Development of SETUP-free cryptographic protocols
DOI:
https://doi.org/10.18372/2225-5036.25.13840Keywords:
kleptography, SETUP, Diffie-Hellman key agreement, hybrid cryptosystem, subliminal channel, challenge-response protocolAbstract
Today, hybrid cryptosystems are important part in structure of information telecommunication systems. That's why information security measures are extremely crucial at each stage of cryptosystem development life cycle. One of the most important specific of modern cryptosystems is the fact, that they often deployed in unprotected environment and outside the physically secured perimeter. That introduces new attack vectors, e.g. kleptographic attacks which include implementation forgery at endpoints. Such attack types are extremely dangerous because of the victim, who is a participant of some restricted area (electronic document flow, payment system, secure communication etc.), may induce threats for non-compromised participants (e.g., sensitive information leakage). One of the ways to solve mitigate this risks is development subliminal channel free cryptosystems which are resistant against different types of kleptographic attacks. In the article we show results belong to development of SETUP free cryptographic protocol development. Firstly, we suggest formal model for basic ''challenge-response'' protocol with subliminal channel. Using this formal model, we introduce sufficient conditions which lead to impossibility of existence of subliminal channels. Also the theorem about sufficient conditions has been formulated and proved. Further, we suggest improvements of basic protocols -- nonce generation and 1-round Diffie-Hellman key agreement protocol with design that is based of sufficient conditions. Using formalization of suggested enhanced protocols we formulated and proved the theorem about SETUP resistance property for these protocols. Our results may be useful for other SETUP free protocols development, this will be helpful for increasing security of hybrid cryptosystem.
References
A. Atanasiu, R. Olimid, E. Simion, "On the security of black-box implementation of visual secret sharing schemes", Journal of Mobile, Embedded and Distributed Systems, no. 4(1):1-11, 2012.
Côme Berbain and Henri Gilbert, "On the security of iv dependent stream ciphers", Fast Software Encryption, pp. 254-273, 2007.
A. Young, M. Yung, "The Dark Side of “Black-Box” Cryptography or: Should We Trust Capstone?", pp. 89-103, 1996.
A. Young, M. Yung, "Kleptography: Using Cryptography Against Cryptography", pp. 62-74, 1997.
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal "Ukrainian Scientific Journal of Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal “Ukrainian Scientific Journal of Information Security”:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
