Pub Date : 2013-07-29DOI: 10.5220/0004534904530460
C. Patsakis
The theoretical security that modern encryption algorithms are providing, leads researchers to new attack scenarios which are more implementation centric. By discovering hardware or software flaws that can recover some information about the decryption key, cryptanalysts try to exploit this knowledge. Therefore, many side channel attacks have appeared, illustrating that the concept of having secure code or even embedding all cryptographic functions in hardware modules, in many cases in not adequate. The aim of this work is to illustrate how partial information can be used to exploit the extracted information, leading to full reconstruction of the private key of RSA, for some implementations of the algorithm where the LSB has been selected to fit several constraints. More precisely, we study the case where the LSB half of the primes is identical or when there is a linear equation that mixes the LSB halves of the two primes.
{"title":"Recovering RSA private keys on implementations with tampered LSBs","authors":"C. Patsakis","doi":"10.5220/0004534904530460","DOIUrl":"https://doi.org/10.5220/0004534904530460","url":null,"abstract":"The theoretical security that modern encryption algorithms are providing, leads researchers to new attack scenarios which are more implementation centric. By discovering hardware or software flaws that can recover some information about the decryption key, cryptanalysts try to exploit this knowledge. Therefore, many side channel attacks have appeared, illustrating that the concept of having secure code or even embedding all cryptographic functions in hardware modules, in many cases in not adequate. The aim of this work is to illustrate how partial information can be used to exploit the extracted information, leading to full reconstruction of the private key of RSA, for some implementations of the algorithm where the LSB has been selected to fit several constraints. More precisely, we study the case where the LSB half of the primes is identical or when there is a linear equation that mixes the LSB halves of the two primes.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116679360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004475204710477
Daniel Santana de Freitas, Jorge Nakahara
We report on linear analyses of block-cipher based compression and hash functions. Our aim is not to find collisions nor (second) preimages, but to detect non-random properties that may distinguish a compression or hash function from an ideal primitive (random oracle). We study single-block modes of operation such as Davies-Meyer (DM), Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) and double-block modes such as Hirose's, Tandem-DM, Parallel-DM and Abreast-DM. This paper points out weaknesses coming from the feedforward operation used in these hash modes. We use an inside-out approach: we show how a weakness (linear relation) in the underlying block cipher can propagate to the compression function and eventually to the whole hash function. To demonstrate our ideas, we instantiate the block cipher underlying these modes with 21-round PRESENT, the full 16-round DES and 9-round Serpent. For instance, in DM-PRESENT-80 mode, we can distinguish the hash function from an ideal primitive with 264 hash computations.
{"title":"Non-random properties of compression and Hash functions using linear cryptanalysis","authors":"Daniel Santana de Freitas, Jorge Nakahara","doi":"10.5220/0004475204710477","DOIUrl":"https://doi.org/10.5220/0004475204710477","url":null,"abstract":"We report on linear analyses of block-cipher based compression and hash functions. Our aim is not to find collisions nor (second) preimages, but to detect non-random properties that may distinguish a compression or hash function from an ideal primitive (random oracle). We study single-block modes of operation such as Davies-Meyer (DM), Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) and double-block modes such as Hirose's, Tandem-DM, Parallel-DM and Abreast-DM. This paper points out weaknesses coming from the feedforward operation used in these hash modes. We use an inside-out approach: we show how a weakness (linear relation) in the underlying block cipher can propagate to the compression function and eventually to the whole hash function. To demonstrate our ideas, we instantiate the block cipher underlying these modes with 21-round PRESENT, the full 16-round DES and 9-round Serpent. For instance, in DM-PRESENT-80 mode, we can distinguish the hash function from an ideal primitive with 264 hash computations.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125026128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004530905430548
Mickaël Cazorla, K. Marquet, M. Minier
For security applications in wireless sensor networks (WSNs), choosing best algorithms in terms of energy-efficiency and of small memory requirements is a real challenge because the sensor networks must be autonomous. In (Eisenbarth et al., 2012; Law et al., 2006), the authors have benchmarked on a dedicated platform some block-ciphers and have deduced the best candidates to use in the context of small embedded platforms. This article proposes to study on a dedicated platform of sensors most of the recent lightweight block ciphers as well as some conventional block ciphers. First, we describe the design of the chosen block ciphers with a security summary and we then present some implementation tests performed on our platform.
对于无线传感器网络(WSNs)中的安全应用,由于传感器网络必须是自治的,因此在能效和小内存要求方面选择最佳算法是一个真正的挑战。In (Eisenbarth et al., 2012);Law et al., 2006),作者在专用平台上对一些分组密码进行了基准测试,并推导出在小型嵌入式平台上下文中使用的最佳候选。本文提出在专用的传感器平台上研究大多数最新的轻量级分组密码以及一些传统的分组密码。首先,我们用安全摘要描述所选分组密码的设计,然后介绍在我们的平台上执行的一些实现测试。
{"title":"Survey and benchmark of lightweight block ciphers for wireless sensor networks","authors":"Mickaël Cazorla, K. Marquet, M. Minier","doi":"10.5220/0004530905430548","DOIUrl":"https://doi.org/10.5220/0004530905430548","url":null,"abstract":"For security applications in wireless sensor networks (WSNs), choosing best algorithms in terms of energy-efficiency and of small memory requirements is a real challenge because the sensor networks must be autonomous. In (Eisenbarth et al., 2012; Law et al., 2006), the authors have benchmarked on a dedicated platform some block-ciphers and have deduced the best candidates to use in the context of small embedded platforms. This article proposes to study on a dedicated platform of sensors most of the recent lightweight block ciphers as well as some conventional block ciphers. First, we describe the design of the chosen block ciphers with a security summary and we then present some implementation tests performed on our platform.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122703905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004600405680573
Z. Schreuders, Adil M. Bhat
A majority of home users rely on their Internet service providers (ISPs) to provide them with wireless equipment that is secure, and assume that they are appropriately protected from threats such as piggybacking and eavesdropping. In this paper we present the results of an empirical study comparing the security provided to home users by their ISPs. Passive wireless data collection was used to gather information on 7,847 unique wireless access points within Leeds, UK. Non-parametric inferential statistical analysis was used to compare the security provided by the corresponding ISPs, as identified via the SSID naming used by ISPs in the UK. The ISPs identified included BT, O2, Orange, Plus Net, Sky, TalkTalk, and Virgin Media. Statistically significant differences in the security of the networks were found between ISPs, which we contend can in part be explained by their upgrade policies. These results are contrasted with the security configuration provided by three of the largest ISPs to new customers. For example, BT (the largest ISP in the UK) was found to have a greater number of access points configured with the cryptographically broken Wireless Equivalent Privacy (WEP) encryption method in use, compared to most of the other large ISPs, and this is in contrast to the favourable security configuration of the routers that are provided to new customers. The paper concludes with recommendations for when ISPs provide Wi-Fi enabled routers to home users.
{"title":"Not all ISPs equally secure home users: An empirical study comparing Wi-Fi security provided by UK ISPs","authors":"Z. Schreuders, Adil M. Bhat","doi":"10.5220/0004600405680573","DOIUrl":"https://doi.org/10.5220/0004600405680573","url":null,"abstract":"A majority of home users rely on their Internet service providers (ISPs) to provide them with wireless equipment that is secure, and assume that they are appropriately protected from threats such as piggybacking and eavesdropping. In this paper we present the results of an empirical study comparing the security provided to home users by their ISPs. Passive wireless data collection was used to gather information on 7,847 unique wireless access points within Leeds, UK. Non-parametric inferential statistical analysis was used to compare the security provided by the corresponding ISPs, as identified via the SSID naming used by ISPs in the UK. The ISPs identified included BT, O2, Orange, Plus Net, Sky, TalkTalk, and Virgin Media. Statistically significant differences in the security of the networks were found between ISPs, which we contend can in part be explained by their upgrade policies. These results are contrasted with the security configuration provided by three of the largest ISPs to new customers. For example, BT (the largest ISP in the UK) was found to have a greater number of access points configured with the cryptographically broken Wireless Equivalent Privacy (WEP) encryption method in use, compared to most of the other large ISPs, and this is in contrast to the favourable security configuration of the routers that are provided to new customers. The paper concludes with recommendations for when ISPs provide Wi-Fi enabled routers to home users.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126996412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004532702300241
Sonia Belaïd, L. Bettale, Emmanuelle Dottax, Laurie Genelle, Franck Rondepierre
As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2007, McEvoy et al. proposed a differential power analysis attack against HMAC instantiated with hash functions from the SHA-2 family. Their attack works in the Hamming distance leakage model and makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted implementation. Furthermore, our attack can be adapted to the Hamming distance model with weaker assumptions on the implementation. We show the feasibility of our attack on simulations, and we study its overall cost and success rate. We also provide an evaluation of the performance overhead induced by the countermeasures necessary to avoid the attack.
{"title":"Differential power analysis of HMAC SHA-2 in the Hamming weight model","authors":"Sonia Belaïd, L. Bettale, Emmanuelle Dottax, Laurie Genelle, Franck Rondepierre","doi":"10.5220/0004532702300241","DOIUrl":"https://doi.org/10.5220/0004532702300241","url":null,"abstract":"As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2007, McEvoy et al. proposed a differential power analysis attack against HMAC instantiated with hash functions from the SHA-2 family. Their attack works in the Hamming distance leakage model and makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted implementation. Furthermore, our attack can be adapted to the Hamming distance model with weaker assumptions on the implementation. We show the feasibility of our attack on simulations, and we study its overall cost and success rate. We also provide an evaluation of the performance overhead induced by the countermeasures necessary to avoid the attack.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126476772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004436600050014
Luis Campo-Giralte, C. Conde, Isaac Martín de Diego, E. Cabello
This article proposes and implements a light-weight covert channel called InCC, which is designed to produce a undetectable communication channel between systems. This channel, fully transparent to any network analysis, is able to send messages on the same production network without compromising its existence. By using techniques like encryption, address spoofing, signatures and traffic analysis, the channel is able to hide the flows on the network without compromising the source and destination.
{"title":"InCC: Hiding information by Mimicking traffic in network flows","authors":"Luis Campo-Giralte, C. Conde, Isaac Martín de Diego, E. Cabello","doi":"10.5220/0004436600050014","DOIUrl":"https://doi.org/10.5220/0004436600050014","url":null,"abstract":"This article proposes and implements a light-weight covert channel called InCC, which is designed to produce a undetectable communication channel between systems. This channel, fully transparent to any network analysis, is able to send messages on the same production network without compromising its existence. By using techniques like encryption, address spoofing, signatures and traffic analysis, the channel is able to hide the flows on the network without compromising the source and destination.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"300 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125757834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004528805370542
Saeed Rostami, S. B. Chafjiri, Seyed Amir Hossein Tabatabaei
The HIGHT algorithm is a 64-bit block cipher with 128-bit key length, at CHES'06 as a lightweight cryptographic algorithm. In this paper, a new related-key impossible differential attack on the full-round algorithm is introduced. Our cryptanalysis requires time complexity of 2127.276 HIGHT evaluations which is slightly faster than exhaustive search attack. This is the first related-key impossible differential cryptanalysis on the full-round HIGHT block cipher.
{"title":"Related-key impossible differential cryptanalysis of full-round HIGHT","authors":"Saeed Rostami, S. B. Chafjiri, Seyed Amir Hossein Tabatabaei","doi":"10.5220/0004528805370542","DOIUrl":"https://doi.org/10.5220/0004528805370542","url":null,"abstract":"The HIGHT algorithm is a 64-bit block cipher with 128-bit key length, at CHES'06 as a lightweight cryptographic algorithm. In this paper, a new related-key impossible differential attack on the full-round algorithm is introduced. Our cryptanalysis requires time complexity of 2127.276 HIGHT evaluations which is slightly faster than exhaustive search attack. This is the first related-key impossible differential cryptanalysis on the full-round HIGHT block cipher.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"355 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132691628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004507003130320
Shoichi Hirose, H. Kuwakado
In 2008, Kundu and Bertino proposed a structural signature scheme for tree-structured data. A signature generated by the scheme is redactable: for given tree-structured data and its signature, it is possible to compute signatures of subtrees of the given tree without the secret signing key. Brzuska et al. formalized security requirements of such kind of redactable signature schemes. They also proposed a provably secure redactable signature scheme for tree-structured data using an ordinary signature scheme. This paper presents a new redactable signature scheme for tree-structured data using an ordinary signature scheme and a Merkle tree constructed by a keyed hash function such as HMAC. The proposed scheme assumes that the out-degree of each node in a tree is at most constant. It is also shown that the proposed scheme is provably secure under standard security assumptions of the underlying primitives. The proposed scheme first generates a digest of given tree-structured data based on the Merkle tree using the keyed hash function, and computes a single signature for the digest using the ordinary signature scheme. On the other hand, the total number of signatures required by previous provably secure schemes is at least as large as that of the nodes of the tree.
{"title":"Redactable signature scheme for tree-structured data based on Merkle tree","authors":"Shoichi Hirose, H. Kuwakado","doi":"10.5220/0004507003130320","DOIUrl":"https://doi.org/10.5220/0004507003130320","url":null,"abstract":"In 2008, Kundu and Bertino proposed a structural signature scheme for tree-structured data. A signature generated by the scheme is redactable: for given tree-structured data and its signature, it is possible to compute signatures of subtrees of the given tree without the secret signing key. Brzuska et al. formalized security requirements of such kind of redactable signature schemes. They also proposed a provably secure redactable signature scheme for tree-structured data using an ordinary signature scheme. This paper presents a new redactable signature scheme for tree-structured data using an ordinary signature scheme and a Merkle tree constructed by a keyed hash function such as HMAC. The proposed scheme assumes that the out-degree of each node in a tree is at most constant. It is also shown that the proposed scheme is provably secure under standard security assumptions of the underlying primitives. The proposed scheme first generates a digest of given tree-structured data based on the Merkle tree using the keyed hash function, and computes a single signature for the digest using the ordinary signature scheme. On the other hand, the total number of signatures required by previous provably secure schemes is at least as large as that of the nodes of the tree.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123979332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004498200270038
Liran Lerman, Jorge Nakahara, Nikita Veshchikov
This paper discusses the impact of a simple strategy in block cipher design: rearranging the internal cipher components. We report on a test case in which we observed a significant upgrade on a cipher's security. We applied this approach in practice and report on an updated design of the IDEA block cipher, in which we swapped all exclusive-or operations for multiplications. The consequences of these modifications are far reaching: there are no more weak multiplicative subkeys (because multiplications are not keyed anymore) and overall diffusion improves sharply in the encryption framework. The unkeyed multiplication is novel in itself since it did not exist in IDEA as a primitive operation and it alone guarantees stronger diffusion than the exclusive-or operation. Moreover, our analysis so far indicate that the new cipher resists better than IDEA and AES against old and new attacks such as the recent biclique technique and the combined Biryukov-Demirci meet-in-the-middle attack. Experiments on an 8-bit microcontroller indicate the new design has about the same performance as IDEA. A theoretical analysis also suggests the new design is more resistant to power analysis than IDEA.
{"title":"Improving block cipher design by rearranging internal operations","authors":"Liran Lerman, Jorge Nakahara, Nikita Veshchikov","doi":"10.5220/0004498200270038","DOIUrl":"https://doi.org/10.5220/0004498200270038","url":null,"abstract":"This paper discusses the impact of a simple strategy in block cipher design: rearranging the internal cipher components. We report on a test case in which we observed a significant upgrade on a cipher's security. We applied this approach in practice and report on an updated design of the IDEA block cipher, in which we swapped all exclusive-or operations for multiplications. The consequences of these modifications are far reaching: there are no more weak multiplicative subkeys (because multiplications are not keyed anymore) and overall diffusion improves sharply in the encryption framework. The unkeyed multiplication is novel in itself since it did not exist in IDEA as a primitive operation and it alone guarantees stronger diffusion than the exclusive-or operation. Moreover, our analysis so far indicate that the new cipher resists better than IDEA and AES against old and new attacks such as the recent biclique technique and the combined Biryukov-Demirci meet-in-the-middle attack. Experiments on an 8-bit microcontroller indicate the new design has about the same performance as IDEA. A theoretical analysis also suggests the new design is more resistant to power analysis than IDEA.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114983823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-07-29DOI: 10.5220/0004532102190229
Mehdi Khalfaoui, R. Molva, L. Gomez
Risk management practices, techniques and tools with respect to companies' supply chains have begun to receive more attention recently, as the need to improve supply chain performances has increased in order to keep the balance between financial considerations and those of the customer interests. With the multiplication of intermediate actors, a single threat at one point might compromise the safety of the all actors involved in the supply chain process. Therefore, there is a clear need for product tracking in order to trace anomalies for mitigation of potential threats in the future. Traditional approaches rely on operator-assisted verification procedures that mainly suffer from the lack of global coverage. In this paper, we propose an automated process to securely trace the supply chain actors that interact with the product, as well as the operations that were performed, and the alerts that got raised. The core component of this process is wireless sensor nodes attached to the product. Empowered with sensing capabilities, wireless sensor nodes are meant to raise alert in case of detection of an anomaly. Our solution allows for tracing the path taken by a product and the recording of the alerts that got raised, while preserving the actors' privacy. The solution combines a polynomial path encoding technique, together with additive homomorphic encryption to ensure the correctness of the path taken by a product, and to preserve the privacy of the actors, respectively.
{"title":"Secure alert tracking in supply chain","authors":"Mehdi Khalfaoui, R. Molva, L. Gomez","doi":"10.5220/0004532102190229","DOIUrl":"https://doi.org/10.5220/0004532102190229","url":null,"abstract":"Risk management practices, techniques and tools with respect to companies' supply chains have begun to receive more attention recently, as the need to improve supply chain performances has increased in order to keep the balance between financial considerations and those of the customer interests. With the multiplication of intermediate actors, a single threat at one point might compromise the safety of the all actors involved in the supply chain process. Therefore, there is a clear need for product tracking in order to trace anomalies for mitigation of potential threats in the future. Traditional approaches rely on operator-assisted verification procedures that mainly suffer from the lack of global coverage. In this paper, we propose an automated process to securely trace the supply chain actors that interact with the product, as well as the operations that were performed, and the alerts that got raised. The core component of this process is wireless sensor nodes attached to the product. Empowered with sensing capabilities, wireless sensor nodes are meant to raise alert in case of detection of an anomaly. Our solution allows for tracing the path taken by a product and the recording of the alerts that got raised, while preserving the actors' privacy. The solution combines a polynomial path encoding technique, together with additive homomorphic encryption to ensure the correctness of the path taken by a product, and to preserve the privacy of the actors, respectively.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116910237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: