Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...最新文献
A. Felt, Matthew Finifter, J. Weinberger, D. Wagner
Database-backed applications typically grant complete database access to every part of the application. In this scenario, a flaw in one module can expose data that the module never uses for legitimate purposes. Drawing parallels to traditional privilege separation, we argue that database data should be subject to limitations such that each section of code receives access to only the data it needs. We call this data separation. Data separation defends against SQL-based errors including buggy queries and SQL injection attacks and facilitates code review, since a module's policy makes the extent of its database access explicit to programmers and code reviewers. We construct a system called Diesel, which implements data separation by intercepting database queries and applying modules' restrictions to the queries. We evaluate Diesel on three widely-used applications: Drupal, JForum, and WordPress.
{"title":"Diesel: applying privilege separation to database access","authors":"A. Felt, Matthew Finifter, J. Weinberger, D. Wagner","doi":"10.1145/1966913.1966971","DOIUrl":"https://doi.org/10.1145/1966913.1966971","url":null,"abstract":"Database-backed applications typically grant complete database access to every part of the application. In this scenario, a flaw in one module can expose data that the module never uses for legitimate purposes. Drawing parallels to traditional privilege separation, we argue that database data should be subject to limitations such that each section of code receives access to only the data it needs. We call this data separation. Data separation defends against SQL-based errors including buggy queries and SQL injection attacks and facilitates code review, since a module's policy makes the extent of its database access explicit to programmers and code reviewers. We construct a system called Diesel, which implements data separation by intercepting database queries and applying modules' restrictions to the queries. We evaluate Diesel on three widely-used applications: Drupal, JForum, and WordPress.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78239607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enforcing a practical Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. To address these issues, we start our work by analyzing the technical details of 2,600 malware samples one by one and performing experiments over two types of MAC enforced operating systems. Based on the preliminary studies, we design a novel MAC model incorporating intrusion detection and tracing in a commercial operating system, named Tracer, in order to disable malware on hosts while offering good compatibility to existing software and good usability to common users who are not system experts. The model conceptually consists of three actions: detecting, tracing and restricting suspected intruders. One novelty is that it leverages light-weight intrusion detection and tracing techniques to automate security label configuration that is widely acknowledged as a tough issue when applying a MAC system in practice. The other is that, rather than restricting information flow as a traditional MAC does, it traces intruders and restricts only their critical malware behaviors, where intruders represent processes and executables that are potential agents of a remote attacker. Our prototyping and experiments on Windows show that Tracer can effectively defeat all malware samples tested via blocking malware behaviors while not causing a significant compatibility problem.
{"title":"Tracer: enforcing mandatory access control in commodity OS with the support of light-weight intrusion detection and tracing","authors":"Zhiyong Shan, Xin Wang, T. Chiueh","doi":"10.1145/1966913.1966932","DOIUrl":"https://doi.org/10.1145/1966913.1966932","url":null,"abstract":"Enforcing a practical Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. To address these issues, we start our work by analyzing the technical details of 2,600 malware samples one by one and performing experiments over two types of MAC enforced operating systems. Based on the preliminary studies, we design a novel MAC model incorporating intrusion detection and tracing in a commercial operating system, named Tracer, in order to disable malware on hosts while offering good compatibility to existing software and good usability to common users who are not system experts. The model conceptually consists of three actions: detecting, tracing and restricting suspected intruders. One novelty is that it leverages light-weight intrusion detection and tracing techniques to automate security label configuration that is widely acknowledged as a tough issue when applying a MAC system in practice. The other is that, rather than restricting information flow as a traditional MAC does, it traces intruders and restricts only their critical malware behaviors, where intruders represent processes and executables that are potential agents of a remote attacker. Our prototyping and experiments on Windows show that Tracer can effectively defeat all malware samples tested via blocking malware behaviors while not causing a significant compatibility problem.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77265756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern runtime attacks increasingly make use of the powerful return-oriented programming (ROP) attack techniques and principles such as recent attacks on Apple iPhone and Acrobat products to name some. These attacks even work under the presence of modern memory protection mechanisms such as data execution prevention (DEP). In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions). In contrast to existing solutions, ROPdefender can be immediately deployed by end-users, since it does not rely on side information (e.g., source code or debugging information) which are rarely provided in practice. Currently, our tool adds a runtime overhead of 2x which is comparable to similar instrumentation-based tools.
{"title":"ROPdefender: a detection tool to defend against return-oriented programming attacks","authors":"Lucas Davi, A. Sadeghi, M. Winandy","doi":"10.1145/1966913.1966920","DOIUrl":"https://doi.org/10.1145/1966913.1966920","url":null,"abstract":"Modern runtime attacks increasingly make use of the powerful return-oriented programming (ROP) attack techniques and principles such as recent attacks on Apple iPhone and Acrobat products to name some. These attacks even work under the presence of modern memory protection mechanisms such as data execution prevention (DEP). In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions). In contrast to existing solutions, ROPdefender can be immediately deployed by end-users, since it does not rely on side information (e.g., source code or debugging information) which are rarely provided in practice. Currently, our tool adds a runtime overhead of 2x which is comparable to similar instrumentation-based tools.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80484276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present two protocols for reducing oblivious transfer (OT) to the security of trapdoor permutations and to the hardness of some coding problems, respectively. The first protocol is the most efficient known to date, while the second one is a theoretical proof-of-concept. Our constructions leverage the power of Interactive Hashing (IH). The first protocol can be viewed as a simple modification of the well-known OT construction by Even, Goldreich and Lem-pel (1985), in which a receiver must send a random domain element to a sender through IH. Alternatively, our protocol can be viewed as a simple modification of the construction by Ostrovsky, Venkatesan and Yung (1993), in which the players substitute the one-way permutation with a trapdoor permutation. We use a similar approach to derive a second OT protocol based on coding assumptions related to security of the McEliece cryptosystem. In our second construction, the receiver inputs a public key into IH while privately keeping the corresponding secret key. Two different versions of IH are used: the computationally secure one in the first protocol, and the information-theoretically secure one in the second.
{"title":"Efficient computational oblivious transfer using interactive hashing","authors":"Kirill Morozov, G. Savvides","doi":"10.1145/1966913.1966977","DOIUrl":"https://doi.org/10.1145/1966913.1966977","url":null,"abstract":"We present two protocols for reducing oblivious transfer (OT) to the security of trapdoor permutations and to the hardness of some coding problems, respectively. The first protocol is the most efficient known to date, while the second one is a theoretical proof-of-concept. Our constructions leverage the power of Interactive Hashing (IH). The first protocol can be viewed as a simple modification of the well-known OT construction by Even, Goldreich and Lem-pel (1985), in which a receiver must send a random domain element to a sender through IH. Alternatively, our protocol can be viewed as a simple modification of the construction by Ostrovsky, Venkatesan and Yung (1993), in which the players substitute the one-way permutation with a trapdoor permutation. We use a similar approach to derive a second OT protocol based on coding assumptions related to security of the McEliece cryptosystem. In our second construction, the receiver inputs a public key into IH while privately keeping the corresponding secret key. Two different versions of IH are used: the computationally secure one in the first protocol, and the information-theoretically secure one in the second.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84492102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jin Li, Qiong Huang, Xiaofeng Chen, Sherman S. M. Chow, D. Wong, Dongqing Xie
Attribute-based encryption (ABE) is a promising tool for implementing fine-grained cryptographic access control. Very recently, motivated by reducing the trust assumption on the authority, and enhancing the privacy of users, a multiple-authority key-policy ABE system, together with a semi-generic anonymous key-issuing protocol, have been proposed by Chase and Chow in CCS 2009. Since ABE allows encryption for multiple users with attributes satisfying the same policy, it may not be always possible to associate a decryption key to a particular individual. A misbehaving user could abuse the anonymity by leaking the key to someone else, without worrying of being traced. In this paper, we propose a multi-authority ciphertext-policy (AND gates with wildcard) ABE scheme with accountability, which allows tracing the identity of a misbehaving user who leaked the decryption key to others, and thus reduces the trust assumptions not only on the authorities but also the users. The tracing process is efficient and its computational overhead is only proportional to the length of the identity.
{"title":"Multi-authority ciphertext-policy attribute-based encryption with accountability","authors":"Jin Li, Qiong Huang, Xiaofeng Chen, Sherman S. M. Chow, D. Wong, Dongqing Xie","doi":"10.1145/1966913.1966964","DOIUrl":"https://doi.org/10.1145/1966913.1966964","url":null,"abstract":"Attribute-based encryption (ABE) is a promising tool for implementing fine-grained cryptographic access control. Very recently, motivated by reducing the trust assumption on the authority, and enhancing the privacy of users, a multiple-authority key-policy ABE system, together with a semi-generic anonymous key-issuing protocol, have been proposed by Chase and Chow in CCS 2009. Since ABE allows encryption for multiple users with attributes satisfying the same policy, it may not be always possible to associate a decryption key to a particular individual. A misbehaving user could abuse the anonymity by leaking the key to someone else, without worrying of being traced. In this paper, we propose a multi-authority ciphertext-policy (AND gates with wildcard) ABE scheme with accountability, which allows tracing the identity of a misbehaving user who leaked the decryption key to others, and thus reduces the trust assumptions not only on the authorities but also the users. The tracing process is efficient and its computational overhead is only proportional to the length of the identity.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75965409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Although malleability is undesirable in traditional digital signatures, schemes with limited malleability properties enable interesting functionalities that may be impossible to obtain otherwise (e.g., homomorphic signatures). In this paper, we introduce a new malleable signature scheme called bounded vector signatures. The proposed scheme allows a user to sign a multi-dimensional vector of values, along with a description of the context within which the vector should be interpreted. The scheme includes a unique malleability property, which we refer to as the stretch property, that allows the components of the signed vector to be increased up to a pre-defined limit without access to the signing key. Decreasing these values, however, remains computationally infeasible. We prove the security of our construction under the strong RSA and decisional Diffie-Hellman assumptions in the random oracle model. Finally, we underscore the utility of bounded vector signatures by discussing their use in distributed systems security applications.
{"title":"Bounded vector signatures and their applications","authors":"Lei Wei, Scott E. Coull, M. Reiter","doi":"10.1145/1966913.1966949","DOIUrl":"https://doi.org/10.1145/1966913.1966949","url":null,"abstract":"Although malleability is undesirable in traditional digital signatures, schemes with limited malleability properties enable interesting functionalities that may be impossible to obtain otherwise (e.g., homomorphic signatures). In this paper, we introduce a new malleable signature scheme called bounded vector signatures. The proposed scheme allows a user to sign a multi-dimensional vector of values, along with a description of the context within which the vector should be interpreted. The scheme includes a unique malleability property, which we refer to as the stretch property, that allows the components of the signed vector to be increased up to a pre-defined limit without access to the signing key. Decreasing these values, however, remains computationally infeasible. We prove the security of our construction under the strong RSA and decisional Diffie-Hellman assumptions in the random oracle model. Finally, we underscore the utility of bounded vector signatures by discussing their use in distributed systems security applications.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80729777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kazuhiro Minami, N. Borisov, M. Winslett, Adam J. Lee
A distributed proof system is an effective way for deriving useful information by combining data from knowledge bases managed by multiple different principals across different administrative domains. As such, many researchers have proposed using these types of systems as a foundation for distributed authorization and trust management in decentralized systems. However, to account for the potentially sensitive nature of the underlying information, it is important that such proof systems be able to protect the confidentiality of the logical facts and statements.� In this paper, we explore the design space of sound and safe confidentiality-preserving distributed proof systems. Specifically, we develop a framework to analyze the theoretical best-case proving power of these types of systems by analyzing confidentiality-preserving proof theories for Datalog-like languages within the context of a trusted third party evaluation model. We then develop a notion of safety based on the concept of non-deducibility and analyze the safety of several confidentiality-enforcing proof theories from the literature. The results in this paper show that the types of discretionary access control enforced by most systems on a principal-to-principal basis are indeed safe, but lack proving power when compared to other systems. Specifically, we show that a version of the Minami-Kotz (MK) proof system can prove more facts than the simple DAC system while retaining the safety property of the simple system. We further show that a seemingly-useful modification of the MK to support commutative encryption breaks the safety of the system without violating soundness.
{"title":"Confidentiality-preserving proof theories for distributed proof systems","authors":"Kazuhiro Minami, N. Borisov, M. Winslett, Adam J. Lee","doi":"10.1145/1966913.1966933","DOIUrl":"https://doi.org/10.1145/1966913.1966933","url":null,"abstract":"A distributed proof system is an effective way for deriving useful information by combining data from knowledge bases managed by multiple different principals across different administrative domains. As such, many researchers have proposed using these types of systems as a foundation for distributed authorization and trust management in decentralized systems. However, to account for the potentially sensitive nature of the underlying information, it is important that such proof systems be able to protect the confidentiality of the logical facts and statements.\u0000 In this paper, we explore the design space of sound and safe confidentiality-preserving distributed proof systems. Specifically, we develop a framework to analyze the theoretical best-case proving power of these types of systems by analyzing confidentiality-preserving proof theories for Datalog-like languages within the context of a trusted third party evaluation model. We then develop a notion of safety based on the concept of non-deducibility and analyze the safety of several confidentiality-enforcing proof theories from the literature. The results in this paper show that the types of discretionary access control enforced by most systems on a principal-to-principal basis are indeed safe, but lack proving power when compared to other systems. Specifically, we show that a version of the Minami-Kotz (MK) proof system can prove more facts than the simple DAC system while retaining the safety property of the simple system. We further show that a seemingly-useful modification of the MK to support commutative encryption breaks the safety of the system without violating soundness.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91249093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Web search has emerged as one of the most important applications on the internet, with several search engines available to the users. There is a common practice among these search engines to log and analyse the user queries, which leads to serious privacy implications. One well known solution to search privacy involves issuing the queries via an anonymizing network, such as Tor, thereby hiding one's identity from the search engine. A fundamental problem with this solution, however, is that user queries are still obviously revealed to the search engine, although they are "mixed" among the queries issued by other users of the same anonymization service.� In this paper, we consider the problem of identifying the queries of a user of interest (UOI) within a pool of queries received by a search engine over an anonymizing network. We demonstrate that an adversarial search engine can extract the UOI's queries, when it is equipped with only a short-term user search query history, by utilizing only the query content information and off-the-shelf machine learning classifiers. More specifically, by treating a selected set of 60 users --- from the publicly-available AOL search logs --- as the users of interest performing web search over an anonymizing network, we show that each user's queries can be identified with 25.95% average accuracy, when mixed with queries of 99 other users of the anonymization service. This average accuracy drops to 18.95% when queries of 999 other users of the anonymization service are mixed together. Though the average accuracies are not so high, our results indicate that few users of interest could be identified with accuracies as high as 80--98%, even when their queries are mixed among queries of 999 other users. Our results cast serious doubts on the effectiveness of anonymizing web search queries by means of anonymizing networks.
{"title":"On the effectiveness of anonymizing networks for web search privacy","authors":"Sai Teja Peddinti, Nitesh Saxena","doi":"10.1145/1966913.1966984","DOIUrl":"https://doi.org/10.1145/1966913.1966984","url":null,"abstract":"Web search has emerged as one of the most important applications on the internet, with several search engines available to the users. There is a common practice among these search engines to log and analyse the user queries, which leads to serious privacy implications. One well known solution to search privacy involves issuing the queries via an anonymizing network, such as Tor, thereby hiding one's identity from the search engine. A fundamental problem with this solution, however, is that user queries are still obviously revealed to the search engine, although they are \"mixed\" among the queries issued by other users of the same anonymization service.\u0000 In this paper, we consider the problem of identifying the queries of a user of interest (UOI) within a pool of queries received by a search engine over an anonymizing network. We demonstrate that an adversarial search engine can extract the UOI's queries, when it is equipped with only a short-term user search query history, by utilizing only the query content information and off-the-shelf machine learning classifiers. More specifically, by treating a selected set of 60 users --- from the publicly-available AOL search logs --- as the users of interest performing web search over an anonymizing network, we show that each user's queries can be identified with 25.95% average accuracy, when mixed with queries of 99 other users of the anonymization service. This average accuracy drops to 18.95% when queries of 999 other users of the anonymization service are mixed together. Though the average accuracies are not so high, our results indicate that few users of interest could be identified with accuracies as high as 80--98%, even when their queries are mixed among queries of 999 other users. Our results cast serious doubts on the effectiveness of anonymizing web search queries by means of anonymizing networks.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75339792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SyferLock presents a one-time password system, GridCode, that allows an unaided human to authenticate, reducing the cost of deployment. The one-time password system is a human computable challenge-response protocol which they claim defends against key-logging, replay, and brute force attacks, among others. We evaluate the security of the Grid-Code one-time password system and challenge these claims. We identify weak preimage resistance and character independence as key weaknesses of the GridCode system, leading to a variety of attacks. Our analysis indicates their scheme is akin to providing an adversary the ability to perform a brute force attack on a user's password in parallel without significant effort, lowering the effort required to recover a strong user password. Given a small number of challenge-response pairs, an adversary can recover a user's password (e.g., 2--4 pairs), and additional secret (e.g., 1 pair).
{"title":"Attack on the GridCode one-time password","authors":"Ian Molloy, Ninghui Li","doi":"10.1145/1966913.1966953","DOIUrl":"https://doi.org/10.1145/1966913.1966953","url":null,"abstract":"SyferLock presents a one-time password system, GridCode, that allows an unaided human to authenticate, reducing the cost of deployment. The one-time password system is a human computable challenge-response protocol which they claim defends against key-logging, replay, and brute force attacks, among others. We evaluate the security of the Grid-Code one-time password system and challenge these claims. We identify weak preimage resistance and character independence as key weaknesses of the GridCode system, leading to a variety of attacks. Our analysis indicates their scheme is akin to providing an adversary the ability to perform a brute force attack on a user's password in parallel without significant effort, lowering the effort required to recover a strong user password. Given a small number of challenge-response pairs, an adversary can recover a user's password (e.g., 2--4 pairs), and additional secret (e.g., 1 pair).","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75608439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement.� The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally.� Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.
{"title":"1-out-of-2 signature","authors":"Mirosław Kutyłowski, Jun Shao","doi":"10.1145/1966913.1966965","DOIUrl":"https://doi.org/10.1145/1966913.1966965","url":null,"abstract":"We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement.\u0000 The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally.\u0000 Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84948639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: