A Denial of Service Attack against Fair Computations using Bitcoin Deposits, by Jethro Beekman
Bitcoin supports complex transactions where the recipient of a transaction can be programmatically determined.
Using these transactions, multi-party computation protocols that aim to ensure fairness among participants have been designed.
We present a Denial of Service attack against these protocols that results in a net loss for some or all of the honest parties involved, violating those fairness goals.
Low-Cost Concurrent Error Detection for GCM and CCM, by Xiaofei Guo and Ramesh Karri
In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and
authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100% for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1-23.3% range and
the power overhead is in the 0.2-23.2% range. ASIC implementation results show that the hardware overhead in the 0.1-22.8% range and the power overhead is in the 0.3-12.6% range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors.
Primary-Secondary-Resolver Membership Proof Systems, by Moni Naor and Asaf Ziv
We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) and show different constructions of that primitive. A PSR system is a 3-party protocol, where we have a primary, which is a trusted party which commits to a set of members and their values, then generates a public and secret keys in order for secondaries (provers with knowledge of both keys) and resolvers (verifiers who only know the public key) to engage in interactive proof sessions regarding elements in the universe and their values. The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients.
We require our systems to be complete, so honest executions will result in correct conclusions by the resolvers, sound, so malicious secondaries cannot cheat resolvers, and zero-knowledge, so resolvers will not learn additional information about elements they did not query explicitly. Providing proofs of membership is easy, as the primary can simply precompute signatures over all
the members of the set. Providing proofs of non-membership, i.e. a
denial-of-existence mechanism, is trickier and is the main issue in constructing PSR systems.
We provide three different strategies to construct a denial of existence mechanism. The first uses a set of cryptographic keys for all elements of the universe which are not members, which we implement using hierarchical identity based encryption and a tree based signature scheme. The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a
secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of the cuckoo hashing scheme. The third uses a verifiable ``random looking\'\' function which the primary evaluates over the set of members, then signs the values lexicographically and secondaries then use those signatures to prove to resolvers that the value of the non-member was not
signed by the primary. We implement this function using a weaker variant of verifiable random/unpredictable functions and pseudorandom functions with interactive zero knowledge proofs.
For all three constructions we suggest fairly efficient implementations, of order comparable to other public-key operations such as signatures and encryption. The first approach offers perfect ZK and does not reveal the size of the set in question, the second can be implemented based on very solid cryptographic assumptions and uses the unique structure of cuckoo hashing, while the last technique has the potential to be highly efficient, if one could construct an efficient and secure VRF/VUF or if one is willing to live in the random oracle model.
How Secure is TextSecure?, by Tilman Frosch and Christian Mainka and Christoph Bader and Florian Bergsma and Joerg Schwenk and Thorsten Holz
Instant Messaging has attracted a lot of attention by users for both private and business communication and has especially gained popularity as low-cost short message replacement on mobile devices. However, most popular mobile messaging apps do not provide end-to-end security. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ lead many people looking for means that allow them to preserve the security and privacy of their communication on the Internet. Additionally fueled by Facebook\'s acquisition of the hugely popular messaging app WhatsApp, alternatives that claim to provide secure communication experienced a significant increase of new users.
A messaging app that has attracted a lot of attention lately is TextSecure, an app that claims to provide secure instant messaging and has a large number of installations via Google\'s Play Store. It\'s protocol is part of Android\'s most popular aftermarket firmware CyanogenMod. In this paper, we present the first complete description of TextSecure\'s complex cryptographic protocol and are the first to provide a thorough security analysis of TextSecure. Among other findings, we present an Unknown Key-Share Attack on the protocol, along with a mitigation strategy, which has been acknowledged by TextSecure\'s developers. Furthermore, we formally prove that---if our mitigation is applied---TextSecure\'s push messaging can indeed achieve the goals of authenticity and confidentiality.
Principal Solution Specialist - Encryption, SafeNet
Serve as a SME (Subject Matter Expert) advising SafeNet customers, partners and prospects on SafeNet Data Protection solutions to secure data while at rest (storage, file and database encryption), in use (hardware security modules, encryption technologies), and in transit (wide area network encryption).
This focused expertise will drive increased revenue for SafeNet StorageSecure, Hardware Security Modules, KeySecure and ProtectV products.
• Experienced in the concepts of Cryptography, Security and PKI
• Experience with Hardware Security Modules (HSM)
• Experience with the concept and practice of Key Management
• Experience with virtualisation products such as VMWare, XEN and HyperV is beneficial, as well as prior involvement with Amazon Web Services
• Strong familiarity with Windows and Linux based systems
• Familiarity with a range of enterprise security solutions would be beneficial as they relate to the wider SafeNet portfolio. These include database encryption, data tokenization, storage encryption, wide area network encryption, and authentication.
The position will require significant travel throughout the EMEA region.
For further information, please contact julia.robson (at) safenet-inc.com