Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301317
B. Blanchet
We present a new automatic technique for proving strong secrecy for security protocols. Strong secrecy means that an adversary cannot see any difference when the value of the secret changes. Our technique relies on an automatic translation of the protocol into Horn clauses, and a resolution algorithm on the clauses. It requires important extensions with respect to previous work for the proof of (standard) secrecy and authenticity. This technique can handle a wide range of cryptographic primitives, and yields proofs valid for an unbounded number of sessions and an unbounded message space; it is also flexible and efficient. We have proved its correctness, implemented it, and tested it on several examples of protocols including JFK by W. Aiello et al. (2002).
{"title":"Automatic proof of strong secrecy for security protocols","authors":"B. Blanchet","doi":"10.1109/SECPRI.2004.1301317","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301317","url":null,"abstract":"We present a new automatic technique for proving strong secrecy for security protocols. Strong secrecy means that an adversary cannot see any difference when the value of the secret changes. Our technique relies on an automatic translation of the protocol into Horn clauses, and a resolution algorithm on the clauses. It requires important extensions with respect to previous work for the proof of (standard) secrecy and authenticity. This technique can handle a wide range of cryptographic primitives, and yields proofs valid for an unbounded number of sessions and an unbounded message space; it is also flexible and efficient. We have proved its correctness, implemented it, and tested it on several examples of protocols including JFK by W. Aiello et al. (2002).","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123595557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301327
Anna Lysyanskaya, R. Tamassia, Nikos Triandopoulos
We study a general version of the multicast authentication problem where the underlying network, controlled by an adversary, may drop chosen packets, rearrange the order of the packets in an arbitrary way, and inject new packets into the transmitted stream. Prior work on the problem has focused on less general models, where random, rather than adversarially-selected packets may be dropped and altered, or no additional packets may be injected into the stream. We describe an efficient and scalable authentication scheme that is based on a novel combination of error-correcting codes with standard cryptographic primitives. We prove the security of our scheme and analyze its performance in terms of the computational effort at the sender and receiver and the communication overhead. We also discuss specific design and implementation choices and compare our scheme with previously proposed approaches.
{"title":"Multicast authentication in fully adversarial networks","authors":"Anna Lysyanskaya, R. Tamassia, Nikos Triandopoulos","doi":"10.1109/SECPRI.2004.1301327","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301327","url":null,"abstract":"We study a general version of the multicast authentication problem where the underlying network, controlled by an adversary, may drop chosen packets, rearrange the order of the packets in an arbitrary way, and inject new packets into the transmitted stream. Prior work on the problem has focused on less general models, where random, rather than adversarially-selected packets may be dropped and altered, or no additional packets may be injected into the stream. We describe an efficient and scalable authentication scheme that is based on a novel combination of error-correcting codes with standard cryptographic primitives. We prove the security of our scheme and analyze its performance in terms of the computational effort at the sender and receiver and the communication overhead. We also discuss specific design and implementation choices and compare our scheme with previously proposed approaches.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"25 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132968328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301314
Philip W. L. Fong
Software execution environments like operating systems, mobile code platforms and scriptable applications must protect themselves against potential damages caused by malicious code. Monitoring the execution history of the latter provides an effective means for controlling the access pattern of system services. Several authors have recently proposed increasingly general automata models for characterizing various classes of security policies enforceable by execution monitoring. An open question raised by Bauer, Ligatti and Walker is whether one can further classify the space of security policies by constraining the capabilities of the execution monitor. This paper presents a novel information-based approach to address the research problem. Specifically, security policies are characterized by the information consumed by an enforcing execution monitor. By restricting the execution monitor to track only a shallow history of previously granted access events, a precise characterization of a class of security policies enforceable by restricted access to information is identified. Although provably less expressive than the general class of policies enforceable by execution monitoring, this class does contain naturally occurring policies including Chinese Wall policy, low-water-mark policy, one-out-of-k authorization, assured pipelines, etc. Encouraged by this success, the technique is generalized to produce a lattice of policy classes. Within the lattice, policy classes are ordered by the information required for enforcing member policies. Such a fine-grained policy classification lays the semantic foundation for future studies on special-purpose policy languages.
{"title":"Access control by tracking shallow execution history","authors":"Philip W. L. Fong","doi":"10.1109/SECPRI.2004.1301314","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301314","url":null,"abstract":"Software execution environments like operating systems, mobile code platforms and scriptable applications must protect themselves against potential damages caused by malicious code. Monitoring the execution history of the latter provides an effective means for controlling the access pattern of system services. Several authors have recently proposed increasingly general automata models for characterizing various classes of security policies enforceable by execution monitoring. An open question raised by Bauer, Ligatti and Walker is whether one can further classify the space of security policies by constraining the capabilities of the execution monitor. This paper presents a novel information-based approach to address the research problem. Specifically, security policies are characterized by the information consumed by an enforcing execution monitor. By restricting the execution monitor to track only a shallow history of previously granted access events, a precise characterization of a class of security policies enforceable by restricted access to information is identified. Although provably less expressive than the general class of policies enforceable by execution monitoring, this class does contain naturally occurring policies including Chinese Wall policy, low-water-mark policy, one-out-of-k authorization, assured pipelines, etc. Encouraged by this success, the technique is generalized to produce a lattice of policy classes. Within the lattice, policy classes are ordered by the information required for enforcing member policies. Such a fine-grained policy classification lays the semantic foundation for future studies on special-purpose policy languages.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131329806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301316
Peeter Laud
In this article we present a technique for static analysis, correct with respect to complexity-theoretic definitions of security, of cryptographic protocols for checking whether these protocols satisfy confidentiality properties. The approach is similar to Abadi and Rogaway - we define patterns for cryptographic protocols (they did it for formal expressions), such that the protocol is secure iff the patterns are. We then statically analyse the patterns, they should be easier to analyse than the protocols themselves. We consider symmetric encryption as the cryptographic primitive in protocols. Handling this primitive has so far received comparatively less attention in approaches striving to unite the formal and computational models of cryptography.
{"title":"Symmetric encryption in automatic analyses for confidentiality against active adversaries","authors":"Peeter Laud","doi":"10.1109/SECPRI.2004.1301316","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301316","url":null,"abstract":"In this article we present a technique for static analysis, correct with respect to complexity-theoretic definitions of security, of cryptographic protocols for checking whether these protocols satisfy confidentiality properties. The approach is similar to Abadi and Rogaway - we define patterns for cryptographic protocols (they did it for formal expressions), such that the protocol is secure iff the patterns are. We then statically analyse the patterns, they should be easier to analyse than the protocols themselves. We consider symmetric encryption as the cryptographic primitive in protocols. Handling this primitive has so far received comparatively less attention in approaches striving to unite the formal and computational models of cryptography.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133120730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information-data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.
{"title":"Run-time principals in information-flow type systems","authors":"Stephen Tse, S. Zdancewic","doi":"10.1145/1290520.1290526","DOIUrl":"https://doi.org/10.1145/1290520.1290526","url":null,"abstract":"Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information-data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117074543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301311
D. Asonov, R. Agrawal
We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to recognize the key being pressed. We also investigate why different keys produce different sounds and provide hints for the design of homophonic keyboards that would be resistant to this type of attack.
{"title":"Keyboard acoustic emanations","authors":"D. Asonov, R. Agrawal","doi":"10.1109/SECPRI.2004.1301311","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301311","url":null,"abstract":"We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to recognize the key being pressed. We also investigate why different keys produce different sounds and provide hints for the design of homophonic keyboards that would be resistant to this type of attack.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133767873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301326
M. Krohn, M. Freedman, David Mazières
The quality of peer-to-peer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple block-by-block downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform on-the-fly verification of erasure-encoded blocks.
{"title":"On-the-fly verification of rateless erasure codes for efficient content distribution","authors":"M. Krohn, M. Freedman, David Mazières","doi":"10.1109/SECPRI.2004.1301326","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301326","url":null,"abstract":"The quality of peer-to-peer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple block-by-block downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform on-the-fly verification of erasure-encoded blocks.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127651522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2004-05-09DOI: 10.1109/SECPRI.2004.1301329
Arvind Seshadri, A. Perrig, L. V. Doorn, P. Khosla
We expect a future where we are surrounded by embedded devices, ranging from Java-enabled cell phones to sensor networks and smart appliances. An adversary can compromise our privacy and safety by maliciously modifying the memory contents of these embedded devices. In this paper, we propose a softWare-based attestation technique (SWATT) to verify the memory contents of embedded devices and establish the absence of malicious changes to the memory contents. SWATT does not need physical access to the device's memory, yet provides memory content attestation similar to TCG or NGSCB without requiring secure hardware. SWATT can detect any change in memory contents with high probability, thus detecting viruses, unexpected configuration settings, and Trojan Horses. To circumvent SWATT, we expect that an attacker needs to change the hardware to hide memory content changes. We present an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running.
{"title":"SWATT: softWare-based attestation for embedded devices","authors":"Arvind Seshadri, A. Perrig, L. V. Doorn, P. Khosla","doi":"10.1109/SECPRI.2004.1301329","DOIUrl":"https://doi.org/10.1109/SECPRI.2004.1301329","url":null,"abstract":"We expect a future where we are surrounded by embedded devices, ranging from Java-enabled cell phones to sensor networks and smart appliances. An adversary can compromise our privacy and safety by maliciously modifying the memory contents of these embedded devices. In this paper, we propose a softWare-based attestation technique (SWATT) to verify the memory contents of embedded devices and establish the absence of malicious changes to the memory contents. SWATT does not need physical access to the device's memory, yet provides memory content attestation similar to TCG or NGSCB without requiring secure hardware. SWATT can detect any change in memory contents with high probability, thus detecting viruses, unexpected configuration settings, and Trojan Horses. To circumvent SWATT, we expect that an attacker needs to change the hardware to hide memory content changes. We present an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128090136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: