IET Information Security
Volume 10, Issue 1, January 2016
Volumes & issues:
Volume 10, Issue 1
January 2016
-
- Author(s): Clémentine Gritti ; Willy Susilo ; Thomas Plantard
- Source: IET Information Security, Volume 10, Issue 1, p. 1 –7
- DOI: 10.1049/iet-ifs.2014.0428
- Type: Article
- + Show details - Hide details
-
p.
1
–7
(7)
Ring signatures enable a user to anonymously sign a message on behalf of group of users. In this study, the authors propose the first ring signature scheme whose size is O(log2 N), where N is the number of users in the ring. They achieve this result by improving Chandran et al.’s ring signature scheme presented at the International Colloquium on Automata, Languages and Programming 2007. Their scheme uses a common reference string and non-interactive zero-knowledge proofs. The security of their scheme is proven without requiring random oracles.
- Author(s): Weiqiang Wen ; Libin Wang ; Jiaxin Pan
- Source: IET Information Security, Volume 10, Issue 1, p. 8 –17
- DOI: 10.1049/iet-ifs.2014.0234
- Type: Article
- + Show details - Hide details
-
p.
8
–17
(10)
The most widely accepted models in the security proofs of authenticated key exchange protocols are the Canetti–Krawczyk (CK) and extended CK models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical oriented security notion. Concerning the security of one-round implicitly authenticated Diffie–Hellman (DH) key exchange protocols, the authors present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterised through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of their model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap DH assumption.
- Author(s): Xin Xie ; Bin Lu ; Daofu Gong ; Xiangyang Luo ; Fenlin Liu
- Source: IET Information Security, Volume 10, Issue 1, p. 18 –27
- DOI: 10.1049/iet-ifs.2013.0137
- Type: Article
- + Show details - Hide details
-
p.
18
–27
(10)
Code obfuscation is intended to thwart reverse engineering by making programmes hard to understand. Call chains collected by stack tracing can be used to understand the behaviour of programmes. To hinder reverse analysis of stack tracing, a binary code obfuscation method based on random obfuscated table and hash coding is proposed. Random obfuscated table is used to map call addresses while call and ret instructions are executing. Hash coding and random value can be used to encode and decode the data of stack frames in the run-time programmes. Experiment and analysis show that the obfuscation can effectively impede stack trace analysis and increase the cost of reverse analysis for programmes.
- Author(s): Guo Yimin ; Li Shundong ; Dou Jiawei ; Zhou Sufang
- Source: IET Information Security, Volume 10, Issue 1, p. 28 –32
- DOI: 10.1049/iet-ifs.2014.0504
- Type: Article
- + Show details - Hide details
-
p.
28
–32
(5)
Tag cloning attack is a serious threat to the radio-frequency identification (RFID) applications. Cloned tags detection is an effective security mechanism to prevent the attacks. To improve the accuracy and efficiency of detection for cloned tags, this study presents a deterministic cloned tags detection (DCTD) protocol for anonymous RFID systems to detect cloned tags, using a tree-based anti-collision algorithm to find irreconcilable collisions. This protocol, which uses the pseudonym of tags in the detecting process, can quickly detect all the cloned tags with a deterministic time without revealing the sensitive information. Experiments show that DCTD protocol, with less detection time and higher accuracy, outperforms the known detection protocols.
- Author(s): José Luis Salazar ; José Luis Tornos ; Joan Josep Piles
- Source: IET Information Security, Volume 10, Issue 1, p. 33 –36
- DOI: 10.1049/iet-ifs.2014.0547
- Type: Article
- + Show details - Hide details
-
p.
33
–36
(4)
The authors describe two different algorithms to perform efficiently the ring signature keys generation. Given an integer size, l, their algorithms find efficiently (memory and time, respectively) two distinct l/2-bit primes (e 1, e 2) such that e = 2e 1 e 2 + 1 will be a prime integer. With a naïve algorithm one only needs to store O(l) bits (more specifically, only one l/2-integer), and need, in average, O(l 4) basic l-bit operations. With the second algorithm, one not only improves this computational complexity O(l 7/2), but also needs to use, in average, O(l 3/2) bits. The authors consider these algorithms useful for implementing ring signatures in mobile devices where there exist strong time and space constraints.
- Author(s): Hao Wu ; Xianglei Dang ; Lidong Wang ; Longtao He
- Source: IET Information Security, Volume 10, Issue 1, p. 37 –44
- DOI: 10.1049/iet-ifs.2014.0386
- Type: Article
- + Show details - Hide details
-
p.
37
–44
(8)
In this study, the authors consider the detection and identification problems of distributed domain name system (DNS) cache poisoning attack. In the considered distributed attack, multiple cache servers are invaded simultaneously and the attack intensity for each cache server is slight. It is difficult to detect and identify the distributed attack by the existing local information-based detection methods, as the abnormal features for each cache server are indistinctive under distributed attack. To handle this problem, they propose an information fusion-based detection and identification methods. They find that the entropies of the query Internet protocol (IP) addresses for all cache servers are approximately stationary and statistically independent under normal cases. When distributed attack happens, they show the fact that the correlation of the entropies among all cache servers could increase dramatically. On the basis of this feature, they make use of principal component analysis to design the detection and identification methods. Specifically, attack is true when the maximum eigenvalue of the normalised entropies matrix exceeds a threshold, and the attacked servers are identified by the main loading vector. At last, they take a large-scale DNS in China and a simulation as two examples to show the effectiveness of their methods.
- Author(s): Haichang Gao ; Xuqin Wang ; Fang Cao ; Zhengya Zhang ; Lei Lei ; Jiao Qi ; Xiyang Liu
- Source: IET Information Security, Volume 10, Issue 1, p. 45 –52
- DOI: 10.1049/iet-ifs.2014.0381
- Type: Article
- + Show details - Hide details
-
p.
45
–52
(8)
Text-based completely automated public turing tests to tell computers and humans apart (CAPTCHAs) have been widely deployed across the Internet to defend against undesirable or malicious bot programmes. In this study, the authors provide a systematic analysis of text-based CAPTCHAs and innovatively improve their earlier attack on hollow CAPTCHAs to expand applicability to attack all the text CAPTCHAs. With this improved attack, they have successfully broken the CAPTCHA schemes adopted by 19 out of the top 20 web sites in Alexa including two versions of the famous ReCAPTCHA. With success rates ranging from 12 to 88.8% (note that the success rate for Yandex CAPTCHA is 0%), they demonstrate the effectiveness of their attack method. It is not only applicable to hollow CAPTCHAs, but also to non-hollow ones. As their attack casts serious doubt on the viability of current designs, they offer lessons and guidelines for designing better text-based CAPTCHAs.
Logarithmic size ring signatures without random oracles
Unified security model of authenticated key exchange with specific adversarial capabilities
Random table and hash coding-based binary code obfuscation against stack trace analysis
Deterministic cloned tag detection protocol for anonymous radio-frequency identification systems
Efficient ways of prime number generation for ring signatures
Information fusion-based method for distributed domain name system cache poisoning attack detection and identification
Robustness of text-based completely automated public turing test to tell computers and humans apart
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article