Paradox Stems from the Security Model or the Security Proof?

2021 ◽

pp. 599-640

Author(s):

Dahmun Goudarzi ◽

Thomas Prest ◽

Matthieu Rivain ◽

Damien Vergnaud

Keyword(s):

Leakage Rate ◽

Security Model ◽

Input Output ◽

Leakage Model ◽

Original Proposal ◽

Security Proof ◽

Tight Reduction ◽

Security Notion ◽

New Framework ◽

Composition Theorem

The probing security model is widely used to formally prove the security of masking schemes. Whenever a masked implementation can be proven secure in this model with a reasonable leakage rate, it is also provably secure in a realistic leakage model known as the noisy leakage model. This paper introduces a new framework for the composition of probing-secure circuits. We introduce the security notion of input-output separation (IOS) for a refresh gadget. From this notion, one can easily compose gadgets satisfying the classical probing security notion –which does not ensure composability on its own– to obtain a region probing secure circuit. Such a circuit is secure against an adversary placing up to t probes in each gadget composing the circuit, which ensures a tight reduction to the more realistic noisy leakage model. After introducing the notion and proving our composition theorem, we compare our approach to the composition approaches obtained with the (Strong) Non-Interference (S/NI) notions as well as the Probe-Isolating Non-Interference (PINI) notion. We further show that any uniform SNI gadget achieves the IOS security notion, while the converse is not true. We further describe a refresh gadget achieving the IOS property for any linear sharing with a quasilinear complexity Θ(n log n) and a O(1/ log n) leakage rate (for an n-size sharing). This refresh gadget is a simplified version of the quasilinear SNI refresh gadget proposed by Battistello, Coron, Prouff, and Zeitoun (ePrint 2016). As an application of our composition framework, we revisit the quasilinear-complexity masking scheme of Goudarzi, Joux and Rivain (Asiacrypt 2018). We improve this scheme by generalizing it to any base field (whereas the original proposal only applies to field with nth powers of unity) and by taking advantage of our composition approach. We further patch a flaw in the original security proof and extend it from the random probing model to the stronger region probing model. Finally, we present some application of this extended quasilinear masking scheme to AES and MiMC and compare the obtained performances.

Download Full-text

A puncturable attribute-based data sharing scheme for the Internet of Medical Robotic Things

Library Hi Tech ◽

10.1108/lht-08-2021-0254 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Sultan Basudan

Keyword(s):

Data Sharing ◽

Mutual Authentication ◽

The Internet ◽

Security Model ◽

Secret Key ◽

Forward Secrecy ◽

Content Type ◽

Sensing Data ◽

Sharing Scheme ◽

Security Proof

PurposeIn line with the fast development of information technology, the Internet of Medical Robotic Things (IoMRT) is gaining more ground in health care. Sharing patients' information effectively and securely can improve sensing data usage and confidentiality. Nevertheless, current IoMRT data sharing schemes are lacking in terms of supporting efficient forward secrecy; when secret key for a robotic nurse as a data requester is compromised, all the historically shared data with this robotic nurse will be leaked.Design/methodology/approachThe presented paper suggests an efficient puncturable attribute-based data sharing scheme enabling guaranteed firm security and versatile access control over health sensing data in IoMRT. This scheme integrates attribute-based and puncturable encryption to avail a shared secret key for data sharing that can be encrypted by an access structure over the Data Requester (DR) attributes. Additionally, the establishment of the shared key and the mutual authentication is simultaneously done between the cloud servers and DRs.FindingsThe proposed scheme can achieve forward secrecy by adopting the bloom filter technique that efficiently helps the updating of a private key with no need for the key distributor to reissue the key. The security proof illustrates that this scheme adheres to the security model. Besides, the performance evaluation expresses the feasibility of the suggested scheme.Originality/valueThe main goal of designing a puncture algorithm is to devise an updated key from the ciphertext and a secret key, allowing the decryption of all ciphertexts except the one that has been punctured on. This research illustrates the first effort to develop a puncturable attribute-based encryption scheme to achieve efficient finegrained data sharing in IoMRT.

Download Full-text

A Hierarchical Multicast Key Distribution Protocol

Electronics ◽

10.3390/electronics10090995 ◽

2021 ◽

Vol 10 (9) ◽

pp. 995

Author(s):

Jie Li ◽

Shaowen Yao ◽

Jing Liu ◽

Yunyun Wu

Keyword(s):

Single Point ◽

Key Distribution ◽

Security Model ◽

Group Key ◽

Logical Key Hierarchy ◽

Security Proof ◽

Group Members ◽

Group Key Distribution ◽

Minimal Work ◽

Group Keys

In secure group communication, group keys (GK) are used to ensure the confidentiality of communication. The group key distribution (GKD) is responsible for updating and distributing new group keys when the group membership changes. Most well-known GKD protocols are based on a logical key hierarchy (LKH), where only one group controller (GC) is used. These protocols have various issues, including a single point of failure, meaning that the GC often has a huge workload and can be easily overwhelmed. In this paper, we propose a hierarchical multicast key distribution protocol that supports multi-level controllers to manage a group. Each controller just needs to manage the next-level nodes, and if one fails, the superior controller can replace it with minimal work. The proposed protocol effectively balances the work of controllers, greatly improves the reliability of the group key distribution, and also allows group members to build dynamic conferences without controllers. We provide a security proof of the proposed protocol in a symbolic security model and compare it to other protocols in terms of efficiency, functionality, and security.

Download Full-text

Security of Cyber-Physical Systems: A Generalized Algorithm for Intrusion Detection and Determining Security Robustness of Cyber Physical Systems using Logical Truth Tables

Vanderbilt Undergraduate Research Journal ◽

10.15695/vurj.v9i0.3765 ◽

2013 ◽

Vol 9 ◽

Cited By ~ 4

Author(s):

Curtis G. Northcutt

Keyword(s):

Intrusion Detection ◽

Cyber Security ◽

Logical Truth ◽

Cyber Physical Systems ◽

Security Model ◽

Security Measures ◽

Physical Systems ◽

Multiple Signal ◽

Security Attack ◽

Truth Tables

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.

Download Full-text