A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography
|
|
- Ira Neal
- 7 years ago
- Views:
Transcription
1 A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography Chao-Wen Chan and Chih-Hao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute of Technology, 404 Taichung, Taiwan Abstract. With the increasing usage of credit cards, secure requirements for handling credit card payment have become more critical. Today, it is being deployed for a wide application services in mobile commerce over public networks. Based on the security of Naor-Shamir's visual cryptography, Diffie- Hellman key agreement scheme and symmetric cryptosystems, we propose a new credit card payment scheme using mobile phones based on visual cryptography. Compared with traditional credit card payment methods, the proposed scheme can provide more secure communication for many electronic commerce transactions. Keywords: payment, secret sharing, visual cryptography, key agreement. 1 Introduction In the last decade, many advances have been made in the technology of mobile commerce, such as hardware of mobile devices, qualities of application services, etc. With the increasing usage of mobile commerce applications over public networks, it is more and more important to have reliable security. In recent years, identity theft has surged and led to serious damage for both cardholders and payment companies. Traditional credit card payment schemes in Taiwan require cardholders show credit card information to merchants, allowing strangers access to private business operations. The issuer only provides verification for a payment request from a credible requester, for instance a phone call or an SMS (Short Message Service) is needed to check the cardholder s credit limit and currently charged amount. This method does not ensure a secure credit card payment. The verification process is only performed according to the parameters of a cardholder s available credit. In the past, the above security problem has attracted little attention from researchers [2]. Observe that leakage of private information stored in a credit card is the attraction. To prevent the leakage of cardholder s information, a new secure credit card payment scheme should satisfy the following requirements. C.C. Yang et al. (Eds.): ISI 2008 Workshops, LNCS 5075, pp , Springer-Verlag Berlin Heidelberg 2008
2 468 C.-W. Chan and C.-H. Lin 1. The merchant learns nothing about the private information stored in a credit card during a credit card payment. 2. No one else can use the secret information about a credit card payment to perform any other credit card payments. 3. Both cardholder and issuer bank need to authenticate each other at beginning of a credit card payment. 4. The credit card payment scheme may support the electronic cash or coin-like application. Owing to it is being deployed for a wide application services in mobile commerce over public networks. Based on Diffie-Hellman key agreement method [5], Naor- Shamir's Visual Cryptography [9], and symmetric cryptosystems, we propose a novel secure credit card payment scheme which could provide the above requirements. The proposed scheme is different from traditional credit card payment methods. We briefly describe the new idea of our method. In general, credit cards include private information about users, such as card numbers, validity dates, expiration dates and identifications etc. To prevent a card user from sharing the credit card with others, the user must get an authorization code from the bank before making purchases. The bank checks the quota of the cardholder and confirms the identification of the user from the database. If the information of the user is correct, the bank generates an authorization code and transfers it to the user over mobile communication networks. The user must input the authorization code to accomplish the payment without giving his credit card to the merchant. Compared with traditional credit card payment methods, the proposed scheme can provide more secure communication for many electronic commerce transactions. The rest of the paper is organized as follows. In the next section, we present the necessary related works of our scheme. In Section 3, a new credit card payment scheme is proposed. Discussions are presented in Section 4. Finally, we give some conclusions in Section 5. 2 Preliminaries Before a new credit card payment scheme is proposed, we first introduce the properties of Diffie-Hellman key agreement method [5], Naor-Shamir's Visual Cryptography [9], and symmetric cryptosystems that will allow us to discuss our scheme s security in Section Diffie-Hellman Key Agreement Scheme The famous key agreement scheme was proposed by Diffie and Hellman in If Alice and Bob want to transfer a secret by Diffie-Hellman key agreement scheme, then Alice selects a random secret and sends to Bob, where is a large prime number. Then, Bob selects another random secret and sends to
3 A New Credit Card Payment Scheme Using Mobile Phones 469 Alice. Finally, Alice and Bob compute a common session key. Thus, Alice and Bob can use the common key for encryption and decryption in the session. No one can derive the session key from the public information and. The security is based on the computational Diffie-Hellman problem. In addition, neither of these two parties computes anything about the random secret value selected by another provided Discrete Logarithm Problem [1,8]. 2.2 Visual Cryptography (VC) In 1995, Naor and Shamir [9] proposed a secret sharing scheme in which secrets and shadows are represented in binary image format. This scheme opened the research on Visual Cryptography (VC); in fact it was the first paper about VC. Visual cryptography is a secret sharing method for digital images without cryptographic computations for decryption. In their scheme, a dealer wants to break a secret image into shared images and sends shared images to other participants, such that any or more participants can recover the secret image by stacking or more shared images. However, the secret image cannot be recovered by shadows. The above method is defined as -threshold visual cryptography. For example, a -threshold VC is depicted below. We set up three pairs of pixel blocks as shown in Fig. 1. The pixel block consists of four sub-pixels. If a pixel of the secret image is black, we can randomly select a pair of pixel blocks, then, randomly assign one of the pair to the corresponding pixel block of share 1, and the other of the pair is assigned the corresponding pixel block of share 2. If the pixel of the secret image is white, we randomly select one of the three pairs, and randomly assign one of the pair to the corresponding pixel block of share 1. And, randomly select one pixel block of the other two pairs to the corresponding pixel block of share 2. As shown in Fig. 2, the pixel is white when stacked with one horizontal share and the other vertical share. In addition, the pixel is black when stacked with two horizontal shares. Now, taking a digital image as another example, as shown in Fig. 3, we break a secret image into two shares, share 1 and share 2, respectively. Based on -threshold VC, we can recover the secret image by stacking share 1 and share 2. Still today, much research of visual cryptography for gray-level images is proposed in [3,6,7]. Fig. 1. Three Pairs of 2 2 Pixel Blocks
4 470 C.-W. Chan and C.-H. Lin Fig. 2. Example 1 of -Threshold VC (a)secret image (b)share 1 (c)share 2 (d)recovered image Fig. 3. Example 2 of -Threshold VC 2.3 Symmetric Cryptosystems Symmetric cryptosystems are used to encrypt or decrypt messages by the same secret key to provide authorized securities. It can provide more efficient than asymmetric cryptosystem for message encrypting and decrypting. One of the most popular symmetric cryptosystems is the Advanced Encryption Standard (AES) [10]. AES is an encryption standard provided by National Institute of Standards and Technology in However, the encryption method of images may be different from text. In 2001, Chang et al. [4] proposed an encryption algorithm for image cryptosystems based on vector quantization. It reduces the computational complexity of the encryption and decryption schemes. 3 The Proposed Scheme In this section, we elaborate on our proposed credit card payment scheme. Our method is based on DH key agreement scheme and -threshold VC scheme to generate the authorization code. In order to confirm data integrity of the shared image, we use technologies of symmetric cryptosystems to transform the shared image. The proposed scheme consists of three parties: a user, a bank, and merchants. 1. : The uer who makes a purchase with his credit card. 2. : The bank issues credit cards for the user. To easily present the method, we assume that the bank is the issuer and acquirer, and the bank is a trusted third party. 3. : Merchants which sell commodities to users.
5 A New Credit Card Payment Scheme Using Mobile Phones 471 Table 1. Notations A user s identification number is defined as. A user s password is defined as. A purchase order is a commercial document issued by a buyer to a seller, including information for products or services. is a large prime integer. is a public primitive integer in modular, where is not equal to 1. are meaningful words or signs made by stacking two shared images for making a purchase, called authorization code. A party sends a message to a party. A message is encrypted by the symmetric key. A message is decrypted by the symmetric key. A cryptographic pseudo random number generator is defined as. The formula denotes using -threshold VC to generate the other shared image by a shared image and, where. The formula denotes using -threshold VC to get by stacking two shared images and according to human visual system, where. The basic notations are used in the description which is defined as Tab.1. When makes a purchase with his credit card, must get the authorization code for accomplishing a transaction. Hence, the proposed scheme consists of registration phase and transaction phase. The details of two phases will be described as follows: 3.1 Registration Phase 1. sends his identification number and password to the bank through a secure channel. 2. Upon receiving the messages and, generates the shared image and stores the information in the database. Next, computes and stores into the user s mobile phone through a secure channel. 3.2 Transaction Phase 1. User(mobile phone) Bank: selects and computes. Then, sends the payment request,, and to.
6 472 C.-W. Chan and C.-H. Lin 2. Bank User(mobile phone): Upon receiving the request messages,, and, can find out the user information according to in the database. Then, selects and computes and. Next, can use the integer to get the initial coordinate for displacing vectors of the shared image. Using as a seed in a function, we can get a set of random integers. Then, two parties negotiate for two integers to be the initial coordinate. We define this formula as, where is the initial coordinate vector (point). Thus, displaces vectors of from to to get the small shared image, after getting the initial coordinate. The schematic diagram is shown as Fig. 4. Next, generates a secret image for the user making a purchase, called authorization code. According to - threshold VC, another shared image can be computed by and as shown below.. (1) Finally, computes, where is used as a session key, and sends and to the user. 3. User(mobile phone) Merchant: When receives the messages, computes and. Then, inputs the random integer into a function to get the initial coordinate vector. Next, is required to input his password for decryption of the shared image by computing. Therefore, can use the initial coordinate to displace vectors of the shared image and get the smaller shared image. Hence, can recover the secret image by stacking the shared images and to get the authorization code. The recovered formula is defined as follows:. (2) In the above steps, sends and for payment without giving his credit card to the merchant. Then, forwards the messages to. verifies the messages in the database. If the records are valid, then responses with a message of acceptance to and updates the financial information in their system. Fig. 4. Displace coordinates of S 1 to get the shared image S 2
7 A New Credit Card Payment Scheme Using Mobile Phones 473 User Bank Merchant (1) Select R and compute a g mod p 1 PWU 1 * p (5) Compute r b g mod p S3 Dr ( R) PRNG() r ( X, Y ) S D ( S ) Displace vectors of S to get S 1 2 VC (2,2) S2 AuthC D ( S ) (2) PO, UID, a 3 (4) br, (3) Select VC (2,2) S2 * p and compute b g mod p r a g mod p PRNG() r ( X, Y ) Displace vectors of S to get S Generate AuthC and compute S E ( AuthC) R Er ( S3) (6) PO, UID, AuthC R (7) PO, UID, AuthC (8)accept/reject Fig. 5. The proposed scheme of the transaction procedure Moreover, if performs a new transaction in the next session, and can use the shared image to generate the other small shared image by implementing the DH key agreement scheme repeatedly. Then, and accomplish each payment according to our transaction phase. The above transaction procedure is briefly illustrated in Fig Discussions In this section, we are going to analyze the securities and performances of the proposed scheme. 4.1 Security Analysis In the proposed scheme, the security is based on DH scheme, VC, and symmetric cryptosystems. Therefore, we consider some possible attacks. Suppose that an adversary attempts to impersonate the user. Without knowing the random integer generated by DH key agreement scheme, the adversary cannot get to perform a transaction. The adversary only knows and on insecure public networks, and he learns nothing about the random integer to get the initial coordinate. The adversary must achieve the computational DH problem. However, an adversary may
8 474 C.-W. Chan and C.-H. Lin try to compute from or from to get the integer. This means that the adversary still has to solve the discrete logarithm problem. The discrete logarithm problem is hard to solve in polynomial time. Hence, the proposed scheme can resist an illegal transaction by an impersonation attack. Even if an adversary knows the random integer by man-inthe-middle attacks, he still cannot get without the shared image which is shared by and. The shared image is protected by symmetric cryptosystems with the user s password. Therefore, our scheme can prevent an illegal transaction by man-in-the-middle attacks. Next, we consider a replaying attack. A replaying attack is a method where an active adversary stores old intercepted messages and retransmits them at a later time. In our scheme, the authorization code is generated by a trusted third party. Suppose that an adversary will attempt to impersonate a legal user by replaying old messages and, he still cannot get without knowing the shared image. Hence, the proposed scheme can withstand an illegal transaction from replaying attacks. For each transaction, the bank records the information which is used in the database. When a new transaction request is performed, the user will get a new different from the above session. Therefore, the proposed scheme can prevent a double spending problem. In addition, both and need to authenticate each other by using -threshold visual cryptography. A valid can only be recovered through the shared image which is shared by and. Hence, our scheme can provide the mutual authentication property. Moreover, the proposed method is based on -threshold visual cryptography. The user (mobile phone) must stack two shared images and and use the human visual system to obtain the authorization code. According to decryption by human visual system, it is difficult to design a malicious program to get for an adversary, such as brute force attacks. In the worst situation, suppose that a user s mobile phone is lost, the important information is still protected by a secure symmetric cryptosystem with the user s password. This reduces the threat of a lost or stolen mobile phone for the user before the emergency event happens. 4.2 Performance Analysis To the best of our knowledge, the traditional -threshold VC scheme can only be used once. It is similar to a one-time pad (OTP). When the secret image is recovered by stacking any shares, the shared images cannot reuse the information in the next session. A dealer has to break a secret image into shared images and retransfers shared images to other participants. Therefore, with regard to efficiency, we generate a random seed into a by using DH scheme to reuse the shared image which is stored in the user s mobile phone. The user does not need to update the shared image in each session. Next, we consider the proposed scheme s computations to accomplish a transaction. For convenience, we define related notations to analyze the computational complexity. The notation means the time for one multiplication over a prime
9 A New Credit Card Payment Scheme Using Mobile Phones 475 integer, denotes the time for one symmetric encryption or decryption, and denotes the time for stacking two shares by -threshold VC scheme. We summarize the computational complexity and communication in Tab. 2. As shown in Tab. 2, the proposed scheme only requires one symmetric encryption computation for the bank in the registration phase. In the transaction phase, our scheme performs two multiplication operations over a prime integer, two symmetric decryption computation, and one stacking shares operation for a user in the transaction phase. For a bank, our scheme performs two multiplication operations over a prime integer, one symmetric decryption computation, and one stacking shares operation. Therefore, in the fast progress of wireless communication, the proposed new credit card payment scheme using mobile phones based on visual cryptography would easily be implemented for electronic commerce transactions. Table 2. Computational complexity and communication of the proposed scheme User Bank Number of communications 6 3 Number of rounds Computation of the registration phase 2 No 2 Computation of the transaction phase Conclusions In this article, we propose a new credit card payment scheme by using DH scheme, VC, and symmetric cryptosystems for transferring secrets in insecure mobile communication networks. The security analyses show that the proposed scheme is more secure than traditional credit card payment methods. Our scheme can prevent impersonation attacks, man-in-the-middle attacks, replaying attacks, double spending problems, malicious program attacks and provides a mutual authentication property. In the future, our scheme has potential for application services in mobile commerce. We can perform similar application services, such as an electronic ticket system or an electronic auction market, etc. References 1. Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman Key Agreement Schemes. In: Tavares, S., Meijer, H. (eds.) SAC LNCS, vol. 1556, pp Springer, Heidelberg (1999) 2. Bottoni, A., Dini, G.: Improving Authentication of Remote Card Transactions with Mobile Personal Trusted Devices. Computer Communications 30, (2007) 3. Blundo, C., De Santis, A., Naor, M.: Visual Cryptography for Grey Level Images. Information Processing Letters 75(6), (2000) 4. Chang, C.C., Hwang, M.S., Cheng, T.S.: A New Encryption Algorithm for Image Cryptosystems. The Journal of Systems and Software 58, (2001)
10 476 C.-W. Chan and C.-H. Lin 5. Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), (1976) 6. Lin, C.C., Tsai, W.H.: Visual Cryptography for Gray-level Images by Dithering Techniques. Pattern Recognition Letters 24(1-3), (2003) 7. Lukac, R., Plataniotis, K.N.: Bit-level Based Secret Sharing for Image Encryption. Pattern Recognition 38(5), (2005) 8. Maurer, U.: Towards the Equivalence of Breaking the Diffie-Hellman Scheme and Computing Discrete Logarithms. In: Desmedt, Y.G. (ed.) CRYPTO LNCS, vol. 839, pp Springer, Heidelberg (1994) 9. Naor, M., Shamir, A.: Visual Cryptography. In: De Santis, A. (ed.) EUROCRYPT LNCS, vol. 950, pp Springer, Heidelberg (1995) 10. National Institute of Standards and Technology: Advanced Encryption Standard, FIPS 197 (2001)
CSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationA More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC
International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationEfficient Nonce-based Authentication Scheme for. session initiation protocol
International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department
More informationAn Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC
An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationFriendly Medical Image Sharing Scheme
Journal of Information Hiding and Multimedia Signal Processing 2014 ISSN 2073-4212 Ubiquitous International Volume 5, Number 3, July 2014 Frily Medical Image Sharing Scheme Hao-Kuan Tso Department of Computer
More informationSecure File Transfer Using USB
International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationSFWR ENG 4C03 - Computer Networks & Computer Security
KEY MANAGEMENT SFWR ENG 4C03 - Computer Networks & Computer Security Researcher: Jayesh Patel Student No. 9909040 Revised: April 4, 2005 Introduction Key management deals with the secure generation, distribution,
More informationMonitoring Data Integrity while using TPA in Cloud Environment
Monitoring Data Integrity while using TPA in Cloud Environment Jaspreet Kaur, Jasmeet Singh Abstract Cloud Computing is the arising technology that delivers software, platform and infrastructure as a service
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationA secure email login system using virtual password
A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationLecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationSession Initiation Protocol Attacks and Challenges
2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More informationA Multifactor Hash Digest Challenge-Response
A Multifactor Hash Digest Challenge-Response Authentication for Session Initiation Protocol S. Santhosh Baboo Reader in Computer Science, D.G. Vaishnav College Arumbakkam, Chennai-600 106, Tamilnadu. India.
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationEfficient nonce-based authentication scheme for Session Initiation Protocol
Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation
More informationIMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT
INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationAn Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationSecurity in Electronic Payment Systems
Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationMasao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.
A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationA Novel Approach to combine Public-key encryption with Symmetric-key encryption
Volume 1, No. 4, June 2012 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach
More informationAnalysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud
Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud M.Jayanthi, Assistant Professor, Hod of MCA.E mail: badini_jayanthi@yahoo.co.in MahatmaGandhi University,Nalgonda, INDIA. B.Ranganatha
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationKeywords : audit, cloud, integrity, station to station protocol, SHA-2, third party auditor, XOR. GJCST-B Classification : C.2.4, H.2.
Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 3 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationCommon Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP
More informationSECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER
SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationElements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack
Elements of Applied Cryptography Key Distribution Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Point-to-point key establishment Alice Bob Each pair of users must share
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationA Layered Signcryption Model for Secure Cloud System Communication
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.1086
More informationCMSS An Improved Merkle Signature Scheme
CMSS An Improved Merkle Signature Scheme Johannes Buchmann 1, Luis Carlos Coronado García 2, Erik Dahmen 1, Martin Döring 1, and Elena Klintsevich 1 1 Technische Universität Darmstadt Department of Computer
More informationA novel deniable authentication protocol using generalized ElGamal signature scheme
Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme Wei-Bin Lee a, Chia-Chun Wu a, Woei-Jiunn Tsaur
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationAn Application of Visual Cryptography To Financial Documents
An Application of Visual Cryptography To Financial Documents L. W. Hawkes, A. Yasinsac, C. Cline Security and Assurance in Information Technology Laboratory Computer Science Department Florida State University
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationOn the Difficulty of Software Key Escrow
On the Difficulty of Software Key Escrow Lars R. Knudsen and Torben P. Pedersen Katholieke Universiteit Leuven, Belgium, email: knudsen@esat.kuleuven.ac.be Cryptomathic, Denmark, email: tpp@cryptomathic.aau.dk
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi
More informationApplication of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card
Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationA short primer on cryptography
A short primer on cryptography A. V. Atanasov April 14 2007 1 Preliminaries (This section is an introduction to the referred mathematical concepts. Feel free to skip it if you are familiar with the first
More informationLecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationDesign an efficient three-party authenticated key exchange protocol in the cloud environment
Design an efficient three-party authenticated key exchange protocol in the cloud environment Chung-Yi Lin a, *, Yuh-Min Chen a, Shu-Yi Liaw b, Chen-Hua Fu c a Institute of Manufacturing Information Systems,
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationSecuring MANET Using Diffie Hellman Digital Signature Scheme
Securing MANET Using Diffie Hellman Digital Signature Scheme Karamvir Singh 1, Harmanjot Singh 2 1 Research Scholar, ECE Department, Punjabi University, Patiala, Punjab, India 1 Karanvirk09@gmail.com 2
More informationCloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1
Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1 M.Tech Dept. of Computer Science, IPEC, Ghaziabad, U.P. 2 Professor, Dept. of Computer science, IPEC, Ghaziabad, U.P. Abstract:
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationCS3235 - Computer Security Third topic: Crypto Support Sys
Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationSoftware Implementation of Gong-Harn Public-key Cryptosystem and Analysis
Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationSAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK
SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More information