The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full h...The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually estab...Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually establish trust relationships based on their past experience. Current approaches for the reputation management cannot achieve the fine granularity and verifiability for each individual user, in the sense that the reputation values on such OSNs are coarse and lack of credibility. In this paper, we propose a fine granularity attribute-based reputation system which enables users to rate each other's attributes instead of identities. Our scheme first verifies each OSN user's attributes, and further allows OSN users to vote on the posted attribute-associated messages to derive the reputation value. The attribute verification process provides the authenticity of the reputation value without revealing the actual value to entities who do not have the vote privilege. To predict a stranger's behavior, we propose a reputation retrieval protocol for querying the reputation value on a specific attribute. To the best of our knowledge, we are the first to define a fine-grained reputation value based on users' verified attributes in OSNs with privacy preservation. We provide the security analysis along with the simulation results to verify the privacy preservation and feasibility. The implementation of the proposed scheme on current OSNs is also discussed.展开更多
基金supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003the National Natural Science Foundation of China (NSFC) under Grants U1536205, 61170279 and 61572485
文摘The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
基金This work was partially supported by the National Science Foundation of USA under Grant No. CNS-1423165. The work of Chi was supported in part by the National Natural Science Foundation of China (NSFC) under Grant Nos. 61202140 and 61328208, the Program for New Century Excellent Talents in University of China under Grant No. NCET-13-0548, and the Innovation Foundation of the Chinese Academy of Sciences under Grant No. CXJJ-14-S132. Lin's work was supported in part by MoE ATU Plan, the Taiwan Science and Technology Authority under Grant Nos. MOST 103-2622-E-009-012, MOST 103-2221-E-002-152-MY3, MOST 103-2221- E-002-249-MY3, MOST 104-2923-E-002-005-MY3, and MOST 103-2627-E-002-008, and the ICL/ITRI Project of Chunghwa Telecom.
文摘Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually establish trust relationships based on their past experience. Current approaches for the reputation management cannot achieve the fine granularity and verifiability for each individual user, in the sense that the reputation values on such OSNs are coarse and lack of credibility. In this paper, we propose a fine granularity attribute-based reputation system which enables users to rate each other's attributes instead of identities. Our scheme first verifies each OSN user's attributes, and further allows OSN users to vote on the posted attribute-associated messages to derive the reputation value. The attribute verification process provides the authenticity of the reputation value without revealing the actual value to entities who do not have the vote privilege. To predict a stranger's behavior, we propose a reputation retrieval protocol for querying the reputation value on a specific attribute. To the best of our knowledge, we are the first to define a fine-grained reputation value based on users' verified attributes in OSNs with privacy preservation. We provide the security analysis along with the simulation results to verify the privacy preservation and feasibility. The implementation of the proposed scheme on current OSNs is also discussed.
