Visible to the public Biblio

Found 292 results

Filters: Keyword is cryptographic protocols  [Clear All Filters]
Applebaum, Benny, Kachlon, Eliran, Patra, Arpita.  2020.  The Round Complexity of Perfect MPC with Active Security and Optimal Resiliency. 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS). :1277—1284.
In STOC 1988, Ben-Or, Goldwasser, and Wigderson (BGW) established an important milestone in the fields of cryptography and distributed computing by showing that every functionality can be computed with perfect (information-theoretic and error-free) security at the presence of an active (aka Byzantine) rushing adversary that controls up to n/3 of the parties. We study the round complexity of general secure multiparty computation in the BGW model. Our main result shows that every functionality can be realized in only four rounds of interaction, and that some functionalities cannot be computed in three rounds. This completely settles the round-complexity of perfect actively-secure optimally-resilient MPC, resolving a long line of research. Our lower-bound is based on a novel round-reduction technique that allows us to lift existing three-round lower-bounds for verifiable secret sharing to four-round lower-bounds for general MPC. To prove the upper-bound, we develop new round-efficient protocols for computing degree-2 functionalities over large fields, and establish the completeness of such functionalities. The latter result extends the recent completeness theorem of Applebaum, Brakerski and Tsabary (TCC 2018, Eurocrypt 2019) that was limited to the binary field.
Zhang, Zichao, de Amorim, Arthur Azevedo, Jia, Limin, Pasareanu, Corina S..  2020.  Automating Compositional Analysis of Authentication Protocols. 2020 Formal Methods in Computer Aided Design (FMCAD). :113–118.
Modern verifiers for cryptographic protocols can analyze sophisticated designs automatically, but require the entire code of the protocol to operate. Compositional techniques, by contrast, allow us to verify each system component separately, against its own guarantees and assumptions about other components and the environment. Compositionality helps protocol design because it explains how the design can evolve and when it can run safely along other protocols and programs. For example, it might say that it is safe to add some functionality to a server without having to patch the client. Unfortunately, while compositional frameworks for protocol verification do exist, they require non-trivial human effort to identify specifications for the components of the system, thus hindering their adoption. To address these shortcomings, we investigate techniques for automated, compositional analysis of authentication protocols, using automata-learning techniques to synthesize assumptions for protocol components. We report preliminary results on the Needham-Schroeder-Lowe protocol, where our synthesized assumption was capable of lowering verification time while also allowing us to verify protocol variants compositionally.
Vyetrenko, S., Khosla, A., Ho, T..  2009.  On combining information-theoretic and cryptographic approaches to network coding security against the pollution attack. 2009 Conference Record of the Forty-Third Asilomar Conference on Signals, Systems and Computers. :788–792.
In this paper we consider the pollution attack in network coded systems where network nodes are computationally limited. We consider the combined use of cryptographic signature based security and information theoretic network error correction and propose a fountain-like network error correction code construction suitable for this purpose.
Iwamoto, M., Ohta, K., Shikata, J..  2018.  Security Formalizations and Their Relationships for Encryption and Key Agreement in Information-Theoretic Cryptography. IEEE Transactions on Information Theory. 64:654–685.
This paper analyzes the formalizations of information-theoretic security for the fundamental primitives in cryptography: symmetric-key encryption and key agreement. Revisiting the previous results, we can formalize information-theoretic security using different methods, by extending Shannon's perfect secrecy, by information-theoretic analogues of indistinguishability and semantic security, and by the frameworks for composability of protocols. We show the relationships among the security formalizations and obtain the following results. First, in the case of encryption, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy or a variant of information-theoretic indistinguishability is the strongest notion. Second, in the case of key agreement, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy is the strongest notion. In particular, in both encryption and key agreement, the formalization of composable security is not stronger than any other formalizations. Furthermore, as an application of the relationships in encryption and key agreement, we simultaneously derive a family of lower bounds on the size of secret keys and security quantities required under the above formalizations, which also implies the importance and usefulness of the relationships.
Li, K., Ren, A., Ding, Y., Shi, Y., Wang, X..  2020.  Research on Decentralized Identity and Access Management Model Based on the OIDC Protocol. 2020 International Conference on E-Commerce and Internet Technology (ECIT). :252—255.

In the increasingly diverse information age, various kinds of personal information security problems continue to break out. According to the idea of combination of identity authentication and encryption services, this paper proposes a personal identity access management model based on the OIDC protocol. The model will integrate the existing personal security information and build a set of decentralized identity authentication and access management application cluster. The advantage of this model is to issue a set of authentication rules, so that all users can complete the authentication of identity access of all application systems in the same environment at a lower cost, and can well compatible and expand more categories of identity information. Therefore, this method not only reduces the number of user accounts, but also provides a unified and reliable authentication service for each application system.

Song, Z., Matsumura, R., Takahashi, Y., Nanjo, Y., Kusaka, T., Nogami, Y., Matsumoto, T..  2020.  An Implementation and Evaluation of a Pairing on Elliptic Curves with Embedding Degree 14. 2020 35th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC). :293–298.
As the computer architecture technology evolves, communication protocols have been demanded not only having reliable security but also flexible functionality. Advanced cryptography has been expected as a new generation cryptography which suffices such the requirements. A pairing is one of the key technologies of the cryptography and the pairing has been known as having a substantial amount of construction parameters. Recently, the elliptic curve with embedding degree 14 is evaluated as one of the efficient curves for pairing. In the paper, we implement an optimal ate pairing on the elliptic curve by applying several variants of multiplication algorithms of extension field of degree 7 on multiple devices. The best multiplication algorithm among the candidates is derived. Besides, for efficient calculations, we propose a pseudo 7-sparse algorithm and a fast calculation method of final exponentiation. As a result, we discover the proper multiplication algorithm bases on the rate of addition and multiplications on several different computer platforms. Our proposed pseudo 7-sparse algorithm is approximately 1.54% faster than a regular algorithm on almost all tested platforms. Eventually, for the total execution time of pairing we record 9.33ms on Corei5-9500.
Marquer, Y., Richmond, T..  2020.  A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching. 2020 IEEE 27th Symposium on Computer Arithmetic (ARITH). :56–63.
The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms. In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties. In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure. We also apply these equations to extend the Montgomery ladder for both the semi- and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.
Kumar, N., Rathee, M., Chandran, N., Gupta, D., Rastogi, A., Sharma, R..  2020.  CrypTFlow: Secure TensorFlow Inference. 2020 IEEE Symposium on Security and Privacy (SP). :336–353.
We present CrypTFlow, a first of its kind system that converts TensorFlow inference code into Secure Multi-party Computation (MPC) protocols at the push of a button. To do this, we build three components. Our first component, Athos, is an end-to-end compiler from TensorFlow to a variety of semihonest MPC protocols. The second component, Porthos, is an improved semi-honest 3-party protocol that provides significant speedups for TensorFlow like applications. Finally, to provide malicious secure MPC protocols, our third component, Aramis, is a novel technique that uses hardware with integrity guarantees to convert any semi-honest MPC protocol into an MPC protocol that provides malicious security. The malicious security of the protocols output by Aramis relies on integrity of the hardware and semi-honest security of MPC. Moreover, our system matches the inference accuracy of plaintext TensorFlow.We experimentally demonstrate the power of our system by showing the secure inference of real-world neural networks such as ResNet50 and DenseNet121 over the ImageNet dataset with running times of about 30 seconds for semi-honest security and under two minutes for malicious security. Prior work in the area of secure inference has been limited to semi-honest security of small networks over tiny datasets such as MNIST or CIFAR. Even on MNIST/CIFAR, CrypTFlow outperforms prior work.
Nieto-Chaupis, H..  2020.  Hyper Secure Cognitive Radio Communications in an Internet of Space Things Network Based on the BB84 Protocol. 2020 Intermountain Engineering, Technology and Computing (IETC). :1–5.
Once constellation of satellites are working in a collaborative manner, the security of their messages would have to be highly secure from all angles of scenarios by which the praxis of eavesdropping constitutes a constant thread for the instability of the different tasks and missions. In this paper we employ the Bennet-Brassard commonly known as the BB84 protocol in conjunction to the technique of Cognitive Radio applied to the Internet of Space Things to build a prospective technology to guarantee the communications among geocentric orbital satellites. The simulations have yielded that for a constellation of 5 satellites, the probability of successful of completion the communication might be of order of 75% ±5%.
Adhikari, M., Panda, P. K., Chattopadhyay, S., Majumdar, S..  2020.  A Novel Group-Based Authentication and Key Agreement Protocol for IoT Enabled LTE/LTE–A Network. 2020 International Conference on Wireless Communications Signal Processing and Networking (WiSPNET). :168—172.

This paper deals with novel group-based Authentication and Key Agreement protocol for Internet of Things(IoT) enabled LTE/LTE-A network to overcome the problems of computational overhead, complexity and problem of heterogeneous devices, where other existing methods are lagging behind in attaining security requirements and computational overhead. In this work, two Groups are created among Machine Type Communication Devices (MTCDs) on the basis of device type to reduce complexity and problems of heterogeneous devices. This paper fulfills all the security requirements such as preservation, mutual authentication, confidentiality. Bio-metric authentication has been used to enhance security level of the network. The security and performance analysis have been verified through simulation results. Moreover, the performance of the proposed Novel Group-Based Authentication and key Agreement(AKA) Protocol is analyzed with other existing IoT enabled LTE/LTE-A protocol.

Seymen, B., Altop, D. K., Levi, A..  2020.  Augmented Randomness for Secure Key Agreement using Physiological Signals. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

With the help of technological advancements in the last decade, it has become much easier to extensively and remotely observe medical conditions of the patients through wearable biosensors that act as connected nodes on Body Area Networks (BANs). Sensitive nature of the critical data captured and communicated via wireless medium makes it extremely important to process it as securely as possible. In this regard, lightweight security mechanisms are needed to overcome the hardware resource restrictions of biosensors. Random and secure cryptographic key generation and agreement among the biosensors take place at the core of these security mechanisms. In this paper, we propose the SKA-PSAR (Augmented Randomness for Secure Key Agreement using Physiological Signals) system to produce highly random cryptographic keys for the biosensors to secure communication in BANs. Similar to its predecessor SKA-PS protocol by Karaoglan Altop et al., SKA-PSAR also employs physiological signals, such as heart rate and blood pressure, as inputs for the keys and utilizes the set reconciliation mechanism as basic building block. Novel quantization and binarization methods of the proposed SKA-PSAR system distinguish it from SKA-PS by increasing the randomness of the generated keys. Additionally, SKA-PSAR generated cryptographic keys have distinctive and time variant characteristics as well as long enough bit sizes that provides resistance against cryptographic attacks. Moreover, correct key generation rate is above 98% with respect to most of the system parameters, and false key generation rate of 0% have been obtained for all system parameters.

Xiao, Y., Zhang, N., Lou, W., Hou, Y. T..  2020.  Modeling the Impact of Network Connectivity on Consensus Security of Proof-of-Work Blockchain. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1648—1657.

Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Tikhomirov, S., Moreno-Sanchez, P., Maffei, M..  2020.  A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :387—396.

Payment channel networks have been introduced to mitigate the scalability issues inherent to permissionless decentralized cryptocurrencies such as Bitcoin. Launched in 2018, the Lightning Network (LN) has been gaining popularity and consists today of more than 5000 nodes and 35000 payment channels that jointly hold 965 bitcoins (9.2M USD as of June 2020). This adoption has motivated research from both academia and industryPayment channels suffer from security vulnerabilities, such as the wormhole attack [39], anonymity issues [38], and scalability limitations related to the upper bound on the number of concurrent payments per channel [28], which have been pointed out by the scientific community but never quantitatively analyzedIn this work, we first analyze the proneness of the LN to the wormhole attack and attacks against anonymity. We observe that an adversary needs to control only 2% of nodes to learn sensitive payment information (e.g., sender, receiver, and amount) or to carry out the wormhole attack. Second, we study the management of concurrent payments in the LN and quantify its negative effect on scalability. We observe that for micropayments, the forwarding capability of up to 50% of channels is restricted to a value smaller than the channel capacity. This phenomenon hinders scalability and opens the door for denial-of-service attacks: we estimate that a network-wide DoS attack costs within 1.6M USD, while isolating the biggest community costs only 238k USDOur findings should prompt the LN community to consider the issues studied in this work when educating users about path selection algorithms, as well as to adopt multi-hop payment protocols that provide stronger security, privacy and scalability guarantees.

Ramesh, K., Kumar, B. A., Renjith, P. N..  2020.  Treats based Revisiting Defences Against Password Guessing Attacks and Phishing Data Over Different Online Records. 2020 International Conference on Inventive Computation Technologies (ICICT). :824—827.

Password Guessing Attacks, for instance, Brute Force and word reference ambushes on online records are directly wide spread. Guarding the ambushes and giving the accommodating login the genuine customers together is a problematic endeavour. The present structures are lacking to give both the security and solace together. Phishing is a digital assault that targets credulous online clients fooling into uncovering delicate data, for example, username, secret key, standardized savings number or charge card number and so forth. Assailants fool the Internet clients by concealing site page as a dependable or real page to recover individual data. Password Guessing Attacks Resistance Protocol (PGARP) limits the full-scale number of logins attempts from darken remote hosts to as low as a single undertaking for each username, genuine customers all around (e.g., when tries are created utilizing known, occasionally used machines) can make a couple failed login tries before being tried with an ATT. A specific most distant point will be made to oblige the number of failed attempts with the ATT in order to keep the attacks. After the failed login attempt with ATT limit accomplished, an admonition will be sent to the customer concerning the failed login tries have accomplished the best measurement. This admonition will caution the customer and the customer will be urged to change the mystery expression and security question.

Krohmer, D., Schotten, H. D..  2020.  Decentralized Identifier Distribution for Moving Target Defense and Beyond. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.

Zhang, Z., Li, N., Xia, S., Tao, X..  2020.  Fast Cross Layer Authentication Scheme for Dynamic Wireless Network. 2020 IEEE Wireless Communications and Networking Conference (WCNC). :1—6.
Current physical layer authentication (PLA) mechanisms are mostly designed for static communications, and the accuracy degrades significantly when used in dynamic scenarios, where the network environments and wireless channels change frequently. To improve the authentication performance, it is necessary to update the hypothesis test models and parameters in time, which however brings high computational complexity and authentication delay. In this paper, we propose a lightweight cross-layer authentication scheme for dynamic communication scenarios. We use multiple characteristics based PLA to guarantee the reliability and accuracy of authentication, and propose an upper layer assisted method to ensure the performance stability. Specifically, upper layer authentication (ULA) helps to update the PLA models and parameters. By properly choosing the period of triggering ULA, a balance between complexity and performance can be easily obtained. Simulation results show that our scheme can achieve pretty good authentication performance with reduced complexity.
Karthikeyan, S. Paramasivam, El-Razouk, H..  2020.  Horizontal Correlation Analysis of Elliptic Curve Diffie Hellman. 2020 3rd International Conference on Information and Computer Technologies (ICICT). :511–519.
The world is facing a new revolutionary technology transition, Internet of things (IoT). IoT systems requires secure connectivity of distributed entities, including in-field sensors. For such external devices, Side Channel Analysis poses a potential threat as it does not require complete knowledge about the crypto algorithm. In this work, we perform Horizontal Correlation Power Analysis (HCPA) which is a type of Side Channel Analysis (SCA) over the Elliptic Curve Diffie Hellman (ECDH) key exchange protocol. ChipWhisperer (CW) by NewAE Technologies is an open source toolchain which is utilized to perform the HCPA by using CW toolchain. To best of our knowledge, this is the first attempt to implemented ECDH on Artix-7 FPGA for HCPA. We compare our correlation results with the results from AES -128 bits provided by CW. Our point of attack is the Double and Add algorithm which is used to perform Scalar multiplication in ECC. We obtain a maximum correlation of 7% for the key guess using the HCPA. We also discuss about the possible cause for lower correlation and few potentials ways to improve it. In Addition to HCPA we also perform Simple Power Analysis (SPA) (visual) for ECDH, to guess the trailing zeros in the 128-bit secret key for different power traces.
Maldonado-Ruiz, D., Torres, J., Madhoun, N. El.  2020.  3BI-ECC: a Decentralized Identity Framework Based on Blockchain Technology and Elliptic Curve Cryptography. 2020 2nd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS). :45–46.

Most of the authentication protocols assume the existence of a Trusted Third Party (TTP) in the form of a Certificate Authority or as an authentication server. The main objective of this research is to present an autonomous solution where users could store their credentials, without depending on TTPs. For this, the use of an autonomous network is imperative, where users could use their uniqueness in order to identify themselves. We propose the framework “Three Blockchains Identity Management with Elliptic Curve Cryptography (3BI-ECC)”. Our proposed framework is a decentralize identity management system where users' identities are self-generated.

Reshma, S., Shaila, K., Venugopal, K. R..  2020.  DEAVD - Data Encryption and Aggregation using Voronoi Diagram for Wireless Sensor Networks. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :635–638.
Wireless Sensor Networks (WSNs) are applied in environmental monitoring, military surveillance, etc., whereas these applications focuses on providing security for sensed data and the nodes are available for a long time. Hence, we propose DEAVD protocol for secure data exchange with limited usage of energy. The DEAVD protocol compresses data to reduces the energy consumption and implements an energy efficient encryption and decryption technique using voronoi diagram paradigm. Thus, there is an improvement in the proposed protocol with respect to security due to the concept adapted during data encryption and aggregation.
Fauzan, A., Sukarno, P., Wardana, A. A..  2020.  Overhead Analysis of the Use of Digital Signature in MQTT Protocol for Constrained Device in the Internet of Things System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :415–420.
This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.
Srivastava, V., Pathak, R. K., Kumar, A., Prakash, S..  2020.  Using a Blend of Brassard and Benett 84 Elliptic Curve Digital Signature for Secure Cloud Data Communication. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :738–743.

The exchange of data has expanded utilizing the web nowadays, but it is not dependable because, during communication on the cloud, any malicious client can alter or steal the information or misuse it. To provide security to the data during transmission is becoming hot research and quite challenging topic. In this work, our proposed algorithm enhances the security of the keys by increasing its complexity, so that it can't be guessed, breached or stolen by the third party and hence by this, the data will be concealed while sending between the users. The proposed algorithm also provides more security and authentication to the users during cloud communication, as compared to the previously existing algorithm.

Noel, M. D., Waziri, O. V., Abdulhamid, M. S., Ojeniyi, A. J., Okoro, M. U..  2020.  Comparative Analysis of Classical and Post-quantum Digital Signature Algorithms used in Bitcoin Transactions. 2020 2nd International Conference on Computer and Information Sciences (ICCIS). :1–6.

The use of public key cryptosystems ranges from securely encrypting bitcoin transactions and creating digital signatures for non-repudiation. The cryptographic systems security of public key depends on the complexity in solving mathematical problems. Quantum computers pose a threat to the current day algorithms used. This research presents analysis of two Hash-based Signature Schemes (MSS and W-OTS) and provides a comparative analysis of them. The comparisons are based on their efficiency as regards to their key generation, signature generation and verification time. These algorithms are compared with two classical algorithms (RSA and ECDSA) used in bitcoin transaction security. The results as shown in table II indicates that RSA key generation takes 0.2012s, signature generation takes 0.0778s and signature verification is 0.0040s. ECDSA key generation is 0.1378s, signature generation takes 0.0187s, and verification time for the signature is 0.0164s. The W-OTS key generation is 0.002s. To generate a signature in W-OTS, it takes 0.001s and verification time for the signature is 0.0002s. Lastly MSS Key generation, signature generation and verification has high values which are 16.290s, 17.474s, and 13.494s respectively. Based on the results, W-OTS is recommended for bitcoin transaction security because of its efficiency and ability to resist quantum computer attacks on the bitcoin network.

Nweke, L. O., Weldehawaryat, G. Kahsay, Wolthusen, S. D..  2020.  Adversary Model for Attacks Against IEC 61850 Real-Time Communication Protocols. 2020 16th International Conference on the Design of Reliable Communication Networks DRCN 2020. :1—8.

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.

Beemer, A., Graves, E., Kliewer, J., Kosut, O., Yu, P..  2020.  Authentication with Mildly Myopic Adversaries. 2020 IEEE International Symposium on Information Theory (ISIT). :984—989.

In unsecured communications settings, ascertaining the trustworthiness of received information, called authentication, is paramount. We consider keyless authentication over an arbitrarily-varying channel, where channel states are chosen by a malicious adversary with access to noisy versions of transmitted sequences. We have shown previously that a channel condition termed U-overwritability is a sufficient condition for zero authentication capacity over such a channel, and also that with a deterministic encoder, a sufficiently clear-eyed adversary is essentially omniscient. In this paper, we show that even if the authentication capacity with a deterministic encoder and an essentially omniscient adversary is zero, allowing a stochastic encoder can result in a positive authentication capacity. Furthermore, the authentication capacity with a stochastic encoder can be equal to the no-adversary capacity of the underlying channel in this case. We illustrate this for a binary channel model, which provides insight into the more general case.

Marasco, E. O., Quaglia, F..  2020.  AuthentiCAN: a Protocol for Improved Security over CAN. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :533–538.
The continuous progress of electronic equipments has influenced car manufacturers, leading to the integration of the latest infotainment technologies and providing connection to external devices, such as mobile phones. Modern cars work with ECUs (Electronic Control Units) that handle user interactions and sensor data, by also sending information to actuators using simple, reliable and efficient networks with fast protocols, like CAN (Controller Area Network). This is the most used vehicular protocol, which allows interconnecting different ECUs, making them interact in a synergic manner. On the down side, there is a security risk related to the exposition of malicious ECU's frames-possibly generated by compromised devices-which can lead to the possibility to remote control all the car equipments (like brakes and others) by an attacker. We propose a solution to this problem, designing an authentication and encryption system above CAN, called AuthentiCAN. Our proposal is tailored for the evolution of CAN called CAN-FD, and avoids the possibility for an attacker to inject malicious frames that are not discarded by the destination ECUs. Also, we avoid the possibility for an attacker to learn the interactions that occur across ECUs, with the objective of maliciously replaying messages-which would lead the actuator's logic to be no longer compliant with the actual data sources. We also present a simulation study of our solution, where we provide an assessment of its overhead, e.g. in terms of reduction of the throughput of data-unit transfer over CAN-FD, caused by the added security features.