No Arabic abstract
Cryptography algorithm standards play a key role both to the practice of information security and to cryptography theory research. Among them, the MQV and HMQV protocols ((H)MQV, in short) are a family of (implicitly authenticated) Diffie-Hellman key-exchange (DHKE) protocols that are widely standardized and deployed. In this work, from some new perspectives and approaches and under some new design rationales and insights, we develop a new family of practical implicitly authenticated DHKE protocols, which enjoy notable performance among security, privacy, efficiency and easy deployment. We make detailed comparisons between our new DHKE protocols and (H)MQV, showing that the newly developed protocols outperform HMQV in most aspects. Along the way, guided by our new design rationales, we also identify a new vulnerability (H)MQV, which brings some new perspectives (e.g., computational fairness) to the literature.
The Internet of Things (IoT) is a fast growing field of devices being added to an interconnected environment in an abstract heterogeneous array of servers and other devices, called smart environments, ranging from private local (home) environments to nation-wide infrastructures, often accessible via unsecured wireless communications and information technologies, hence, massively open to attacks. In this paper we address some of issues that arise when connecting smart devices endowed with low computational capabilities to a home gateway via unsecured wireless communication channels, by using a One Time Pad (OTP) protocol based upon an On-the-fly Diffie-Hellman Key Exchange. Our assumptions are that only a user and the gateway have enough processing power to perform - say - secured RSA encrypted communication, hence relaxing the need for a trusted secure server outside the domain and that the protocol should at least be secure for a range of known attacks, as replay or DoS attacks.
Key establishment is one fundamental issue in wireless security. The widely used Diffie-Hellman key exchange is vulnerable to the man-in-the-middle attack. This paper presents a novel in-band solution for defending the man-in-the-middle attack during the key establishment process for wireless devices. Our solution is based on the insight that an attacker inevitably affects the link layer behavior of the wireless channel, and this behavior change introduced by the attacker can be detected by the legitimate users. Specifically, we propose a key exchange protocol and its corresponding channel access mechanism for the protocol message transmission, in which the Diffie-Hellman parameter is transmitted multiple times in a row without being interrupted by other data transmission on the same wireless channel. The proposed key exchange protocol forces the MITM attacker to cause multiple packet collisions consecutively at the receiver side, which can then be monitored by the proposed detection algorithm. The performance of the proposed solution is validated through both theoretical analysis and simulation: the proposed solution is secure against the MITM attack and can achieve an arbitrarily low false positive ratio. This proposed link layer solution works completely in-band, and can be easily implemented on off-the-shelf wireless devices without the requirement of any special hardware.
We construct several explicit quantum secure non-malleable-extractors. All the quantum secure non-malleable-extractors we construct are based on the constructions by Chattopadhyay, Goyal and Li [2015] and Cohen [2015]. 1) We construct the first explicit quantum secure non-malleable-extractor for (source) min-entropy $k geq textsf{poly}left(log left( frac{n}{epsilon} right)right)$ ($n$ is the length of the source and $epsilon$ is the error parameter). Previously Aggarwal, Chung, Lin, and Vidick [2019] have shown that the inner-product based non-malleable-extractor proposed by Li [2012] is quantum secure, however it required linear (in $n$) min-entropy and seed length. Using the connection between non-malleable-extractors and privacy amplification (established first in the quantum setting by Cohen and Vidick [2017]), we get a $2$-round privacy amplification protocol that is secure against active quantum adversaries with communication $textsf{poly}left(log left( frac{n}{epsilon} right)right)$, exponentially improving upon the linear communication required by the protocol due to [2019]. 2) We construct an explicit quantum secure $2$-source non-malleable-extractor for min-entropy $k geq n- n^{Omega(1)}$, with an output of size $n^{Omega(1)}$ and error $2^{- n^{Omega(1)}}$. 3) We also study their natural extensions when the tampering of the inputs is performed $t$-times. We construct explicit quantum secure $t$-non-malleable-extractors for both seeded ($t=d^{Omega(1)}$) as well as $2$-source case ($t=n^{Omega(1)}$).
Non-malleable secret sharing was recently proposed by Goyal and Kumar in independent tampering and joint tampering models for threshold secret sharing (STOC18) and secret sharing with general access structure (CRYPTO18). The idea of making secret sharing non-malleable received great attention and by now has generated many papers exploring new frontiers in this topic, such as multiple-time tampering and adding leakage resiliency to the one-shot tampering model. Non-compartmentalized tampering model was first studied by Agrawal et.al (CRYPTO15) for non-malleability against permutation composed with bit-wise independent tampering, and shown useful in constructing non-malleable string commitments. We initiate the study of leakage-resilient secret sharing in the non-compartmentalized model. The leakage adversary can corrupt several players and obtain their shares, as in normal secret sharing. The leakage adversary can apply arbitrary affine functions with bounded total output length to the full share vector and obtain the outputs as leakage. These two processes can be both non-adaptive and do not depend on each other, or both adaptive and depend on each other with arbitrary ordering. We construct such leakage-resilient secret sharing schemes and achieve constant information ratio (the scheme for non-adaptive adversary is near optimal). We then explore making the non-compartmentalized leakage-resilient secret sharing also non-malleable against tampering. We consider a tampering model, where the adversary can use the shares obtained from the corrupted players and the outputs of the global leakage functions to choose a tampering function from a tampering family F. We give two constructions of such leakage-resilient non-malleable secret sharing for the case F is the bit-wise independent tampering and, respectively, for the case F is the affine tampering functions.
We present a new oblivious RAM that supports variable-sized storage blocks (vORAM), which is the first ORAM to allow varying block sizes without trivial padding. We also present a new history-independent data structure (a HIRB tree) that can be stored within a vORAM. Together, this construction provides an efficient and practical oblivious data structure (ODS) for a key/value map, and goes further to provide an additional privacy guarantee as compared to prior ODS maps: even upon client compromise, deleted data and the history of old operations remain hidden to the attacker. We implement and measure the performance of our system using Amazon Web Services, and the single-operation time for a realistic database (up to $2^{18}$ entries) is less than 1 second. This represents a 100x speed-up compared to the current best oblivious map data structure (which provides neither secure deletion nor history independence) by Wang et al. (CCS 14).