A secure search protocol for lightweight and low-cost RFID systems

In radio frequency identification (RFID) systems, search protocols are used to find a specific item in a large number of tagged products. These protocols should be secure against RFID attacks such as traceability, impersonation, DoS and eavesdropping. Sundaresan et al. (IEEE Trans Dependable Secure Comput, 2015) presented a server-less search protocol based on 128-bits PRNG function and claimed that their method can address all vulnerabilities of previous protocols. In this paper, we prove that Sundaresan et al.’s protocol is vulnerable to traceability attack with the high probability. In addition, we present an improved protocol to solve the proposed problem and analyze its security level informally and formally based on AVISPA tool and BAN logic.     

Key management protocol with end-to-end data security and key revocation for a multi-BS wireless sensor network

Focusing on a large-scale wireless sensor network with multiple base stations (BS), a key management protocol is designed in this paper. For securely relaying data between a node and a base station or two nodes, an end-to-end data security method is adopted by this protocol. Further employing a distributed key revocation scheme to efficiently remove compromised nodes then forms our key management protocol celled multi-BS key management protocol (MKMP). Through performance evaluation, we show that MKMP outperforms LEDS Ren et al. (IEEE Trans Mobile Comput 7(5):585–598, 2008) in terms of efficiency of resilience against the node capture attack. With the analysis of key storage overheads, we demonstrate that MKMP performs better than mKeying Wang et al. (A key management protocol for wireless sensor networks with multiple base stations. In: Procceedings of ICC'08, pp 1625–1629, 2008) in terms of this overhead.     

An efficient TDMA-based variable interval multichannel MAC protocol for vehicular networks

Vehicular Adhoc NETworks (VANETs) are the key to the future of intelligent transportation systems. An efficient MAC protocol is of greater importance to meet the strict deadlines of safety related applications in VANETs. This work introduces a novel TDMA-based variable interval multichannel MAC protocol (TM-MAC) for VANETs. TM-MAC employs TDMA along with variable interval multichannel scheduling for providing a reliable and efficient broadcast service over a lossy wireless medium. TM-MAC reduces transmission collisions thus making Control CHannel (CCH) more reliable and provides high throughput over Service CHannel (SCH) via maximum channel utilization. The scheduling strategy ensures that vehicles are assigned a slot instantaneously. Moreover there is a reduction of almost 50 % in number of vehicles incurring merging collisions when compared with VeMAC (Omar et al. in IEEE Trans Mob Comput 12(9):1724–1736, 2013), an existing and recently proposed TDMA based MAC protocol. This reduction in merging collisions increased the packet delivery ratio by almost 25 % when compared with VeMAC. Extensive simulations which were done over a realistic city scenario connote the superiority of TM-MAC over existing schemes for a wide range of traffic conditions.     

Optimal Security Proofs for Full Domain Hash,Revisited

RSA Full Domain Hash (RSA-FDH) is a digital signature scheme, secure against chosen message attacks in the random oracle model. The best known security reduction from the RSA assumption is non-tight, i.e., it loses a factor of \(q_s\), where \(q_s\) is the number of signature queries made by the adversary. It was furthermore proven by Coron (Advances in cryptology—EUROCRYPT 2002, Lecture notes in computer science, vol 2332. Springer, Berlin, pp 272–287, 2002) that a security loss of \(q_s\) is optimal and cannot possibly be improved. In this work, we uncover a subtle flaw in Coron’s impossibility result. Concretely, we show that it only holds if the underlying trapdoor permutation is certified. Since it is well known that the RSA trapdoor permutation is (for all practical parameters) not certified, this renders Coron’s impossibility result moot for RSA-FDH. Motivated by this, we revisit the question whether there is a tight security proof for RSA-FDH. Concretely, we give a new tight security reduction from a stronger assumption, the Phi-Hiding assumption introduced by Cachin et al. (Advances in Cryptology—EUROCRYPT’99. Lecture notes in computer science, vol 1592. Springer, Berlin, pp 402–414, 1999). This justifies the choice of smaller parameters in RSA-FDH, as it is commonly used in practice. All of our results (positive and negative) extend to the probabilistic signature scheme PSS (with message recovery).     

Two-dimensional discrete fractional Fourier transform-based content removal algorithm

This paper proposes a novel content removal technique for enhancing the camera identification performance. Here, very low bit rate videos with the overall noise patterns having time-varying statistics are considered. First, different two-dimensional discrete fractional Fourier transforms with different rotational angles are applied to the overall noise pattern of each frame of each video. Second, the modulus of each element of each transformed matrix is normalized to one if the rotational angles of the transforms are not equal to the integer multiples of \(\pi \). Third, the corresponding two-dimensional inverse discrete fractional Fourier transform is applied to each normalized matrix, and the corresponding real part is taken out for the further processing. Fourth, the absolute values of the elements in each normalized real-valued matrix are bounded by certain threshold values. Here, different threshold values are employed for different rotational angles. Finally, the processed matrices are averaged over all the rotational angles and all the frames of the videos of the same camera. To evaluate the performance, the correlation function is employed. Extensive computer numerical simulations are preformed. The obtained results show that the proposed method outperforms existing methods (Kang et al. in IEEE Trans Inf Forensics Secur 7(2):393–402, 2012; Li in IEEE Trans Inf Forensics Secur 5(2):280–287, 2010).     

Tightly Secure Signatures From Lossy Identification Schemes

In this paper, we present three digital signature schemes with tight security reductions in the random oracle model. Our first signature scheme is a particularly efficient version of the short exponent discrete log-based scheme of Girault et al. (J Cryptol 19(4):463–487, 2006). Our scheme has a tight reduction to the decisional short discrete logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Advances in Cryptology—ASIACRYPT 2009, vol 5912 of Lecture Notes in Computer Science, pp 598–616, Tokyo, Japan, December 6–10, 2009. Springer, Berlin, 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the subset sum problem. We also present a general transformation that converts what we term \(lossy \) identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of such signature schemes.     

Outage Probability and Ergodic Capacity Analysis for Two-Way Relaying System with Different Relay Selection Protocols

The outage probability and ergodic capacity analysis for decode-and-forward two-way relaying system is investigated in this paper. First, the exact expressions (or bounds) of outage probability, ergodic capacity and average bidirectional ergodic capacity (ABEC) for max–min relay selection, random relay selection and direct transmission protocols are derived through theoretic analysis, and performance comparisons among different relay selection protocols are developed. Then a novel maximum average bidirectional mutual information (MABM) relay selection protocol is proposed and analyzed. Simulation results demonstrate that the derived analytical results fit well with Monte-Carlo simulations. The proposed MABM protocol can always achieve larger ABEC than other protocols while keeping low outage probability, and the MABM and max–min protocols in this paper can always achieve better performance than the max–min selection and max-sum selection in Krikidis (IEEE Trans Veh Technol 59(9):4620–4628, 2010). In addition, outage probability, ergodic capacity and ABEC performance of the proposed protocol become worse while distance becomes larger.     

Improved double noise coupling ΔΣ analog-to-digital converter

In Jung et al. (Electron Lett 48(10):557–558, 1), a double noise coupling scheme was proposed for ΔΣ analog-to-digital converters (ADCs) to achieve wideband and high accuracy performance combined with low power consumption. In this paper, an improved version of double noise coupling ΔΣ ADC is presented. The improved architecture reduces the power consumption significantly, by reducing the output swing of the second integrator in the modulator. Also, the improved double noise coupling ΔΣ ADC relaxes the feedback timing of the modulator using a triple sampling technique (Kanazawa et al. in IEEE Custom Integrated Circuit Conference, 2). Thus, there is no need to have high-speed comparator and DEM circuitry even for high-speed applications. By using both techniques, the performance of the double noise coupling ΔΣ ADC can be improved significantly.     

Security of Blind Signatures Revisited

We revisit the security definitions of blind signatures as proposed by Pointcheval and Stern (J Cryptol 13(3):361–396, 2000). Security comprises the notions of one-more unforgeability, preventing a malicious user to generate more signatures than requested, and of blindness, averting a malicious signer to learn useful information about the user’s messages. Although this definition is well established nowadays, we show that there are still desirable security properties that fall outside of the model. More precisely, in the original unforgeability definition is not excluded that an adversary verifiably uses the same message m for signing twice and is then still able to produce another signature for a new message \(m'\ne m\). Intuitively, this should not be possible; yet, it is not captured in the original definition, because the number of signatures equals the number of requests. We thus propose a stronger notion, called honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that turns any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.     

Determining the number of true different permutation polynomials of degrees up to five by Weng and Dong algorithm

Permutation polynomials (PPs) are used for interleavers in turbo codes, cryptography or sequence generation. The paper presents an algorithm for determining the number of true different PPs of degrees up to five. It is based on the algorithm from Weng and Dong (IEEE Trans Inf Theory 54(9):4388–4390, 2008) and on the null polynomials modulo the interleaver length.     

Locally Computable UOWHF with Linear Shrinkage

We study the problem of constructing locally computable universal one-way hash functions (UOWHFs) \(\mathcal {H}:\{0,1\}^n \rightarrow \{0,1\}^m\). A construction with constant output locality, where every bit of the output depends only on a constant number of bits of the input, was established by Applebaum et al. (SIAM J Comput 36(4):845–888, 2006). However, this construction suffers from two limitations: (1) it can only achieve a sublinear shrinkage of \(n-m=n^{1-\epsilon }\) and (2) it has a super-constant input locality, i.e., some inputs influence a large super-constant number of outputs. This leaves open the question of realizing UOWHFs with constant output locality and linear shrinkage of \(n-m= \epsilon n\), or UOWHFs with constant input locality and minimal shrinkage of \(n-m=1\). We settle both questions simultaneously by providing the first construction of UOWHFs with linear shrinkage, constant input locality and constant output locality. Our construction is based on the one-wayness of “random” local functions—a variant of an assumption made by Goldreich (Studies in Complexity and Cryptography, 76–87, 2011; ECCC 2010). Using a transformation of Ishai et al. (STOC, 2008), our UOWHFs give rise to a digital signature scheme with a minimal additive complexity overhead: signing n-bit messages with security parameter \(\kappa \) takes only \(O(n+\kappa )\) time instead of \(O(n\kappa )\) as in typical constructions. Previously, such signatures were only known to exist under an exponential hardness assumption. As an additional contribution, we obtain new locally computable hardness amplification procedures for UOWHFs that preserve linear shrinkage.     

How to Build an Ideal Cipher: The Indifferentiability of the Feistel Construction

This paper provides the first provably secure construction of an invertible random permutation (and of an ideal cipher) from a public random function that can be evaluated by all parties in the system, including the adversary. The associated security goal was formalized via the notion of indifferentiability by Maurer et al. (TCC 2004). The problem is the natural extension of that of building (invertible) random permutations from (private) random functions, first solved by Luby and Rackoff (SIAM J Comput 17(2):373–386, 1988) via the four-round Feistel construction. As our main result, we prove that the Feistel construction with fourteen rounds is indifferentiable from an invertible random permutation. We also provide a new lower bound showing that five rounds are not sufficient to achieve indifferentiability. A major corollary of our result is the equivalence (in a well-defined sense) of the random oracle model and the ideal cipher model.     

Accelerating signature-based broadcast authentication for wireless sensor networks

In wireless sensor networks (WSNs), broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. In this contribution, we propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4 × 4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7-34.5% less energy and runs about 50% faster than the traditional signature verification method. The efficiency of the proposed technique has been tested through an experimental study on a network of MICAz motes.     

The Hunting of the SNARK

The existence of succinct non-interactive arguments for NP (i.e., non-interactive computationally sound proofs where the verifier’s work is essentially independent of the complexity of the NP non-deterministic verifier) has been an intriguing question for the past two decades. Other than CS proofs in the random oracle model (Micali in SIAM J Comput 30(4):1253–1298, 2000), prior to our work the only existing candidate construction is based on an elaborate assumption that is tailored to a specific protocol (Di Crescenzo and Lipmaa in Proceedings of the 4th conference on computability in Europe, 2008). We formulate a general and relatively natural notion of an extractable collision-resistant hash function (ECRH) and show that, if ECRHs exist, then a modified version of Di Crescenzo and Lipmaa’s protocol is a succinct non-interactive argument for NP. Furthermore, the modified protocol is actually a succinct non-interactive adaptive argument of knowledge (SNARK). We then propose several candidate constructions for ECRHs and relaxations thereof. We demonstrate the applicability of SNARKs to various forms of delegation of computation, to succinct non-interactive zero-knowledge arguments, and to succinct two-party secure computation. Finally, we show that SNARKs essentially imply the existence of ECRHs, thus demonstrating the necessity of the assumption. Going beyond \(\hbox {ECRH}\)s, we formulate the notion of extractable one-way functions (\(\hbox {EOWF}\)s). Assuming the existence of a natural variant of \(\hbox {EOWF}\)s, we construct a two-message selective-opening-attack-secure commitment scheme and a three-round zero-knowledge argument of knowledge. Furthermore, if the \(\hbox {EOWF}\)s are concurrently extractable, the three-round zero-knowledge protocol is also concurrent zero knowledge. Our constructions circumvent previous black-box impossibility results regarding these protocols by relying on \(\hbox {EOWF}\)s as the non-black-box component in the security reductions.     

A static/opportunistic hybrid-scheduling scheme for MIMO wireless networks

Multiple Input Multiple Output (MIMO) based Spatial Time Division Multiple Access (STDMA) Wireless Mesh Networks (WMNs) have attracted extensive research attention. However, there are two problems in existing studies: (1) the employed MIMO link rate models are not suitable for a MIMO link of a practical STDMA WMN, and (2) the designed scheduling algorithms usually cannot take advantage of the multi-user diversity in a WMN. In this paper, we develop an analytical model for determining the MIMO link rate of an STDMA WMN. Based on a node-based slot assignment and scheduling algorithm (Chen and Lea in IEEE Trans Veh Technol 62(1):272–283, 2013), we propose a static/opportunistic hybrid scheduling framework that can exploit multi-user diversity and channel fading. The performance evaluation shows that the proposed framework has 33–46 % throughput gain over the prior joint routing and time slot assignment schemes for MIMO WMNs.     

Effect of thermal expansion mismatch in grating material and host specimen on thermal sensitivity of FBG sensor

Authors have studied thermal sensitivity characteristics of FBG temperature sensor attached to the surface of targeted host specimen (Lee and Lee in J Korean Phys Soc 59(5):3188–3191, 2011; Yu-Lung and Han-Sheng in Meas Sci Technol 9:1543–1547, 1998; Reddy et al. in Opt Appl 40(3):685–692, 2010). In their mathematical analysis, the coefficient of thermal expansion of grating material is ignored due to its contribution to the shift in the wavelength is small as compared to shift because of CTE of host specimen. However, we find that the Bragg’s wavelength shift used for measuring temperature in FBG sensor is dependent on difference in thermal expansions of grating and targeted host specimen materials. We have investigated the effect of the expansion in the material of the grating as well as that of host material and have found that at low temperature the difference in the shift in wavelength is indeed very small of the order of 0.67 pm at \(26\,{^\circ }\hbox {C}\), but the difference in the shift in the wavelength at higher temperature say 350–\(400\,{^\circ }\hbox {C}\) is quite large of the order of 250 pm and cannot be neglected as it will result in error reading of the temperature for higher ranges.     

Minimizing Locality of One-Way Functions via Semi-private Randomized Encodings

A one-way function is d-local if each of its outputs depends on at most d input bits. In Applebaum et al. (SIAM J Comput 36(4):845–888, 2006), it was shown that, under relatively mild assumptions, there exist 4-local one-way functions (OWFs). This result is not far from optimal as it is not hard to show that there are no 2-local OWFs. The gap was partially closed in Applebaum et al. (2006) by showing that the existence of 3-local OWFs is implied by the intractability of decoding a random linear code (or equivalently the hardness of learning parity with noise). In this note we provide further evidence for the existence of 3-local OWFs. We construct a 3-local OWF based on the assumption that a random function of (arbitrarily large) constant locality is one-way. [A closely related assumption was previously made by Goldreich (Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation, pp. 76–87, 2011).] Our proof consists of two steps: (1) we show that, under the above assumption, Random Local Functions remain hard to invert even when some information on the preimage x is leaked and (2) such “robust” local one-way functions can be converted to 3-local one-way functions via a new construction of semi-private randomized encoding. We believe that these results may be of independent interest.     

Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions

We construct a general-purpose multi-input functional encryption scheme in the private-key setting. Namely, we construct a scheme where a functional key corresponding to a function f enables a user holding encryptions of \(x_1, \ldots , x_t\) to compute \(f(x_1, \ldots , x_t)\) but nothing else. This is achieved starting from any general-purpose private-key single-input scheme (without any additional assumptions) and is proven to be adaptively secure for any constant number of inputs t. Moreover, it can be extended to a super-constant number of inputs assuming that the underlying single-input scheme is sub-exponentially secure. Instantiating our construction with existing single-input schemes, we obtain multi-input schemes that are based on a variety of assumptions (such as indistinguishability obfuscation, multilinear maps, learning with errors, and even one-way functions), offering various trade-offs between security assumptions and functionality. Previous and concurrent constructions of multi-input functional encryption schemes either rely on stronger assumptions and provided weaker security guarantees (Goldwasser et al. in Advances in cryptology—EUROCRYPT, 2014; Ananth and Jain in Advances in cryptology—CRYPTO, 2015), or relied on multilinear maps and could be proven secure only in an idealized generic model (Boneh et al. in Advances in cryptology—EUROCRYPT, 2015). In comparison, we present a general transformation that simultaneously relies on weaker assumptions and guarantees stronger security.     

Reproducible Circularly Secure Bit Encryption: Applications and Realizations

We give generic constructions of several fundamental cryptographic primitives based on a new encryption primitive that combines circular security for bit encryption with the so-called reproducibility property (Bellare et al. in Public key cryptography—PKC 2003, vol. 2567, pp. 85–99, Springer, 2003). At the heart of our constructions is a novel technique which gives a way of de-randomizing reproducible public-key bit encryption schemes and also a way of reducing one-wayness conditions of a constructed trapdoor function family (TDF) to circular security of the base scheme. The main primitives that we build from our encryption primitive include k-wise one-way TDFs (Rosen and Segev in SIAM J Comput 39(7):3058–3088, 2010), chosen-ciphertext-attack-secure encryption and deterministic encryption. Our results demonstrate a new set of applications of circularly secure encryption beyond fully homomorphic encryption and symbolic soundness. Finally, we show the plausibility of our assumptions by showing that the decisional Diffie–Hellman-based circularly secure scheme of Boneh et al. (Advances in cryptology—CRYPTO 2008, vol. 5157, Springer, 2008) and the subgroup indistinguishability-based scheme of Brakerski and Goldwasser (Advances in cryptology—CRYPTO 2010, vol. 6223, pp. 1–20, Springer, 2010) are both reproducible.     

All-But-Many Encryption

We present a new cryptographic primitive, called all-but-many encryption (ABME). An ABME scheme is a tag-based public-key encryption scheme with the following additional properties: A sender given the secret key can generate a fake ciphertext to open to any message with consistent randomness. In addition, anyone who does not own the secret key can neither distinguish a fake ciphertext from a real (honestly generated) one, nor produce a fake one (on a fresh tag) even after seeing many fake ciphertexts and their opening. A motivating application of ABME is universally composable (UC) commitment schemes. We prove that an ABME scheme implies a non-interactive UC commitment scheme that is secure against adaptive adversaries in the non-erasure model under a reusable common reference string. Previously, such a “fully equipped” UC commitment scheme has been known only in Canetti and Fischlin (CRYPTO 2001, vol 2139, Lecture notes in computer science. Springer, Heidelberg, pp 19–40, 2001), Canetti et al. (STOC 2002, pp 494–503, 2002), with expansion factor \(O(\kappa )\), meaning that to commit \(\lambda \) bits, communication strictly requires \(O(\lambda \kappa )\) bits, where \(\kappa \) denotes the security parameter. We provide a general framework for constructing ABME and several concrete instantiations from a variety of assumptions. In particular, we present an ABME scheme with expansion factor O(1) from DCR-related assumptions, which results in showing the first fully equipped UC commitment scheme with a constant expansion factor. In addition, the DCR-based ABME scheme can be transformed to an all-but-many lossy trapdoor function (ABM-LTF), proposed by Hofheinz (EUROCRYPT 2012, vol 7237, Lecture notes in computer science. Springer, Heidelberg, pp 209–227, 2012), with a better lossy rate than Hofheinz (2012).