In the field of symmetric key cryptography, the security against distinguishing attacks is one of the crucial security requirements. With advancements in computing capabilities and cryptanalysis techniques in recent years, more efficient methods have been proposed for exploring distinguishers using Mixed-Integer Linear Programing (MILP) or satisfiability problem (SAT), thereby updating the security bounds of various ciphers. Piccolo is a lightweight block cipher proposed at CHES in 2011, with support 80-bit and 128-bit keys. Designers have undergone a rough security evaluation against differential, impossible differential, and related-key differential attacks, based on nibble-wise estimations due to the limitation of computational resource. Here, the authors perform bit-level evaluations on Piccolo block cipher against differential, integral and impossible differential attacks by leveraging SAT-based approaches. For the first time, the authors succeed in identifying optimal differential distinguisher on 6 rounds in the single key setting, and on 10/12 rounds in the related-key setting for 80-bit and 128-bit keys, respectively. For integral attacks, the authors find integral distinguisher up to 7 rounds. Although the number of attacked rounds is the same as that of the previous attack, the authors find the 56th ordered integral distinguisher, which enable reducing the data complexity for attacks from 263 to 256. As a result, the authors find the 7-round impossible differentials which is the same number of rounds as the previous nibble-wise evaluation.
{"title":"Bit-level evaluation of piccolo block cipher by satisfiability problem solver","authors":"Shion Utsumi, Kosei Sakamoto, Takanori Isobe","doi":"10.1049/ise2.12119","DOIUrl":"https://doi.org/10.1049/ise2.12119","url":null,"abstract":"<p>In the field of symmetric key cryptography, the security against distinguishing attacks is one of the crucial security requirements. With advancements in computing capabilities and cryptanalysis techniques in recent years, more efficient methods have been proposed for exploring distinguishers using Mixed-Integer Linear Programing (MILP) or satisfiability problem (SAT), thereby updating the security bounds of various ciphers. Piccolo is a lightweight block cipher proposed at CHES in 2011, with support 80-bit and 128-bit keys. Designers have undergone a rough security evaluation against differential, impossible differential, and related-key differential attacks, based on nibble-wise estimations due to the limitation of computational resource. Here, the authors perform bit-level evaluations on Piccolo block cipher against differential, integral and impossible differential attacks by leveraging SAT-based approaches. For the first time, the authors succeed in identifying optimal differential distinguisher on 6 rounds in the single key setting, and on 10/12 rounds in the related-key setting for 80-bit and 128-bit keys, respectively. For integral attacks, the authors find integral distinguisher up to 7 rounds. Although the number of attacked rounds is the same as that of the previous attack, the authors find the 56th ordered integral distinguisher, which enable reducing the data complexity for attacks from 2<sup>63</sup> to 2<sup>56</sup>. As a result, the authors find the 7-round impossible differentials which is the same number of rounds as the previous nibble-wise evaluation.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"616-625"},"PeriodicalIF":1.4,"publicationDate":"2023-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12119","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50147304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor-based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in classifying specific applications due to more complicated traffic patterns in the spatial and temporal dimensions. As a solution, the authors propose FlowMFD, a novel Tor-based application traffic classification approach using amount-frequency-direction (MFD) chromatographic features and spatial-temporal modelling. Expressly, FlowMFD mines the interaction pattern between Tor applications and servers by analysing the time series features (TSFs) of different size packets. Then MFD chromatographic features (MFDCF) are designed to represent the pattern. Those features integrate multiple low-dimensional TSFs into a single plane and retain most pattern information. In addition, FlowMFD utilises a cascaded model with a two-dimensional convolutional neural network (2D-CNN) and a bidirectional gated recurrent unit to capture spatial-temporal dependencies between MFDCF. The authors evaluate FlowMFD under the public ISCXTor2016 dataset and the self-collected dataset, where we achieve an accuracy of 92.1% (4.2%↑) and 88.3% (4.5%↑), respectively, outperforming state-of-the-art comparison methods.
{"title":"FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling","authors":"Liukun He, Liangmin Wang, Keyang Cheng, Yifan Xu","doi":"10.1049/ise2.12118","DOIUrl":"https://doi.org/10.1049/ise2.12118","url":null,"abstract":"<p>Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor-based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in classifying specific applications due to more complicated traffic patterns in the spatial and temporal dimensions. As a solution, the authors propose FlowMFD, a novel Tor-based application traffic classification approach using amount-frequency-direction (MFD) chromatographic features and spatial-temporal modelling. Expressly, FlowMFD mines the interaction pattern between Tor applications and servers by analysing the time series features (TSFs) of different size packets. Then MFD chromatographic features (MFDCF) are designed to represent the pattern. Those features integrate multiple low-dimensional TSFs into a single plane and retain most pattern information. In addition, FlowMFD utilises a cascaded model with a two-dimensional convolutional neural network (2D-CNN) and a bidirectional gated recurrent unit to capture spatial-temporal dependencies between MFDCF. The authors evaluate FlowMFD under the public ISCXTor2016 dataset and the self-collected dataset, where we achieve an accuracy of 92.1% (4.2%↑) and 88.3% (4.5%↑), respectively, outperforming state-of-the-art comparison methods.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"598-615"},"PeriodicalIF":1.4,"publicationDate":"2023-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12118","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50143678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cong Sun, Xinpeng Xu, Yafei Wu, Dongrui Zeng, Gang Tan, Siqi Ma, Peicheng Wang
The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate understanding of how cryptographic misuses can undermine the security of an Android app is critical to the subsequent mitigation strategies but also challenging. Although various approaches have been proposed to detect cryptographic misuse in Android apps, studies have yet to focus on estimating the security risks of cryptographic misuse. To address this problem, the authors present an extensible framework for deciding the threat level of cryptographic misuse in Android apps. Firstly, the authors propose a general and unified specification for representing cryptographic misuses to make our framework extensible and develop adapters to unify the detection results of the state-of-the-art cryptographic misuse detectors, resulting in an adapter-based detection tool chain for a more comprehensive list of cryptographic misuses. Secondly, the authors employ a misuse-originating data-flow analysis to connect each cryptographic misuse to a set of data-flow sinks in an app, based on which the authors propose a quantitative data-flow-driven metric for assessing the overall risk of the app introduced by cryptographic misuses. To make the per-app assessment more useful for app vetting at the app-store level, the authors apply unsupervised learning to predict and classify the top risky threats to guide more efficient subsequent mitigation. In the experiments on an instantiated implementation of the framework, the authors evaluate the accuracy of our detection and the effect of data-flow-driven risk assessment of our framework. Our empirical study on over 40,000 apps, and the analysis of popular apps reveal important security observations on the real threats of cryptographic misuse in Android apps.
{"title":"CryptoEval: Evaluating the risk of cryptographic misuses in Android apps with data-flow analysis","authors":"Cong Sun, Xinpeng Xu, Yafei Wu, Dongrui Zeng, Gang Tan, Siqi Ma, Peicheng Wang","doi":"10.1049/ise2.12117","DOIUrl":"https://doi.org/10.1049/ise2.12117","url":null,"abstract":"<p>The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate understanding of how cryptographic misuses can undermine the security of an Android app is critical to the subsequent mitigation strategies but also challenging. Although various approaches have been proposed to detect cryptographic misuse in Android apps, studies have yet to focus on estimating the security risks of cryptographic misuse. To address this problem, the authors present an extensible framework for deciding the threat level of cryptographic misuse in Android apps. Firstly, the authors propose a general and unified specification for representing cryptographic misuses to make our framework extensible and develop adapters to unify the detection results of the state-of-the-art cryptographic misuse detectors, resulting in an adapter-based detection tool chain for a more comprehensive list of cryptographic misuses. Secondly, the authors employ a misuse-originating data-flow analysis to connect each cryptographic misuse to a set of data-flow sinks in an app, based on which the authors propose a quantitative data-flow-driven metric for assessing the overall risk of the app introduced by cryptographic misuses. To make the per-app assessment more useful for app vetting at the app-store level, the authors apply unsupervised learning to predict and classify the top risky threats to guide more efficient subsequent mitigation. In the experiments on an instantiated implementation of the framework, the authors evaluate the accuracy of our detection and the effect of data-flow-driven risk assessment of our framework. Our empirical study on over 40,000 apps, and the analysis of popular apps reveal important security observations on the real threats of cryptographic misuse in Android apps.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"582-597"},"PeriodicalIF":1.4,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12117","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50154035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ángel Luis Perales Gómez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, Félix J. García Clemente
When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.
{"title":"An interpretable semi-supervised system for detecting cyberattacks using anomaly detection in industrial scenarios","authors":"Ángel Luis Perales Gómez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, Félix J. García Clemente","doi":"10.1049/ise2.12115","DOIUrl":"https://doi.org/10.1049/ise2.12115","url":null,"abstract":"<p>When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"553-566"},"PeriodicalIF":1.4,"publicationDate":"2023-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12115","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50126571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zhe Jiang, Xiwen Wang, Kai Zhang, Junqing Gong, Jie Chen, Haifeng Qian
Identity-based Matchmaking Encryption (IB-ME) is an extension notion of matchmaking encryption (CRYPTO 2019), where a sender and a receiver can specify an access policy for the other party. In IB-ME, data encryption is performed by not only a receiver identity but also a sender's encryption key. Nevertheless, previous IB-ME schemes have not considered the problem of efficient revocation. Hence, the authors introduce a new notion of revocable IB-ME (RIB-ME) and formalise the syntax and security model of RIB-ME. In particular, the authors give an effective and simple construction of RIB-ME in the standard model, whose security is reduced to the hardness of decisional bilinear Diffie—Hellman problem and computational Diffie—Hellman problem. In addition, the authors show two extensions of our RIB-ME scheme to consider chosen-ciphertext security and forward privacy.
{"title":"Revocable identity-based matchmaking encryption in the standard model","authors":"Zhe Jiang, Xiwen Wang, Kai Zhang, Junqing Gong, Jie Chen, Haifeng Qian","doi":"10.1049/ise2.12116","DOIUrl":"https://doi.org/10.1049/ise2.12116","url":null,"abstract":"<p>Identity-based Matchmaking Encryption (IB-ME) is an extension notion of matchmaking encryption (CRYPTO 2019), where a sender and a receiver can specify an access policy for the other party. In IB-ME, data encryption is performed by not only a receiver identity but also a sender's encryption key. Nevertheless, previous IB-ME schemes have not considered the problem of <i>efficient revocation</i>. Hence, the authors introduce a new notion of revocable IB-ME (RIB-ME) and formalise the syntax and security model of RIB-ME. In particular, the authors give an effective and simple construction of RIB-ME in the standard model, whose security is reduced to the hardness of decisional bilinear Diffie—Hellman problem and computational Diffie—Hellman problem. In addition, the authors show two extensions of our RIB-ME scheme to consider chosen-ciphertext security and forward privacy.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 4","pages":"567-581"},"PeriodicalIF":1.4,"publicationDate":"2023-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12116","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50126572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
CRAFT is a lightweight block cipher designed by Beierle et al. to effectively resist differential fault attacks at fast software encryption 2019. In this article, Demirci-Selçuk meet-in-the-middle (DS-MITM) attacks on round-reduced CRAFT based on automatic search are proposed. A DS-MITM automatic search model for CRAFT was constructed, and then, the automatic search model was used to detect a 9-round DS-MITM distinguisher. The strong relations between the round-subtweakeys were observed and the key-dependent sieve technique was adopted to reduce the memory complexity of the attack. Based on the 9-round distinguisher, a 19-round DS-MITM attack can be presented. Due to the strong key relations, the time complexity can be reduced by the key-bridging technique and the equivalent round-subtweakey. The time complexity of the 19-round DS-MITM attack is 2114.68 19-round CRAFT encryption, the data complexity is 256 chosen plaintexts, and the memory complexity is 2109 64-bit blocks. Adding one round to the end of the 19-round DS-MITM attack, a 20-round DS-MITM attack can be proposed. The time complexity of the 20-round attack is 2126.94 20-round CRAFT encryption, the data complexity is 256 chosen plaintexts, and the memory complexity is 2109 64-bit blocks.
{"title":"Meet-in-the-middle attacks on round-reduced CRAFT based on automatic search","authors":"Zhangjun Ma, Manman Li, Shaozhen Chen","doi":"10.1049/ise2.12114","DOIUrl":"https://doi.org/10.1049/ise2.12114","url":null,"abstract":"<p>CRAFT is a lightweight block cipher designed by Beierle et al. to effectively resist differential fault attacks at fast software encryption 2019. In this article, Demirci-Selçuk meet-in-the-middle (DS-MITM) attacks on round-reduced CRAFT based on automatic search are proposed. A DS-MITM automatic search model for CRAFT was constructed, and then, the automatic search model was used to detect a 9-round DS-MITM distinguisher. The strong relations between the round-subtweakeys were observed and the key-dependent sieve technique was adopted to reduce the memory complexity of the attack. Based on the 9-round distinguisher, a 19-round DS-MITM attack can be presented. Due to the strong key relations, the time complexity can be reduced by the key-bridging technique and the equivalent round-subtweakey. The time complexity of the 19-round DS-MITM attack is 2<sup>114.68</sup> 19-round CRAFT encryption, the data complexity is 2<sup>56</sup> chosen plaintexts, and the memory complexity is 2<sup>109</sup> 64-bit blocks. Adding one round to the end of the 19-round DS-MITM attack, a 20-round DS-MITM attack can be proposed. The time complexity of the 20-round attack is 2<sup>126.94</sup> 20-round CRAFT encryption, the data complexity is 2<sup>56</sup> chosen plaintexts, and the memory complexity is 2<sup>109</sup> 64-bit blocks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"534-543"},"PeriodicalIF":1.4,"publicationDate":"2023-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12114","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50117512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Remote attestation, as a challenge-response protocol, enables a trusted entity, called verifier, to ask a potentially infected device, called prover, to provide integrity assurance about its internal state. Remote attestation is becoming increasingly vital for embedded systems that serve in many critical domains, as part of health, military, transportation and industry services, but still lack the most security features available to high-end systems. In most attestation techniques, the prover provides a cryptographic checksum of its static memory contents, that is, code segments, to the verifier when requested to demonstrate that the device is loaded with the right software. However, those measurements are subject to two limitations. First, they cannot guarantee that the prover has always had legitimate software in the memory prior to attestation. This is because occasional measurements, triggered by the verifier, still leave the device vulnerable to the compromise between two attestation windows as a time-of-check-to-time-of-use (TOCTOU) problem. Second, including dynamic memory regions in the checksum calculation is not helpful in practice, since the verifier typically does not know what those regions should contain or which checksums should be accepted as valid. Hence, many attack scenarios residing in those dynamic regions (e.g. stack) would also go unnoticed. To reveal attack scenarios exploiting the memory regions and time windows left unattested, we propose an attestation scheme that can continuously monitor both static and dynamic memory regions with better spatial and temporal attestation coverage. Our monitoring mechanism is designed to be performed in real time using a novel hardware security module (HSM) connected to the prover's system bus. The proposed HSM monitors not only the integrity of the code on the prover but also its execution by checking the compliance of the bits seen on the bus according to a runtime integrity model (RIM) of the prover's software. Therefore, our attestation scheme is capable of reporting scenarios that violate both the (static) code and (dynamic) runtime integrity since the deployment time.
{"title":"Hardware-assisted remote attestation design for critical embedded systems","authors":"Munir Geden, Kasper Rasmussen","doi":"10.1049/ise2.12113","DOIUrl":"https://doi.org/10.1049/ise2.12113","url":null,"abstract":"<p>Remote attestation, as a challenge-response protocol, enables a trusted entity, called <i>verifier</i>, to ask a potentially infected device, called <i>prover</i>, to provide integrity assurance about its internal state. Remote attestation is becoming increasingly vital for embedded systems that serve in many critical domains, as part of health, military, transportation and industry services, but still lack the most security features available to high-end systems. In most attestation techniques, the prover provides a cryptographic checksum of its static memory contents, that is, code segments, to the verifier when requested to demonstrate that the device is loaded with the right software. However, those measurements are subject to two limitations. First, they cannot guarantee that the prover has always had legitimate software in the memory prior to attestation. This is because occasional measurements, triggered by the verifier, still leave the device vulnerable to the compromise between two attestation windows as a time-of-check-to-time-of-use (TOCTOU) problem. Second, including dynamic memory regions in the checksum calculation is not helpful in practice, since the verifier typically does not know what those regions should contain or which checksums should be accepted as valid. Hence, many attack scenarios residing in those dynamic regions (e.g. stack) would also go unnoticed. To reveal attack scenarios exploiting the memory regions and time windows left unattested, we propose an attestation scheme that can continuously monitor both static and dynamic memory regions with better spatial and temporal attestation coverage. Our monitoring mechanism is designed to be performed in real time using a novel hardware security module (HSM) connected to the prover's system bus. The proposed HSM monitors not only the integrity of the code on the prover but also its execution by checking the compliance of the bits seen on the bus according to a runtime integrity model (RIM) of the prover's software. Therefore, our attestation scheme is capable of reporting scenarios that violate both the (static) code and (dynamic) runtime integrity since the deployment time.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"518-533"},"PeriodicalIF":1.4,"publicationDate":"2023-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12113","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50132835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zibo Zhou, Zongyang Zhang, Hongyu Tao, Tianyu Li, Boyu Zhao
Inner product arguments allow a prover to prove that the inner product of two committed vectors equals a public scalar. They are used to reduce the complexity of many cryptographic primitives, such as range proofs. Range proofs are deployed in numerous applications to prove that a committed value lies in a certain range. As core building blocks, their complexity largely determines the performance of corresponding applications. In this paper, we have optimised the inner product argument with statement including two vector commitments (IPAtvc) and range proof of Daza et al. (PKC’20), the inner product argument with statement including only one vector commitment (IPAovc) of Bünz et al. (S&P′18). For IPAtvc, we reduce the concrete communication complexity by 2 log2n field elements, where n is the vector dimension. For range proofs, we reduce the concrete communication and prover complexities by about 2 log2m field elements and 11m field multiplications, respectively, where m is the bit length of range. For IPAovc, we exponentially reduce the asymptotic verifier complexity from linear to logarithmic. Due to the asymptotic characteristics, our protocols are highly competitive when the vector dimension or bit length of range is large.
{"title":"Efficient inner product arguments and their applications in range proofs","authors":"Zibo Zhou, Zongyang Zhang, Hongyu Tao, Tianyu Li, Boyu Zhao","doi":"10.1049/ise2.12111","DOIUrl":"https://doi.org/10.1049/ise2.12111","url":null,"abstract":"<p>Inner product arguments allow a prover to prove that the inner product of two committed vectors equals a public scalar. They are used to reduce the complexity of many cryptographic primitives, such as range proofs. Range proofs are deployed in numerous applications to prove that a committed value lies in a certain range. As core building blocks, their complexity largely determines the performance of corresponding applications. In this paper, we have optimised the inner product argument with statement including two vector commitments (IPA<sub>tvc</sub>) and range proof of Daza et al. (PKC’20), the inner product argument with statement including only one vector commitment (IPA<sub>ovc</sub>) of Bünz et al. (S&P′18). For IPA<sub>tvc</sub>, we reduce the concrete communication complexity by 2 log<sub>2</sub><i>n</i> field elements, where <i>n</i> is the vector dimension. For range proofs, we reduce the concrete communication and prover complexities by about 2 log<sub>2</sub><i>m</i> field elements and 11<i>m</i> field multiplications, respectively, where <i>m</i> is the bit length of range. For IPA<sub>ovc</sub>, we exponentially reduce the asymptotic verifier complexity from linear to logarithmic. Due to the asymptotic characteristics, our protocols are highly competitive when the vector dimension or bit length of range is large.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"485-504"},"PeriodicalIF":1.4,"publicationDate":"2023-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12111","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50125357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.
{"title":"A fast user actual privilege reasoning framework based on privilege dependency graph reduction","authors":"Wei Bai, Angxuan Cheng, Cailing Wang, Zhisong Pan","doi":"10.1049/ise2.12112","DOIUrl":"https://doi.org/10.1049/ise2.12112","url":null,"abstract":"<p>It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"505-517"},"PeriodicalIF":1.4,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12112","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50137415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nonce-misuse resilience (NMRL) security of Romulus-N and GIFT-COFB is analysed, the two finalists of NIST Lightweight Cryptography project for standardising lightweight authenticated encryption. NMRL, introduced by Ashur et al. at CRYPTO 2017, is a relaxed security notion from a stronger, nonce-misuse resistance notion. The authors have proved that Romulus-N and GIFT- COFB have nonce-misuse resilience. For Romulus-N, the perfect privacy (NMRL-PRIV) and n/2-bit authenticity (NMRL-AUTH) with graceful degradation with respect to nonce repetition are showed. For GIFT-COFB, n/4-bit security for both NMRL-PRIV and NMRL-AUTH notions is showed.
{"title":"Nonce-misuse resilience of Romulus-N and GIFT-COFB","authors":"Akiko Inoue, Chun Guo, Kazuhiko Minematsu","doi":"10.1049/ise2.12110","DOIUrl":"https://doi.org/10.1049/ise2.12110","url":null,"abstract":"<p>Nonce-misuse resilience (NMRL) security of Romulus-N and GIFT-COFB is analysed, the two finalists of NIST Lightweight Cryptography project for standardising lightweight authenticated encryption. NMRL, introduced by Ashur et al. at CRYPTO 2017, is a relaxed security notion from a stronger, nonce-misuse resistance notion. The authors have proved that Romulus-N and GIFT- COFB have nonce-misuse resilience. For Romulus-N, the perfect privacy (NMRL-PRIV) and <i>n</i>/2-bit authenticity (NMRL-AUTH) with graceful degradation with respect to nonce repetition are showed. For GIFT-COFB, <i>n</i>/4-bit security for both NMRL-PRIV and NMRL-AUTH notions is showed.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"468-484"},"PeriodicalIF":1.4,"publicationDate":"2023-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12110","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50128528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号