Do you want to publish a course? Click here

Breaking and Fixing Unlinkability of the Key Agreement Protocol for 2nd Gen EMV Payments

198   0   0.0 ( 0 )
 Added by Semyon Yurkov
 Publication date 2021
and research's language is English




Ask ChatGPT about the research

To address privacy problems with the EMV standard, EMVco proposed a Blinded Diffie-Hellman key establishment protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposed protocol, despite the fact that an active attacker can compromise unlinkability. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVco where we make use of Verheul certificates. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.



rate research

Read More

Wireless Body Sensor Network (WBSN) is a developing technology with constraints in energy consumption, coverage radius, communication reliability. Also, communications between nodes contain very sensitive personal information in which sometimes due to the presence of hostile environments, there are a wide range of security risks. As such, designing authenticated key agreement (AKA) protocols is an important challenge in these networks. Recently, Li et al. proposed a lightweight scheme using the hash and XOR functions which is much more efficient compared with similar schemes based on elliptic curve. However, the investigations revealed that the claim concerning the unlinkability between the sessions of a sensor node is NOT true. The present paper considers the security issues of the scheme proposed by Li et al. and some of its new extensions in order to propose a new AKA scheme with anonymity and unlinkability of the sensor node sessions. The results of theoretical analysis compared with similar schemes indicate that the proposed scheme reduces average energy consumption and average computation time by 61 percent while reduces the average communication cost by 41 percent. Further, it has been shown by formal and informal analysis that, Besides the two anonymity and unlinkability features, the other main features of the security in the proposed scheme are comparable and similar to the recent similar schemes.
Key-agreement protocols whose security is proven in the random oracle model are an important alternative to protocols based on public-key cryptography. In the random oracle model, the parties and the eavesdropper have access to a shared random function (an oracle), but the parties are limited in the number of queries they can make to the oracle. The random oracle serves as an abstraction for black-box access to a symmetric cryptographic primitive, such as a collision resistant hash. Unfortunately, as shown by Impagliazzo and Rudich [STOC 89] and Barak and Mahmoody [Crypto 09], such protocols can only guarantee limited secrecy: the key of any $ell$-query protocol can be revealed by an $O(ell^2)$-query adversary. This quadratic gap between the query complexity of the honest parties and the eavesdropper matches the gap obtained by the Merkles Puzzles protocol of Merkle [CACM 78]. In this work we tackle a new aspect of key-agreement protocols in the random oracle model: their communication complexity. In Merkles Puzzles, to obtain secrecy against an eavesdropper that makes roughly $ell^2$ queries, the honest parties need to exchange $Omega(ell)$ bits. We show that for protocols with certain natural properties, ones that Merkles Puzzle has, such high communication is unavoidable. Specifically, this is the case if the honest parties queries are uniformly random, or alternatively if the protocol uses non-adaptive queries and has only two rounds. Our proof for the first setting uses a novel reduction from the set-disjointness problem in two-party communication complexity. For the second setting we prove the lower bound directly, using information-theoretic arguments.
Utilizing the advantage of quantum entanglement swapping, a multi-party quantum key agreement protocol with authentication is proposed. In this protocol, a semi-trusted third party is introduced, who prepares Bell states, and sends one particle to multiple participants respectively. After that the participants can share a Greenberger-Horne-Zeilinger state by entanglement swapping. Finally, these participants measure the particles in their hands and obtain an agreement key. Here, classical hash function and Hadamard operation are utilized to authenticate the identity of participants. The correlations of GHZ states ensure the security of the proposed protocol. To illustrated it detailly, the security of this protocol against common attacks is analyzed, which shows that the proposed protocol is secure in theory.
The recent Spectre attacks has demonstrated the fundamental insecurity of current computer microarchitecture. The attacks use features like pipelining, out-of-order and speculation to extract arbitrary information about the memory contents of a process. A comprehensive formal microarchitectural model capable of representing the forms of out-of-order and speculative behavior that can meaningfully be implemented in a high performance pipelined architecture has not yet emerged. Such a model would be very useful, as it would allow the existence and non-existence of vulnerabilities, and soundness of countermeasures to be formally established. In this paper we present such a model targeting single core processors. The model is intentionally very general and provides an infrastructure to define models of real CPUs. It incorporates microarchitectural features that underpin all known Spectre vulnerabilities. We use the model to elucidate the security of existing and new vulnerabilities, as well as to formally analyze the effectiveness of proposed countermeasures. Specifically, we discover three new (potential) vulnerabilities, including a new variant of Spectre v4, a vulnerability on speculative fetching, and a vulnerability on out-of-order execution, and analyze the effectiveness of three existing countermeasures: constant time, Retpoline, and ARMs Speculative Store Bypass Safe (SSBS).
We prove that every key agreement protocol in the random oracle model in which the honest users make at most $n$ queries to the oracle can be broken by an adversary who makes $O(n^2)$ queries to the oracle. This improves on the previous $widetilde{Omega}(n^6)$ query attack given by Impagliazzo and Rudich (STOC 89) and resolves an open question posed by them. Our bound is optimal up to a constant factor since Merkle proposed a key agreement protocol in 1974 that can be easily implemented with $n$ queries to a random oracle and cannot be broken by any adversary who asks $o(n^2)$ queries.
comments
Fetching comments Fetching comments
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا