On the Security of Two RFID Mutual Authentication Protocols

In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO.

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

Improved Security Analysis of Fugue-256 (Poster)

We present some improved analytical results as part of the ongoing work on the analysis of Fugue-256 hash function, a second round candidate in the NIST’s SHA3 competition. First we improve Aumasson and Phans’ integral distinguisher on the 5.5 rounds of the final transformation of Fugue-256 to 16.5 rounds. Next we improve the designers’ meet-in-the-middle preimage attack on Fugue-256 from 2480 time and memory to 2416. Finally, we comment on possible methods to obtain free-start distinguishers and free-start collisions for Fugue-256.

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Security Analysis of salt||password Hashes

Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.

Safety envelope for security

We present an approach for detecting sensor spoofing attacks on a cyber-physical system. Our approach consists of two steps. In the first step, we construct a safety envelope of the system. Under nominal conditions (that is, when there are no attacks), the system always stays inside its safety envelope. In the second step, we build an attack detector: a monitor that executes synchronously with the system and raises an alarm whenever the system state falls outside the safety envelope. We synthesize safety envelopes using a modified machine learning procedure applied on data collected from the system when it is not under attack. We present experimental results that show effectiveness of our approach, and also validate the several novel features that we introduced in our learning procedure.

Information Security and Privacy : Proceedings of the 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004.

Preface The 9th Australasian Conference on Information Security and Privacy (ACISP 2004) was held in Sydney, 13–15 July, 2004. The conference was sponsored by the Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Information and Networked Security Systems Research (INSS), Macquarie University and the Australian Computer Society. The aims of the conference are to bring together researchers and practitioners working in areas of information security and privacy from universities, industry and government sectors. The conference program covered a range of aspects including cryptography, cryptanalysis, systems and network security. The program committee accepted 41 papers from 195 submissions. The reviewing process took six weeks and each paper was carefully evaluated by at least three members of the program committee. We appreciate the hard work of the members of the program committee and external referees who gave many hours of their valuable time. Of the accepted papers, there were nine from Korea, six from Australia, five each from Japan and the USA, three each from China and Singapore, two each from Canada and Switzerland, and one each from Belgium, France, Germany, Taiwan, The Netherlands and the UK. All the authors, whether or not their papers were accepted, made valued contributions to the conference. In addition to the contributed papers, Dr Arjen Lenstra gave an invited talk, entitled Likely and Unlikely Progress in Factoring. This year the program committee introduced the Best Student Paper Award. The winner of the prize for the Best Student Paper was Yan-Cheng Chang from Harvard University for his paper Single Database Private Information Retrieval with Logarithmic Communication. We would like to thank all the people involved in organizing this conference. In particular we would like to thank members of the organizing committee for their time and efforts, Andrina Brennan, Vijayakrishnan Pasupathinathan, Hartono Kurnio, Cecily Lenton, and members from ACAC and INSS.

Governing civil society: How literacy, education and security were brought together

This study questions how the categories of security, education and literacy were brought together as related elements of a whole-of-government strategy in the production of civil society. Drawing on an analysis of key political texts, the study argues that the categories of education and literacy have been used in diverse ways in the production of national, social, economic and geopolitical security interests. As dialogue about security has intensified, rationalisations about the national interest have engaged notions of security leading to the legitimation of a diverse set of policy instruments, strategically used to contain the rise of complex social forces and protect homogenous cultural values.

The security and privacy of usage policies and provenance logs in an Information Accountability Framework

The potential benefits of shared eHealth records systems are promising for the future of improved healthcare. However, the uptake of such systems is hindered by concerns over the security and privacy of patient information. The use of Information Accountability and so called Accountable-eHealth (AeH) systems has been proposed to balance the privacy concerns of patients with the information needs of healthcare professionals. However, a number of challenges remain before AeH systems can become a reality. Among these is the need to protect the information stored in the usage policies and provenance logs used by AeH systems to define appropriate use of information and hold users accountable for their actions. In this paper, we discuss the privacy and security issues surrounding these accountability mechanisms, define valid access to the information they contain, discuss solutions to protect them, and verify and model an implementation of the access requirements as part of an Information Accountability Framework.

The doomsday vault: Seed banks, food security, and climate change

"It could easily provide the back-drop for a James Bond movie. Deep inside a mountain near the North Pole, down a fortified tunnel, and behind airlocked doors in a vault frozen to -18 degrees Celsius, scientists are squirreling away millions of seed samples. The samples constitute the very foundation of agriculture, the biological diversity needed so the world's major food crops can adapt to the next pest or disease, or to climate change. It's little wonder that the Svalbard Global Seed Vault has captured the public's imagination more than almost any agricultural topic in recent years. Popular press reports about the ‘Doomsday Vault,’ however, typically mask the complexity of the endeavor and, if anything, underestimate its practical utility." Cary Fowler This chapter considers the use of seed banks to address concerns about intellectual property, climate change and food security. It has a number of themes. First of all, it is interested in the use of ‘Big Science’ projects to address pressing global scientific concerns and Millennium Development Goals. Second, it highlights the increasing use of banks as a means of managing both property and intellectual property across a wide range of fields of agriculture and biotechnology. Third, it considers the linkage of intellectual property, access to genetic resources and benefit sharing. There are a variety of positions in this debate. Some see requirements in respect of access to genetic resources and benefit sharing as an inconvenient burden for science and commerce. Others defend access to genetic resources and benefit sharing as meaningful and productive. Those inclined to somewhat more conspiratorial views suggest that access to genetic resources and benefit sharing are a ruse to facilitate biopiracy. This chapter has a number of components. Section I focuses upon the Consultative Group on International Agricultural Research (CGIAR) network – often raised as a model for Climate Innovation Centres. Section II considers the Svalbard Global Seed Vault – the so-called Doomsday Vault. After a consideration of the World Summit on Food Security in 2009, it is concluded in this chapter that any future international agreement on climate change needs to address intellectual property, plant genetic resources and food security.

Intellectual property and biofuels: The energy crisis, food security, and climate change

In light of larger public policy debates over intellectual property and climate change, this article considers patent practice, law, and policy in respect of biofuels. This debate has significant implications for public policy discussions in respect of energy independence, food security, and climate change. The first section of the paper provides a network analysis of patents in respect of biofuels across the three generations. It provides empirical research in respect of patent subject matter, ownership, and strategy in respect of biofuels. The second section provides a case study of significant patent litigation over biofuels. There is an examination of the biofuels patent litigation between the Danish company Novozymes, and Danisco and DuPont. The third section examines flexibilities in respect of patent law and clean technologies in the context of the case study of biofuels. In particular, it explores the debate over substantive doctrinal matters in respect of biofuels – such as patentable subject matter, technology transfer, patent pools, compulsory licensing, and disclosure requirements. The conclusion explores the relevance of the debate over patent law and biofuels to the larger public policy discussions over energy independence, food security, and climate change.

On food security and alternative food networks: Understanding and performing food security in the context of urban bias

This paper offers one explanation for the institutional basis of food insecurity in Australia, and argues that while alternative food networks and the food sovereignty movement perform a valuable function in building forms of social solidarity between urban consumers and rural producers, they currently make only a minor contribution to Australia’s food and nutrition security. The paper begins by identifying two key drivers of food security: household incomes (on the demand side) and nutrition-sensitive, ‘fair food’ agriculture (on the supply side). We focus on this second driver and argue that healthy populations require an agricultural sector that delivers dietary diversity via a fair and sustainable food system. In order to understand why nutrition-sensitive, fair food agriculture is not flourishing in Australia we introduce the development economics theory of urban bias. According to this theory, governments support capital intensive rather than labour intensive agriculture in order to deliver cheap food alongside the transfer of public revenues gained from rural agriculture to urban infrastructure, where the majority of the voting public resides. We chart the unfolding of the Urban Bias across the twentieth century and its consolidation through neo-liberal orthodoxy, and argue that agricultural policies do little to sustain, let alone revitalize, rural and regional Australia. We conclude that by observing food system dynamics through a re-spatialized lens, Urban Bias Theory is valuable in highlighting rural–urban socio-economic and political economy tensions, particularly regarding food system sustainability. It also sheds light on the cultural economy tensions for alternative food networks as they move beyond niche markets to simultaneously support urban food security and sustainable rural livelihoods.