Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Slides:



Advertisements
Similar presentations
SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
Advertisements

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.1: NetBill.
Net Security1 Chapter 8 Network Management Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew Yang.
Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment:
CSC 774 Advanced Network Security
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Advanced Security Constructions and Key Management Class 16.
CSC 774 Advanced Network Security
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science 1 CSC 774 Advanced Network Security Dr. Peng Ning
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Security Introduction Class February Overview  Security Properties  Security Primitives  Sample Protocols.
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Mangai Vetrivelan Snigdha Joshi Avani Atre. Sensor Network Vulnerabilities o Unshielded Sensor Network Nodes vulnerable to be compromised. o Attacks on.
Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Security for Broadcast Network
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
The Birthday Paradox July Definition 2 Birthday attacks are a class of brute-force techniques that target the cryptographic hash functions. The.
Digital signatures.
Message Digest Cryptographic checksum One-way function Relevance
SPINS: Security Protocols for Sensor Networks
CS/ECE 478 Introduction to Network Security
BROADCAST AUTHENTICATION
CSC 774 Advanced Network Security
Data Integrity: Applications of Cryptographic Hash Functions
Pre-image Resistance: Given a, hard to find b such that ____
SPINS: Security Protocols for Sensor Networks
Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig
Lecture 4.1: Hash Functions, and Message Authentication Codes
CIS 4930/6930 – Privacy-Preserving and Trustworthy Cyber-Systems Dr
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security2 Overview BiBa stands for “Bins and Balls” –Use one-way functions without trapdoors (e.g., hash functions) BiBa signature scheme BiBa broadcast authentication protocol

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security3 BiBa Signature Scheme Precompute of SEALs –SEAL: SElf Authenticating vaLues Signature generation –Exploit SEALs and the difficulty of finding collisions under hash functions Signature verification –Verify SEAL –Verify collisions

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security4 SEAL Each SEAL is randomly generated Given a SEAL s, the signer computes f s = F s (0), where F s is a PRF –f s is the commitment to s –f s is authenticated to all possible verifiers (e.g., through a RSA signature or pre-distribution) In BiBa, the signer has t pre-computed SEALs –SEALs: s 1, s 2, …, s t –All SEALs are authenticated to all verifiers

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security5 BiBa Signature: Intuition Sign message m –Compute hash h = H(m), where H is a hash function –Consider a hash function family G h, whose range is 0, n-1 Example: G 1 (x) = G(x|1), where G is SHA1 –Compute G h for all SEALs s 1, …, s t That is, G h (s 1 ), G h (s 2 ), …, G h (s t ) –Look for a 2-way collision of SEALs G h (s i ) = G h (s j ) with s i  s j –The pair forms the signature Signature verification –Compute hash h = H(m) –Verify s i  s j and G h (s i ) = G h (s j )

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security6 Basic BiBa Scheme Balls (SEALs): Bins (Range of G h ):

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security7 Security of BiBa Signature Security comes from –The difficulty of finding k-way collisions for one- way functions –The asymmetric property that the signer has more SEALs than the adversary Signer can easily generate the BiBa signatures with high probability while adversary can’t. Exploits the birthday paradox –Probability that there is at least one collision of the hashes of t random messages is approximately 1 - e -t(t-1)/2N, where N is range of hash function.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security8 Security of BiBa Signature (Cont’d) Signer (with 1200 SEALs) Attacker (with 10 SEALs) Bins

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 BiBa Signature Scheme Basic scheme –Signer is not guaranteed to find a signature BiBa Signature –Sign message m h=H(m|c), where c is a counter starting from 0 c is incremented if no signature is found Compute G h for all SEALs s 1, …, s t Look for a k-way collision of SEALs –Verify signature Verify the k SEALs are distinct Verify that they have the same image

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security10 BiBa Broadcast Authentication Protocol Sender needs to authenticate potentially infinite stream of messages Sender can only disclose a small number of SEALs before attacker would have enough to forge signature –Limit the number of messages that can be signed Solution –SEAL chains Combination of SEALs and TESLA

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 SEAL Chains SEAL chainsSalt chain

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security12 Limitation of BiBa Broadcast Authentication High receiver computation overhead –Most of the SEALs are not used –To authenticate a SEAL, each receiver needs to recompute many SEALs in a one-way SEAL chain

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security13 Extension A SEAL boundary SEALs above the boundary are disclosed If attacker slows down the traffic to the receivers, … Packet losses (0, 2, 3, 0, 1, 2)

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security14 Extension B To tolerate packet losses –Add SEAL boundary information to packets –More communication overhead, but also more robust Receivers still need to know the sending rate –Why?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.