Filters








622 Hits in 8.4 sec

From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to TLS [chapter]

Colin Boyd, Britta Hale, Stig Frode Mjølsnes, Douglas Stebila
2016 Lecture Notes in Computer Science  
We show generically how to construct higher level schemes from a basic scheme and appropriate use of sequence numbers, and apply that to close the gap in the analysis of TLS record layer encryption.  ...  Authentication and authenticated encryption with associated data (AEAD) are applied in cryptographic protocols to provide message integrity.  ...  Finally, we connect the hierarchy and our generic constructions with TLS record layer encryption. Connection with secure channel definitions.  ... 
doi:10.1007/978-3-319-29485-8_4 fatcat:h4ghizualjccjbm6itomo7uyfq

Analysis of DTLS Implementations Using Protocol State Fuzzing

Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky
2020 USENIX Security Symposium  
To that end, we extend TLS-Attacker, an open source framework for analyzing TLS implementations, with support for DTLS tailored to the stateless and unreliable nature of the underlying UDP layer.  ...  DTLS's main challenge is to support the stateless and unreliable transport of UDP.  ...  Acknowledgements We would like to thank Jörg Schwenk, our shepherd Kenneth Paterson, and the anonymous reviewers for many insightful comments.  ... 
dblp:conf/uss/Fiterau-Brostean20 fatcat:rtjd3ewmmbcqli2xpvtihj46hm

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Lesly-Ann Daniel, Erik Poll, Joeri de Ruiter
2018 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)  
Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines  ...  These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior.  ...  It is based on the OpenSSL library, which is used for its TLS session negotiation, its encryption and authentication and its random number generation primitives.  ... 
doi:10.1109/eurospw.2018.00009 dblp:conf/eurosp/DanielPR18 fatcat:rkijsstqzrcxzcmm53rteklowe

State Management for Hash-Based Signatures [chapter]

David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin, Johannes Buchmann
2016 Lecture Notes in Computer Science  
Compared to a completely stateless scheme, the hybrid approach realizes the essential benefits, with smaller signatures and faster signing.  ...  To protect against unintentional copying of the private key state, we consider a hybrid stateless/stateful scheme, which provides a graceful security degradation in the face of unintentional copying, at  ...  Common examples are code signing for software updates, server authentication for TLS, and S/MIME for secure email.  ... 
doi:10.1007/978-3-319-49100-4_11 fatcat:qq54nyxr7naelmq2xdxhzwyica

Stateful KEM: Towards Optimal Robust Combiner for Key Encapsulation Mechanism [article]

Jia Xu, Yiwen Gao, Hoon Wei Lim, Hongbing Wang, Ee-Chien Chang
2021 IACR Cryptology ePrint Archive  
Our cost is that, the resulting KEM has to maintain a secret dynamic state of fixed and linear size (i.e. O(n)) . We call such KEM as Stateful Key Encapsulation Mechanism (SKEM).  ...  A (1, n)-robust combiner combines n cryptography primitives to construct a new primitive of the same type, and guarantees that if any of the ingredient primitive is secure, then the resulting primitive  ...  Conclusion In this work, we gave the security formulation of stateful key encapsulation mechanism. We then construct a stateful KEM from n (stateless) KEMs, with optimal (i.e.  ... 
dblp:journals/iacr/XuGLWC21 fatcat:iy7eqnuzfbcpdfiq3aooruko4m

Protocol State Fuzzing of TLS Implementations

Joeri de Ruiter, Erik Poll
2015 USENIX Security Symposium  
We describe a largely automated and systematic analysis of TLS implementations by what we call 'protocol state fuzzing': we use state machine learning to infer state machines from protocol implementations  ...  We analysed both server-and client-side implementations with a test harness that supports several key exchange algorithms and the option of client certificate authentication.  ...  To describe TLS, or protocols in general, a state machine can be used to specify possible sequences of messages that can be sent and received.  ... 
dblp:conf/uss/RuiterP15 fatcat:p45hhaaeindjtg4asa3ihw6g2a

Design of a security mechanism for RESTful Web Service communication through mobile clients

Femke De Backere, Brecht Hanssens, Ruben Heynssens, Rein Houthooft, Alexander Zuliani, Stijn Verstichel, Bart Dhoedt, Filip De Turck
2014 2014 IEEE Network Operations and Management Symposium (NOMS)  
This approach has been inspired by some known security mechanisms, but implemented in such a way that it focusses on statelessness and aims to be lightweight.  ...  Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system.  ...  The system is also faster than the TLS system, because TLS has to perform a handshake and generate keys for every request. V.  ... 
doi:10.1109/noms.2014.6838308 dblp:conf/noms/BackereHHHZVDT14 fatcat:vcymrhjh7zde7mmd4757y5twey

Hardened Stateless Session Cookies [chapter]

Steven J. Murdoch
2011 Lecture Notes in Computer Science  
Stateless session cookies allow web applications to alter their behaviour based on user preferences and access rights, without maintaining server-side state for each session.  ...  In this paper we show that by including a salted iterated hash of the user password in the database, and its pre-image in a session cookie, an attacker with read access to the server is unable to spoof  ...  Acknowledgements Thanks are due to Richard Clayton, Markus Kuhn, the attendees at the Security Protocols Workshop (especially Mark Lomas), and the contributors to Light Blue Touchpaper, for their valuable  ... 
doi:10.1007/978-3-642-22137-8_13 fatcat:ufbwjmfof5bs5nxhf3d7h2uszq

Practical Quantum-Safe Stateful Hybrid Key Exchange Protocol [article]

Jia Xu, Yiwen Gao, Hoon Wei Lim
2020 IACR Cryptology ePrint Archive  
From our robust combiner of KEMs, we construct efficient stateful hybrid Key Exchange Protocol (KEP), which is more suitable for two parties who will communicate with each other frequently.  ...  It is crucially important to propose an early solution, which is likely secure against quantum attacks and classical attacks, and likely to comply with the future NIST standard.  ...  How to Construct Authenticated Key Exchange Protocol? It is well known that, the diffie-hellman key exchange protocol, is not authenticated and thus suffering from manin-the-middle attack.  ... 
dblp:journals/iacr/XuGL20 fatcat:cx4q7ahjcnejxidkmvpnktu3le

Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) versus QUIC

Shan Chen, Samuel Jero, Matthew Jagielski, Alexandra Boldyreva, Cristina Nita-Rotaru
2021 Journal of Cryptology  
Equipped with our new models we provide a detailed comparison of three low-latency layered protocols: TLS 1.3 over TCP Fast Open (TFO), QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS  ...  In addition to the standard goals of server authentication and data confidentiality and integrity, we consider the goals of IP spoofing prevention, key exchange packet integrity, secure channel header  ...  because the server reconfiguration of TFO+TLS 1.3 erases or refreshes the static state (resumption states or the session ticket encryption key) used to recover RMS that derives the 0-RTT key.  ... 
doi:10.1007/s00145-021-09389-w fatcat:7vcxpatn6zblnhf5bhopjnlxcy

Securing Communication of Dynamic Groups in Dynamic Network-Centric Environments

Roger Khazan, Robert Figueiredo, Ran Canetti, Cynthia McLain, Robert Cunningham
2006 MILCOM 2006  
We then describe our solution, PKGE, at a high-level, and report on the prototype implementation, performance experiments, and a demonstration with GAIM/Jabber chat. *  ...  In this paper, we define the problem of group encryption, motivate the need for decentralized group encryption services, and explain our vision for designing such services.  ...  Acknowledgments: We thank Joseph Cooley for his contribution to the project, Dan Boneh and Ben Lynn for answering questions about the Broadcast Encryption scheme and PBC library, and Matt Steiner for sharing  ... 
doi:10.1109/milcom.2006.302552 fatcat:2fdhucahqjhhdi4pcnddks64sa

Bringing State-Separating Proofs to EasyCrypt - A Security Proof for Cryptobox [article]

François Dupressoir, Konrad Kohbrok, Sabine Oechsner
2021 IACR Cryptology ePrint Archive  
To showcase our insights, we develop a formal security proof for the cryptobox family of public-key authenticated encryption schemes based on non-interactive key exchange and symmetric authenticated encryption  ...  Concretely, we propose a mapping from SSP to EasyCrypt concepts which enables us to enhance cryptographic proofs with SSP insights while maintaining compatibility with existing EasyCrypt proof support.  ...  Acknowledgments We thank Dan Bernstein for comments on an early draft which led to significant changes in the presentation of this work, as well as Mike Rosulek, Markulf Kohlweiss and Chris Brzuska for  ... 
dblp:journals/iacr/DupressoirKO21 fatcat:pnfwvdienbasvnsyyzrrbdo2rm

Secure Shell (SSH): Public Key Authentication over Hypertext Transfer Protocol (HTTP) [article]

Dorai Ashok Shanmugavel Anbalagan
2015 arXiv   pre-print
Secure Shell (SSH) protocol requires all implementations to support public key authentication method ("publickey") for authentication purposes, so web applications which provide a SSH client over the web  ...  However, restrictions in Hypertext Transfer Protocol (HTTP), such as same origin policy, and limited access to local resources, make it difficult to perform such authentications.  ...  It is generic, stateless and can be used for purposes beyond hypertext.  ... 
arXiv:1506.05073v1 fatcat:2ns5shxpsvf6tlfg5wrqvfguxa

PrivaSIP: Ad-hoc identity privacy in SIP

Giorgos Karopoulos, Georgios Kambourakis, Stefanos Gritzalis
2011 Computer Standards & Interfaces  
Moreover, it does not require from the SIP Proxy server to maintain state information for exchanged SIP requests and respective responses.  ...  Our work also includes performance results and extensive comparison with similar methods.  ...  (20% from the Greek Ministry of Development-General Secretariat of Research and Technology and 80% from E.U.  ... 
doi:10.1016/j.csi.2010.07.002 fatcat:6frafujlxvdrhnzcz5zpdlrrei

Denial-of-service resistance in key establishment

Jason Smith, Suratose Tritilanunt, Colin Boyd, Juan M. Gonzalez Nieto, Ernest Foo
2007 International Journal of Wireless and Mobile Computing  
The main topics of his research include secure protocols and network security with particular emphasis on electronic commerce applications.  ...  Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate  ...  In order to remain stateless and thereby prevent memory exhaustion, any relevant state required by the responder can also be encoded in the cookie and returned with the next message from the initiator.  ... 
doi:10.1504/ijwmc.2007.013796 fatcat:vdk3bzxyabgypajyxjb65pc6k4
« Previous Showing results 1 — 15 out of 622 results