Hidden Protocol Strengthening with Random Sentences as Cryptographic Nonces

The use of cryptographic nonces is a popular technique to strengthen security protocols, in particular to make them resistant to replay attacks. In this paper, we investigate the use of computer-generated random sentences as cryptographic nonces. We introduce and describe a trainable Markovian sentence-generator that can utilize OSMNs (Online Social media Networks) text messages (e.g Facebook messages or Twitter feeds) and well-established news websites as random sentence nonces. This can be used in order to strengthen arbitrary cryptographic protocols in such a way that the use of the nonces remains hidden. This is particularly convenient for a class of recently designed multi-channel steganographic protocols.

[1]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[2]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[3]  Xin Shuai,et al.  Loose tweets: an analysis of privacy leaks on twitter , 2011, WPES.

[4]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[5]  Martin J. Tunnicliffe,et al.  Ensuring Message Freshness in A Multi-Channel SMS Steganographic Banking Protocol , 2018, 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security).

[6]  Tri Van Le Efficient Provably Secure Public Key Steganography , 2003, IACR Cryptol. ePrint Arch..

[7]  Sarah Michele Ford,et al.  RECONCEPTUALIZING THE PUBLIC/PRIVATE DISTINCTION IN THE AGE OF INFORMATION TECHNOLOGY , 2011 .

[8]  COMMENT ON SARAH FORD'S ‘RECONCEPTUALIZATION OF PRIVACY AND PUBLICITY’ , 2012 .

[9]  Ramón Cáceres,et al.  Vis-à-Vis: Privacy-preserving online social networking via Virtual Individual Servers , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[10]  John Langford,et al.  Provably Secure Steganography , 2009, IEEE Trans. Computers.

[11]  Amar Kumar Mohapatra,et al.  Digital Image Authentication Model Based on Edge Adaptive Steganography , 2013, 2013 2nd International Conference on Advanced Computing, Networking and Security.

[12]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[13]  Dieter Gollmann,et al.  Freshness Assurance of Authentication Protocols , 1992, ESORICS.

[14]  B. Clifford Neuman,et al.  A note on the use of timestamps as nonces , 1993, OPSR.

[15]  Obscurity by Design : An Approach to Building Privacy into Social Media , 2011 .

[16]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[17]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[18]  Niels Provos,et al.  Detecting Steganographic Content on the Internet , 2002, NDSS.

[19]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[20]  Martin J. Tunnicliffe,et al.  A multi-channel steganographic protocol for secure SMS mobile banking , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[21]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[22]  Markulf Kohlweiss,et al.  Scramble! Your Social Network Data , 2011, PETS.

[23]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[24]  Jürgen Schönwälder,et al.  A nonce-based protocol for multiple authentications , 1992, OPSR.

[25]  Emiliano De Cristofaro,et al.  EphPub: Toward robust Ephemeral Publishing , 2010, 2011 19th IEEE International Conference on Network Protocols.

[26]  Rong Zhao,et al.  A practical verifiable multi-secret sharing scheme , 2007, Comput. Stand. Interfaces.

[27]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[28]  Stefan Katzenbeisser,et al.  Defining security in steganographic systems , 2002, IS&T/SPIE Electronic Imaging.

[29]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[30]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[31]  Srdjan Capkun,et al.  For some eyes only: protecting online information sharing , 2013, CODASPY.

[32]  Mauro Conti,et al.  Virtual private social networks , 2011, CODASPY '11.

[33]  Claudio Soriente,et al.  Hummingbird: Privacy at the Time of Twitter , 2012, 2012 IEEE Symposium on Security and Privacy.

[34]  Kris Gaj,et al.  Using Facebook for Image Steganography , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[35]  Nicholas Hopper,et al.  Public-Key Steganography , 2003, EUROCRYPT.

[36]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[37]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[38]  Michael Backes,et al.  A Security API for Distributed Social Networks , 2011, NDSS.

[39]  余万涛 Secure communication method, apparatus, and system , 2016 .