Multi-ciphersuite security of the Secure Shell (SSH) protocol

The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way.

Cryptographic hash functions

Cryptographic hash functions are an important tool of cryptography and play a fundamental role in efficient and secure information processing. A hash function processes an arbitrary finite length input message to a fixed length output referred to as the hash value. As a security requirement, a hash value should not serve as an image for two distinct input messages and it should be difficult to find the input message from a given hash value. Secure hash functions serve data integrity, non-repudiation and authenticity of the source in conjunction with the digital signature schemes. Keyed hash functions, also called message authentication codes (MACs) serve data integrity and data origin authentication in the secret key setting. The building blocks of hash functions can be designed using block ciphers, modular arithmetic or from scratch. The design principles of the popular Merkle–Damgård construction are followed in almost all widely used standard hash functions such as MD5 and SHA-1.

On secure outsourcing of cryptographic computations to cloud

For the past few years, research works on the topic of secure outsourcing of cryptographic computations has drawn significant attention from academics in security and cryptology disciplines as well as information security practitioners. One main reason for this interest is their application for resource constrained devices such as RFID tags. While there has been significant progress in this domain since Hohenberger and Lysyanskaya have provided formal security notions for secure computation delegation, there are some interesting challenges that need to be solved that can be useful towards a wider deployment of cryptographic protocols that enable secure outsourcing of cryptographic computations. This position paper brings out these challenging problems with RFID technology as the use case together with our ideas, where applicable, that can provide a direction towards solving the problems.

Real-time and interactive attacks on DNP3 critical infrastructure using Scapy

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.

On the Security of Two RFID Mutual Authentication Protocols

In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.

EPC: a provably secure permutation based compression function

The security of permutation-based hash functions in the ideal permutation model has been studied when the input-length of compression function is larger than the input-length of the permutation function. In this paper, we consider permutation based compression functions that have input lengths shorter than that of the permutation. Under this assumption, we propose a permutation based compression function and prove its security with respect to collision and (second) preimage attacks in the ideal permutation model. The proposed compression function can be seen as a generalization of the compression function of MD6 hash function.

Bi-modal biometric authentication on mobile phones in challenging conditions

This paper examines the issue of face, speaker and bi-modal authentication in mobile environments when there is significant condition mismatch. We introduce this mismatch by enrolling client models on high quality biometric samples obtained on a laptop computer and authenticating them on lower quality biometric samples acquired with a mobile phone. To perform these experiments we develop three novel authentication protocols for the large publicly available MOBIO database. We evaluate state-of-the-art face, speaker and bi-modal authentication techniques and show that inter-session variability modelling using Gaussian mixture models provides a consistently robust system for face, speaker and bi-modal authentication. It is also shown that multi-algorithm fusion provides a consistent performance improvement for face, speaker and bi-modal authentication. Using this bi-modal multi-algorithm system we derive a state-of-the-art authentication system that obtains a half total error rate of 6.3% and 1.9% for Female and Male trials, respectively.

A survey: Error control methods used in bio-cryptography

Integration of biometrics is considered as an attractive solution for the issues associated with password based human authentication as well as for secure storage and release of cryptographic keys which is one of the critical issues associated with modern cryptography. However, the widespread popularity of bio-cryptographic solutions are somewhat restricted by the fuzziness associated with biometric measurements. Therefore, error control mechanisms must be adopted to make sure that fuzziness of biometric inputs can be sufficiently countered. In this paper, we have outlined such existing techniques used in bio-cryptography while explaining how they are deployed in different types of solutions. Finally, we have elaborated on the important facts to be considered when choosing appropriate error correction mechanisms for a particular biometric based solution.

Impact of Mobility Constraints on Epidemic Broadcast in DTNs

In this paper, we investigate the effect of mobility constraints on epidemic broad-cast mechanisms in DTNs (Delay-Tolerant Networks). Major factors affecting epidemic broadcast performances are its forwarding algorithm and node mobility. The impact of forwarding algorithm and node mobility on epidemic broadcast mechanisms has been actively studied in the literature, but those studies use generally unconstrained mobility models. The objective of this paper is therefore to quantitatively investigate the effect of mobility constraints on epidemic broadcast mechanisms. We evaluate the performances of P-BCAST (PUSH-based BroadCast), SA-BCAST (Self-Adaptive BroadCast), and HP-BCAST (History-based P-BCAST) with a random waypoint mobility model with mobility constraints.

Impact of mobility constraints on epidemic broadcast mechanisms in delay-tolerant networks

In this paper, we investigate the effect of mobility constraints on epidemic broadcast mechanisms in DTNs (Delay-Tolerant Networks). Major factors affecting epidemic broadcast performances are its forwarding algorithm and node mobility. The impact of forwarding algorithm and node mobility on epidemic broadcast mechanisms has been actively studied in the literature, but those studies generally use unconstrained mobility models. The objective of this paper is therefore to quantitatively investigate the effect of mobility constraints on epidemic broadcast mechanisms. We evaluate the performances of three classes of epidemic broadcast mechanisms - P-BCAST (PUSH-based BroadCast), SA-BCAST (Self-Adaptive BroadCast), and HP-BCAST (History-based P-BCAST) - with a random waypoint mobility model with mobility constraints. Our finding includes that the existence of mobility constraints significantly improves the reach ability and dissemination speed of epidemic broadcast mechanisms while degrading their efficiency.

Prevalence of diet related risk factors for chronic disease in male prisoners in a high secure prison

BACKGROUND/OBJECTIVES Research on prisoners is limited and demonstrates a group with disproportionate numbers from disadvantaged backgrounds, known to have a high burden of disease, much of which is diet related. The aim of this study was to gauge the presence of markers of chronic disease, as a basis for food and nutrition policy in prisons. METHODS/SUBJECTS A cross-sectional study design was used with a convenience sample of prisoners in a male 945 bed high secure facility. Face to face interviews with physical measures of height, weight, body fat, waist circumference and blood pressure were collected along with fasting bloods. Data was confirmed with facility records, observations and staff interviews. Full ethics approval was obtained. Results were compared with studies of Australian prisoners and the general population. RESULTS The mean age was 35.5 years (n=120). Prevalence rates were: obesity 14%, diabetes 5%, hypertension 26.7% and smoking 55.8%. Self-report of daily physical activity was 84%, with 51% participating ≥two times daily. Standard food provision was consistent with dietary recommendations, except sodium was high. Where fasting bloods were obtained (n=78) dyslipidaemia was 56.4% with the Metabolic Syndrome present in 26%. CONCLUSIONS Prevalence of diabetes and heart disease risk appear similar to the general population, however obesity was lower and smoking higher. The data provides evidence that markers of chronic disease are present, with this the first study to describe the Metabolic Syndrome in prisoners. Food and nutrition policy in this setting is complex and should address the duty of care issues that exist.

2nd International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

A cluster-voting approach for speaker diarization and linking of Australian broadcast news recordings

We present a clustering-only approach to the problem of speaker diarization to eliminate the need for the commonly employed and computationally expensive Viterbi segmentation and realignment stage. We use multiple linear segmentations of a recording and carry out complete-linkage clustering within each segmentation scenario to obtain a set of clustering decisions for each case. We then collect all clustering decisions, across all cases, to compute a pairwise vote between the segments and conduct complete-linkage clustering to cluster them at a resolution equal to the minimum segment length used in the linear segmentations. We use our proposed cluster-voting approach to carry out speaker diarization and linking across the SAIVT-BNEWS corpus of Australian broadcast news data. We compare our technique to an equivalent baseline system with Viterbi realignment and show that our approach can outperform the baseline technique with respect to the diarization error rate (DER) and attribution error rate (AER).

Modelling ciphersuite and version negotiation in the TLS protocol

Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously support different versions. Recent advances in provable security have shown that most modern TLS ciphersuites are secure authenticated and confidential channel establishment (ACCE) protocols, but these analyses generally focus on single ciphersuites in isolation. In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation of the optimal sub-protocol. We give a generic theorem that shows how secure negotiation follows, with some additional conditions, from the authentication property of secure ACCE protocols. Using this framework, we analyse the security of ciphersuite and three variants of version negotiation in TLS, including a recently proposed mechanism for detecting fallback attacks.