Catálogo de publicaciones - libros

The masking method is known to be one of the most powerful algorithmic countermeasures against the first-order differential power attack. This article proposes several new efficient masking algorithms applicable to finite field multipliers. Note that the finite field multiplier (more precisely, the finite field inversion) plays a crucial role in the confusion layer of many block ciphers including AES. The new algorithms are applied to implement AES DPA-securely in hardware and the detailed implementation results are presented.

Comb method is an efficient method to calculate point multiplication in elliptic curve cryptography, but vulnerable to power-analysis attacks. Various algorithms have been proposed recently to make the comb method secure to power-analysis attacks. In this paper, we present an efficient comb method and its Simple Power Analysis (SPA)-resistant counterpart. We first present a novel comb recoding algorithm which converts an integer to a sequence of signed, MSB-set comb bit-columns. Using this recoding algorithm, the signed MSB-set comb method and a modified, SPA-resistant version are then presented. Measures and precautions to make the proposed SPA-resistant comb method resist all power-analysis attacks are also discussed, along with performance comparison with other comb methods. We conclude that our comb methods are among the most efficient comb methods in terms of number of precomputed points and computational complexity.

At ACISP 2000, H. Yoo etc. proposed a public key cryptosystem using matrices over a ring, which was analyzed using lattice basis reduction algorithms by Youssef etc. at ACISP 2001. In this paper, another attack, namely Diophantine approximation attack, is presented. It is shown that the decryption of the cryptosystem can be transformed into solving the simultaneous Diophantine approximation problem, which can be approximated by lattice basis reduction algorithms. So we heuristically explain that the scheme is insecure. Furthermore, our new attack is more general than lattice attack.

In Crypto 2000 and 2003, Lenstra-Verheul and Rubin- Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O (2^40) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_ Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.

The past research works have explored the effectiveness of machine learning classifiers for filtering spam email, and the results have shown that machine learning classifiers can obtain a high degree of precision and recall. However, these methods cannot avoid classifying normal mail as spam mail for probability characteristics. The evident difference between spam mail and normal mail is that one spam mail will be delivered to many users, while most normal mails have only one single receiver. Based on this observation, this paper presents a server-based massive mail classifier incorporating counting-based classifier, bitmap-based white list (BWL) and grey list to filter massive spam mails. Results show that the spam mail classifier using our method can filter spam with a very low degree of false positive and also preserves performance while coping with large volumes of spam mail. With optimized parameter configuration, our method achieves a precision of 100% and recall of 75.3% in spam mail classification.

Several worm propagation models have been proposed to describe the behavior of worms in order to find the weak link in the worm propagation for the purpose of further treatment measures. In this paper, we investigate the relation between worm spread and the scale of network. The partition-based model of worm propagation is developed, in which we focus on two key factors: the subnet number of the network to be partitioned into and the time to perform partition. Using a combination of analytic modeling and simulations, we describe how each of these two factors impacts the dynamics of worm epidemic. Based on our simulation experiment results, we propose the network partitioning approach to deescalate network scale and thus restrict the worm propagation in large scale networks.

This paper proposes a technique to improve the performance of virus throttling algorithm, a worm virus early detection technique. The proposed modified throttling algorithm may speed up detecting worm spread and lower the possibility of false alarm to burst innocent connection requests. Based on an observation that normal connection requests passing through a network has a strong locality in destination IP addresses, the proposed algorithm counts the number of connection requests with different destinations, in contrast to simple length of delay queue as in the typical throttling algorithm. Moreover, the proposed algorithm utilizes the trend value of weighted average queue length for reducing worm detection time. The performance is empirically verified in various aspects.

In this paper, we propose a new approach to detect network attacks. Network connections are first transformed into data points in the feature space we predetermined. With the field concept in physics, we consider each point like an electric charge exerts a force on others around it and therefore forms a field which we call data field. Each incoming data object would obtain an amount of the potential energy from the field, from which we can recognize the class of such object. We evaluated our approach over KDD Cup 1999 data set. Experimental results show most attacks can be correctly discriminated in our data field and the false positive rate is acceptable. Compared with other approaches, our method has the better performance in detection of PROBE and U2R attacks.

To appropriately address the problem of large-scale distributed cyber attacks and defenses, issues such as information exchange, work division and coordination must be addressed. We believe that focusing on logical foundations for information assurance construction provides the theme that drives how various defense components work together. This paper proposes an opponent agent’s mental model based on the theory of Belief-Desire-Intention, adopts the notions of agent, group and role to specify the organizational structure of distributed network attacks/defenses, and applies the computational framework of agent team to model organizational dynamics of network attacks/defenses.

Current immunization strategies for computer network epidemics are based on the assumption that the vaccines are ready before the epidemics, and it is obviously unrealistic in computer network. Our study of the targeted immunization on Susceptible-Infected-Recovered (SIR) epidemiological model shows the efficiency of the targeted immunization decreases sharply with time gap between the vaccines and epidemics considered. We propose a two-phase propagating immunization strategy to suppress the computer network epidemics by the spreading of vaccines. During the two phases, the vaccines will go up the degree sequence in phase one and down the sequence in phase two, so the important nodes are protected and the revisit rate of the vaccines is reduced. The simulation results on the extended SIR model indicate our strategy can suppress the epidemics as effectively as the fastest anti-worm strategy, with an obvious lower spreading cost.