International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:17 [Pub][ePrint] Securing the Data in Big Data Security Analytics, by Kevin D. Bowers and Catherine Hart and Ari Juels and Nikos Triandopoulos

  Big data security analytics is an emerging approach to intrusion detection at the scale of a large organization. It involves a combination of automated and manual analysis of security logs and alerts from a wide and varying array of sources, often aggregated into a massive (\"big\") data repository. Many of these sources are host

facilities, such as intrusion-detection systems and syslog, that we generically call Security Analytics Sources (SASs).

Security analytics are only as good as the data being analyzed. Yet nearly all SASs today lack even basic protections on data collection. An attacker can undetectably suppress or tamper with SAS messages to conceal attack evidence. Moreover, by merely monitoring network traffic they can discover sensitive SAS instrumentation and message-generation behaviors.

We introduce PillarBox, a tool for securely relaying SAS messages in a security analytics system. PillarBox enforces integrity: It secures SAS messages against tampering, even against an attacker that controls the network and compromises a message-generating host. It also (optionally) offers stealth: It can conceal alert generation, hiding select SAS alerting rules and actions from an adversary.

We present an implementation of PillarBox and show experimentally that it can secure messages against attacker suppression or tampering even in the most challenging environments where SASs generate real-time security alerts. We also show, based on data from a large enterprise and on-host performance measurements, that PillarBox has minimal overhead and is practical for real-world big data security analytics systems.

18:17 [Pub][ePrint] Decentralized Anonymous Credentials, by Christina Garman and Matthew Green and Ian Miers

  Anonymous credentials provide a powerful tool for making assertions about identity while maintaining privacy. However, a limitation of today\'s anonymous credential systems is the need for a trusted credential issuer --- which is both a single point of failure and a target for compromise. Furthermore, the need for such a trusted issuer can make it challenging to deploy credential systems in practice, particularly in the ad hoc network setting (e.g., anonymous peer-to-peer networks) where no single party can be trusted with this responsibility.

In this work we propose a novel anonymous credential scheme that eliminates the need for a trusted credential issuer. Our approach builds on recent results in the area of electronic cash and uses techniques --- such as the calculation of a distributed transaction ledger --- that are currently in widespread deployment in the Bitcoin payment system. Using this decentralized ledger and standard cryptographic primitives, we propose and provide a proof of security for a basic anonymous credential system that allows users to make flexible identity assertions with strong privacy guarantees. Finally, we discuss a number of practical applications for our techniques, including resource management in ad hoc networks and prevention of Sybil attacks. We implement our scheme and measure its efficiency.

18:17 [Pub][ePrint] Off-Path Hacking: The Illusion of Challenge-Response Authentication, by Yossi Gilad and Amir Herzberg and Haya Shulman

  Everyone is concerned about Internet security, yet most

traffic is not cryptographically protected. Typical justification is that most

attackers are off-path and cannot intercept traffic; hence, intuitively,

challenge-response defenses should suffice to ensure authenticity. Often,

the challenges re-use existing header fields to protect widelydeployed

protocols such as TCP and DNS.

We argue that this practice may often give an illusion of security.

We review recent off-path TCP injection and DNS poisoning attacks,

enabling attackers to circumvent existing challenge-response defenses.

Both TCP and DNS attacks are non-trivial, yet practical. The attacks

foil widely deployed security mechanisms, and allow a wide range of

exploits, such as long-term caching of malicious objects and scripts.

We hope that this review article will help improve defenses against

off-path attackers. In particular, we hope to motivate, when feasible,

adoption of cryptographic mechanisms such as SSL/TLS, IPsec and

DNSSEC, providing security even against stronger Man-in-the-Middle


18:17 [Pub][ePrint] New Integer-FFT Multiplication Architectures and Implementations for Accelerating Fully Homomorphic Encryption, by Xiaolin Cao and Ciara Moore

  This paper proposes a new hardware architecture of Integer-FFT multiplier for super-size integer multiplications. Firstly, a basic hardware archi-tecture, with the feature of low hardware cost, of the Integer-FFT multiplication algorithm using the serial FFT architecture, is proposed. Next, a modified hardware architecture with a shorter multiplication latency than the basic archi-tecture is presented. Thirdly, both architectures are implemented, verified and compared on the Xilinx Virtex-7 FPGA platform using 256, 512, 1024, 2048 and 8192 point Integer-FFT algorithm respectively with multiplication operands ranging from bits to bits in size. Experimental results show that the hardware cost of the proposed architecture is no more than 1/10 of the prior FPGA solution, and is perfectly within the implementable range of the Xilinx Virtex-7 FPGA platform, and outperforms the software implementations of the same bit-length operand multiplication on the Core-2 Q6600 and Core-i7 870 platforms. Finally, the proposed implementations are employed to evaluate the super-size multiplication in an encryption primitive of fully homomorphic en-cryption (FHE) over the integers. The analysis shows that the speed improve-ment factor is up to 26.2 compared to the corresponding integer-based FHE software implementation on the Core-2 Duo E8400 platform.

15:17 [Pub][ePrint] Some results concerning global avalanche characteristics of two $q$-ary functions, by Brajesh Kumar Singh

  The global avalanche characteristics criteria was first introduced by

Zhou et al. (Inform. Sci. 180(2) (2010) 256-265).

This article is concerned with some new bounds on global avalanche characteristics of two $q$-ary functions. Based on the above result we obtain a bound on $\\sigma_{f}$ of $f \\in \\cB_{n, q}$ in terms of $\\sigma_{f_{\\ell}}\'$s of the restricted functions on $\\BBZ_{n-1}^q$, and construct a class of $q$-ary bent functions from $1$-plateaued functions having dijoint Walsh spectra.

15:17 [Pub][ePrint] Security Amplification against Meet-in-the-Middle Attacks Using Whitening, by Pierre-Alain Fouque and Pierre Karpman

  In this paper we introduce a model for studying meet-in-the-middle attacks on block ciphers, and a simple block cipher construction provably

resistant to such attacks in this model. A side-result of this is a proper formalization for an unproven alternative

to DESX proposed by Kilian and Rogaway; this construction can now be shown to be sound in our model.

Meet-in-the-middle attacks exploit weaknesses in key schedule algorithms,

and building constructions resistant to such attacks is an important issue for improving the security of block ciphers.

Our construction is generic so that it can be used on top of any block cipher, and it does not require to increase the key-length.

We use an exposure resilient function (or ERF) as a building block and we propose a concrete and efficient instantiation strategy

based on compression functions.

15:17 [Pub][ePrint] Fault Injection Modeling Attacks on 65nm Arbiter and RO Sum PUFs via Environmental Changes, by Jeroen Delvaux and Ingrid Verbauwhede

  Physically Unclonable Functions (PUFs) are emerging as hardware security primitives. So-called strong PUFs provide a mechanism to authenticate chips which is inherently unique for every manufactured sample. To prevent cloning, modeling of the challenge-response pair (CRP) behavior should be infeasible. Machine learning (ML) algorithms are a well-known threat. Recently, repeatability imperfections of PUF responses have been identied as another threat. CMOS device noise renders a signicant fraction of the CRPs unstable, hereby providing a side channel for modeling attacks. In previous work, 65nm arbiter PUFs have been modeled as such with accuracies exceeding 97%. However, more PUF evaluations were required than for state-of-the-art ML approaches. In this work, we accelerate repeatability attacks by increasing the fraction of unstable CRPs. Response evaluation faults are triggered via environmental changes hereby. The attack speed, which is proportional to the fraction of unstable CRPs, increases with a factor 2.4 for both arbiter and ring oscillator (RO) sum PUFs. Data originates from a 65nm silicon chip and hence not from simulations.

15:17 [Pub][ePrint] Do I know you? -- Efficient and Privacy-Preserving Common Friend-Finder Protocols and Applications, by Marcin Nagy, Emiliano De Cristofaro, Alexandra Dmitrienko, N. Asokan, Ahmad-Reza Sadeghi

  The increasing penetration of Online Social Networks (OSNs) prompts the need for effectively accessing and utilizing social networking information. In numerous applications, users need to make trust and/or access control decisions involving other (possibly stranger) users, and one important factor is often the existence of common social relationships. This motivates the need for secure and privacy-preserving techniques allowing users to assess whether or not they have mutual friends.

This paper introduces the Common Friends service, a framework for finding common friends which protects privacy of non-mutual friends and guarantees authenticity of friendships. First, we present a generic construction that reduces to secure computation of set intersection, while ensuring authenticity of announced friends via bearer capabilities. Then, we propose an efficient instantiation, based on Bloom filters, that only incurs a constant number of public-key operations and appreciably low communication overhead. Our software is designed so that developers can easily integrate Common Friends into their applications, e.g., to enforce access control based on users\' social proximity in a privacy-preserving manner. Finally, we showcase our techniques in the context of an existing application for sharing (tethered) Internet access, whereby users decide to share access depending on the existence of common friends. A comprehensive experimental evaluation attests to the practicality of proposed techniques.

15:17 [Pub][ePrint] Multi-LHL protocol, by Marika Mitrengov√°

  We present a password-authenticated group key exchange protocol where each user has his/her own password. Advantage of such protocol is in short passwords, which can be easily memorized. On the other hand these protocols face the low password entropy. In the first part we define security model based on models of Abdalla, Fouque and Pointcheval and Bellare, Pointcheval, Rogaway. We construct MLHL (Multi-LHL) protocol, which is based on LHL protocol proposed by Lee, Hwang and Lee. However, LHL protocol is flawed as pointed by Abdalla, Bresson, Chevassut and Choo, Raymond. We prove that our protocol is secure authenticated key exchange protocol with forward secrecy property and that the protocol is resistant against attacks on LHL protocol.

03:17 [Pub][ePrint] Is extracting data the same as possessing data?, by Douglas R. Stinson and Jalaj Upadhyay

  Proof-of-retrievability schemes have been a topic of considerable recent interest. In these schemes, a client gives a file M to a server with the understanding that the server will securely store M. A suitable challenge-response protocol is invoked by the client in order for the client to gain confidence that M is indeed being correctly stored by the server. The definition of proof-of-retrievability schemes is based on the notion of an extractor that can recover the file once the challenge-response protocol is executed a sufficient number of times.

In this paper, we propose a new type of scheme that we term a proof-of-data-observability scheme. Our definition tries to capture the stronger requirement that the server must have

an actual copy of M in its memory space while it executes the challenge-response protocol.

We give some examples of schemes that satisfy this new security definition. As well, we analyze the efficiency and security of the protocols we present, and we prove some necessary conditions for the existence of these kinds of protocols.

03:17 [Pub][ePrint] Privacy and Verifiability in Voting Systems: Methods, Developments and Trends, by Hugo Jonker and Sjouke Mauw and Jun Pang

  One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand,

verifiability states that a voter can trace the effect of her vote on the result. This can be addressed using various privacy-enabling cryptographic primitives which also offer verifiability.

As more and more refined voting systems were proposed, understanding of first privacy and later verifiability in voting increased, and notions of privacy as well as notions of verifiability in voting became increasingly more refined. This has culminated in a variety of verifiable systems that use cryptographic primitives to ensure specific kinds of privacy. However, the corresponding privacy and verifiability claims are not often verified independently. When they are investigated, claims have been invalidated sufficiently often to warrant a cautious approach to them.

The multitude of notions, primitives and proposed solutions that claim to achieve both privacy and verifiability form an interesting but complex landscape. The purpose of this paper is to

survey this landscape by providing an overview of the methods, developments and current trends regarding privacy and verifiability in voting systems.