security components can achieve this goal, this study modeled the 0-RTT authentication process of the IPP protocol based on Petri net theory and CPN Tools, introducing the improved Dolev–Yao adversary model to perform security evaluation on the protocol model. The result showed that the server could not resist the adversary’s replay attacks on early data. Accordingly, we proposed an improved authentication scheme that introduced a random number signature to enhance the server’s anti-replay capability. Using the same attack model to verify, the result proved that the new scheme was feasible and effective. The method used in this article could easily observe the movement of the security protocol message flow and the specific actions of each participant (including the adversary), which ensured researchers could easily locate the protocol defects and make improvements.
30
Santoli, Thomas, and Christian Schaffner. "Using Simon's algorithm to attack symmetric-key cryptographic primitives." Quantum Information and Computation 17, no. 1&2 (January 2017): 65–78. http://dx.doi.org/10.26421/qic17.1-2-4.
Full textAbstract:
We present new connections between quantum information and the field of classical cryptography. In particular, we provide examples where Simon’s algorithm can be used to show insecurity of commonly used cryptographic symmetric-key primitives. Specifically, these examples consist of a quantum distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC which forges a tag for a chosen-prefix message querying only other messages (of the same length). We assume that an adversary has quantum-oracle access to the respective classical primitives. Similar results have been achieved recently in independent work by Kaplan et al. [KLLNP16]. Our findings shed new light on the post-quantum security of cryptographic schemes and underline that classical security proofs of cryptographic constructions need to be revisited in light of quantum attackers.
31
Wang, Baocang, and Yupu Hu. "Signature Scheme Using the Root Extraction Problem on Quaternions." Journal of Applied Mathematics 2014 (2014): 1–7. http://dx.doi.org/10.1155/2014/819182.
Full textAbstract:
The root extraction problem over quaternion rings modulo an RSA integer is defined, and the intractability of the problem is examined. A signature scheme is constructed based on the root extraction problem. It is proven that an adversary can forge a signature on a message if and only if he can extract the roots for some quaternion integers. The performance and other security related issues are also discussed.
32
Lazzaro, Sara, and Francesco Buccafurri. "Stealthy Messaging: Leveraging Message Queuing Telemetry Transport for Covert Communication Channels." Applied Sciences 14, no. 19 (October 2, 2024): 8874. http://dx.doi.org/10.3390/app14198874.
Full textAbstract:
Covert channel methods are techniques for improving privacy and security in network communications. These methods consist of embedding secret data within normal network channels, making it more difficult for unauthorized parties to detect such data. This paper presents a new approach for creating covert channels using the Message Queuing Telemetry Transport (MQTT) protocol, widely used in the context of the Internet of Things (IoT). The proposed method exploits storage channels by altering the field length of MQTT messages. Our solution leverages well-known one-way mathematical functions to ensure that data remain hidden from third parties observing the MQTT stream. In this way, we ensure that not only the content of the communication is preserved but also that the communication itself takes place. We conducted a security analysis to show that our solution offers the above-mentioned property even against severe threats, such as an adversary being able to observe all the messages exchanged in the network (even in the clear). Finally, we conducted an overhead analysis of our solution both in terms of the time required to perform the required operations and of the bytes to send. Our study shows that our solution adds no significant time overhead, and the additional overhead in terms of transmitted bytes remains within acceptable limits.
33
Saifan, Ramzi, and Omar Al-Jarrah. "A Novel Algorithm for Defending Path-Based Denial of Service Attacks in Sensor Networks." International Journal of Distributed Sensor Networks 6, no. 1 (January 1, 2010): 793981. http://dx.doi.org/10.1155/2010/793981.
Full textAbstract:
Existing end-to-end security mechanisms are vulnerable to path-based denial of service attacks (PDoS). If checking integrity and authenticity of a message is done only at the final destination, the intermediate nodes are going to forward bogus packets injected by an adversary many hops before they are detected. Therefore, the adversary can easily overwhelm intermediate nodes by bogus or replayed packets. This attack exhausts the nodes along the path. In addition, other downstream nodes that depend on the exhausted nodes as intermediate nodes will be isolated, and they have to find alternative paths. Regarding broadcast traffic that originated from the base station, if packets were injected by an adversary, the whole network's nodes will be exhausted. Therefore, there is a need to enable intermediate nodes to filter out bogus packets. We adopted a link layer security scheme to enable en route intermediate nodes to filter out any bogus or replayed packet as soon as it is injected into the network. Our scheme can handle different types of traffic. Simulation results show that our algorithm outperforms the one-way hash chain (OHC) algorithm and that it is more scalable.
34
Kiryukhin, Vitaly A., and Andrey M. Sergeev. "“Sandwich”-like keyed algorithm based on the “Streebog” hash function." Prikladnaya Diskretnaya Matematika, no. 63 (2024): 24–48. http://dx.doi.org/10.17223/20710410/63/2.
Full textAbstract:
We propose a keyed cryptographic algorithm based on the “Streebog” hash function. We do not make any structural changes to the hash function itself, but only introduce a special type of padding. As a result, the key appears on both sides of the message in so-called “sandwich” manner - hence the name Streebog-S for our construction. “Sandwich” properties make it possible to simplify defenses against side-channel attacks while maintaining their effectiveness. We prove that Streebog-S and other algorithms based on “Streebog”, HMAC-Streebog and Streebog-K, remain secure as pseudorandom functions (PRF) and message authentication codes (MAC) even when almost all internal states are leaked to the adversary. This leakage resistance requires additional properties from the underlying compression function, namely collision- and preimage-resistance.
35
Ullah, Ikram, Munam Ali Shah, Abid Khan, Carsten Maple, and Abdul Waheed. "Virtual Pseudonym-Changing and Dynamic Grouping Policy for Privacy Preservation in VANETs." Sensors 21, no. 9 (April 28, 2021): 3077. http://dx.doi.org/10.3390/s21093077.
Full textAbstract:
Location privacy is a critical problem in the vehicular communication networks. Vehicles broadcast their road status information to other entities in the network through beacon messages. The beacon message content consists of the vehicle ID, speed, direction, position, and other information. An adversary could use vehicle identity and positioning information to determine vehicle driver behavior and identity at different visited location spots. A pseudonym can be used instead of the vehicle ID to help in the vehicle location privacy. These pseudonyms should be changed in appropriate way to produce uncertainty for any adversary attempting to identify a vehicle at different locations. In the existing research literature, pseudonyms are changed during silent mode between neighbors. However, the use of a short silent period and the visibility of pseudonyms of direct neighbors provides a mechanism for an adversary to determine the identity of a target vehicle at specific locations. Moreover, privacy is provided to the driver, only within the RSU range; outside it, there is no privacy protection. In this research, we address the problem of location privacy in a highway scenario, where vehicles are traveling at high speeds with diverse traffic density. We propose a Dynamic Grouping and Virtual Pseudonym-Changing (DGVP) scheme for vehicle location privacy. Dynamic groups are formed based on similar status vehicles and cooperatively change pseudonyms. In the case of low traffic density, we use a virtual pseudonym update process. We formally present the model and specify the scheme through High-Level Petri Nets (HLPN). The simulation results indicate that the proposed method improves the anonymity set size and entropy, provides lower traceability, reduces impact on vehicular network applications, and has lower computation cost compared to existing research work.
36
Cheng, Zishuai, Mihai Ordean, Flavio Garcia, Baojiang Cui, and Dominik Rys. "Watching your call: Breaking VoLTE Privacy in LTE/5G Networks." Proceedings on Privacy Enhancing Technologies 2023, no. 2 (April 2023): 282–97. http://dx.doi.org/10.56553/popets-2023-0053.
Full textAbstract:
Voice over LTE (VoLTE) and Voice over NR (VoNR), are two similar technologies that have been widely deployed by operators to provide a better calling experience in LTE and 5G networks, respectively. The VoLTE/NR protocols rely on the security features of the underlying LTE/5G network to protect users' privacy such that nobody can monitor calls and learn details about call times, duration, and direction. In this paper, we introduce a new privacy attack which enables adversaries to analyse encrypted LTE/5G traffic and recover any VoLTE/NR call details. We achieve this by implementing a novel mobile-relay adversary which is able to remain undetected by using an improved physical layer parameter guessing procedure. This adversary facilitates the recovery of encrypted configuration messages exchanged between victim devices and the mobile network. We further propose an identity mapping method which enables our mobile-relay adversary to link a victim's network identifiers to the phone number efficiently, requiring a single VoLTE protocol message. We evaluate the real-world performance of our attacks using four modern commercial off-the-shelf phones and two representative, commercial network carriers. We collect over 60 hours of traffic between the phones and the mobile networks and execute 160 VoLTE calls, which we use to successfully identify patterns in the physical layer parameter allocation and in VoLTE traffic, respectively. Our real-world experiments show that our mobile-relay works as expected in all test cases, and the VoLTE activity logs recovered describe the actual communication with 100% accuracy. Finally, we show that we can link network identifiers such as International Mobile Subscriber Identities (IMSI), Subscriber Concealed Identifiers (SUCI) and/or Globally Unique Temporary Identifiers (GUTI) to phone numbers while remaining undetected by the victim.
37
Martin, Keith M., Maura B. Paterson, and Douglas R. Stinson. "Error decodable secret sharing and one-round perfectly secure message transmission for general adversary structures." Cryptography and Communications 3, no. 2 (December 15, 2010): 65–86. http://dx.doi.org/10.1007/s12095-010-0039-6.
Full text
38
González Muñiz, Madeline, and Rainer Steinwndt. "Security of signature schemes in the presence of key-dependent messages." Tatra Mountains Mathematical Publications 47, no. 1 (December 1, 2010): 15–29. http://dx.doi.org/10.2478/v10127-010-0029-2.
Full textAbstract:
Abstract In recent years, quite some progress has been made in understand- ing the security of encryption schemes in the presence of key-dependent plaintexts. Here, we motivate and explore the security of a setting, where an adversary against a signature scheme can access signatures on key-dependent messages. We propose a way to formalize the security of signature schemes in the pres- ence of key-dependent signatures (KDS). It turns out that the situation is quite different from key-dependent encryption: already to achieve KDS-security under non-adaptive chosen message attacks, the use of a stateful signing algorithm is inevitable-even in the random oracle model. After discussing the connection be- tween key-dependent signing and forward security, we present a compiler to lift any EUF-CMA secure one-time signature scheme to a forward secure signature scheme offering KDS-CMA security.
39
Chen, Dong, Wei Lu, Weiwei Xing, and Na Wang. "An Untraceable Data Sharing Scheme in Wireless Sensor Networks." Sensors 19, no. 1 (December 31, 2018): 114. http://dx.doi.org/10.3390/s19010114.
Full textAbstract:
With the wide application of wireless sensor networks (WSNs), secure data sharing in networks is becoming a hot research topic and attracting more and more attention. A huge challenge is securely transmitting the data from the source node to the sink node. Except for eavesdropping the information stored in the packages, the adversary may also attempt to analyze the contextual information of the network to locate the source node. In this paper, we proposed a secure data sharing approach to defend against the adversary. Specifically, we first design a secret key mechanism to guarantee the security of package delivery between a pair of nodes. Then, a light-weighted secret sharing scheme is designed to map the original message to a set of shares. Finally, the shares are delivered to the sink node independently based on a proper random routing algorithm. Simulation results illustrate that our approach can defend against the eavesdropping and tracing-back attack in an energy-efficient manner.
40
Kim, Jongkil, Yang-Wai Chow, Willy Susilo, Joonsang Baek, and Intae Kim. "Functional Encryption for Pattern Matching with a Hidden String." Cryptography 6, no. 1 (December 31, 2021): 1. http://dx.doi.org/10.3390/cryptography6010001.
Full textAbstract:
We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. In particular, the description with which the ciphertext is associated is an arbitrary string w and the ciphertext can only be decrypted if its description matches the predicate of a private key which is also a string. Therefore, it provides fine-grained access control through pattern matching alone. Unlike related schemes in the literature, our scheme hides the description that the ciphertext is associated with. In many practical scenarios, the description of the ciphertext cannot be public information as an attacker may abuse the message description to identify the data owner or classify the target ciphertext before decrypting it. Moreover, some data owners may not agree to reveal any ciphertext information since it simply gives greater advantage to the adversary. In this paper, we introduce the first FEPM scheme with a hidden string, such that the adversary cannot get any information about the ciphertext from its description. The security of our scheme is formally analyzed. The proposed scheme provides both confidentiality and anonymity while maintaining its expressiveness. We prove these security properties under the interactive general Diffie–Hellman assumption (i-GDH) and a static assumption introduced in this paper.
41
Wang, Chen. "Some Thoughts on Strong Unforgeability in Ring Signature Schemes." Advanced Materials Research 457-458 (January 2012): 773–79. http://dx.doi.org/10.4028/www.scientific.net/amr.457-458.773.
Full textAbstract:
A signature scheme is strongly unforgeable if the adversary cannot produce a new signature even on a queried message. Some methods have been proposed to enhance some regular signatures. However, if applied to ring signatures, such methods will break the anonymity, which is the soul of ring signatures. We introduce a modified method which can achieve both strong unforgeability and anonymity in the standard model. Applying this method to Shacham-Waters scheme, we get the first ring signature with strong unforgeability in the stand model.
42
Zhao, Nan Nan, and Jian Bo Yao. "Mobile-Base-Station Location Privacy Based on Greedy Random Walk in WSN." Applied Mechanics and Materials 427-429 (September 2013): 2502–7. http://dx.doi.org/10.4028/www.scientific.net/amm.427-429.2502.
Full textAbstract:
As wide applications of wireless sensor networks, privacy concerns have emerged as the main obstacle to success. When wireless sensor networks are used to battlefield, the privacy about base-station-locations become a crux issue. If base-station location will be exposed to adversary, the consequence is inconceivable. Random data collection scheme has a problem that message latencies become larger higher for protecting mobile-base-station-location privacy. In this paper, GROW (Greedy Random Walk) is proposed to preserve mobile-base-station-location privacy. In GROW, data are forwarded and stored at pass nodes in the network, the base-station move in greedy random-walk to collect data from the local nodes occasionally, which prevents the attackers from predicting their locations and movements. Compared to random data collection scheme, GROW has smaller message latencies, while providing satisfactory mobile-base-station-location privacy.
43
Zhang, Jun. "Bidirectional Random Walk Based Mobile-Sink-LocationPrivacyin WSN." Applied Mechanics and Materials 529 (June 2014): 730–34. http://dx.doi.org/10.4028/www.scientific.net/amm.529.730.
Full textAbstract:
As wide applications of wireless sensor networks, privacy concerns have emerged as the main obstacle to success. When wireless sensor networks are used to battlefield, the privacy about sink-locations become a crux issue. If sink location will be exposed to adversary, the consequence is inconceivable. Random data collection scheme has a problem that message latencies become larger higher for protecting mobile-sink-locationprivacy .In this paper, BDRW (Bidirectional Random Walk) is proposed to preserve mobile-sink-location privacy. In BDRW, data are forwarded by directional random walk and stored at pass nodes in the network, the sink move in directional random walk to collect data from the local nodes occasionally, which prevents the attackers from predicting their locations and movements. Compared to random data collection scheme, BDRW has smaller message latencies, while providing satisfactory mobile-sink-location privacy.
44
Xia, Qi, Chun Xiang Xu, and Yong Yu. "Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles." Key Engineering Materials 439-440 (June 2010): 1606–11. http://dx.doi.org/10.4028/www.scientific.net/kem.439-440.1606.
Full textAbstract:
Liu et al. proposed the first certificateless signature scheme without random oracles in 2007. However, Xiong et al. showed that Liu et al.'s scheme is insecure against a malicious-but-passive KGC attack and proposed an improved scheme. In ISA 2009, Yuan et al. also proposed a new certificateless signature scheme without random oracles. Although they claimed that the two schemes are secure in the standard model, this paper shows that both Xiong et al.'s improved scheme and Yuan et al.'s new scheme are vulnerable to key replacement attack, where an adversary, obtaining a signature on a message and replacing the public key of a signer, can forge valid signatures on the same message under the replaced public key. We also give the corresponding modifications of the two schemes to resist key replacement attack.
45
Yi, Chuanjun. "En-Route Message Authentication Scheme for Filtering False Data in WSNs." Security and Communication Networks 2021 (September 11, 2021): 1–18. http://dx.doi.org/10.1155/2021/4068507.
Full textAbstract:
In wireless sensor networks, the adversary can easily control the compromised nodes to inject false data reports. En-route filtering is an effective mechanism to resist such attacks, where the forwarding nodes of the reports can identify and drop the false reports. However, the existing en-route filtering strategies are vulnerable to report disruption attacks and selective forwarding attacks, and the probabilities and efficiencies of en-route filtering false reports are low. To address these problems, a precheck mechanism performed by the CoS (Center-of-Stimulus) node is presented to resist report disruption attacks, a report forwarding strategy with balancing the residual energy of the nodes is designed to resist selective forwarding attacks, and an en-route message authentication scheme (EMAS) based on monitoring and reporting mechanism is proposed to resist false data injection attacks. The theoretical analysis and simulation results show that in most cases, EMAS provides a higher security level and higher en-route filtering probability and efficiency and is very efficient in energy saving.
46
Martin, Jeremy, Douglas Alpuche, Kristina Bodeman, Lamont Brown, Ellis Fenske, Lucas Foppe, Travis Mayberry, Erik Rye, Brandon Sipes, and Sam Teplov. "Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol." Proceedings on Privacy Enhancing Technologies 2019, no. 4 (October 1, 2019): 34–53. http://dx.doi.org/10.2478/popets-2019-0057.
Full textAbstract:
Abstract We investigate Apple’s Bluetooth Low Energy (BLE) Continuity protocol, designed to support interoperability and communication between iOS and macOS devices, and show that the price for this seamless experience is leakage of identifying information and behavioral data to passive adversaries. First, we reverse engineer numerous Continuity protocol message types and identify data fields that are transmitted unencrypted. We show that Continuity messages are broadcast over BLE in response to actions such as locking and unlocking a device’s screen, copying and pasting information, making and accepting phone calls, and tapping the screen while it is unlocked. Laboratory experiments reveal a significant flaw in the most recent versions of macOS that defeats BLE Media Access Control (MAC) address randomization entirely by causing the public MAC address to be broadcast. We demonstrate that the format and content of Continuity messages can be used to fingerprint the type and Operating System (OS) version of a device, as well as behaviorally profile users. Finally, we show that predictable sequence numbers in these frames can allow an adversary to track Apple devices across space and time, defeating existing anti-tracking techniques such as MAC address randomization.
47
Zhao, Yong Fu, and Jian Bo Yao. "Bidirection Greedy Walk Based Mobile-Base-Station-Location Privacy in Wireless Sensor Networks." Applied Mechanics and Materials 427-429 (September 2013): 2497–501. http://dx.doi.org/10.4028/www.scientific.net/amm.427-429.2497.
Full textAbstract:
As wide applications of wireless sensor networks, privacy concerns have emerged as the main obstacle to success. When wireless sensor networks are used to battlefield, the privacy about base-sation-locations become a crux issue. If base-sation location will be exposed to adversary, the consequence is inconceivable. Random data collection scheme has a problem that message latencies become larger higher for protecting mobile-base-station-location privacy .In this paper, BDGW (Bidirection Greedy Walk) is proposed to preserve mobile-base-station-location privacy. In BDGW, data are forwarded by greedy walk and stored at pass nodes in the network, the base-sation move in bidirection greedy walk to collect data from the local nodes occasionally, which prevents the attackers from predicting their locations and movements. Compared to random data collection scheme, BDGW has smaller message latencies, while providing satisfactory mobile-base-station-location privacy.
48
Opitz, Marcus, Vidhi Chaudhri, and Yijing Wang. "Employee social-mediated crisis communication as opportunity or threat?" Corporate Communications: An International Journal 23, no. 1 (February 5, 2018): 66–83. http://dx.doi.org/10.1108/ccij-07-2017-0069.
Full textAbstract:
Purpose Defending their employer on LinkedIn or attacking their organization on Twitter: a ubiquitous social-mediated environment allows employees of crisis-stricken organizations to reach out to a mass audience with only a few keystrokes. But is such employee social-mediated crisis communication an opportunity or a threat to their organizations? By developing the perspective of employees in contrast to consumers, the purpose of this paper is to investigate the impact of employee social-mediated crisis communication on organizational reputation. Design/methodology/approach An online survey experiment was conducted among 386 participants constituting the publics of an organization. Findings The findings demonstrate the importance of moderating effects of message framing (advocacy vs adversary) and medium (blog vs microblog). They show that in comparison to consumers, employees attacking their organization on social media, particularly via media such as blog, cause disproportionally more damage to organizational reputation. Research limitations/implications While the significant effects of employees’ adversary message might make them a threat for organizations, it is argued that the fact that employees are equally as effective as advocates for their organizations as consumers also constitutes an opportunity. Practical implications Organizations need to be cognizant of the threats posed by employees’ crisis communication as well as aim to reap opportunities offered by these credible communicators by considering strategies such as authentically integrating employees in the official crisis communication response. Originality/value By comparing the role of the two groups of stakeholders (employees vs consumers) in crisis communication, the study contributes to an important audience-centered perspective.
49
Yang, Ling, Weiwei Yang, Liang Tang, Jia Tu, Xingbo Lu, and Zhengyun He. "Beamforming Design and Covert Performance Analysis for Full-Duplex Multiantenna System." Complexity 2021 (October 7, 2021): 1–10. http://dx.doi.org/10.1155/2021/8806874.
Full textAbstract:
In this work, a wireless covert communication system with full-duplex (FD) multiantenna receiver is considered. In order to improve the convert performance of the wireless communication system in the FD mode, a scheme based on selection combining/zero forcing beamforming (SC/ZFB) is proposed. More specifically, a covert message receiver with a FD multiantenna uses the zero forcing beamforming method to transmit randomly varying noise power to the adversary while receiving covert information from the sender. Firstly, we derive the optimal detection threshold and the corresponding closed expression of the minimum detection error rate of the warden. Secondly, the transmission interruption probability is explored to measure the communication reliability between the sender and the receiver of the covert message. Finally, the throughput performance of the covert communication system is analyzed under random geometry. Our analysis shows that the proposed SC/ZFB scheme can achieve the positive effective convert rate while interfering with the detection of the warden as much as possible. It is worth noting that the increase of the number of antennas and the power of covert message transmission can improve the convert performance of the system.
50
Faust, Sebastian, Pratyay Mukherjee, Jesper Buus Nielsen, and Daniele Venturi. "Continuously Non-malleable Codes in the Split-State Model." Journal of Cryptology 33, no. 4 (July 24, 2020): 2034–77. http://dx.doi.org/10.1007/s00145-020-09362-z.
Full textAbstract:
Abstract Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization of standard non-malleability where the adversary is allowed to tamper continuously with the same encoding. This is in contrast to the standard definition of non-malleable codes, where the adversary can only tamper a single time. The only restriction is that after the first invalid codeword is ever generated, a special self-destruct mechanism is triggered and no further tampering is allowed; this restriction can easily be shown to be necessary. We focus on the split-state model, where an encoding consists of two parts and the tampering functions can be arbitrary as long as they act independently on each part. Our main contributions are outlined below. We show that continuous non-malleability in the split-state model is impossible without relying on computational assumptions. We construct a computationally secure split-state code satisfying continuous non-malleability in the common reference string (CRS) model. Our scheme can be instantiated assuming the existence of collision-resistant hash functions and (doubly enhanced) trapdoor permutations, but we also give concrete instantiations based on standard number-theoretic assumptions. We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks. Previous applications of non-malleable codes in this setting required perfect erasures and the adversary to be restricted in memory. We show that continuously non-malleable codes allow to avoid these restrictions.