Information Systems Security

In network-based broadcast time synchronization, an important security goal is integrity protection linked with source authentication. One technique frequently used to achieve this goal is to secure the communication by means of the TESLA protocol or one of its variants. This paper presents an attack vector usable for time synchronization protocols that protect their broadcast or multicast messages in this manner. The underlying vulnerability results from interactions between timing and security that occur specifically for such protocols. We propose possible countermeasures and evaluate their respective advantages. Furthermore, we discuss our use of the UPPAAL model checker for security analysis and quantification with regard to the attack and countermeasures described, and report on the results obtained. Lastly, we review the susceptibility of three existing cryptographically protected time synchronization protocols to the attack vector discovered.

[1]  Joseph K. Liu,et al.  Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract , 2007, ASIACCS '07.

[2]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[3]  Fagen Li,et al.  An Improved Certificateless Signature Scheme Secure in the Standard Model , 2008, Fundam. Informaticae.

[4]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[5]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[6]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[7]  David Lubicz,et al.  Attribute-Based Broadcast Encryption Scheme Made Efficient , 2008, AFRICACRYPT.

[8]  Sergey Brin,et al.  Reprint of: The anatomy of a large-scale hypertextual web search engine , 2012, Comput. Networks.

[9]  Da Li,et al.  Certificateless Signature Scheme without Random Oracles , 2009, ISA.

[10]  Alex Bavelas,et al.  Communication Patterns in Task‐Oriented Groups , 1950 .

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[13]  Qi Xia,et al.  Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles , 2010 .

[14]  Chih-Sheng Hsieh,et al.  How central are clients in sexual networks created by commercial sex? , 2014, Scientific Reports.

[15]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[16]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[17]  Lada A. Adamic,et al.  Power-Law Distribution of the World Wide Web , 2000, Science.

[18]  Stanley Wasserman,et al.  Social Network Analysis: Methods and Applications , 1994, Structural analysis in the social sciences.

[19]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[20]  Xinyi Huang,et al.  Efficient and Short Certificateless Signature , 2008, CANS.

[21]  Massimo Franceschet,et al.  PageRank , 2010, Commun. ACM.

[22]  David Naccache,et al.  Secure and Practical Identity-based Encryption , 2005 .

[23]  Yi Mu,et al.  Certificateless Signatures: New Schemes and Security Models , 2012, Comput. J..

[24]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[25]  Albert-László Barabási,et al.  Statistical mechanics of complex networks , 2001, ArXiv.

[26]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[27]  Lev Muchnik,et al.  Identifying influential spreaders in complex networks , 2010, 1001.5285.

[28]  Yi Mu,et al.  Improved certificateless signature scheme provably secure in the standard model , 2012, IET Inf. Secur..

[29]  S. Strogatz Exploring complex networks , 2001, Nature.

[30]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[31]  Sudarshan Iyengar,et al.  Privacy Preserving Network Analysis of Distributed Social Networks , 2016, ICISS.

[32]  Sanjit Chatterjee,et al.  Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model , 2005, ICISC.

[33]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[34]  Dong Hoon Lee,et al.  Efficient Certificateless Signature Schemes , 2007, ACNS.

[35]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[36]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[37]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[38]  Tatsuaki Okamoto,et al.  Fully Secure Unbounded Inner-Product and Attribute-Based Encryption , 2012, ASIACRYPT.

[39]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[40]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[41]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[42]  S. N. Dorogovtsev,et al.  Evolution of networks , 2001, cond-mat/0106144.

[43]  David Pointcheval,et al.  Multi-channel broadcast encryption , 2013, ASIA CCS '13.

[44]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .