This book contains the revised selected papers of the First Workshop on Lightweight Cryptography for Resource-Constrained Devices, WLC 2010, the First Workshop on Real-Life Cryptographic Protocols and Standardization, RLCPS 2010, and the First Workshop on Ethics in Computer Security Research, WECSR 2010, held in conjunction with the 14th International Conference on Financial Cryptography and Data Security, FC 2010, in Tenerife, Canary Islands, Spain, in January 2010. The 21 selected papers presented were carefully reviewed and selected from numerous submissions. The papers cover topics ranging from low-cost cryptography and real-life issues discussing design criteria and relevant implementation challenges to ethical concerns and standards in the computer security research.
Author(s): Radu Sion, Reza Curtmola, Sven Dietrich, Aggelos Kiayias, Josep M Miret, Kazue Sako, Francesc Sebé
Edition: 1st Edition.
Publisher: Springer
Year: 2010
Language: English
Pages: 267
Lecture Notes in Computer Science 6054......Page 1
Financial Cryptography and Data Security: FC 2010 Workshops, RLCPS, WECSR, and WLC 2010 / Tenerife, Canary Islands, Spain, January 25-28, 2010 / Revised Selected Papers......Page 2
Preface......Page 4
Workshop Organization......Page 5
Table of Contents......Page 7
WLC Preface......Page 9
Introduction......Page 10
Encryption/Decryption and Initialization......Page 12
16-Bit Block Cipher......Page 13
Design Rationale of Hummingbird......Page 14
Security Analysis of the Hummingbird Cryptographic Algorithm......Page 15
16-Bit Microcontroller MSP430 and Development Tools......Page 18
Size Optimized Implementation......Page 19
Speed Optimized Implementation......Page 20
Encryption Mode and Concluding Remarks......Page 22
References......Page 23
Introduction......Page 26
Our Contributions......Page 27
Usual Security Properties......Page 28
The Generic Construction from Vaudenay......Page 30
A Very Practical Instantiation: The DHAES Case......Page 31
The ``Constant Fixed Non Malleability'' Property......Page 32
The Rabin Case......Page 33
The El Gamal Case......Page 34
Our New Generic Construction......Page 35
The Hash El Gamal Case......Page 36
Comparison......Page 37
References......Page 39
Introduction......Page 41
LFSR-Based Pseudorandom Number Generators......Page 42
Che et al. Scheme Brief Description......Page 43
Predictability of the Scheme......Page 44
Proposed Attack......Page 45
Attack Implementation......Page 46
System Description......Page 47
Implementation Details......Page 48
Suitability to the EPC Gen2 Standard......Page 49
References......Page 52
Introduction......Page 54
DJ Cryptosystem and Hyper Rectangle Database......Page 55
LFCPIR Protocol......Page 56
OLFCPIR Protocol......Page 58
The Error......Page 59
Corrected OLFCPIR......Page 60
Comparison......Page 61
References......Page 62
Introduction......Page 64
RFID Systems......Page 65
Aggregate Signatures......Page 67
Physical Scenario......Page 68
Proposed Solution......Page 69
References......Page 73
Introduction......Page 75
Hardware Properties of Cryptographic Building Blocks......Page 76
Introduction to DPA and Countermeasures......Page 78
Comparison of Countermeasures......Page 80
Conclusions......Page 83
References......Page 84
Introduction......Page 87
Related Work......Page 88
The Proposed MAC Protocol......Page 89
Reader's Algorithm......Page 90
Tag's Algorithm......Page 91
Selection of Parameters......Page 94
Security......Page 96
Identifying All Tags......Page 97
Conclusions......Page 98
References......Page 99
Introduction......Page 101
E-Passports......Page 103
(In)Security of Italian e-Passports......Page 106
The Simulator......Page 107
Analysis of the Random Number Generator......Page 108
Conclusion......Page 109
References......Page 110
RLCPS Preface......Page 112
Introduction......Page 113
Functional Requirements......Page 114
Security Requirements......Page 115
High-Level Description of SPAKE......Page 116
Description......Page 117
Enhancing the Security of RSA for Paranoids......Page 118
Instantiating SPAKE with RSAP-H......Page 119
Using a Common Predetermined Part in SPAKE......Page 120
Basing SPAKE on AES......Page 121
Coppersmith's Attack and Shamir's Bound......Page 122
Proof of Concept/Prototype......Page 123
References......Page 125
Proof of Theorem 1......Page 126
Proof of Theorem 3......Page 127
Security against the ECM Algorithm......Page 128
Introduction......Page 129
Targeted-Ads System Architecture......Page 130
Requirements-Threat Model......Page 131
A Privacy preserving Targeted-Ad System......Page 132
Building Blocks......Page 134
The PPOAd Protocol in Detail......Page 136
System Considerations......Page 138
Related Work......Page 140
References......Page 141
Introduction......Page 142
A Consumer Architecture......Page 144
An Enterprise Architecture......Page 145
Benefits of a Cryptographic Storage Service......Page 147
Searchable Encryption......Page 149
Proofs of Storage......Page 152
References......Page 153
Introduction......Page 156
Requirements for Remote Attestation with IKEv2......Page 158
The Internet Key Exchange Protocol (IKEv2)......Page 159
Remote Attestation in the IKE SA......Page 161
The Attestation Data Payload......Page 162
The Shared Attestation Key......Page 163
Attestation Service (AS) Interface......Page 164
Security Considerations......Page 165
Related Work - TCG Trusted Network Connect......Page 168
References......Page 169
Introduction......Page 172
Aspects of Revocation......Page 176
Separating Domain Management from Domain RO Creation......Page 177
Domain Policy......Page 180
Device RO Key Management......Page 181
Domain RO Key Management......Page 182
The A2A Move RO Transaction......Page 183
The Move via RI Protocol......Page 184
Device RO Creation Revisited: RI as LRM Proxy......Page 185
Conclusions......Page 186
References......Page 187
Background......Page 188
Contributions......Page 189
Formal Methods for Cryptographic Protocol Analysis......Page 190
Objectives......Page 192
Cryptographic Protocol Assurance Levels......Page 193
Is Our Framework Effective?......Page 195
Overview......Page 196
Discussion......Page 197
Conclusion......Page 198
References......Page 199
WECSR Preface......Page 201
Understanding Ethical Decision-Making......Page 202
Conclusions......Page 204
References......Page 206
Introduction......Page 208
Background on Tor......Page 209
Goals of Statistical Analysis......Page 210
Ethical Problems......Page 213
Countries of Connecting Clients......Page 215
Exiting Traffic by Port......Page 217
Discussion......Page 219
References......Page 220
Introduction......Page 221
Storm......Page 223
Conficker......Page 224
Alternative Countermeasures......Page 225
Ethical Questions Raised......Page 226
Who?......Page 227
What, Where, Why, When, and How?......Page 228
Conclusion......Page 232
References......Page 233
Introduction......Page 236
Ethical Standards for Proactive Threat Research......Page 238
Ethical Proactive Threat Research Methods......Page 239
Ethical Dissemination of Proactive Threat Research......Page 241
References......Page 242
Dramatis Personæ......Page 243
Introduction......Page 245
Human Subject Protections......Page 246
Conclusion......Page 250
References......Page 251
Detailed Personal Data Collection......Page 252
Observation of Login Credentials......Page 253
References......Page 254
What Is Harm?......Page 255
Software Vulnerability Analysis......Page 256
Summary......Page 258
References......Page 260
Author Index......Page 261