The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full h...The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.展开更多
Trusted computing(TC)is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip(TPM/TCM),which is widely accepted by both the industrial and academic world.This paper a...Trusted computing(TC)is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip(TPM/TCM),which is widely accepted by both the industrial and academic world.This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work.In theory,we focus on protocol design and security analysis.We have proposed the first ECDAA protocol scheme based on q-SDH assumption,which highlights a new way to design direct anonymous attestation scheme.In technical evolution,we discuss the key technologies of trust chain,trusted network connection and TC testing and evaluation.We break through several key technologies such as trusted boot,OS measurement and remote attestation,and implement a TC system from TPM/TCM to network.We also design and implement a testing and evaluation system of TC platform,which is the first one put into practical application in China.Finally,with the rapid development of cloud computing and mobile applications,TC is moving toward some new directions,such as the trust in cloud and mobile environments,new TPM standard,and flexible trust execution environment trust establishment method.展开更多
The trusted platform module(TPM),a system component implemented on physical resources,is designed to enable computers to achieve a higher level of security than the security level that it is possible to achieve by sof...The trusted platform module(TPM),a system component implemented on physical resources,is designed to enable computers to achieve a higher level of security than the security level that it is possible to achieve by software alone.For this reason,the TPM provides a way to store cryptographic keys and other sensitive data in its memory,which is shielded from access by any entity other than the TPM.Users who want to use those keys and data to achieve some security goals are restricted to interact with the TPM through its APIs defined in the TPM specification.Therefore,whether the TPM can provide Protected Capabilities it claimed depends to a large extent on the security of its APIs.In this paper,we devise a formal model,which is accessible to a fully mechanized analysis,for the key management APIs in the TPM2.0 specification.We identify and formalize security properties of these APIs in our model and then successfully use the automated prover Tamarin to obtain the first mechanized analysis of them.The analysis shows that the key management subset of TPM APIs preserves the secrecy of non-duplicable keys for unbounded numbers of fresh keys and handles.The analysis also reports that the key duplication mechanism,used to duplicate a key between two hierarchies,is vulnerable to impersonation attacks,which enable an adversary to recover the duplicated key of the originating hierarchy or import his own key into the destination hierarchy.Aiming at avoiding these vulnerabilities,we proposean approach,which restricts the originating and destination TPMs to authenticate each other’s identity during duplication.Then we formally demonstrate that our approach maintains the secrecy of duplicable keys when they are duplicated.展开更多
In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software ...In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software platforms. In this paper, we mainly present zero-correlation linear cryptanalysis on various versions of SIMON. Firstly, by using miss- in-the-middle approach, we construct zero-correlation linear distinguishers of SIMON, and zero-correlation linear attacks are presented based oi1 careful analysis of key recovery phase. Secondly, multidimensional zero-correlation linear attacks are used to reduce the data complexity. Our zero-correlation linear attacks perform better than impossible differential attacks proposed by Abed et al. in ePrint Report 2013/568. Finally, we also use the divide-and-conquer technique to improve the results of linear cryptanalysis proposed by Javad et al. in ePrint Report 2013/663.展开更多
Cube attacks, proposed by Dinur and Shamir at EUROCRYPT 2009, have shown huge power against stream ciphers. In the original cube attacks, a linear system of secret key bits is exploited for key recovery attacks. Howev...Cube attacks, proposed by Dinur and Shamir at EUROCRYPT 2009, have shown huge power against stream ciphers. In the original cube attacks, a linear system of secret key bits is exploited for key recovery attacks. However, we find a number of equations claimed linear in previous literature actually nonlinear and not fit into the theoretical framework of cube attacks. Moreover, cube attacks are hard to apply if linear equations are rare. Therefore, it is of significance to make use of probabilistic linear equations, namely nonlinear superpolys that can be approximated by linear expressions effectively. In this paper, we suggest a way to test out and utilize these probabilistic linear equations, thus extending cube attacks to a wider scope. Concretely, we employ the standard parameter estimation approach and the sequential probability ratio test (SPRT) for linearity test in the preprocessing phase, and use maximum likelihood decoding (MLD) for solving the probabilistic linear equations in the online phase. As an application, we exhibit our new attack against 672 rounds of Trivium and reduce the number of key bits to search by 7.展开更多
基金supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003the National Natural Science Foundation of China (NSFC) under Grants U1536205, 61170279 and 61572485
文摘The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.
基金supported by the National BasicResearch Program of China(2013CB338003)the National Natural Science Foundation of China(91118006 and 61202414)
文摘Trusted computing(TC)is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip(TPM/TCM),which is widely accepted by both the industrial and academic world.This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work.In theory,we focus on protocol design and security analysis.We have proposed the first ECDAA protocol scheme based on q-SDH assumption,which highlights a new way to design direct anonymous attestation scheme.In technical evolution,we discuss the key technologies of trust chain,trusted network connection and TC testing and evaluation.We break through several key technologies such as trusted boot,OS measurement and remote attestation,and implement a TC system from TPM/TCM to network.We also design and implement a testing and evaluation system of TC platform,which is the first one put into practical application in China.Finally,with the rapid development of cloud computing and mobile applications,TC is moving toward some new directions,such as the trust in cloud and mobile environments,new TPM standard,and flexible trust execution environment trust establishment method.
基金supported by the National Natural Science Foundation of China(91118006 and 61202414)the National Basic Research Program of China(2013CB338003)
文摘The trusted platform module(TPM),a system component implemented on physical resources,is designed to enable computers to achieve a higher level of security than the security level that it is possible to achieve by software alone.For this reason,the TPM provides a way to store cryptographic keys and other sensitive data in its memory,which is shielded from access by any entity other than the TPM.Users who want to use those keys and data to achieve some security goals are restricted to interact with the TPM through its APIs defined in the TPM specification.Therefore,whether the TPM can provide Protected Capabilities it claimed depends to a large extent on the security of its APIs.In this paper,we devise a formal model,which is accessible to a fully mechanized analysis,for the key management APIs in the TPM2.0 specification.We identify and formalize security properties of these APIs in our model and then successfully use the automated prover Tamarin to obtain the first mechanized analysis of them.The analysis shows that the key management subset of TPM APIs preserves the secrecy of non-duplicable keys for unbounded numbers of fresh keys and handles.The analysis also reports that the key duplication mechanism,used to duplicate a key between two hierarchies,is vulnerable to impersonation attacks,which enable an adversary to recover the duplicated key of the originating hierarchy or import his own key into the destination hierarchy.Aiming at avoiding these vulnerabilities,we proposean approach,which restricts the originating and destination TPMs to authenticate each other’s identity during duplication.Then we formally demonstrate that our approach maintains the secrecy of duplicable keys when they are duplicated.
基金This work was supported by the National Basic Research 973 Program of China under Grant No. 2013CB338002 and the National Natural Science Foundation of China under Grant Nos. 61272476, 61202420, and 61232009.
文摘In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software platforms. In this paper, we mainly present zero-correlation linear cryptanalysis on various versions of SIMON. Firstly, by using miss- in-the-middle approach, we construct zero-correlation linear distinguishers of SIMON, and zero-correlation linear attacks are presented based oi1 careful analysis of key recovery phase. Secondly, multidimensional zero-correlation linear attacks are used to reduce the data complexity. Our zero-correlation linear attacks perform better than impossible differential attacks proposed by Abed et al. in ePrint Report 2013/568. Finally, we also use the divide-and-conquer technique to improve the results of linear cryptanalysis proposed by Javad et al. in ePrint Report 2013/663.
文摘在第二十一个世纪,网络和信息安全为到打战争的一种新生活方式和一条新途径正在成为电子空间的批评基础。从国家策略的观点,关于 Snowden 和国家安全机构棱柱的丑闻证明了所有联网因特网行为在在在信息技术(信息技术) 主导的那些国家边的全球世界上的监视下面的信息,通讯信息,和个人。在 2011, USA 为电子空间释放了国际策略[1 ] ,它在全球电子安全表达一个新趋势,与从防卫改变到冒犯的 US 电子安全策略。相应于这个趋势,在 USA 的军队网络战争营发射了巨大的砍的最近的年里,反对我们的公民的攻击和利用联网基础结构。他们试图严重损坏另外的国家造破坏电子武器边的批评基础结构并且……
文摘Cube attacks, proposed by Dinur and Shamir at EUROCRYPT 2009, have shown huge power against stream ciphers. In the original cube attacks, a linear system of secret key bits is exploited for key recovery attacks. However, we find a number of equations claimed linear in previous literature actually nonlinear and not fit into the theoretical framework of cube attacks. Moreover, cube attacks are hard to apply if linear equations are rare. Therefore, it is of significance to make use of probabilistic linear equations, namely nonlinear superpolys that can be approximated by linear expressions effectively. In this paper, we suggest a way to test out and utilize these probabilistic linear equations, thus extending cube attacks to a wider scope. Concretely, we employ the standard parameter estimation approach and the sequential probability ratio test (SPRT) for linearity test in the preprocessing phase, and use maximum likelihood decoding (MLD) for solving the probabilistic linear equations in the online phase. As an application, we exhibit our new attack against 672 rounds of Trivium and reduce the number of key bits to search by 7.
