Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review the previous AKE protocols, all of which turn out to be insecure, under the following realistic assumptions: (1) High-entropy secrets that should be stored on devices may leak out due to accidents such as bugs or mis-configureations of the system; (2) The size of human-memorable secret, i.e. password, is short enough to memorize, but large enough to avoid on-line exhaustive search; (3) TRM (Tamper-Resistant Modules) used to store secrets are not perfectly free from bugs and mis-configurations; (4) A client remembers only one password, even if he/she communicates with several different servers. Then, we propose a simple leakage-resilient AKE protocol (cf.[41]) which is described as follows: the client keeps one password in mind and stores one secret value on devices, both of which are used to establish an authenticated session key with the server. The advantages of leakage-resilient AKEs to the previous AKEs are that the former is secure against active adversaries under the above-mentioned assumptions and has immunity to the leakage of stored secrets from a client and a server (or servers), respectively. In addition, the advantage of the proposed protocol to is the reduction of memory size of the client's secrets. And we extend our protocol to be possible for updating secret values registered in server(s) or password remembered by a client. Some applications and the formal security proof in the standard model of our protocol are also provided.

Ubiquitous computing (ubicomp) demands new security and privacy enhancing technologies for the new information and communication environments where a huge number of computers interact with each other in a distributed and ad hoc manner to access various resources and services. This paper surveys emerging security and privacy enhancing technologies, focusing on access control in ubiquitous computing environments because this is the underlying core technology to enforce security and privacy policies. We classify access control technologies into three types associated with the three access control phases of prevention, avoidance, and detection, and provide an overview of ubiquitous computing-oriented technologies and solutions, ranging from security and privacy models and policies to the enforcement of policies and system implementation.

The current scheme of access control judges the legality of each access based on immediate information without considering associate information hidden in a series of accesses. Due to the deficiency, access control systems do not efficiently limit attacks consist of ordinary operations. For trusted operating system developments, we extended RBAC and added negative procedural constraints to refuse those attacks. With the procedural constraints, the access control of trusted operating systems can discriminate attack trials from normal behaviors. This paper shows the specification of the extended concept and model, and presents simple analysis results.

Process-centered software engineering environments (PSEEs) facilitate controlling software processes. Many issues related to PSEEs such as process evolution support have been addressed. We identify an unsolved issue, which is preventing information leakage when the process is being enacted. We developed a model called PsACL for the prevention. This paper proposes PsACL, which offers the following features: (a) controlling both read and write access of software products, (b) preventing indirect information leakage, (c) managing role associations, (d) managing role hierarchies, (e) enforcing static and simple dynamic separation-of-duty constraints, (f) allowing declassification of products, and (g) allowing access control information exchange among software processes.

The research communitiy has shown considerable interest in studying access control in single Trusted Operating Systems (TOS). However, interactions among multiple TOSs have attracted relatively little attention. In this paper, we propose a Collaborative Role-Based Access Control (C-RBAC) model for distributed systems in which accesses across system domain boundaries are allowed. Access entities in a TOS vary in time. The changes in the organizational structure of the access entities in one system may influence other cooperating systems. In addition, policy-freeness, domain and rule conflicts are possible. These problems restrict the flexibility and scalability of coordination. We propose drafting a meta-component to play the role of a coordinator in multi-domain role-based access control. It is then possible to impart flexibility and scalability in a secure fashion. Experimental studies of the proposed model with the Network File System and SELinux system support our conclusion.

Many computer systems are designed to make it easy for end-users to install and update software. An undesirable side effect, from the perspective of many software producers, is that hostile end-users may analyze or tamper with the software being installed or updated. This paper proposes a way to avoid the side effect without affecting the ease of installation and updating. We construct a computer system M with the following properties: 1) the end-user may install a program P in any conveniently accessible area of M; 2) the program P contains encoded instructions whose semantics are obscure and difficult to understand; and 3) an internal interpreter W, embedded in a non-accessible area of M, interprets the obfuscated instructions without revealing their semantics. Our W is a finite state machine (FSM) which gives context-dependent semantics and operand syntax to the encoded instructions in P; thus, attempts to statically analyze the relation between instructions and their semantics will not succeed. We present a systematic method for constructing a P whose instruction stream is always interpreted correctly regardless of its input, even though changes in input will (in general) affect the execution sequence of instructions in P. Our framework is easily applied to conventional computer systems by adding a FSM unit to a virtual machine or a reconfigurable processor.

In 2003, Shen et al. proposed an improvement on Yang-Shieh's timestamp-based password authentication scheme using smart cards. Then they claimed that their scheme cannot withstand a forged login attack, but also eliminate a problem of Yang-Shieh's. However, their scheme is still susceptible to forged login attack. In this letter, we show how the forged login attack can be worked out on Shen et al.'s scheme.

OMAC is a provably secure MAC scheme proposed by Iwata and Kurosawa. NIST currently intends to specify OMAC as the modes recommendation. In August 2003, Mitchell published a note "On the security of XCBC, TMAC and OMAC" to propose a new variant of OMAC. We call it OMAC1". In this paper, we prove that OMAC1" is less secure than the original OMAC. We show a security gap between them. As a result, we obtain a negative answer to Mitchell's open question--OMAC1" is not provably secure even if the underlying block cipher is a PRP. Further, we point out limitations of discussion in [16].

In [1] it was proved that 20 of 64 PGV hash functions based on block cipher are collision-resistant and one-way in the black-box model of the underlying block cipher. Here, we generalize the definition of PGV-hash function into a hash family and we will prove that, aside from the previously reported 20 hash functions, we have 22 more collision-resistant and one-way hash families. As all these 42 families are keyed hash family, these are also target-collision-resistant. All these 42 hash families have tight upper and lower bounds on (target) collision-resistant and one-way-ness.

In 2000, Wang et al. proposed a (t,n) threshold signature scheme with (k,l) threshold shared verification, and a (t,n) threshold authenticated encryption scheme with (k,l) threshold shared verification. Later, Tseng et al. mounted some attacks against Wang et al.'s schemes. At the same, they also presented the improvements. In this paper, we first point out that Tseng et al.'s attacks are actually invalid due to their misunderstanding of Wang et al.'s Schemes. Then, we show that both Wang et al.'s schemes and Tseng et al.'s improvements are indeed insecure by demonstrating several effective attacks.

We will propose a key-agreement-type three-party password-authenticated key exchange protocol. The proposed protocol is quite efficient and, among the same type of protocols, is the first to be formally proven to be secure. A three-party formal model for security proof is proposed based on [25] and [26]. We construct a simulator in this model to show that our proposed protocol is secure under reasonable and well-defined cryptographic primitives.

This study proposes a feasible method to successfully improve probabilistic packet marking (PPM) used to trace back the original DoS attacker. PPM is modified by compensating for the remarked marked packets to achieve the optimal marked packets required for reconstructing the complete attack path.

Computer systems are constantly under attack and illegal access is a constant threat which makes security even more critical. A system can be broken into and secret information, e.g. decryption key, may be exposed, resulting in a total break of the system. Recently, a new framework for the protection against such key exposure problem was suggested and was called, Key-Insulated Encryption (KIE). In our paper, we introduce a novel approach to key insulated cryptosystems that offers provable security without computational assumptions. For the model of Information-Theoretically Secure Key-Insulated Encryption (ISKIE), we show lower bounds on required memory sizes of user, trusted device and sender. Our bounds are all tight as our concrete construction of ISKIE achieves all the bounds. We also extend this concept further by adding an extra property so that any pair of users in the system is able to communicate with each other and still have the same security benefits as the existing KIE based on intractability assumptions. We called this, Dynamic and Mutual Key-Insulated Encryption (DMKIE), and concrete implementations of DMKIE will be shown as well. In the end, we discuss the relationship of DMKIE against Key Predistribution Schemes (KPS) and Broadcast Encryption Schemes (BES), that is, we show that DMKIE can be constructed from either KPS or BES.

Recently, with the explosive growth of communication technologies, group oriented services such as teleconferencing and multi-player games are increasing. Access to information is controlled through secret communication using a group key shared among members, so efficient updating of group keys is vital to maintaining secrecy of large and dynamic groups. In this paper, we employ (2,4)-tree as a key tree, which is a height balanced tree, to reduce the number of key updates caused by joins or leaves of members. Specifically, we use the CBT (Core Based Tree) to determine the network configuration of the group members to reflect that onto the structure of the key tree. This allows for more efficient updates of group keys when splitting or merging of subgroups occurs by network failure or recovery.

This paper proposes a method of improving demodulation performance for chaotic synchronization based multiplex communications systems. In a conventional system, the number of data demodulated correctly is limited because transmitted chaotic signals interfere with each other. The proposed system uses a generalized inverse of a matrix formed from chaotic signals at the transmitter. Since this completely cancels the interference between chaotic signals, demodulation performance is greatly improved. The proposed system has the following features: A simple correlation receiver suitable for small terminals can be used; The magnitude of the correlator output is constant for binary data transmission; Analog information data can also be transmitted. Two methods to reduce the peak-to-average power ratio of the transmitted signal are presented.

In this letter, we present an efficient stream authentication scheme that is an improvement of SAIDA. It is shown that under the same communication overhead its verification probability is higher than that of SAIDA. Moreover, its computation cost is lower than that of SAIDA.

We propose an improved probabilistic packet marking approach for IP traceback to reconstruct a more precise attack path in an incomplete PPM deployment environment. Moreover, this scheme may also be used with a view to reducing the deployment overhead without requiring the participation of all routers along the attack path.

The authors present a multiparty signature generation (MSG) scheme of the Digital Signature Algorithm (FIPS 186-1). The scheme is based on a simple idea, however, it is much more convenient in usability in the real world than existing MSGs. The scheme has the following properties: (1) valid signatures are generated with odd n split private keys, (2) broadcast messages between the key holders are hidden from them, so that the n key holders do not need to process signature generation simultaneously, (3) even if up to t (= ) split keys are stolen, the adversary can get no information on the private key, (4) the scheme is as secure as the original signature algorithm against chosen message attack, and (5) the scheme is efficient in the sense that an implementation on smart card has demonstrated practical performance for interactive use with human user.

In this article, we will present a modification attack and a dictionary attack to subvert the security of the Tseng scheme and the Ku-Wang scheme. As we know, no existing schemes of simple authenticated key agreement protocols can successfully withstand our modification attack.

Under current radio regulations, it is illegal to change the configuration of a radio after its type approval has been acquired. However, the reconfigurability of a Software Defined Radio (SDR) terminal, which is one of its benefits, is possible by changing its software in the field. This contradicts current radio regulations. Therefore, a new authorization procedure is necessary for system reconfiguration using SDR. It is necessary to satisfy the radio regulation. In other words, a new authorization procedure requires techniques to prevent the operation out of the allowed limits of SDR in the field. In this paper, we propose a novel mechanism, called Automatic Certification System (ACS), as a solution to these regulatory issues for SDR. The ACS is a system which gives type approval automatically to the software which affects the output power, central frequency, frequency band, modulation type and which controls analog circuits on an SDR terminal. We also propose the ACS based framework which aims to distribute the burden of the software manufacturer, hardware manufacturer, and governmental authority. After that, we describe the inspection method and discuss the case of a modulation scheme which can be Phase Shift Keying (PSK) or Minimum Shift Keying (MSK) schemes. Our simulations confirm that the ACS is able to certify the modulation software at the terminal.