Atefeh Mashatan

A New Message Recognition Protocol with Self-recoverability for Ad Hoc Pervasive Networks

We examine the problem of message recognition by reviewing the definitions and the security model in the literature. In particular, we examine the Jane Doe protocol, which was proposed by Lucks et al., more closely and note its inability to recover in case of a certain adversarial disruption. Our paper saves this well-studied protocol from its unrecoverable state when such adversarial disruption occurs. We propose a new message recognition protocol, which is based on the Jane Doe protocol, and incorporate the resynchronization technique within the protocol itself. That is, without having to provide a separate resynchronization procedure, we overcome the recoverability problem of the Jane Doe protocol. Moreover, we enumerate all possible attacks against the new protocol and show that none of the attacks can occur. We further prove the security of the new protocol and its ability to self-recover once the disruption has stopped.

On message recognition protocols: recoverability and explicit confirmation

We look at message recognition protocols (MRPs) and prove that there is a one-to-one correspondence between stateless non-interactive MRPs and digital signature schemes. Next, we examine the Jane Doe protocol and note its inability to recover in case of a certain adversarial disruption. We propose a variant of this protocol which is equipped with a resynchronisation technique that allows users to resynchronise whenever they wish. Moreover, we propose another protocol which self-recovers in case of an intrusion. This protocol incorporates the resynchronisation technique within itself. Further, we enumerate all possible attacks against this protocol and show that none of the attacks can occur. Finally, we prove the security of the new protocol and its ability to self-recover once the disruption has stopped. Finally, we propose an MRP which provides explicit confirmation to the sender on whether or not the message was accepted by the receiver.

A message recognition protocol based on standard assumptions

We look at the problem of designing Message Recognition Protocols (MRP) and note that all proposals available in the literature have relied on security proofs which hold in the random oracle model or are based on non-standard assumptions. Incorporating random coins, we propose a new MRP using a pseudorandom function F and prove its security based on new assumptions. Then, we show that these new assumptions are equivalent to the standard notions of preimage resistance, second preimage resistance, and existential unforgeability given that F is a pseudorandom function.

Resistance against Adaptive Plaintext-Ciphertext Iterated Distinguishers

Decorrelation Theory deals with general adversaries who are mounting iterated attacks, i.e., attacks in which an adversary is allowed to make d queries in each iteration with the aim of distinguishing a random cipher C from the ideal random cipher C *. A bound for a non-adaptive iterated distinguisher of order d, who is making plaintext (resp. ciphertext) queries, against a 2d-decorrelated cipher has already been derived by Vaudenay at EUROCRYPT ’99. He showed that a 2d-decorrelated cipher resists against iterated non-adaptive distinguishers of order d when iterations have almost no common queries. More recently, Bay et al. settled two open problems arising from Vaudenay’s work at CRYPTO ’12, yet they only consider non-adaptive iterated attacks.

Revisiting iterated attacks in the context of decorrelation theory

Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C∗ based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.