King-Hang Wang

On the Security of Chien's Ultralightweight RFID Authentication Protocol

Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

A Study of User-Friendly Hash Comparison Schemes

Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve usability during comparison, a number of researchers have proposed various hash representations that use words, sentences, or images rather than numbers. This is the first work to perform a comparative study of these hash comparison schemes to determine which scheme allows the fastest and most accurate comparison. To evaluate the schemes, we performed an online user study with more than 400 participants. Our findings indicate that only a small number of schemes allow quick and accurate comparison across a wide range of subjects from varying backgrounds.

A Native APIs Protection Mechanism in the Kernel Mode against Malicious Code

As new vulnerabilities on Windows systems are reported endlessly, it is more practical to stop polymorphic malicious code from exploiting these vulnerabilities by building an behavior-based monitor, rather than adopting a signature-based detection system or fixing these vulnerabilities. Many behavior-based monitors have been proposed for Windows systems to serve this purpose. Some of them hook high-level system APIs to detect the suspicious behaviors of code. However, they cannot detect malicious code that directly invokes Native APIs. In this paper, we present a novel security scheme that hooks Native APIs in the kernel mode. This method effectively prevents malicious code calling Native APIs directly. It introduces an average eight percent computation overhead into the system. Analyses and a series of experiments are given in the paper to support our claims.

On the Security of the Secure Arithmetic Code

In 2007, Kim et al. proposed a secure compression code called the secure arithmetic code (SAC). The code was claimed to be secure against chosen plaintext attacks. However, we find that the SAC is not as secure as the authors have claimed. In this paper, we show the code is prone to two attacks. The first attack completely breaks the code using an adaptive chosen plaintext attack with a polynomial number of queries. The second attack is a ciphertext-only attack, which removes a part of the output permutation.

On the Security of an Efficient Time-Bound Hierarchical Key Management Scheme

Recently, Bertino et al. proposed a new time-bound key management scheme for broadcasting. The security of their scheme is planted on the hardness breaking of elliptic curve discrete log problem, HMAC, and tamper-resistance devices. They claimed that as long as the three assumptions hold, their scheme is secure. By means of secure, users cannot access resources that they are not granted, even if users collude. In this paper, we demonstrate that this scheme is insecure against the collusion attack. We also provide some possible amendments to this scheme.

A LSB substitution compatible steganography

Substituting the least-significant-bits (LSBs) of an image is the easiest and most popular scheme in information hiding. Works have been done to point out this algorithm can be detected by some steganalysis techniques. One of these techniques is called histogram analysis. In this work, we propose a new scheme that is compatible to LSB substitution and its variance LSB matching. Experimental result shows that our method performs better than other methods.

CRFID: An RFID system with a cloud database as a back-end server

Radio-frequency identification (RFID) systems can benefit from cloud databases since information on thousands of tags is queried at the same time. If all RFID readers in a system query a cloud database, data consistency can easily be maintained by cloud computing. Privacy-preserving authentication (PPA) has been proposed to protect RFID security. The time complexity for searching a cloud database in an RFID system is O(N), which is obviously inefficient. Fortunately, PPA uses tree structures to manage tags, which can reduce the complexity from a linear search to a logarithmic search. Hence, tree-based PPA provides RFID scalability. However, in tree-based mechanisms, compromise of a tag may cause other tags in the system to be vulnerable to tracking attacks. Here we propose a secure and efficient privacy-preserving RFID authentication protocol that uses a cloud database as an RFID server. The proposed protocol not only withstands desynchronizing and tracking attacks, but also provides scalability with O(logN) search complexity.

Designing an Arithmetic Code for Multimedia Files Compression and Encryption

Abstract—The requirements for encrypting multimedia files are very different than general purpose symmetric encryptions. With constraints including low computation power, minimum data size, and resilient to chosen ciphertext attacks, neither common block ciphers like DES/AES nor other stream ciphers are applicable to protect multimedia files. Recently, many works have been proposed to compress and encrypt these files simultaneously. However, most of them are found with severe security deficits. In this paper, we present a novel and efficient scheme to jointly compress and encrypt multimedia files base on arithmetic code. Compare to other proposed schemes, only our scheme introduces the diffusion property, which further enhances the security of the code. At the end of the paper, varies properties of the scheme are also discussed to prove that the scheme is suitable for compressing and encrypting multimedia files.

Defending Secret-Key Based Authentication Protocols against the Stolen-Secret Attack

The security of a two-party authentication protocol relies on the stored secrets of each entity are not easily compromised by adversaries. However, in the real world, hackers can always divulge the stored secrets. In this paper, we introduce the concept of the stolen-secret attack and point out that all existing secret-key based authentication protocols and password based authentication protocols suffer from this attack. We also propose two methods that defend against the stolen-secret attack. Security proof and implementation analysis are given for both methods to illustrate their soundness and usefulness.

Distributed authorization and authentication framework for a grid infrastructure

This paper proposes a system to provide security for the grid infrastructure where authorization and authentication will be made scalable by setting up an authorization framework at the resource providers end. Our proposed architecture intends to relieve the grid middleware from taking the responsibility of the authorization mechanism, as well as improves the resource providers trust in the event of a request from the data portal, since the authorization policy will be pulled from its own organizational server. We will demonstrate that this architecture is secure, scalable, and robust, by improving the existing authorization mechanism in grid infrastructures.