1,721,162 research outputs found
Cryptanalysis of RC4-based hash function
No full textRC4-Based Hash Function is a new proposed hash function based on RC4 stream cipher for ultra low power devices. In this paper, we analyse the security of the function against collision attack. It is shown that the attacker can find collision and multi-collision messages with complexity only 6 compress function operations and negligible memory with time complexity 2 13. In addition, we show the hashing algorithm can be distinguishable from a truly random sequence with probability close to one.\u
Repudiation of Cheating and Non-repudiation of Zhang's Proxy Signature Schemes
No full textThe paper discusses the correctness of Lee, Hwang and
Wang's comments on on Zhang's proxy signature schemes. In particular, it is shown that the cheating attack proposed by Lee, Hwang and Wang can be detected by the owner of the signature scheme. It is argued that considering the context in which proxy signatures are used, the attack is not a security problem. The work is concluded by a discussion about
the non-repudiation controversy incorrectly observed by Lee, Hwang and Wang
Information Security and Privacy, Proceedings of 12th Australasian Conference, ACISP 2007,
No full textThe 12th Australasian Conference on Information Security and Privacy—
ACISP2007—was held in Townsville, Queensland, July 2–4, 2007. This was the
first conference to be organized outside the traditional three venues: Brisbane
and Gold Coast, Melbourne, and Sydney and Wollongong. The conference was
sponsored by James Cook University, Center for Advanced Computing – Algorithm
and Cryptography at Macquarie University, Information Security Institute
at Queensland University of Technology, and the Research Network for Secure
Australia. We would like to thank Matthieu Finiasz and Thomas Baign`eres from
EPFL, LASEC, Switzerland for letting us use their iChair software that facilitated
the submission and revision processes
Special issue on the design and engineering of cryptographic solutions for secure information systems
Full text linkWOS: 00033135760000
Identyfikacja blednych podpisow w kolekcjach
No full textWeryfikacja poprawnosci podpisów cyfrowych jest obliczeniowo kosztowna. Aby ja zwiekszyc, zamiast pojedynczych podpisów weryfikacji poddaje sie kolekcje. Jezeli wszystkie podpisy w kolekcji sa poprawne, to cała kolekcja jest akceptowana. Pojawienie sie błednych podpisów w kolekcji powoduje, ze weryfikacja jest błedna. Nie mozna odrzucic całej kolekcji, zachodzi wiec koniecznosc identyfikacji błednych podpisów w kolekcji. W artykule zdefiniowano metody identyfikacji błednych podpisów. W szczególnosci okreslono weryfikacje typu „dziel i rzadz”, w których wejsciowe kolekcje sa dzielone na podkolekcje tak długo, az koncowe błedne kolekcje zawieraja pojedyncze podpisy. Opisano równiez weryfikator Hamminga identyfikujacy jeden błedny podpis w kolekcji oraz uogólniono ten weryfikator do postaci dwupoziomowego weryfikatora, umozliwiajacego identyfikacje dwóch błednych podpisów. Podano tez definicje ogólnego weryfikatora zdolnego do identyfikacji dowolnej liczby błednych podpisów w kolekcjach
Improving the efficiency of RFID authentication with pre-computation
No full textSecurity of RFID authentication protocols has received considerable interest recently. However, an important aspect of such protocols that has not received as much attention is the efficiency of their communication. In this paper we investigate the efficiency benefits of pre-computation for time-constrained applications in small to medium RFID networks. We also outline a protocol utilizing this mechanism in order to demonstrate the benefits and drawbacks of using thisapproach. The proposed protocol shows promising results as it is able to offer the security of untraceableprotocols whilst only requiring the time comparable to that of more efficient but traceable protocols
Towards a secure human-and-computer mutual authentication protocol
No full textWe blend research from human-computer interface\ud
(HCI) design with computational based crypto-\ud
graphic provable security. We explore the notion of\ud
practice-oriented provable security (POPS), moving\ud
the focus to a higher level of abstraction (POPS+)\ud
for use in providing provable security for security\ud
ceremonies involving humans. In doing so we high-\ud
light some challenges and paradigm shifts required to\ud
achieve meaningful provable security for a protocol\ud
which includes a human. We move the focus of security ceremonies from being protocols in their context\ud
of use, to the protocols being cryptographic building\ud
blocks in a higher level protocol (the security cere-\ud
mony), which POPS can be applied to. In order to\ud
illustrate the need for our approach, we analyse both a\ud
protocol proven secure in theory, and a similar proto-\ud
col implemented by a �nancial institution, from both HCI and cryptographic perspectives
State convergence in the initialisation of the Sfinks stream cipher
No full textSfinks is a shift register based stream cipher designed for hardware implementation. The initialisation state update function is different from the state update function used for keystream generation. We demonstrate state convergence during the initialisation process, even though the individual components used in the initialisation are one-to-one. However, the combination of these components is not one-to-one
Data flow analysis of embedded program expressions
No full textData flow analysis techniques can be used to help assess threats to data confidentiality and integrity in security critical program code. However, a fundamental weakness of static analysis techniques is that they overestimate the ways in which data may propagate at run time. Discounting large numbers of these false-positive data flow paths wastes an information security evaluator's time and effort. Here we show how to automatically eliminate some false-positive data flow paths by precisely modelling how classified data is blocked by certain expressions in embedded C code. We present a library of detailed data flow models of individual expression elements and an algorithm for introducing these components into conventional data flow graphs. The resulting models can be used to accurately trace byte-level or even bit-level data flow through expressions that are normally treated as atomic. This allows us to identify expressions that safely downgrade their classified inputs and thereby eliminate false-positive data flow paths from the security evaluation process. To validate the approach we have implemented and tested it in an existing data flow analysis toolkit
- …
