Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...最新文献
In PKC 2009, Gorantla, Boyd and González Nieto presented a nice result on modelling security for group key agreement (GKA) protocols. They proposed a novel security model (GBG model) that better supports the adversaries' queries than previous models for GKA protocols by considering KCI resilience. However, ephemeral key leakage attack resistance has been left outside the scope of the GBG model. In this paper, we demonstrate an ephemeral key leakage on an existing GKA protocol which has been shown secure in the GBG model. We then extend the GBG model by allowing the adversary greater attack powers of leaking ephemeral keys in GKA protocol session. We also apply the well known NAX-OS trick to propose an improvement to an existing GKA protocol, which can resist the ephemeral key leakage attack. The security of the improved protocol has been argued under the our new model.
{"title":"Stronger security model of group key agreement","authors":"Jian-jie Zhao, Dawu Gu, M. Choudary Gorantla","doi":"10.1145/1966913.1966975","DOIUrl":"https://doi.org/10.1145/1966913.1966975","url":null,"abstract":"In PKC 2009, Gorantla, Boyd and González Nieto presented a nice result on modelling security for group key agreement (GKA) protocols. They proposed a novel security model (GBG model) that better supports the adversaries' queries than previous models for GKA protocols by considering KCI resilience. However, ephemeral key leakage attack resistance has been left outside the scope of the GBG model. In this paper, we demonstrate an ephemeral key leakage on an existing GKA protocol which has been shown secure in the GBG model. We then extend the GBG model by allowing the adversary greater attack powers of leaking ephemeral keys in GKA protocol session. We also apply the well known NAX-OS trick to propose an improvement to an existing GKA protocol, which can resist the ephemeral key leakage attack. The security of the improved protocol has been argued under the our new model.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85056277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As an important cryptographic primitive, designated confirmer signatures are introduced to control the public verifiability of signatures. That is, only the signer or a semi-trusted party, called designated confirmer, can interactively assist a verifier to check the validity of a designated confirmer signature. The central security property of a designated confirmer signature scheme is called invisibility, which requires that even an adaptive adversary cannot determine the validity of an alleged signature without direct cooperation from either the signer or the designated confirmer. However, in the literature researchers have proposed two other related properties, called impersonation and transcript simulatability, though the relations between them are not clear. In this paper, we first explore the relations among these three invisibility related concepts and conclude that invisibility, impersonation and transcript simulatability forms an increasing stronger order. After that, we turn to study the invisibility of two designated confirmer signature schemes recently presented by Zhang et al. and Wei et al. By demonstrating concrete and effective attacks, we show that both of those two scheme fail to meet invisibility, the central security property of designated confirmer signatures.
{"title":"On the invisibility of designated confirmer signatures","authors":"Fubiao Xia, Guilin Wang, Rui Xue","doi":"10.1145/1966913.1966948","DOIUrl":"https://doi.org/10.1145/1966913.1966948","url":null,"abstract":"As an important cryptographic primitive, designated confirmer signatures are introduced to control the public verifiability of signatures. That is, only the signer or a semi-trusted party, called designated confirmer, can interactively assist a verifier to check the validity of a designated confirmer signature. The central security property of a designated confirmer signature scheme is called invisibility, which requires that even an adaptive adversary cannot determine the validity of an alleged signature without direct cooperation from either the signer or the designated confirmer. However, in the literature researchers have proposed two other related properties, called impersonation and transcript simulatability, though the relations between them are not clear. In this paper, we first explore the relations among these three invisibility related concepts and conclude that invisibility, impersonation and transcript simulatability forms an increasing stronger order. After that, we turn to study the invisibility of two designated confirmer signature schemes recently presented by Zhang et al. and Wei et al. By demonstrating concrete and effective attacks, we show that both of those two scheme fail to meet invisibility, the central security property of designated confirmer signatures.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81585372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Chen, G. Gu, Jianwei Zhuge, Jose Nazario, Xinhui Han
Traditional remote-server-exploiting malware is quickly evolving and adapting to the new web-centric computing paradigm. By leveraging the large population of (insecure) web sites and exploiting the vulnerabilities at client-side modern (complex) browsers (and their extensions), web-based malware becomes one of the most severe and common infection vectors nowadays. While traditional malware collection and analysis are mainly focusing on binaries, it is important to develop new techniques and tools for collecting and analyzing web-based malware, which should include a complete web-based malicious logic to reflect the dynamic, distributed, multi-step, and multi-path web infection trails, instead of just the binaries executed at end hosts. This paper is a first attempt in this direction to automatically collect web-based malware scenarios (including complete web infection trails) to enable fine-grained analysis. Based on the collections, we provide the capability for offline "live" replay, i.e., an end user (e.g., an analyst) can faithfully experience the original infection trail based on her current client environment, even when the original malicious web pages are not available or already cleaned. Our evaluation shows that WebPatrol can collect/cover much more complete infection trails than state-of-the-art honeypot systems such as PHoneyC [11] and Capture-HPC [1]. We also provide several case studies on the analysis of web-based malware scenarios we have collected from a large national education and research network, which contains around 35,000 web sites.
{"title":"WebPatrol: automated collection and replay of web-based malware scenarios","authors":"K. Chen, G. Gu, Jianwei Zhuge, Jose Nazario, Xinhui Han","doi":"10.1145/1966913.1966938","DOIUrl":"https://doi.org/10.1145/1966913.1966938","url":null,"abstract":"Traditional remote-server-exploiting malware is quickly evolving and adapting to the new web-centric computing paradigm. By leveraging the large population of (insecure) web sites and exploiting the vulnerabilities at client-side modern (complex) browsers (and their extensions), web-based malware becomes one of the most severe and common infection vectors nowadays. While traditional malware collection and analysis are mainly focusing on binaries, it is important to develop new techniques and tools for collecting and analyzing web-based malware, which should include a complete web-based malicious logic to reflect the dynamic, distributed, multi-step, and multi-path web infection trails, instead of just the binaries executed at end hosts. This paper is a first attempt in this direction to automatically collect web-based malware scenarios (including complete web infection trails) to enable fine-grained analysis. Based on the collections, we provide the capability for offline \"live\" replay, i.e., an end user (e.g., an analyst) can faithfully experience the original infection trail based on her current client environment, even when the original malicious web pages are not available or already cleaned. Our evaluation shows that WebPatrol can collect/cover much more complete infection trails than state-of-the-art honeypot systems such as PHoneyC [11] and Capture-HPC [1]. We also provide several case studies on the analysis of web-based malware scenarios we have collected from a large national education and research network, which contains around 35,000 web sites.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87712733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Secure message transmission (SMT) protocols two nodes in a network want to communicate securely, given that some of the nodes in the network are corrupted by an adversary with unlimited computational power. An SMT protocol uses multiple paths between the sender and a receiver to guarantee privacy and reliability of the message transmission. An (ε, Δ)-SMT protocol bounds the adversary's success probability of breaking privacy and reliability to ε and Δ, respectively. Rate optimal SMT protocols have the smallest transmission rate (amount of communication per one bit of message). Rate optimal protocols have been constructed for a restricted set of parameters. In this paper we use wire virtualization method to construct new optimal protocols for a wide range of parameters using previously known optimal protocols. In particular, we design, for the first time, an optimal 1-round (0, Δ)-SMT protocol for n = (2 + c)t, c ≥ 1/t, where n is the number of paths between the sender and the receiver, up to t of which are controlled by the adversary. We also design an optimal 2-round (0, 0)-SMT protocol for n = (2 + c)t, c ≥ 1/t, with communication cost better than the known protocols. The wire virtualization method can be used to construct other protocols with provable properties from component protocols.
{"title":"Optimal message transmission protocols with flexible parameters","authors":"R. Safavi-Naini, M. Tuhin, Hongsong Shi","doi":"10.1145/1966913.1966978","DOIUrl":"https://doi.org/10.1145/1966913.1966978","url":null,"abstract":"In Secure message transmission (<b>SMT</b>) protocols two nodes in a network want to communicate securely, given that some of the nodes in the network are corrupted by an adversary with <i>unlimited computational power</i>. An SMT protocol uses multiple paths between the sender and a receiver to guarantee <i>privacy</i> and <i>reliability</i> of the message transmission. An (ε, Δ)-SMT protocol bounds the adversary's success probability of breaking privacy and reliability to ε and Δ, respectively. Rate optimal SMT protocols have the smallest transmission rate (amount of communication per one bit of message). Rate optimal protocols have been constructed for a restricted set of parameters.\u0000 In this paper we use wire virtualization method to construct new optimal protocols for a wide range of parameters using previously known optimal protocols. In particular, we design, for the first time, an optimal 1-round (0, Δ)-SMT protocol for <i>n</i> = (2 + <i>c</i>)<i>t</i>, <i>c</i> ≥ 1/<i>t</i>, where <i>n</i> is the number of paths between the sender and the receiver, up to <i>t</i> of which are controlled by the adversary. We also design an optimal 2-round (0, 0)-SMT protocol for <i>n</i> = (2 + <i>c</i>)<i>t</i>, <i>c</i> ≥ 1/<i>t</i>, with communication cost better than the known protocols. The wire virtualization method can be used to construct other protocols with provable properties from component protocols.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87713242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.
{"title":"An ontology- and Bayesian-based approach for determining threat probabilities","authors":"Stefan Fenz","doi":"10.1145/1966913.1966958","DOIUrl":"https://doi.org/10.1145/1966913.1966958","url":null,"abstract":"Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87707448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As the preceding fault analysis on RSA Square-and-Multiple implementation which is based on modifying the public modulus N, is difficult to be executed in practice. This paper proposes a new method to execute fault analysis by regulating the voltage supply of the system to inject transient faults into multiplication operation instead of modifying the modulus N. In order to improve the feasibility of attack, we suggest an extension of fault analysis with recovering the key segment by segment instead of bit by bit. In the end, the complexity of the algorithm is analyzed. The expansibility and feasibility of algorithm are proved by demonstrating in theory and simulation experiments. The results of experiment show that the new fault analysis algorithm is more effective in practice.
{"title":"A new and extended fault analysis on RSA","authors":"Caisen Chen, Tao Wang","doi":"10.1145/1966913.1966980","DOIUrl":"https://doi.org/10.1145/1966913.1966980","url":null,"abstract":"As the preceding fault analysis on RSA Square-and-Multiple implementation which is based on modifying the public modulus N, is difficult to be executed in practice. This paper proposes a new method to execute fault analysis by regulating the voltage supply of the system to inject transient faults into multiplication operation instead of modifying the modulus N. In order to improve the feasibility of attack, we suggest an extension of fault analysis with recovering the key segment by segment instead of bit by bit. In the end, the complexity of the algorithm is analyzed. The expansibility and feasibility of algorithm are proved by demonstrating in theory and simulation experiments. The results of experiment show that the new fault analysis algorithm is more effective in practice.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78616167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In traditional access control systems, security administrators determine whether an information consumer can access a certain resource. However, in reality, it is very difficult for policy makers to foresee what information a user may need in various situations. In hospitals, failing to authorize a doctor for the medical information she needs about a patient could lead to severe or fatal consequences. In this paper, we propose a practical access control approach to protect patient privacy in health information systems by taking the realities in healthcare into consideration. First, unlike traditional access control systems, our proposed access control model allows information consumers (i.e. doctors) to make access decisions, while still being able to detect and control the over-accessing of patients' medical data by quantifying the risk associated with doctors' data-accessing activities. Second, we do not require doctors to do anything special in order to use our system. We learn about common practices among doctors and apply statistical methods and information theory techniques to quantify the risk of privacy violation. Third, occasional exceptions on information needs, which is common in healthcare, is taken into account in our model. We have implemented a prototype of our solution and performed simulations on real-world medical history records.
{"title":"Quantified risk-adaptive access control for patient privacy protection in health information systems","authors":"Qihua Wang, Hongxia Jin","doi":"10.1145/1966913.1966969","DOIUrl":"https://doi.org/10.1145/1966913.1966969","url":null,"abstract":"In traditional access control systems, security administrators determine whether an information consumer can access a certain resource. However, in reality, it is very difficult for policy makers to foresee what information a user may need in various situations. In hospitals, failing to authorize a doctor for the medical information she needs about a patient could lead to severe or fatal consequences. In this paper, we propose a practical access control approach to protect patient privacy in health information systems by taking the realities in healthcare into consideration. First, unlike traditional access control systems, our proposed access control model allows information consumers (i.e. doctors) to make access decisions, while still being able to detect and control the over-accessing of patients' medical data by quantifying the risk associated with doctors' data-accessing activities. Second, we do not require doctors to do anything special in order to use our system. We learn about common practices among doctors and apply statistical methods and information theory techniques to quantify the risk of privacy violation. Third, occasional exceptions on information needs, which is common in healthcare, is taken into account in our model. We have implemented a prototype of our solution and performed simulations on real-world medical history records.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90416956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In certificateless cryptography, a user secret key is derived from two partial secrets: one is the identity-based secret key (corresponding to the user identity) generated by a Key Generation Center (KGC), and the other is the user self-generated secret key (corresponding to a user self-generated and uncertified public key). Two types of adversaries are considered for certificateless cryptography: a Type-I adversary who can replace the user self-generated public key (in transmission or in a public directory), and a Type-II adversary who is an honest-but-curious KGC. In this paper, we present a formal study on certificateless key exchange (CLKE). We show that the conventional definition of Type-I and Type-II security may not be suitable for certificateless key exchange when considering the notion of forward secrecy which is important for key exchange protocols. We then present a new security model in which a single adversary (instead of Type-I and Type-II adversaries) is considered. We also construct a strongly secure certificateless key exchange protocol without expensive pairing operations. As far as we know, our proposed protocol is the first proven secure CLKE protocol without pairing.
在无证书密码学中,用户密钥由两个部分密钥派生而来:一个是密钥生成中心(key Generation Center, KGC)生成的基于身份的密钥(对应于用户身份),另一个是用户自生成的密钥(对应于用户自生成且未经认证的公钥)。对于无证书加密,可以考虑两种类型的攻击者:Type-I攻击者可以替换用户自生成的公钥(在传输中或在公共目录中),Type-II攻击者是一个诚实但好奇的KGC。本文对无证书密钥交换(CLKE)进行了正式的研究。我们表明,当考虑到对密钥交换协议很重要的前向保密的概念时,传统的Type-I和Type-II安全定义可能不适用于无证书密钥交换。然后,我们提出了一个新的安全模型,其中考虑了单个攻击者(而不是i型和ii型攻击者)。我们还构造了一个不需要昂贵的配对操作的强安全的无证书密钥交换协议。据我们所知,我们提出的协议是第一个经过验证的安全的无需配对的CLKE协议。
{"title":"Strongly secure certificateless key exchange without pairing","authors":"Guomin Yang, C. H. Tan","doi":"10.1145/1966913.1966924","DOIUrl":"https://doi.org/10.1145/1966913.1966924","url":null,"abstract":"In certificateless cryptography, a user secret key is derived from two partial secrets: one is the identity-based secret key (corresponding to the user identity) generated by a Key Generation Center (KGC), and the other is the user self-generated secret key (corresponding to a user self-generated and uncertified public key). Two types of adversaries are considered for certificateless cryptography: a Type-I adversary who can replace the user self-generated public key (in transmission or in a public directory), and a Type-II adversary who is an honest-but-curious KGC. In this paper, we present a formal study on certificateless key exchange (CLKE). We show that the conventional definition of Type-I and Type-II security may not be suitable for certificateless key exchange when considering the notion of forward secrecy which is important for key exchange protocols. We then present a new security model in which a single adversary (instead of Type-I and Type-II adversaries) is considered. We also construct a strongly secure certificateless key exchange protocol without expensive pairing operations. As far as we know, our proposed protocol is the first proven secure CLKE protocol without pairing.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83189415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Tsz Hon Yuen, Joseph K. Liu, M. Au, W. Susilo, Jianying Zhou
In this paper, we present the notion and construction of threshold ring signature without random oracles. This is the first scheme in the literature that is proven secure in the standard model. Our scheme extends the Shacham-Waters signature from PKC 2007 in a non-trivial way. We note that our technique is specifically designed to achieve a threshold ring signature in the standard model. Interestingly, we can still maintain the signature size to be the same as the Shacham-Waters signature, while only a tiny computation cost is added.
{"title":"Threshold ring signature without random oracles","authors":"Tsz Hon Yuen, Joseph K. Liu, M. Au, W. Susilo, Jianying Zhou","doi":"10.1145/1966913.1966947","DOIUrl":"https://doi.org/10.1145/1966913.1966947","url":null,"abstract":"In this paper, we present the notion and construction of threshold ring signature without random oracles. This is the first scheme in the literature that is proven secure in the standard model. Our scheme extends the Shacham-Waters signature from PKC 2007 in a non-trivial way. We note that our technique is specifically designed to achieve a threshold ring signature in the standard model. Interestingly, we can still maintain the signature size to be the same as the Shacham-Waters signature, while only a tiny computation cost is added.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90623649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the real-world Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.
{"title":"Automatic construction of jump-oriented programming shellcode (on the x86)","authors":"Ping Chen, Xiao Xing, Bing Mao, Li Xie, Xiaobin Shen, Xinchun Yin","doi":"10.1145/1966913.1966918","DOIUrl":"https://doi.org/10.1145/1966913.1966918","url":null,"abstract":"Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the real-world Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87778046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...