International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-03-30
18:17 [Pub][ePrint]

Cache attacks are known to be sophisticated attacks against cryptographic implementations on desktop computers. Recently, also investigations of such attacks on testbeds with processors that are employed in mobile devices have been done. In this work we investigate the applicability of Bernstein\'s timing attack and the cache-collision attack by Bogdanov et al. in real environments on three state-of-the-art mobile devices. These devices are: an Acer Iconia A510, a Google Nexus S, and a Samsung Galaxy SIII. We show that T-table based implementations of the Advanced Encryption Standard (AES) leak enough timing information on these devices in order to recover parts of the used secret key using Bernstein\'s timing attack. We also show that systems with a cache-line size larger than 32 bytes exacerbate the cache-collision attack by Bogdanov et al.

2013-03-29
06:17 [Pub][ePrint]

This work presents the design, analysis and implementation of the first sub-linear searchable symmetric encryption (SSE) protocol that supports conjunctive search and general Boolean queries on symmetrically-encrypted data and that scales to very large data sets and arbitrarily-structured data including free text search. To date, work in this area has focused mainly on single-keyword search. For the case of conjunctive search, prior SSE constructions required work linear in the total number of documents in the database and provided good privacy only for structured attribute-value data, rendering these solutions too slow and inflexible for large practical databases.

In contrast, our solution provides a realistic and practical trade-off between performance and privacy by efficiently supporting very large databases at the cost of moderate and well-defined leakage to the outsourced server (leakage is in the form of data access patterns, never as direct exposure of plaintext data or searched values). A key aspect of our protocols is that it allows the searcher to pivot its conjunctive search on the estimated least frequent keyword in the conjunction. We show that a Decisional Diffie-Hellman (DDH) based pseudo-random function can be used not just to implement search tokens but also to hide query access pattern of non-pivot, and hence possibly highly frequent, keywords in conjunctive queries. We present a formal cryptographic analysis of the privacy and security of our protocols and establish precise upper bounds on the allowed leakage.

To demonstrate the real-world practicality of our approach, we provide performance results of a prototype applied to several large representative data sets.

2013-03-28
18:17 [Pub][ePrint]

Within a broader context of mobile and embedded computing, the design of practical, secure tokens that can store and/or process security-critical information remains an ongoing challenge. One aspect of this challenge is the threat of information leakage through side-channel attacks, which is exacerbated by any resource constraints. Although any countermeasure can be of value, it seems clear that approaches providing robust guarantees are most attractive. Along these lines, this paper extends previous work on use of Yao circuits via two contributions. First, we show how careful analysis can fix the maximum number of traces acquired during a DPA attack, effectively bounding leakage from a Yao-based token: for a low enough bound, the token can therefore be secured via conventional (potentially less robust) countermeasures. To achieve this we use modularised Yao circuits, which also support our second contribution: the first Yao-based mplementation of a secure authentication payload, namely HMAC based on SHA.

15:17 [Pub][ePrint]

RFID is a leading technology that has been

rapidly deployed in several daily life applications such as

payment, access control, ticketing, and e-passport, which

requires strong security and privacy mechanisms. However,

RFID systems commonly have limited computational capacity,

poor resources and inefficient data management. Hence there

is a demanding urge to address these issues in the light

of some mechanism which can make the technology excel.

Cloud computing is one of the fastest growing segments of

IT industry which can provide a cost effective technology

and information solution to handling and using data collected

companies is placed in the cloud, concerns are beginning to

grow about just how safe an environment it is. Therefore, while

integrating RFID into the cloud, the security and privacy of

the tag owner must be considered.

Motivated by this need, we first provide a security and

privacy model for RFID technology in the cloud computing. In

this model, we first define the capabilities of the adversary and

then give the definitions of the security and privacy. After that

we propose an example of an RFID authentication protocol

in the cloud computing. We prove that the proposal is narrow

strong private+ in our privacy model.

15:17 [Pub][ePrint]

In this paper, we obtain a characterization of generalized Boolean functions based on spectral analysis. We investigate a relationship between the Walsh-Hadamard spectrum and $\\sigma_f$, the sum-of-squares-modulus indicator (SSMI) of the generalized Boolean function. It is demonstrated that $\\sigma_f = 2^{2n + s}$ for every $s$-plateaued generalized Boolean function in $n$ variables. Two classes of generalized semi-bent Boolean functions are constructed.% and it is demonstrated that their SSMI is over generalized $s$-plateaued Boolean functions is $2^{2n + s}$. We have constructed a class of generalized semi-bent functions in $(n+1)$ variables from generalized semi-bent functions in $n$ variables and identify a subclass of it for which $\\sigma_f$ and $\\triangle_{f}$ both have optimal value. Finally, some construction on generalized partially bent Boolean functions are given.

15:17 [Pub][ePrint]

Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user\'s account information. In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely. All our constructions provably protect the user from dictionary attacks on the password, and cross-site impersonation or honeypot attacks by the online service providers.

Our solutions assume the user has access to either an untrusted online cloud storage service (as per Boyen [14]), or a mobile storage device that is trusted until stolen. In the cloud storage scenario, we consider schemes that optimize for either storage server or online service performance, as well as anonymity and unlinkability of the user\'s actions. In the mobile storage scenario, we minimize the assumptions we make about the capabilities of the mobile device: we do not assume synchronization, tamper resistance, special or expensive hardware, or extensive cryptographic capabilities. Most importantly, the user\'s password remains secure even after the mobile device is stolen. Our protocols provide another layer of security against malware and phishing. To the best of our knowledge, we are the first to propose such various and provably secure password-based authentication schemes. Lastly, we argue that our constructions are relatively easy to deploy, especially if a few single sign-on services (e.g., Microsoft, Google, Facebook) adopt our proposal.

2013-03-27
15:19 [Job][New]

We invite applications for outstanding researchers to strengthen and broaden our research activities in security and privacy research.

Both recent Ph.D. graduates and well-established scientists are encouraged to apply. A premier center for commercial innovation, PARC, a Xerox company, is in the business of breakthroughs. We work closely with global enterprises, entrepreneurs, government agencies and partners, and other clients to invent, co-develop, and bring to market game-changing innovations by combining imagination, investigation, and return on investment for our clients. For 40 years, we have lived at the leading edge of innovation, merging inquiry and strategy to pioneer technological change. PARC was incorporated in 2002 as a wholly owned independent subsidiary of Xerox Corporation – enabling us to continue pioneering technological change but across a broader set of industries and clients today. See http://www.parc.com/about for more details on PARC.

Candidates in all areas of cyber security will be considered, with particular interest in:

• systems and network security
• security and privacy in big data analytics
• security in ubiquitous environments
• machine learning and security
• usable security
• privacy and applied cryptography

09:09 [Job][New]

The Information Security Centre of Excellence is looking for several stand-out PhD students who want to pursue research in the area of network security and collaborate closely with industry partners. The positions are fully-funded. To apply please send your detailed CV.

2013-03-26
15:17 [Pub][ePrint]

A new implementation of the GHASH function has been recently committed to a Git version of OpenSSL, to speed up AES-GCM. We identified a bug in that implementation, and made sure it was quickly fixed before trickling into an official OpenSSL trunk. Here, we use this (already fixed) bug as a real example that demonstrates the fragility of AES-GCM\'s authentication algorithm (GHASH). One might expect that incorrect MAC tag generation would only cause legitimate message-tag pairs to fail authentication (which is already a serious problem). However, since GHASH is a \"polynomial evaluation\" MAC, the bug can be exploited for actual message forgery.

15:17 [Pub][ePrint]

We demonstrate the high-speed computation of core elliptic curve operations with full protection against timing-type side-channel attacks. We use a state-of-the-art GLV-GLS curve in twisted Edwards form defined over a quadratic extension field of large prime characteristic, which supports a four dimensional decomposition of the scalar. We present highly optimized algorithms and formulas for speeding up the different arithmetic layers, including techniques especially suitable for high-speed, side-channel protected computation on GLV-based implementations. Analysis and performance results are reported for modern x64 and ARM processors. For instance, on an Intel Ivy Bridge processor we compute a variable-base scalar multiplication in 94,000 cycles, a fixed-base scalar multiplication in 53,000 cycles using a table of 6KB, and a double scalar multiplication in 118,000 cycles using a table of 3KB. Similarly, on an ARM Cortex-A15 processor we compute a variable-base scalar multiplication in 244,000 cycles, a fixed-base scalar multiplication in 116,000 cycles (table of 6KB), and a double scalar multiplication in 285,000 cycles (table of 3KB). All these numbers and the proposed techniques represent a significant improvement of the state-of-the-art performance of elliptic curve computations. Most remarkably, our optimizations allow us to reduce the cost of adding protection against timing attacks in the computation of variable-base scalar multiplication to around or below 10%.

15:17 [Pub][ePrint]

In Eurocrypt 2012, Lewko presented a fully secure IBE scheme in the

prime order setting based on the decisional linear assumption. We note that

some random factor involved in the ciphertext can further be used to hide yet another message

, and get a new fully secure IBE scheme with better message-ciphertext rate.

Similar to Lewko\'s

scheme, we use dual pairing vector space in prime order bilinear

groups to simulate the canceling and parameter hiding properties of

composite order settings. The security of our scheme is based on the

subspace assumption, which can be reduced to the decisional linear

assumption. We employ the dual system encryption technique in our

security proof.