information security 2012 - australian computer society€¦ · information security 2012...

Conferences in Research and Practice in

Information Technology

Volume 125

Information Security 2012

Australian Computer Science Communications, Volume 34, Number 4

Client: Computing Research & Education Project: IdentityJob #: COR09100 Date: November 09

Information Security 2012

Proceedings of theTenth Australasian Information Security Conference(AISC 2012), Melbourne, Australia,31 January – 3 February 2012

Josef Pieprzyk and Clark Thomborson, Eds.

Volume 125 in the Conferences in Research and Practice in Information Technology Series.Published by the Australian Computer Society Inc.

Published in association with the ACM Digital Library.

acmacm

iii

Information Security 2012. Proceedings of the Tenth Australasian Information Security Conference(AISC 2012), Melbourne, Australia, 31 January – 3 February 2012

Conferences in Research and Practice in Information Technology, Volume 125.

Copyright c©2012, Australian Computer Society. Reproduction for academic, not-for-profit purposes permittedprovided the copyright text at the foot of the first page of each paper is included.

Editors:

Josef PieprzykDepartment of ComputingMacquarie UniversityNSW 2109AustraliaEmail: [email protected]

Clark ThomborsonDepartment of Computer ScienceThe University of AucklandAuckland 1142New ZealandEmail: [email protected]

Series Editors:Vladimir Estivill-Castro, Griffith University, QueenslandSimeon J. Simoff, University of Western Sydney, NSWEmail: [email protected]

Publisher: Australian Computer Society Inc.PO Box Q534, QVB Post OfficeSydney 1230New South WalesAustralia.

Conferences in Research and Practice in Information Technology, Volume 125.ISSN 1445-1336.ISBN 978-1-921770-06-7.

Printed, January 2012 by University of Western Sydney, on-line proceedingsPrinted, January 2012 by RMIT, electronic mediaDocument engineering by CRPIT

The Conferences in Research and Practice in Information Technology series disseminates the results of peer-reviewedresearch in all areas of Information Technology. Further details can be found at http://crpit.com/.

iv

Table of Contents

Proceedings of the Tenth Australasian Information Security Conference (AISC2012), Melbourne, Australia, 31 January – 3 February 2012

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Programme Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Organising Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Welcome from the Organising Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

CORE - Computing Research & Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

ACSW Conferences and the Australian Computer ScienceCommunications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

ACSW and AISC 2012 Sponsors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Contributed Papers

Efficient Identity-based Signcryption without Random Oracles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Peter Hyun-Jeen Lee, Udaya Parampalli and Shivaramakrishnan Narayan

Fast Elliptic Curve Cryptography Using Minimal Weight Conversion of d Integers . . . . . . . . . . . . . . . . . 15Vorapong Suppakitpaisarn, Masato Edahiro and Hiroshi Imai

State Convergence in the Initialisation of the Snks stream cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Ali Alhamdan, Harry Bartlett, Leonie Simpson, Ed Dawson, Kenneth Koon-Ho Wong

Cryptanalysis of RC4-Based Hash Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Mohammad Ali Orumiehchiha, Josef Pieprzyk and Ron Steinfeld

Towards a Secure Human-and-Computer Mutual Authentication Protocol . . . . . . . . . . . . . . . . . . . . . . . . 39Kenneth Radke, Colin Boyd, Juan Gonzalez Nieto and Margot Brereton

Analysis of Object-Specic Authorization Protocol (OSAP) using Coloured Petri Nets . . . . . . . . . . . . . . 47Younes Sei, Suriadi Suriadi, Ernest Foo and Colin Boyd

Tool-Supported Dataow Analysis of a Security-Critical Embedded Device . . . . . . . . . . . . . . . . . . . . . . . . 59Chris Mills, Colin J. Fidge and Diane Corney

Data Flow Analysis of Embedded Program Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Christopher Doble, Colin J. Fidge and Diane Corney

A Taint Marking Approach to Condentiality Violation Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Christophe Hauser, Frederic Tronel, Jason Reid, Colin Fidge

Improving the Efficiency of RFID Authentication with Pre-Computation . . . . . . . . . . . . . . . . . . . . . . . . . 91Kaleb Lee, Juan Manuel Gonzalez Nieto and Colin Boyd

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Preface

The Australasian Information Security Conference (AISC) 2012 was held at RMIT University in Melbourne,Australia, as a part of the Australasian Computer Science Week, January 30 - February 3, 2012. AISC grewout of the Australasian Information Security Workshop and officially changed the name to AustralasianInformation Security Conference in 2008. The main aim of the AISC is to provide a venue for researchersto present their work on all aspects of information security and promote collaboration between academicand industrial researchers working in this area.

We received 23 submissions from Australia, Canada, France, India, Japan, Malaysia, Qatar and SaudiArabia. After a rigorous refereeing process, we accepted 10 papers for presentation at AISC 2012. Theacceptance rate was around 43.5%. We extend our thanks to all the AISC 2012 authors for their qualitysubmissions and all the members of the Program Committee and external referees for their expert reviews.

Following AISC tradition from previous years, we have selected a paper for the Best Student PaperPrize. Papers can be considered for this award only if the major contribution is due to a student author,who must be the first author of the paper. Five papers entered the competition. This year Chris Millsfrom Queensland University of Technology won the Best Student Paper Prize for the paper Tool-SupportedDataflow Analysis of a Security-Critical Embedded Device by Chris Mills, Colin J. Fidge and Diane Corney.Our warm congratulations to Chris and his co-authors on this excellent achievement!

Special thanks go to Michelle Kang for her work on maintaining the AISC 2011 website. We usedEasychair software to manage the AISC submissions and reviews. We found this software very helpful andeasy to use and we thank the maintainers of the service for this opportunity. Last but not least we extendour gratitude to the ACSW 2012 organizing committee especially James Harland for their hard work andtheir continuous and invaluable support throughout the preparation of the conference.

Josef PieprzykMacquarie University

Clark ThomborsonThe University of Auckland

AISC 2012 Programme ChairsJanuary 2012

vii

Programme Committee

Chairs

Josef Pieprzyk, Macquarie University, AustraliaClark Thomborson,The University of Auckland, New Zealand

Members

Joonsang Baek, Khalifa University of Science, Technology and Research, United Arab Emirates,Ljiljana Brankovic, University of Newcastle, AustraliaRaymond Choo, University of South Australia and Australian National University, AustraliaKathy Horadam, RMIT University, AustraliaRay Hunt, University of Canterbury, New ZealandPaul Montague, DSTO, AustraliaYi Mu, University of Wollongong, AustraliaJason Reid, Queensland University of Technology, AustraliaJill Slay, University of South Australia, AustraliaRon Steinfeld, Macquarie University, AustraliaWilly Susilo, University of Wollongong, AustraliaHuaxiong Wang, Nanyang Technology University, SingaporeIan Welch, Victoria University of Wellington, New ZealandDuncan S. Wong, City University of Hong Kong, Hong Kong SAR, ChinaYang Xiang, Deakin University, AustraliaXun Yi, Victoria University, Australia

Additional Referees

Hassan Jameel AsgharSerdar BoztasPino Caballero-GilReza Rezaeian FarashahiAmparo Fuster-SabaterSebastian GajekHelen GigginsYuqing LinJixue LiuBen MartiniPhuong Ha NguyenRussell PauletJoseph Chee Ming Teo

viii

Organising Committee

Members

Dr. Daryl D’SouzaAssoc. Prof. James Harland (Chair)Dr. Falk ScholerDr. John ThangarajahAssoc. Prof. James ThomDr. Jenny Zhang

ix

Welcome from the Organising Committee

On behalf of the Australasian Computer Science Week 2012 (ACSW2012) Organising Committee, wewelcome you to this year’s event hosted by RMIT University. RMIT is a global university of technologyand design and Australia’s largest tertiary institution. The University enjoys an international reputationfor excellence in practical education and outcome-oriented research. RMIT is a leader in technology, design,global business, communication, global communities, health solutions and urban sustainable futures. RMITwas ranked in the top 100 universities in the world for engineering and technology in the 2011 QS WorldUniversity Rankings. RMIT has three campuses in Melbourne, Australia, and two in Vietnam, and offersprograms through partners in Singapore, Hong Kong, mainland China, Malaysia, India and Europe. TheUniversity’s student population of 74,000 includes 30,000 international students, of whom more than 17,000are taught offshore (almost 6,000 at RMIT Vietnam).

We welcome delegates from a number of different countries, including Australia, New Zealand, Austria,Canada, China, the Czech Republic, Denmark, Germany, Hong Kong, Japan, Luxembourg, Malaysia, SouthKorea, Sweden, the United Arab Emirates, the United Kingdom, and the United States of America.

We hope you will enjoy ACSW2012, and also to experience the city of Melbourne.,Melbourne is amongst the world’s most liveable cities for its safe and multicultural environment as

well as well-developed infrastructure. Melbournes skyline is a mix of cutting-edge designs and heritagearchitecture. The city is famous for its restaurants, fashion boutiques, cafe-filled laneways, bars, art galleries,and parks.

RMIT’s city campus, the venue of ACSW2012, is right in the heart of the Melbourne CBD, and can beeasily accessed by train or tram.

ACSW2012 consists of the following conferences:

– Australasian Computer Science Conference (ACSC) (Chaired by Mark Reynolds and Bruce Thomas)– Australasian Database Conference (ADC) (Chaired by Rui Zhang and Yanchun Zhang)– Australasian Computer Education Conference (ACE) (Chaired by Michael de Raadt and Angela Car-

bone)– Australasian Information Security Conference (AISC) (Chaired by Josef Pieprzyk and Clark Thom-

borson)– Australasian User Interface Conference (AUIC) (Chaired by Haifeng Shen and Ross Smith)– Computing: Australasian Theory Symposium (CATS) (Chaired by Julian Mestre)– Australasian Symposium on Parallel and Distributed Computing (AusPDC) (Chaired by Jinjun Chen

and Rajiv Ranjan)– Australasian Workshop on Health Informatics and Knowledge Management (HIKM) (Chaired by Ker-

ryn Butler-Henderson and Kathleen Gray)– Asia-Pacific Conference on Conceptual Modelling (APCCM) (Chaired by Aditya Ghose and Flavio

Ferrarotti)– Australasian Computing Doctoral Consortium (ACDC) (Chaired by Falk Scholer and Helen Ashman)

ACSW is an event that requires a great deal of co-operation from a number of people, and this year hasbeen no exception. We thank all who have worked for the success of ACSE 2012, including the OrganisingCommittee, the Conference Chairs and Programme Committees, the RMIT School of Computer Scienceand IT, the RMIT Events Office, our sponsors, our keynote and invited speakers, and the attendees.

Special thanks go to Alex Potanin, the CORE Conference Coordinator, for his extensive expertise,knowledge and encouragement, and to organisers of previous ACSW meetings, who have provided us witha great deal of information and advice. We hope that ACSW2012 will be as successful as its predecessors.

Assoc. Prof. James HarlandSchool of Computer Science and Information Technology, RMIT University

ACSW2012 ChairJanuary, 2012

CORE - Computing Research & Education

CORE welcomes all delegates to ACSW2012 in Melbourne. CORE, the peak body representing academiccomputer science in Australia and New Zealand, is responsible for the annual ACSW series of meetings,which are a unique opportunity for our community to network and to discuss research and topics of mutualinterest. The original component conferences - ACSC, ADC, and CATS, which formed the basis of ACSWin the mid 1990s - now share this week with seven other events - ACE, AISC, AUIC, AusPDC, HIKM,ACDC, and APCCM, which build on the diversity of the Australasian computing community.

In 2012, we have again chosen to feature a small number of keynote speakers from across the discipline:Michael Kolling (ACE), Timo Ropinski (ACSC), and Manish Parashar (AusPDC). I thank them for theircontributions to ACSW2012. I also thank invited speakers in some of the individual conferences, and thetwo CORE award winners Warwish Irwin (CORE Teaching Award) and Daniel Frampton (CORE PhDAward). The efforts of the conference chairs and their program committees have led to strong programs inall the conferences, thanks very much for all your efforts. Thanks are particularly due to James Harlandand his colleagues for organising what promises to be a strong event.

The past year has been very turbulent for our disciplines. We tried to convince the ARC that refereedconference publications should be included in ERA2012 in evaluations – it was partially successful. Weran a small pilot which demonstrated that conference citations behave similarly to but not exactly thesame as journal citations - so the latter can not be scaled to estimate the former. So they moved allof Field of Research Code 08 “Information and Computing Sciences” to peer review for ERA2012. Theeffect of this will be that most Universities will be evaluated at least at the two digit 08 level, as refereedconference papers count towards the 50 threshold for evaluation. CORE’s position is to return 08 to acitation measured discipline as soon as possible.

ACSW will feature a joint CORE and ACDICT discussion on Research Challenges in ICT, which I hopewill identify a national research agenda as well as priority application areas to which our disciplines cancontribute, and perhaps opportunity to find international multi-disciplinary successes which could work inour region.

Beyond research issues, in 2012 CORE will also need to focus on education issues, including in Schools.The likelihood that the future will have less computers is small, yet where are the numbers of students weneed?

CORE’s existence is due to the support of the member departments in Australia and New Zealand,and I thank them for their ongoing contributions, in commitment and in financial support. Finally, I amgrateful to all those who gave their time to CORE in 2011; in particular, I thank Alex Potanin, Alan Fekete,Aditya Ghose, Justin Zobel, and those of you who contribute to the discussions on the CORE mailing lists.There are three main lists: csprofs, cshods and members. You are all eligible for the members list if yourdepartment is a member. Please do sign up via http://lists.core.edu.au/mailman/listinfo - we try to keepthe volume low but relevance high in the mailing lists.

Tom Gedeon

President, COREJanuary, 2012

ACSW Conferences and theAustralian Computer Science Communications

The Australasian Computer Science Week of conferences has been running in some form continuouslysince 1978. This makes it one of the longest running conferences in computer science. The proceedings ofthe week have been published as the Australian Computer Science Communications since 1979 (with the1978 proceedings often referred to as Volume 0 ). Thus the sequence number of the Australasian ComputerScience Conference is always one greater than the volume of the Communications. Below is a list of theconferences, their locations and hosts.

2013. Volume 35. Host and Venue - University of South Australia, Adelaide, SA.

2012. Volume 34. Host and Venue - RMIT University, Melbourne, VIC.

2011. Volume 33. Host and Venue - Curtin University of Technology, Perth, WA.2010. Volume 32. Host and Venue - Queensland University of Technology, Brisbane, QLD.2009. Volume 31. Host and Venue - Victoria University, Wellington, New Zealand.2008. Volume 30. Host and Venue - University of Wollongong, NSW.2007. Volume 29. Host and Venue - University of Ballarat, VIC. First running of HDKM.2006. Volume 28. Host and Venue - University of Tasmania, TAS.2005. Volume 27. Host - University of Newcastle, NSW. APBC held separately from 2005.2004. Volume 26. Host and Venue - University of Otago, Dunedin, New Zealand. First running of APCCM.2003. Volume 25. Hosts - Flinders University, University of Adelaide and University of South Australia. Venue

- Adelaide Convention Centre, Adelaide, SA. First running of APBC. Incorporation of ACE. ACSAC heldseparately from 2003.

2002. Volume 24. Host and Venue - Monash University, Melbourne, VIC.2001. Volume 23. Hosts - Bond University and Griffith University (Gold Coast). Venue - Gold Coast, QLD.2000. Volume 22. Hosts - Australian National University and University of Canberra. Venue - ANU, Canberra,

ACT. First running of AUIC.1999. Volume 21. Host and Venue - University of Auckland, New Zealand.1998. Volume 20. Hosts - University of Western Australia, Murdoch University, Edith Cowan University and

Curtin University. Venue - Perth, WA.1997. Volume 19. Hosts - Macquarie University and University of Technology, Sydney. Venue - Sydney, NSW.

ADC held with DASFAA (rather than ACSW) in 1997.1996. Volume 18. Host - University of Melbourne and RMIT University. Venue - Melbourne, Australia. CATS

joins ACSW.1995. Volume 17. Hosts - Flinders University, University of Adelaide and University of South Australia. Venue -

Glenelg, SA.1994. Volume 16. Host and Venue - University of Canterbury, Christchurch, New Zealand. CATS run for the first

time separately in Sydney.1993. Volume 15. Hosts - Griffith University and Queensland University of Technology. Venue - Nathan, QLD.1992. Volume 14. Host and Venue - University of Tasmania, TAS. (ADC held separately at La Trobe University).1991. Volume 13. Host and Venue - University of New South Wales, NSW.1990. Volume 12. Host and Venue - Monash University, Melbourne, VIC. Joined by Database and Information

Systems Conference which in 1992 became ADC (which stayed with ACSW) and ACIS (which now operatesindependently).

1989. Volume 11. Host and Venue - University of Wollongong, NSW.1988. Volume 10. Host and Venue - University of Queensland, QLD.1987. Volume 9. Host and Venue - Deakin University, VIC.1986. Volume 8. Host and Venue - Australian National University, Canberra, ACT.1985. Volume 7. Hosts - University of Melbourne and Monash University. Venue - Melbourne, VIC.1984. Volume 6. Host and Venue - University of Adelaide, SA.1983. Volume 5. Host and Venue - University of Sydney, NSW.1982. Volume 4. Host and Venue - University of Western Australia, WA.1981. Volume 3. Host and Venue - University of Queensland, QLD.1980. Volume 2. Host and Venue - Australian National University, Canberra, ACT.1979. Volume 1. Host and Venue - University of Tasmania, TAS.1978. Volume 0. Host and Venue - University of New South Wales, NSW.

Conference Acronyms

ACDC Australasian Computing Doctoral ConsortiumACE Australasian Computer Education ConferenceACSC Australasian Computer Science ConferenceACSW Australasian Computer Science WeekADC Australasian Database ConferenceAISC Australasian Information Security ConferenceAUIC Australasian User Interface ConferenceAPCCM Asia-Pacific Conference on Conceptual ModellingAusPDC Australasian Symposium on Parallel and Distributed Computing (replaces AusGrid)CATS Computing: Australasian Theory SymposiumHIKM Australasian Workshop on Health Informatics and Knowledge Management

Note that various name changes have occurred, which have been indicated in the Conference Acronyms sections

in respective CRPIT volumes.

xiii

ACSW and AISC 2012 Sponsors

We wish to thank the following sponsors for their contribution towards this conference.

Client: Computing Research & Education Project: IdentityJob #: COR09100 Date: November 09

CORE - Computing Research and Education,www.core.edu.au

RMIT University,www.rmit.edu.au/

Australian Computer Society,www.acs.org.au

Macquarie University,www.mq.edu.au

xiv

Contributed Papers

Proceedings of the Tenth Australasian Information Security Conference (AISC 2012), Melbourne, Australia

1

CRPIT Volume 125 - Information Security 2012

2

E�cient Identity-based Signcryption without Random Oracles

Peter Hyun-Jeen Lee1 Udaya Parampalli1 Shivaramakrishnan Narayan2

1 Department of Computing and Information SystemsUniversity of MelbourneVictoria, 3010, Australia

Email: {phjlee, udaya}@csse.unimelb.edu.au

2 Optimal Payments1620 27th Avenue NE CalgaryAlberta T2E 8W4 Canada

Email: [email protected]

Abstract

In this paper, we propose a new Identity-based sign-cryption (IBSC) scheme in the standard model. Ourscheme shows an improvement of approximately 40%reduction in the ciphertext size when compared to thepreviously proposed IBSC schemes in the standardmodel. Further, we argue that the previous IBSCschemes do not provide su�cient simulation abilityin the security game. We show that with some mi-nor overhead, we are able to correct this. The se-curity reduction of our scheme is based on the hard-ness of the hashed modi�ed decision bilinear Di�e-Hellman problem and the modi�ed computationalDi�e-Hellman problem.

1 Introduction

Signcryption which was initially proposed by Zheng(1997), is a public key cryptographic primitive whichcombines encryption and signing as a single logicaloperation. The main motivation is to lower the com-putational and storage cost compared to performinga sequence of encryption and signing.

Later, Boneh & Franklin (2001) gave the �rst e�-cient construction of Identity-based encryption (IBE)in the random oracle model. Its ability to derive apublic key from an identity string simpli�ed the in-herent public key authentication issue in public keyencryption. Thus, this naturally led the movementtowards the adaptation of signcryption in IBE set-ting.

Since the initial work on Identity-based signcryp-tion (IBSC) by Malone-Lee (2002), there have beennumerous IBSC schemes proposed in the random or-acle model (Barreto et al. 2005, Boyen 2003, Chen &Malone-Lee 2005, Chow et el. 2003, Libert & Quisqua-tor 2003, Libert & Quisquater 2004, McCullagh &Barreto 2004, Nalla & Reddy 2003, Yuen & Wei 2005,Zhang, Gao, Chen & Geng 2009, Zhang, Yang, Zhu& Zhang 2010). Although the random oracle model

The work of P. Lee and U. Parampalli was supported in partby the Australia China Special Fund for S&T Cooperation,Department of Innovation, Industry, Science and Research (DI-ISR) Australia, under Grant CH090262.

Copyright c©2012, Australian Computer Society, Inc. Thispaper appeared at the 10th Australasian Information Secu-rity Conference (AISC 2012), Melbourne, Australia, January-February 2012. Conferences in Research and Practice in In-formation Technology (CRPIT), Vol. 125, Josef Pieprzyk andClark Thomborson, Ed. Reproduction for academic, not-for-pro�t purposes permitted provided this text is included.

is an accepted proving methodology and enables e�-cient constructions, it has also been criticized due toits practical issue that the security of a scheme canbe broken when an idealized hash function is replacedwith a real world hash function (Goldwasser & Kalai2003).

However, constructing a secure IBSC scheme inthe standard model is non-trivial and many previ-ous attempts have resulted in failures. For instance,Ren & Gu (2007) proposed the �rst IBSC schemein the standard model which was later shown to bebroken by Wang et al. (2010). Yu et al. (2009) pro-posed another IBSC scheme in the standard model.Again, Zhang (2010) and Jin et al. (2010) indepen-dently showed that Yu et al.'s scheme is broken andattempted at correcting the security �aw. However,it turns out both of these attempts have failed (seeSection 2.7 for details). Thus, it still remains as an in-teresting problem to construct a secure IBSC schemein the standard model.

1.1 Contribution

In this paper, we propose a new IBSC scheme in thestandard model. Our contributions can be dividedinto e�ciency improvement and stronger security re-sult.

E�ciency improvement: Our scheme performssimilarly in terms of computational cost com-pared to that of Jin et al. (2010) and Zhang(2010). In terms of ciphertext size, we reduceit by approximately 40% compared to the previ-ous schemes. This is due to the complexity as-sumption that we rely on called the hashed mod-i�ed decision bilinear Di�e-Hellman assumptionwhich enables us to remove the inclusion of anextension �eld element from the ciphertext.

Stronger security result: Our security proofshows a stronger result than those of thepreviously presented IBSC schemes (Jin et al.2010, Yu et al. 2009, Zhang 2010) in thestandard model. In the previous schemes thesimulator aborts during the security game whenthe adversary issues failing queries, which aresigncrypt/unsigncrypt queries for which thesimulator is unable to generate the privatekeys. This is due to the simulation abort duringextract queries in Waters IBE (Waters 2006)which is also used in their schemes. Althoughthe abort does not a�ect the CPA security ofWaters IBE, this allows an adversary to triviallydistinguish a simulated envrionment from a real


3

environment if used directly to provide CCAsecurity as in the previous IBSC schemes. Forinstance, the reduction requires the challengeidentities �xed at the challenge phase be the onesfor which the simulator is unable to generatethe private keys. Then, in phase 2 the adversarycan simply issue signcrypt/unsigncrypt queriesinvolving the challenged identites which willalways cause the simulator to abort. We stressthat failing queries should be answered and weachieve this at the cost of an additional groupoperation in each of signcrypt and unsigncrypt,and a group element in the private key.

1.2 Organization

The rest of this paper is organized as follows. In Sec-tion 2, we introduce the necessary background mate-rial. Then, in Section 3 we present our scheme fol-lowed by its security proof in Section 4. Next, wegive an e�ciency comparison in Section 5 and �nallyconclude in Section 6.

2 Preliminaries

2.1 Identity Based Signcryption (IBSC)Scheme

An IBSC scheme consists of the following four algo-rithms (Malone-Lee 2002).

Setup(1K): Given 1K for a security parameter K ∈Z+, outputs the system public key Mpk and thesecret key Msk.

Exract(u): Given an identity u, outputs the privatekey du.

Signcrypt(duA,uB ,M): Given a message M , a re-

ceiver identity uB and the private key of a senderduA

, outputs the signcryption CT.

Unsigncrypt(uA, duB,CT): Given a ciphertext CT,

the sender identity uA and the private key of thereceiver duB

, outputs the original message M or⊥.

2.2 Security Model

We restate the two security requirements for an IBSCscheme namely, message con�dentiality and unforge-ability which appear in (Malone-Lee 2002).

Con�dentiality: In order to achieve con�dential-ity, an IBSC scheme must provide indistin-guishability of identity-based signcryptions underadaptive chosen ciphertext attack(IND-IBSC-CCA2), which is a natural adaptation of indistin-guishability of encryptions under adaptive cho-sen ciphertext attack for public key encryptionschemes. Now, we describe the game which isplayed between a challenger C and an adversaryA.

Setup: C runs Setup(1K) for a security param-eter K ∈ Z+ and passes the system publickey Mpk to the adversary A and keeps themaster secret Msk to himself.

Phase 1: A may issue a polynomial number ofthe following queries:

Extraction queries on ui: Givenan identity ui, C computesdui

= Extract(ui) and gives thegenerated private key dui to A.

Signcrypt queries on (ui,uj ,M):Given a sender identity ui, a receiveridentity uj and a message M , C gener-ates the ciphertext CT and passes it toA.

Unsigncrypt queries on (ui,uj ,CT):Given a sender identity ui, a receiveridentity uj and a ciphertext CT, Cunsigncrypts it and passes the resultto A.

Challenge: A chooses two messages M0,M1and two identities uA,u

∗B on which he

wishes to be challenged on. Note that thechoice of uA is �exible where as u∗B must bean identity for which A has not asked theprivate key for.

Phase 2: Same as Phase 1, except thatA is not allowed issue the fol-lowing queries Extract(u∗B) andUnsigncrypt(uA,u

∗B ,CT).

Guess: Finally, A outputs its guess bit b′ andwins the game if b′ = b.

De�nition 1. We say that an identity-based signcryp-tion scheme is IND-IBSC-CCA2 secure if no polyno-mially bounded adversary has non-negligible advan-tage in the game described above.

Unforgeability: Similar to con�dentiality, existen-tial unforgeability of identity based signcryptionsunder chosen message attack (EUF-IBSC-CMA)is a natural adaptation of existential unforgeabil-ity under adaptive chosen message attack for sig-nature schemes.

Again the game is played between a challenger Cand an adversary A.

Setup: C runs Setup(1K) for a security param-eter K ∈ Z+ and passes the system publickey Mpk to the adversary A and keeps themaster secret Msk to himself.

Attack: A may issue a polynomially boundednumber of the following queries:

Extraction queries on ui: Given anidentity ui runs dui = Extract(ui)and gives the generated private key dui

to A.Signcrypt queries on (ui,uj ,M):

Given a sender identity ui, a receiveridentity uj and a messageM , generatesthe ciphertext CT and passes it to A.

Unsigncrypt queries on (ui,uj ,CT):Given a sender identity ui, a receiveridentity uj and a ciphertext CT,unsigncrypts it and passes the resultto A.

Forge: Finally A outputs (CT∗,u∗A,uB), whereu∗A is not an identity for which A issuedextract query during Attack. A wins ifUnsigncrypt(u∗A, duB

,CT∗) does not re-turn ⊥. Note that there is no restrictionon uB unlike u∗A.

The advantage of A is Adv(A) = Pr[A wins].

De�nition 2. We say that an identity-based signcryp-tion scheme is EUF-IBSC-CMA secure if no polyno-mially bounded adversary has non-negligible advan-tage in the above game.


4

2.3 Bilinear Maps

Let G and GT be two multiplicative cyclic groups ofprime order q. Let Z∗q denote the set of all non-zerointegers modulo prime q. A mapping e : G×G→ GT ,satisfying the following properties is a bilinear map.

Bilinearity: ∀g1, g2 ∈ G, a, b ∈ Z∗q : e(ga1 , gb2) =

e(g1, g2)ab.

Non-degeneracy: e(g1, g2) 6= 1.

Computability: e is e�ciently computable.

2.4 Complexity Assumptions

Assumption 1 (Hashed Modi�ed Decision Bi-linear Di�e-Hellman (HmDBDH) (Gagné et al.2010)). Let H : GT → {0, 1}nm+|g| × Z∗q bea hash function. Given the two distributions〈g, ga, ga2 , gb, gc, H(e(g, g)abc)〉 ∈ G5 × {0, 1}nm+|g| ×Z∗q and 〈g, ga, ga

2

, gb, gc, R〉 ∈ G5×{0, 1}nm+|g|×Z∗q ,where nm denotes plaintext length, nu denotes iden-tity string length, g is a generator of G, a, b, c ∈R(Z∗q)3, R ∈R {0, 1}nm+|g| × Z∗q and e(g, g) ∈ GT . TheHmDBDH problem is to distinguish the two distribu-tions. We de�ne the advantage ε of an adversary Bin solving the HmDBDH problem as,

Pr[B(G,GT , e, g, ga, ga2

, gb, gc, H(e(g, g)abc)) = 1]

−Pr[B(G,GT , e, g, ga, ga2

, gb, gc, R) = 1],

where the probability is over randomly chosena, b, c, R. We say the HmDBDH assumption holdsif ε is negligible for all adversaries B.Assumption 2 (Modi�ed Computational Di�e-Hell-

man(mCDH)). Given 〈g, ga, ga2 , gb〉 ∈ G4, where gis a generator of G and a, b ∈R (Z∗q)2, the mCDH

problem is to compute gab.We de�ne the advantage ε of an adversary B in

solving the mCDH problem as,

Pr[B(G,GT , e, g, ga, ga2

, gb) = gab)],

where the probability is over randomly chosen a, b.We say that the mCDH assumption holds if ε is neg-ligible for all adversaries B.

2.5 The Hashed Modi�ed Decision BilinearDi�e-Hellman (HmDBDH) Assumption

The HmDBDH assumption �rst appeared in (Gagnéet al. 2010) is inspired from the hashed Di�e-Hellman (HDH) problem by Abdalla et al. (Ab-dalla et al. 2001). The HDH problem states thatit is hard to distinguish between the two distribu-tions 〈g, ga, gb, H(gab)〉 and 〈g, ga, gb, R〉, where a, bare random numbers between 1 and the size of thegroup, and R is a random element in the range of thehash function H.

The HmDBDH assumption is then obtained bydirectly applying the HDH problem to the modi-�ed decision bilinear Di�e-Hellman (mDBDH) prob-lem by Kiltz & Vahlis (2008). As noted in thework of Abdalla et al. (2001), the HDH assump-tion is weaker than the DDH assumption and analo-gously, the HmDBDH assumption is weaker than themDBDH assumption.

Moreover, we assume the existence of the hashfunction H : GT → {0, 1}n × Z∗q , where n de-notes a bit-length. This can be realized by takinga cryptographic hash function H ′ : GT → {0, 1}n inconjunction with a pseudorandom number generator(PRNG). Then, the output of H ′ can be used as theseed to the PRNG. Note that our scheme requiresn = nm + |g| which is may be larger than what isprovided by a standard cryptographic hash function(eg. SHA-2 supports upto 512 bits). Skein (Fergusonet al. 2010), which is one of the �nalists in the NISThash function competition for the SHA-3 standard,supports arbitrary output size and can be useful forour purpose.

2.6 Target Collision Resistant Hash Function(TCR)

Let M and {0, 1}n be �nite sets where n is an inte-ger and let K be a key space. Then, target collisionresistant hash functions are a family of keyed hashfunctions {TCRK : M → {0, 1}n : K ∈ K}. We saysuch hash functions are target collision resistant ifany polynomial-time adversary A has only a negligi-ble advantage in the following case: Given a messageM ∈ M, �nd another message M ′ ∈ M such that(M ′ 6= M) ∧ (HK(M ′) = HK(M)).

We de�ne the advantage εTCR of A against TCR as

εTCR = Pr[A �nds a collision in TCR].

Constructing target collision resistant hash functionsis considered to be relatively easier than constructingcollision resistant hash functions where an attackeris required to �nd any pair of messages M,M ′ suchthat HK(M) = HK(M ′). Although we do not discusshere in detail, it has been shown that target collisionresistant hash functions can be built from standardhash functions (Bellare & Rogaway 1997).

2.7 Attacks against IBSC schemes by Zhangand Jin et al.

In the following, we describe how the security of theIBSC schemes by Zhang (Zhang 2010) and Jin et al.(Jin et al. 2010) can be broken. For details of theirscheme, please refer to their original papers.

2.7.1 Zhang's scheme

In Zhang's scheme, A is able to correctly distin-guish which message has been encrypted as fol-lows. In the security game, A submits two mes-sages M0,M1. Then, B randomly chooses a bit band encrypts Mb to generate the challenge ciphertextCT∗ = 〈CT∗1,CT

∗2,CT

∗3,CT

∗4,CT

∗5,CT

∗6〉. A upon re-

ceiving CT∗, simply guesses b = 0 and computes R′′ =CT1/M0. Next, A further computes t′′ = TCR(M0 ‖R′′) and m′′ = H2(gt

′′hCT

∗6 ). Then, A checks if

e(CT∗4, g) = e(g1, g2)e(Hu(u),CT∗5)e(Hm(m′′),CT∗2).If the veri�cation succeeds, then the encrypted mes-sage was M0, otherwise M1.

The fundamental reason why Zhang's scheme isinsecure is that the value of R, which is supposedlyonly computable by using the private key of the in-tended receiver, is trivially computable by A. OnceA obtains R, then A has all the necessary compo-nents to create a valid signature. Then, A can use itsveri�cation result to distinguish the correct message.


5

2.7.2 Jin et al.'s scheme

In Jin et al.'s scheme, A can break the IND-IBSC-CCA security of the scheme as follows. Let CT∗ =〈CT∗1,CT

∗2,CT

∗3,CT

∗4,CT

∗5〉 be the challenge cipher-

text created given by B. Then, A successfully createsa forgery by choosing a random r′ ∈ Zq then com-

puting CT′ = 〈CT′1,CT′2,CT

′3,CT

′4Hu(u)r

′,CT′5g

r′〉.Since CT′ 6= CT∗, A may issue an Unsigncryptquery on CT′ which will cause A to abnormally abort.

3 Our Scheme

We now describe our IBSC scheme in the standardmodel. The security of our scheme is based on thehardness of HmDBDH problem and mCDH problem.Note that nm and nu denote the maximum length ofa plaintext and an identity respectively.

Setup(1K) : Given 1K for a security parameter K ∈Z+, generates the system public keyMpk and themaster key Msk as follows:

1. Generate two groups G,GT of prime orderq and a bilinear map e : G×G→ GT .

2. Choose a secret s ∈R Zq.3. Choose three generators g, g2, h ∈R G4. Compute g1 = gs, Y = e(g1, g2).

5. Choose u′, u1, ..., unu ∈R G.6. Choose m′,m1, ...,mnm ∈R G.7. Choose a cryptographic hash function

which satis�es the HmDBDH assumptionH : GT → {0, 1}nm+|g| × Z∗q .

8. Choose a target collision resistant hashfunction TCR : G→ Z∗q

Finally, the master public key Mpk and the mas-ter secret key for the system are as follows

Mpk =〈q,G,GT , e, g, g1, g2, h, u′, u1, ..., unu,

m′,m1, ...,mnm , Y,H,TCR〉Msk =〈s〉

For notational convenience, we further de�ne thefollowing functions.

• Let U ⊆ {1, ..., nu} denote the set of all ifor which u[i] = 1, where u[i] is the i-thbit of the identity string u. Then, Hu :{0, 1}nu → G on u is computed as Hu(u) =u′t1

∏i∈U u

t1i . For simplicity, we will denote

the output of Hu(u) as gu.

• Let M ⊆ {1, ..., nm} denote the set ofall j for which M [j] = 1, where M [j] isthe j-th bit of the Message M . Then,Hm : {0, 1}nm → G on M is computed asHm(M) = m′

∏j∈Mmj . For simplicity, we

will denote the output of Hm(M) as gM .

Extract(u): Given an identity u, generates the cor-responding private key du as follows:

1. Choose ru ∈R Z∗q .2. du = {d(u,0) = gs2 · (gu)ru , d(u,1) =gru , d(u,2) = hru}.

Signcrypt(M,duA,uB): Given a message M , a

sender's private key duAand a receiver identity

uB , outputs the signcryption CT as follows:

1. Choose r, r′ ∈R Z∗q .2. (h1, h2) = H(Y r).

3. t′ = TCR(gr′).

4. Z = gh2 ·Hm(M ⊕ t′)r′ · d(uA,0).

5. t = TCR(gr).

6. CT = 〈gr, gr′ , (guB· ht)r, (M ‖ Z) ⊕

h1, d(uA,1)〉

Unsigncrypt(CT,uA, duB): Given a ciphertext

CT = 〈CT1,CT2,CT3,CT4,CT5〉, a senderidentity uA and a receiver's private key duB

,unsigncrypts as follows:

1. t = TCR(CT1).

2. Y =e(CT1,d(uB,0)·(d(uB,2))

t)e(CT3,d(uB,1))

=e(gr,gs2·g

ruBuB·hruB

t)e((guB

·ht)r,gruB )= e(gr, gs2).

3. (h1, h2) = H(Y ).

4. (M ‖ Z) = CT4 ⊕ h1.5. Z ′ = Z · g−h2 .

6. t′ = TCR(CT2).

7. Test if e(Z ′, g) = Y · e(CT2, Hm(M ⊕ t′)) ·e(CT5, guA

) and if it holds, output the mes-sage M , otherwise ⊥.

4 Security Proof

In this section we prove the security of our schemeusing a series of games. More precisely, we have twosequences of games Game 0 to Game 8 and Game′ 0 toGame′ 8, where we prove con�dentiality and unforge-ability respectively. Each game (eg. Game 0, Game1, etc) played is complete in the sense that an adver-sary will interact with a simulator from Setup phaseto Guess phase as de�ned in the security model. Forconciseness however, we will only describe the newchanges made in each game. We de�ne Ei, E ′i to bethe events that B outputs its guess β′ = 1, in therespective i-th games.

Theorem 4.1. If there exists a polynomial-timeIND-IBSC-CCA2 adversary A against our scheme,then there exists an algorithm B which can break theHmDBDH assumption. Speci�cally, for an adversaryA with an advantage ε and running time t which mayissue at most QE Extract queries, B has an ad-vantage of at least εHmDBDH in solving a HmDBDHproblem in time at most t′.

εHmDBDH ≥ε− εTCR

8QE(nu + 1),

t′ ≤ t+O(ε−2ln(ε−1)λ−1ln(λ)−1))

Proof. The theorem is proved via a series of gamesfrom Game 0 to Game 8. To start with, Game 0where the scheme is simulated exactly as describedin Section 3 is presented. Then we transit throughthe subsequent games based on various events (eg.simulation abort, hash collision, etc). We concludethe proof with the overall probability calculation ofthe advantage and the running time of our simulation.


6

Recall that the HmDBDH problem is todistinguish between two probability distributions

〈g, ga, ga2 , gb, gc, H(e(g, g)abc)〉 ∈ G5 × {0, 1}nm+|g| ×Z∗q and 〈g, ga, ga

2

, gb, gc, R〉 ∈ G5×{0, 1}nm+|g|×Z∗q .We assume that the secrets a, b, c are known to B ini-tially. Then, in sequel games, B will gradually forgetthe secrets and instead they are available in the forms

of ga, ga2

, gb, gc only.

Game 0

Let A be an adversary and B be a simulator. We de-�ne Game 0 to be an interactive game between A andB. In short, B will behave as a KGC in our schemedescribed in Section 3. Thus B has no limitation inserving the queries made by A in Game 0 since itknows the secret exponents a, b, c explicitly. Let E0be the event that b = b′. Then, by de�nition A'sadvantage in Game 0 is |Pr[E0]− 1

2 |.

Game 1 [Transition based on hash collisions]

In Game 1, the simulation is performed identicallyto Game 0 except for the case when a hash collisionoccurs. We say that a hash collision has occurredwhen (CT1 6= gc) ∧ (TCR(CT1) = t∗)). We de�neHASHABORT to be the event that the simulatoraborts due to a hash collision. The simulation envi-ronment remains indistinguishable from the view ofA until HASHABORT occurs. Thus due to the dif-ference lemma (Shoup 2004) we have,

|Pr[E0]− Pr[E1]| ≤ Pr[HASHABORT ] (1)

Also, we have an adversary against TCR which suc-ceeds with probability of at least Pr[HASHABORT ].Then,

Pr[HASHABORT ] ≤ εTCR (2)

Game 2 [Transition based on change in the sys-tem public key 1]

In Game 2, B modi�es the system public key Mpk asfollows.

Setup: B sets an integer, m = 4QE , whereQE is the number of extract queries,and chooses an integer, ku, uniformly atrandom between 0 and nu. B de�nesx′, ~x, y′, ~y ∈R Z∗m, three functions Fu(u) =(q −mku) + x′ +

∑i∈U xi (mod q), Ju(u) = y′ +∑

i∈U yi (mod q),Ku(u) = 0, if x′ +∑i∈U xi ≡

0 (mod m), otherwise 1.

B sets h = g1 ·gα, where α ∈R Z∗q . B then assignsu′ = gq−kum+x′

2 · gy′ · g−t∗

1 , where t∗ = TCR(gc)and u=i g

xi2 · gyi . Finally, B replaces the parts

of the system public key Mpk with newly com-puted 〈u′, u1, ..., unu

,m′,m1, ...,mnm〉 and keeps

the functions Fu, Ju,Ku, Fm, Jm,Km internal toitself.

B further chooses km randomly between 0

and nm and de�nes m′ = gq−kmm+v′

2 · gw′ ,mi = gvi2 · gwi , where v′, ~v, w′, ~w ∈R Z∗m.Further B de�nes three functions Fm(M) =(q − mkm) + v′ +

∑i∈M vi (mod q), Jm(M) =

w′ +∑i∈M wi (mod q),Km(M) = 0, if v′ +∑

i∈M vi ≡ 0 (mod m) otherwise 1.

The changes made in Mpk as above does not af-fect the view of A and hence the simulation remainsindistinguishable from Game 1. Therefore,

Pr[E1] = Pr[E2] (3)

Game 3 [Transition based on simulation abort]

Let QE be the maximum number of Extract queriesA may issue. Further, let F1 denote the event thatA issues an Extract query on an identity u such thatKu(u) = 0 and let F2 denote the event that A choosesthe challenge identity u∗B such that Fu(u∗B) 6= 0.Then, we de�ne the event forced abort Ffor : F1 ∨F2and

Pr[¬Ffor] =Pr

[QE∧i=1

Ku(ui) = 1

]

· Pr

[Fu(u∗B) = 0

∣∣∣∣ QE∧i=1

Ku(ui) = 1

]

We also de�ne η = Pr[¬Ffor] and put λ as a lowerbound on η.

Lemma 4.2. The probability of simulator not abort-ing by the guess phase is at least λ = 1

8(nu+1)QE.

The proof of this lemma is postponed until Section4.1.

As discussed by Waters (2006), arti�cial abort, de-noted as Fart, is required to ensure that the sim-ulation abort occurs with almost same probability(1− λ) over all possible sets of Extract queries madeby A. Let ~u = u1, ...,uQE

be the set of identitiesqueried for Extract during Phase 1 and Phase 2. Wede�ne the function τ(X ′, ~u,u∗), where X ′ is a setof simulation values x′, x1, ..., xnu

, as τ(X ′, ~u,u∗) =0, if ¬F, otherwise 1. We consider the probabilityover the simulation values for a given set of queries,~u,u∗, as η = PrX′ [τ(X ′, ~u,u∗) = 0]. B estimatesη′ by sampling O(ε−2ln(ε−1)λ−1ln(λ)−1)) times theprobability η by choosing a random X ′. Then, if

η′ ≥ λ, B will abort with probability η′−λη′ and take

a random guess. Otherwise, B will continue to Guessphase as usual. Note that �xing X ′, ~u,u∗ gives theadversary the �xed view of the simulation.

Lemma 4.3. If the simulator takesO(ε−2ln(ε−1)λ−1ln(λ−1)) samples when comput-ing the estimate η′, then∣∣∣∣Pr[E2]− 1

2

λ− Pr[E3]− 1

2

∣∣∣∣ ≤ ε

2

The proof of the above lemma is postponed untilSection 4.2. Note that readers who are familiar withthe work by Kiltz & Galindo (2009) may skip thisproof as this is identical to the proof of Lemma A.3in their work.

Game 4 [Transition based on private keyderivation]

B answers private key queries made by A as follows.


7

Extract Queries: Given an identity u, B choosesru ∈R Z∗q and computes du as follows :

du =

{d(u,0) = g

−Ju(u)Fu(u)

1 · gruu , d(u,1) = g−1

F (u)

1 · gru ,

d(u,2) = (A2 · gα1 )−1

Fu(u) · (g1 · gα)ru}.

Letting ru = ru − aFu(u)

gives us

d(u,0) =g−Ju(u)Fu(u)

1 ·At∗

Fu(u)

2 · gruu

=g−Ju(u)Fu(u)

1 · gat∗

Fu(u)

1 ·(gFu(u)2 · gJu(u) · g−t

∗

1

)ru=ga2 ·

(gFu(u)2 · gJu(u) · g−t

∗

1

)− aFu(u)

·(gFu(u)2 · gJu(u) · g−t

∗

1

)ru=ga2 · g

ru− aFu(u)

u

=ga2 · gruu ,

d(u,1) =g−1

Fu(u)

1 · gru = gru−a

Fu(u) = gru ,

d(u,2) =(A2 · gα1 )−1

Fu(u) · (g1 · gα)ru

=(g1 · gα)−a

Fu(u) · (g1 · gα)ru

=(g1 · gα)ru−a

Fu(u)

=hru .

B can perform this computation if and only ifFu(u) 6= 0. Since we choose q,m, ku such thatq � mku, the only condition that Fu(u) = 0 canoccur is whenmku = x′+~x. Notice thatKu(u) 6=0 is the su�cient condition for Fu(u) 6= 0, sinceKu(u) 6= 0 implies mku 6= x′ + ~x. Thus thesimulator will only continue when Ku(u) 6= 0.

Game 4 remains indistinguishable from Game 3and hence,

Pr[E3] = Pr[E4] (4)

Game 5 [Transition based onSigncrypt/Unsigncrypt computation]

In this game, B answers Signcrypt/Unsigncryptqueries made by A as follows. Note that B is able toanswer the queries without the explicit knowledge ofa, b ∈ Z∗q .

Signcrypt queries on (uA,uB ,M): There are twocases:

Ku(uA) 6= 0: B runs Extract(uA) to generatethe private key for uA and signcrypts M asusual.

Otherwise: B signcrypts M as follows :

1. Choose r, r′r′′ ∈R Z∗q .2. (h1, h2) = H(Y r).

3. t′ = TCR(gr′).

4. Repick r′ and restart from Step 3 untilKm(M ′) 6= 0, where M ′ = M ⊕ t′.

5. Computes the signature Z as follows:

Z =gh2 · g−Jm(M′)Fm(M′)

1 ·(gFm(M ′)2 · gJm(M ′)

)r′·(gJu(uA) · g−t

∗

1

)r′′=gh2 · ga2 ·

(gFm(M ′)2 · gJm(M ′)

) −aFm(M′)

·(gFm(M ′)2 · gJm(M ′)

)r′·(gJu(uA) · g−t

∗

1

)r′′=gh2 · ga2 ·

(gFm(M ′)2 · gJm(M ′)

)r′− aFm(M′)

·(gJu(uA) · g−t

∗

1

)r′′=gh2 · ga2 ·Hm(M ′)r ·

(gJu(uA) · g−t

∗

1

)r′′,

where r = r′ − a

Fm(M ′).

gr is computed as follows:

g−1

Fm(M′)1 · gr

′= g

−aFm(M′) · gr

′= g

r′− aFm(M′) = gr.

6. t = TCR(gr).

7. CT = 〈gr, grM′ , (guB· ht)r,M ⊕

h1, Z, gr′′〉

Remark 4.4. gr′′must be �xed for each identity

since it corresponds to a part of a user's privatekey in the actual scheme.

Unsigncrypt queries on (uB ,CT = 〈CT1, ...,CT6〉):There are three cases:

(CT1 6= CT∗1 = Ct3) ∧ (TCR(CT1) = TCR(C)):B aborts due a hash collision. Note that wehave bounded the probability of this abortin Game 1.

K(uB) 6= 0: Runs Extract(uB) and unsign-crypts CT′ as usual.

Otherwise: B unsigncrypts as follows:

1. Computes Y as follows:

Y =e

(CT3

CTJu(uB)1 · CTαt1

, g2

)(t−t∗)−1

=e

(g−t

∗

1 · gJu(uB))r· htr

grJu(uB) · grαt, g2

(t−t∗)−1

=e

(g−t

∗r1 · gJu(uB)r · gtr1 · gαtr

grJu(uB) · grαt, g2

)(t−t∗)−1

=e(g−t

∗r1 · gtr1

)(t−t∗)−1

= e (gr1, g2)

2. (h1, h2) = H(Y ).

3. Z = CT5 · g−h2 .4. M = CT4 ⊕ h1.5. t′ = TCR(CT2).

6. Test if e(g, Z) = Y ·e(CT2, Hm(M⊕t′))·e(guA

,CT6) and if it holds, outputs themessage M , otherwise ⊥.


8

Remark 4.5. The importance of the simulator beingable to answer signcrypt/unsigncrypt queries whenFu(u) = 0 has been overlooked in many previous at-tempts (Jin et al. 2010, Yu et al. 2009, Zhang 2010).For a security reduction to go through, given the chal-lenge identity u∗B it is required that Fu(u∗B) = 0.However, the simulators in the mentioned papers arenot able to answer any sigincrypt/unsigncrypt queriesinvolving u∗B and simply abort when such cases oc-cur. This behaviour of the simulator clearly enablesan attacker to distinguish the simulated environmentfrom the real environment.


Pr[E4] = Pr[E5] (5)

Game 6 [Transition based on change in the sys-tem public key 2]

We now assume that a, b ∈ Z∗q are no longer availableto the simulator B as plain integers. Instead, they are

available in the form of A1 = ga, A2 = ga2

, B = gb.

Setup: B sets g1 = A1, g2 = B and Y = e(g1, g2).Then, B replaces the parts of the system publickey Mpk with newly computed 〈g1, g2, Y 〉.

The changes made inMpk as above does not a�ectthe view of A. Therefore,

Pr[E5] = Pr[E6] (6)

Game 7 [Transition based on challenge cipher-text computation]

We now assume that c ∈ Z∗q is no longer availableto the simulator B as a plain integer. Instead, itis available in the form of C = gc, in addition to(z1, z2) = H(e(g, g)abc). Then, we show how B con-structs the challenge ciphertext as follows.

Challenge: A commits the challenge identities(uA,u

∗B) and a message M . If (Fu(u∗B) 6= 0)

then B aborts and outputs a random guess as thesolution. Else, B returns the challenge ciphertextCT∗ as:

r′ ∈R Z∗q ,

t′ = TCR(gr′),

Z = gz2 ·Hm(Mb ⊕ t′)r′· d(uA,0),

CT∗ =⟨C, gr

′,(gJu(u

∗B) · g−t

∗

1 · ht∗)c,Mb ⊕ z1,

Z, d(uA,1)

⟩.

Note that we can compute CT3 =(gJu(u

∗B) · g−t

∗

1 · ht∗)c

since CT3 =(gJu(u

∗B) · g−t

∗

1 · gt∗1 · gαt∗)c

=(gJu(u

∗B) · gαt∗

)c.

d(uA,0) and d(uA,1) are obtained by runningExtract(uA) assuming that Fu(uA) 6= 0. Oth-erwise, we can use the same technique as howwe answer Signcrypt queries in Game 5.


Pr[E6] = Pr[E7] (7)

Game 8 [Transition based on challenge cipher-text replacement]

B simply replaces CT∗4 and CT∗5 with random bitstrings. Thus we have,

Pr[E8] =1

2(8)

The only di�erence between Game 7 and Game 8 isthe computation of CT∗4,CT

∗5. It is easy to see that

this is equivalent to distinguishing between a wellformed HmDBDH instance and a random instance.Hence,

|Pr[E7]− Pr[E8]| ≤ εHmDBDH (9)

Analysis

We have computed partial probabilities of indistin-guishability between games. We now combine thethese probabilities to compute the overall advantageε of an adversary A running in time t, which is atmost,

ε =

∣∣∣∣Pr[E0]− 1

2

∣∣∣∣ (by de�nition) (10)

≤∣∣∣∣Pr[E1] + εTCR −

1

2

∣∣∣∣ (from equations 1, 2) (11)

=

∣∣∣∣Pr[E2] + εTCR −1

2

∣∣∣∣ (from equation 3) (12)

≤∣∣∣∣Pr[E3]− 1

2

λ+ εTCR

∣∣∣∣ (from Lemma 4.3) (13)

=

∣∣∣∣Pr[E4]− 12

λ+ εTCR


=

∣∣∣∣Pr[E5]− 12

λ+ εTCR


=

∣∣∣∣Pr[E6]− 12

λ+ εTCR


=

∣∣∣∣Pr[E7]− 12

λ+ εTCR


≤∣∣∣∣Pr[E8] + εHmDBDH − 1

2

λ+ εTCR

∣∣∣∣ (from equation 9)

(18)

=∣∣∣εHmDBDH

λ+ εTCR

∣∣∣ (from equation 8) (19)

=

∣∣∣∣∣εHmDBDH18QE(nu+1)

+ εTCR

∣∣∣∣∣ (from Lemma 4.2) (20)

= |8QE(nu + 1) (εHmDBDH) + εTCR| (21)

Since εHmDBDH and εTCR are negligible, A has onlynegligible advantage in breaking our scheme.

The running time t′ of B is linear in the run-ning time of A. Moreover, B requires additionalrunning time for sampling. Hence, t′ = t +O(ε−2ln(ε−1)λ−1ln(λ)−1)). This completes the prooffor the IND-IBSC-CCA2 security of our scheme.


9

4.1 Proof of Lemma 4.2

Proof. We now show the lower bound on the proba-bility of the simulation not aborting.

Pr[¬F ] =Pr[

QE∧i=1

Ku(ui) = 1]

· Pr[Fu(u∗B) = 0|QE∧i=1

Ku(ui) = 1] (22)

=(1− Pr[

QE∨i=1

Ku(ui) = 0])

· Pr[Fu(u∗B) = 0|QE∧i=1

Ku(ui) = 1] (23)

=(1−QE∑i=1

Pr[Ku(ui) = 0])

· Pr[Fu(u∗B) = 0|QE∧i=1

Ku(ui) = 1] (24)

=(1− QEm

) · Pr[Fu(u∗B) = 0|QE∧i=1

Ku(ui) = 1]

(25)

=(1− QEm

) · 1

nu + 1

· Pr[Ku(u∗B) = 0|QE∧i=1

Ku(u∗) = 1] (26)

=(1− QEm

) · 1

nu + 1· Pr[Ku(u∗) = 0]

Pr[

QE∧i=1

Ku(ui) = 1]

· Pr[QE∧i=1

Ku(ui) = 1|Ku(u∗) = 0] (27)

≥(1− QEm

) · 1

(nu + 1)· 1

m

· Pr[QE∧i=1

Ku(ui) = 1|Ku(u∗) = 0] (28)

=(1− QEm

) · 1

(nu + 1)m

· (1− Pr[

QE∨i=1

Ku(ui) = 0|Ku(u∗) = 0])

(29)

≥(1− QEm

) · 1

(nu + 1)m

· (1−QE∑i=1

Pr[Ku(ui) = 0|Ku(u∗) = 0])

(30)

=(1− QEm

)2 · 1

(nu + 1)m(31)

≥(1− 2QEm

) · 1

(nu + 1)m(32)

=(1− 2QE4QE

) · 1

(nu + 1)4QE(33)

=1

(nu + 1)8QE(34)

Equations 24 and 30 come from the fact that for anypair of u and u′, the probabilities that Ku(u) = 0and Ku(u′) are independent. Equations 25 and 28come from the probability of Ku(u) = 0 being 1

mfor any u. Equation 26 hold since Fu(u) = 0 impliesKu(u) = 0 as well as the existence of a unique ku suchthat 0 ≤ ku ≤ nu. Finally, equation 33 is obtained bysetting m = 4QE which optimizes the equation.


Proof. We �rst compute the probability distributionof Pr[E3]− 1

2 as follows.

Pr[E3]− 1

2=Pr[β′ = 1|F ]Pr[F ]

+ Pr[β′ = 1|¬F ]Pr[¬F ]− 1

2(35)

=1

2Pr[F ] + Pr[β′ = 1|¬F ]Pr[¬F ]

− 1

2(random guess taken if F occurs)

(36)

=1

2Pr[F ] + Pr[b′ = b|¬F ]Pr[¬F ]

− 1

2(β′ = 1 if b′ = b) (37)

=1

2(1− Pr[¬F ]) + Pr[b′ = b|¬F ]Pr[¬F ]− 1

2(38)

=− 1

2Pr[¬F ]) + Pr[b′ = b|¬F ]Pr[¬F ]

(39)

=− 1

2Pr[¬F ])

+ Pr[¬F |b′ = b]Pr[b′ = b] (Bayes' theorem)(40)

=1

2(Pr[¬F |b′ = b]Pr[b′ = b]

− Pr[¬F |b′ 6= b]Pr[b′ 6= b]) (41)

=1

2(Pr[¬F |b′ = b]Pr[E2]

− Pr[¬F |b′ 6= b](1− Pr[E2])) (Pr[E2] = Pr[b′ = b])(42)

Let F be the event such that F : Fart ∨ Ffor. Thenwe make the following claim.

Claim 4.6. For any �xed view of A, |Pr[¬F ]− λ| ≤λε4 .

Let us assume the claim holds for now. Since theclaim holds for any �xed view of A, the claim shouldalso hold in the following cases conditioned on b′ = band b′ 6= b.

|Pr[¬F |b′ = b]− λ| ≤ λε

4, |Pr[¬F |b′ 6= b]− λ| ≤ λε

4(43)

Then, combining equations 42 and 43 gives,∣∣∣∣Pr[E3]− 1

2− λ

(Pr[E2]− 1

2

)∣∣∣∣ ≤Pr[E2]λε

4+λε

4

≤λε2,


10

which trivially leads to∣∣∣∣Pr[E3]− 12

λ−(Pr[E2]− 1

2

)∣∣∣∣ ≤ ε

2

Proof of Claim 4.6

Proof. Since two events are independent of eachother,

Pr[¬F ] = Pr[¬Ffor]Pr[¬Fart] = ηPr[¬Fart]

Let us �x 0 < ε′ = ε8 ≤

18 . Then, by using Cherno�'s

bound for the estimate η′ of η we obtain

Pr[η′ − η] > ηε′] < λε′.

This gives us

Pr[¬Fart] =Pr[¬Fart||η′ − η| > ηε′]Pr[|η′ − η| > ηε′]

+ Pr[¬Fart||η′ − η| ≤ ηε′]Pr[|η′ − η| ≤ ηε′]≤λε′ + Pr[¬Fart||η′ − η| ≤ ηε′]

=λε′ +λ

η′.

The last equality is true since for �xed η′ with |η′ −η| ≥ ηε′ we have η′ > η(ε′ + 1) ≤ λ(ε′ + 1) ≤ λ andtherefore Pr[¬Fart] = λ

η′ . Further we have,

Pr[¬F ] =Pr[¬Ffor]Pr[¬Fart]

≤ηλε′ + ηλ

η′

≤λε′ + λ

1− ε′≤λ(1 + 2ε′).

For all �xed η′ with |η′−η| ≤ ηε′ we have Pr[¬Fart] =

min{

1, λη′

}> λ

η(1+ε′) (since η > λ and hence η(1 +

ε′) > λ). Therefore,

Pr[¬F ] =ηPr[¬Fart]≥ηPr[¬Fart||η′ − η| ≤ ηε′]Pr[|η′ − η| ≤ ηε′]

≥η λ

η(1 + ε′)(1− λε′)

≥λ(1− ε′)2

≥λ(1− 2ε′).

Since λ(1 − 2ε′) ≤ Pr[¬F ] ≤ λ(1 + 2ε′), this implies|Pr[¬F ]− λ| ≤ λ2ε′ < λε

4 as required.

Theorem 4.7. If there exists a polynomial-timeEUF-IBSC-CMA adversary A against our scheme,then there exists an algorithm B which can break themCDH assumption. Speci�cally, for an adversary Awith an advantage ε and running time t which mayissue at most QE extract queries, B has an advantageof at least εmCDH in solving a mCDH problem in timeat most t′.

εmCDH ≥ε− εTCR

32Q2E(nu + 1)(nm + 1)

,

t′ ≤ t+O(ε−2ln(ε−1)λ−1ln(λ)−1))

Proof. We now prove the EUF-IBSC-CMA security ofour scheme. The proof runs from Game′ 0 to Game′

7.Recall that the mCDH problem is to compute gab

given 〈g, ga, ga2 , gb〉 ∈ G4, where g is a generator ofG and a, b ∈R (Z∗q)2. We assume that the secrets a, bare known to B initially. Then, in sequel games, Bwill gradually forget the secrets and instead they are

available in the forms of ga, ga2

, gb only.

Game′ 0

B is simulating the real environment as in Game 0.Then by de�nition, the advantage of A is

|Pr[E ′0]| (44)

Game′ 1 [Transition based on hash collisions]

This game is identical to Game 1. Thus we have,

|Pr[E ′0]− Pr[E ′1]| ≤ Pr[HASHABORT ] (45)

And recall that,

Pr[HASHABORT ] ≤ εTCR (46)

Game′ 2 [Transition based on change in thesystem public key 1]


Pr[E ′′1 ] = Pr[E ′′2 ] (47)

Game′ 3 [Transition based on simulation abort]

This game is almost identical to Game 3 except forone change. We now introduce an additional failureevent F3 : Fm(M ′′) 6= 0. Then, the new probabilityof simulation abort F ′ is

F ′ = F ∨ F3

Pr[¬F ′] = Pr[¬F ]Pr[Fm(M ′′) 6= 0]

Then, we have the following lemma whose proof willbe postponed until Section 4.3

Lemma 4.8. The probability of simulator not abort-ing is at least λ′ = 1

32Q2E(nm+1)(nu+1)

.

Apart from the additional failure case, the rest ofGame′ 3 is identical to Game 3. Therefore,∣∣∣∣Pr[E ′2]− 1

2

λ′− Pr[E ′3]− 1

2

∣∣∣∣ ≤ ε

2(48)

Game′ 4 [Transition based on key derivation]


Pr[E ′3] = Pr[E ′4] (49)

Game′ 5 [Transition based onSigncrypt/Unsigncrypt computation]

This game is identical to Game 5. Hence,

Pr[E ′4] = Pr[E ′5] (50)


11

Game′ 6 [Transition based on change in thesystem public key 2]

We now assume that a, b ∈ Z∗q are no longer availableto the simulator B as plain integers. Instead, they are

available in the form of A1 = ga, A2 = ga2

, B = gb.

Setup: B sets g1 = A1, g2 = B and Y = e(g1, g2).Then, B replaces the parts of the system publickey Mpk with newly computed 〈g1, g2, Y 〉.

As in Game′ 2, the changes made in Mpk as abovedoes not a�ect the view of A. Therefore,

Pr[E ′5] = Pr[E ′6] (51)

Game′ 7 [Transition based on challenge abort]

In Game′ 7, as long as the simulation does not abort,B is able to solve a mCDH problem as follows.

Forge: Eventually, A returns a signcrypted messageCT∗ = 〈CT1,CT2,CT3,CT4,CT5,CT6〉. B unsigncrypts CT∗ to get M∗. IfCT∗ is invalid, Extract(u∗A) query has previ-ously been made, Fu(u∗A) 6= 0 or Fm(M ′) 6= 0where M ′ = M ⊕ TCR(CT2), B aborts. IfFu(u∗A) = 0 and Fm(M ′) = 0, B obtains gab

as follows:

CT5 =gh2 ·Hm(M ⊕ TCR(CT2))r′· ga2 · g

ruAuA

=gh2 · gJm(M⊕TCR(CT2))r′· gab · gruA

uA .

So,

CT5

gh2 · CTJm(CT4⊕TCR(CT2))2 · CTJu(uA)

6

=

gh2 · gJm(M⊕TCR(CT2))r′ · gab · gruA

uA

gh2 · (gr′)Jm(M⊕TCR(CT2)) · gruAuA

= gab.

Game′ 7 remains indistinguishable from Game′ 6.Hence,

Pr[E ′6] = Pr[E ′7] (52)

B is able to obtain the mCDH output gab as long as¬F ′ holds. This gives us

Pr[E ′7] = εmCDH (53)

Analysis

The overall advantage ε of an adversary A running intime t is at most,

ε = |Pr[E ′0]| (by de�nition)

≤ |Pr[E ′1] + εTCR| (from equations 45, 46)

= |Pr[E ′2] + εTCR| (from equation 47)

≤∣∣∣∣Pr[E ′3]

λ′+ εTCR


=

∣∣∣∣Pr[E ′4]

λ′+ εTCR


=

∣∣∣∣Pr[E ′5]

λ′+ εTCR


=

∣∣∣∣Pr[E ′6]

λ′+ εTCR


=

∣∣∣∣Pr[E ′7]

λ′+ εTCR


=∣∣∣εmCDH

λ′+ εTCR

∣∣∣ (from equation 53)

=

∣∣∣∣∣ εmCDH1

32Q2E(nm+1)(nu+1)

+ εTCR

∣∣∣∣∣ (from Lemma 4.8)

=∣∣32Q2

E(nm + 1)(nu + 1)εmCDH + εTCR∣∣

Since εmCDH , εTCR are negligible, A has only negligi-ble advantage in breaking our scheme.

The running time t′ of B is linear in the runningtime of A. Moreover, B requires additional runningtime for sampling. Hence,

t′ = t+O(ε−2ln(ε−1)λ−1ln(λ)−1))

This completes the proof for EUF-IBSC-CMA secu-rity of our scheme.


Proof. We �rst compute the probability of the eventF3 not occurring.

Pr[¬F3] =Pr[Fm(M ′′) = 0]

=1

nm + 1Pr[Km(M ′′) = 0]

=1

nm + 1

1

m

Then,

Pr[¬F ′] =Pr[¬F ∧ ¬F3]

≥ λ

m(nm + 1)

=

18(nu+1)QE

4QE(nm + 1)

=1

32Q2E(nm + 1)(nu + 1)

5 E�ciency

We compare the e�ciency of our scheme against theother schemes (Jin et al. 2010, Zhang 2010) in termsof the computational cost involved and the cipher-text size. Although these two schemes are broken,


12

nevertheless the comparison would show the relativeperformance of our scheme. Table 1 shows that theschemes under the comparison perform similarly interms of computation overhead.

Table 1: E�ciency Comparison

Ours Jin et al. ZhangG GT P G GT P G GT Pex. ex. ex. ex. ex. ex.

Extract 2 0 0 2 0 0 2 0 0Sign- 6 1 0 3 1 0 5 1 0cryptUnsign- 2 0 5 2 0 5 0 2 5cryptCipher- G5 × |M | G4 ×GT G4 × Z∗qtext size ×GTSecurity CCA2 Broken Broken

CMAG ex.: number of exponentiations in GGT ex.: number of exponentiations in GTP: number of pairingsCCA2: IND-IBSC-CCA2CMA: EUF-IBSC-CMA

Now we compare the ciphertext size by consider-ing the implementation over di�erent types of pair-ings (see the work by (Galbraith et el. 2008) formore details on the di�erent pairing types). In casethe schemes are implemented over a supersingularcurve of embedding degree 2, then |G| = 512 bits,|GT | = 1024 bits and typically nm = nu = 160 bits.Thus, our ciphertext size will be 512×5+160 = 2720bits compared to 512×4 + 1024 = 3072 bits by Jin etal.'s and 512×4+160+1024 = 3232 bits by Zhang's.

It is trivially possible to convert our symmet-ric pairing based scheme to Type 2 pairing version(asymmetric pairing e : G1 × G2 → GT with e�-cient isomorphism). In a crude way, we may de�neevery group element in our scheme as G2 element.Then, due to the presence of isomorphic map whiche�ciently maps elements in G2 to the correspondingelements in G1, we obtain Type 2 pairing version ofour scheme.

In case where a Type 2 pairing of embedding de-gree 6 is used, for g1 ∈ G1, g2 ∈ G2 and h ∈ GT ,|g1| = 160 bits, |g2| = 480 bits and |h| = 960 bits(Chatterjee & Menezes 2009). Thus, our cipher-text size will be 480 × 5 + 160 = 2560 bits insteadof 480 × 4 + 960 = 2880 bits for Jin et al.'s and480× 4 + 960 = 3040 bits for Zhang's.

We can further improve the e�ciency with aslightly more e�ort. If a shorter private key size isdesired, then we may de�ne private keys to be of el-ements from G1. This will force the ciphertext el-ements to be from G2 since each private key com-ponent is used in pairing with each ciphertext el-ement for unsigncrypting. If a shorter ciphertextsize is of primary concern, then we may de�ne theciphertext elements to be from G1 and the privatekeys from G2. If this is the case, then our cipher-text size will be 160 × 5 + 160 = 960 bits comparedto 160 × 4 + 960 = 1600 bits by Jin et al.'s and160 × 4 + 160 + 960 = 1760 bits by Zhang's. Thuswe see a signi�cant reduction of approximately 40%in the ciphertext size.

6 Conclusion

We have proposed a fully secure IBSC scheme inthe standard model under HmDBDH and mCDH as-

sumptions. We note that previously proposed IBSCschemes in the standard model are not secure andmany schemes ignore the importance of being ableto answer signcrypt/unsigncrypt simulation queriesfor which the private key generation algorithm fails.Moreover, we have shown that our scheme provide ashort ciphertext size by avoiding the inclusion of atarget group element in the ciphertext.

References

Boneh, D. & Franklin, M. K. (2001), Identity-BasedEncryption from the Weil Pairing, in Àdvances inCryptology - CRYPTO 2001', Vol. 2139, Springer,pp. 213�229.

Zheng, Y. (1997), Digital Signcryption or Howto Achieve Cost (Signature & Encryption) �Cost(Signature) + Cost(Encryption), in Àdvancesin Cryptology � CRYPTO 1997', Vol. 1294,Springer, pp. 165�179.

Barreto, P. S.L.M., Libert, B., McCullagh N. &Quisquater, J. (2005), E�cient and Provably-Secure Identity-Based Signatures and Signcryptionfrom Bilinear Maps, in Àdvances in Cryptology �ASIACRYPT 2005', Vol. 3788, Springer, pp. 515�532.

Chen, L. & Malone-Lee, J. (2005), Improved Identity-Based Signcryption, in `Public Key Cryptography� PKC 2005', Vol. 3386, Springer, pp. 362�379.

Shoup, V. (2004), Sequences of Games: A Tool forTaming Complexity in Security Proofs, CryptologyePrint Archive Report Report 2004/332.

Bellare, M. & Rogaway, P. (1997), Collision-Resistanthashing: Towards making UOWHFs practical,in Àdvances in Cryptology � CRYPTO '97',Vol. 1294, Springer, pp. 470�484.

Zhang, B. (2010), `Cryptanalysis of an IdentityBased Signcryption Scheme without Random Or-acles', Journal of Computational Information Sys-tems 6(6), 1923�1931.

Ren, Y. & Gu, D. (2007), E�cient Identity BasedSignature/Signcryption Scheme in the StandardModel, in Ìnternational Symposium on Data, Pri-vacy, and E-Commerce', IEEE, pp. 133�137.

Wang, X. A., Zhong, W. & Luo, H. (2010),Cryptanalysis of E�cient Identity Based Signa-ture/Signcryption Schemes in the Standard Model,in Intelligence Information Processing and TrustedComputing (IPTC), 2010 International Symposiumon, IEEE, pp. 622-625.

Yu, Y., Yang, B., Sun, Y. & Zhu, S. Ìdentitybased signcryption scheme without random ora-cles', Computers Standards & Interfaces 31(1), 56�62.

Jin, Z., Wen, Q. & Du, H. Àn improved semantically-secure identity-based signcryption scheme in thestandard model', Computers & Electrical Engineer-ing 36(3), 545�552.

Waters, B. (2006), E�cient Identity-Based Encryp-tion Without Random Oracles, in 'Advances inCryptology � EUROCRYPT 2005`, Vol. 4058,Springer, pp. 114�127.

Malone-Lee, J. (2002), Identity-based signcryption,Cryptology ePrint Archive Report 2002/098.


13

Gagné, M., Narayan, S. & Safavi-Naini, R. (2010),Threshold Attribute-Based Signcryption, in `Secu-rity and Cryptography for Networks', Vol. 6280,Springer, pp. 154�171.

Ferguson, N., Lucks, S., Schneier, B., Whiting, D.,Bellare, M., Kohno, T., Calls, J. & Walker, J.The Skein Hash Function Family, Submission to theNIST SHA-3 Competition (Finalists).

Abdalla, M. Bellare, M. & Rogaway, P. (2001), TheOracle Di�e-Hellman Assumptions and an Analy-sis of DHIES, in `Topics in Cryptology � CT-RSA2001', Vol. 2020, Springer, pp. 143�158

Kiltz, E. & Vahlis, Y. (2008), CCA2 secure IBE: stan-dard model e�ciency through authenticated sym-metric encryption, in `Topics in Cryptology � CT-RSA 2008', Springer, pp. 221�238.

Goldwasser, S. & Kalai, Y. T. (2003), On the(In)security of the Fiat-Shamir Paradigm, in`FOCS '03: Proceedings of the 44th Annual IEEESymposium on Foundations of Computer Science',IEEE Computer Society, pp. 102�115.

Boyen, X. (2003)2003, A Swiss Army Knife forIdentity-Based Cryptography, in Àdvances inCryptology � CRYPTO 2003', Springer, Vol. 2729,pp. 383�399.

Libert, B. & Quisquater, J.J. (2003), A new identitybased signcryption scheme from pairings, in Ìnfor-mation Theory Workshop', IEEE, pp. 155�158.

Chow, S. S. M., Yiu, M., Hui, L. C. K. & Chow, K.P. (2003), E�cient forward and provably secure ID-based signcryption scheme with public veri�abilityand public ciphertext authenticity, in ÌnternationalConference on Information Security and Cryptol-ogy � ICISC 2003', Springer, Vol. 2971, pp. 352�369.

Nalla, D. & Reddy, K. C. (2003), Signcryptionscheme for identity-based cryptosystems, Cryptol-ogy ePrint Archive Report 2003/066.

McCullagh, N. & Barreto, P. S. L. M. (2004), Ef-�cient and forward-secure identity-based signcryp-tion, Cryptology ePrint Archive Report 2004/117.

Libert, B. & Quisquater, J.J. (2004), E�cientSigncryption with Key Privacy from Gap Di�e-Hellman Groups, in `Public Key Cryptography �PKC 2004', Springer, Vol. 2947, pp. 187�200.

Yuen, T. H. & Wei, V. K. (2005), Fast and Proven Se-cure Blind Identity-Based Signcryption from Pair-ings, in `Topics in Cryptology � CT-RSA 2005',Springer, Vol. 3376, pp. 305�322.

Zhang, J., Gao, S., Chen, H. & Geng, Q. (2009), ANovel ID-Based Anonymous Signcryption Scheme,in Àdvances in Data and Web Management',Springer, Vol. 5446, pp. 604�610.

Zhang, M., Yang, B., Zhu, S. & Zhang, W.(2010), E�cient Secret Authenticatable Anony-mous Signcryption Scheme with Identity Privacy,in Ìntelligence and Security Informatics', Springer,Vol. 5075, pp. 126�137.

Chatterjee, S. & Menezes, A. (2009), OnCryptographic Protocols Employing Asym-metric Pairings - The Role of Ψ Revisited,http://eprint.iacr.org/2009/480.

Kiltz, E. & Galindo, D. (2009), `Direct chosen-ciphertext secure identity-based key encapsulationwithout random oracles', Theoretical ComputerScience 410(47-49), 5093�5111.

Galbraith, S. D., Paterson, K. G. & Smart, N. P.(2008), `Pairings for cryptographers', Discrete Ap-plied Mathematics, 156(16), 3113�3121.


14

Fast Elliptic Curve Cryptography Using

Minimal Weight Conversion of d Integers

Vorapong Suppakitpaisarn1 Masato Edahiro2 Hiroshi Imai1

1 Department of Computer Science, Graduate School of Information Science and TechnologyThe University of Tokyo,

Hongo, Bunkyo-ku, Tokyo, 113-8656Email: mr t [email protected], [email protected]

2 Department of Information Engineering, Graduate School of Information ScienceNagoya University,

Furo-cho, Chikusa-ku, Nagoya-shi, Aichi 464-8601Email: [email protected]

Abstract

In this paper, we reduce computation time of ellip-tic curve signature verification scheme by proposingthe minimal joint Hamming weight conversion forany binary expansions of d integers. The computa-tion time of multi-scalar multiplication, the bottle-neck operation of the scheme, strongly depends on thejoint Hamming weight. As we represent the scalarsusing redundant representations, we may representa number by many expansions. The minimal jointHamming weight conversion is the algorithm to se-lect the expansion which has the least joint Hammingweight. Many existing works introduce the conver-sions for some specific representations, and it is nottrivial to generalize their algorithms to other repre-sentations. On the other hand, our conversion, basedon the dynamic programming scheme, is applicable tofind the optimal expansions on any binary represen-tations. We also propose the algorithm to generatethe Markov chain used for exploring the minimal av-erage Hamming density automatically from our con-version algorithm. In general, the sets of states inour Markov chains are infinite. Then, we introducea technique to reduce the number of Markov chainstates to a finite set. With the technique, we find theaverage joint Hamming weight of many representa-tions that have never been found. One of the mostsignificant results is that, for the expansion of inte-ger pairs when the digit set is {0,±1,±3} often usedin multi-scalar multiplication, we show that the min-imal average joint Hamming density is 0.3575, whichimproves the upper bound value.

Keywords: Elliptic Curve Cryptography, MinimalWeight Conversion, Average Joint Hamming Weight,Digit Set Expansion

1 Introduction

The multi-scalar multiplication is the bottleneck op-eration of elliptic curve signature verification scheme.

Copyright c©2012, Australian Computer Society, Inc. Thispaper appeared at the 10th Australasian Information Secu-rity Conference (AISC 2012), Melbourne, Australia, January-February 2012. Conferences in Research and Practice in In-formation Technology (CRPIT), Vol. 125, Josef Pieprzyk andClark Thomborson, Ed. Reproduction for academic, not-for-profit purposes permitted provided this text is included.

The operation is to compute

K =

d∑

i=1

riPi = r1P1 + · · ·+ rdPd,

when ri is a natural number, and Pi is a pointon the elliptic curve. In this paper, we propose amethod to reduce the computation time using a com-puter arithmetic technique considering the represen-tation of each scalar ri. In some redundant repre-sentations, we can represent each ri in more thanone way. Each way, called expansion, has a differ-ent value of Hamming weight, which directly affectsthe computation time of multi-scalar multiplications.Since the lower weight expansion makes the opera-tion faster, many methods have been explored thelower weight expansion on many specific representa-tions (1, 2, 3, 4, 5, 6, 7). These include the work bySolinas (1), which proposed the minimal joint weightexpansion on an integer pair when digit set (definedin Section 2) is {0,±1}. Also, the work by Heubergerand Muir (2, 3) presented the expansions for digit set{−l,−(l−1), . . . ,−1, 0, 1, . . . , u−1, u} for any naturalnumber l, and positive integer u.

However, minimal weight conversions of manydigit sets have not yet been found in the literature.This is caused by the fact that most of previous workpresented the conversions based on the mathematicalconstruction of the representation, which is hard toapply to many types of digit sets.

In this work, we propose a conversion method andan algorithm to find the average weight without con-cerning mathematical construction. This enables usto find the minimal weight conversions of digit setsused for multi-scalar multiplication. One of the signif-icant result is the minimal weight conversion when thedigit set is {0,±1,±3} (8). Compared to the digit setthat the minimal weight conversion have been foundsuch as {0,±1± 2} (2, 3), {0,±1,±3} uses the sameamount of memory to store the pre-computed pointsas {0,±1,±2}, but it is proved that {0,±1,±3} haslower minimal average weight when d = 2.

To evaluate the effectiveness of each representationon elliptic curve cryptography, we utilize the averagejoint Hamming density, and we also propose a methodto find the value for a class of digit set in this pa-per. Similar to the minimal weight conversions, mostof the existing works proposed analysis based on themathematical construction, which makes it hard toapply to many digit sets. On the other hand, we areable to calculate the value for our minimal weight con-


15

version algorithms, by proposing an algorithm to au-tomatically generate the Markov chain from the con-version algorithms. In general, the sets of states inour Markov chains are infinite. Then, we introducea technique to reduce the number of Markov chainstates to a finite set.

One of our results is the expansion when thedigit set is {0,±1,±3} and d = 2. For this digitset, many previous works have proposed conversionmethods and analysis for multi-scalar multiplication(5, 9, 10, 11). They can find the upper bound for theminimal average joint Hamming density. Our algo-rithm can find the minimal average joint Hammingdensity for this digit set, which is 0.3575. This im-proves the lowest upper bound 0.3616 in (5, 6).

It is shown in Appendix C that our minimal weightconversion algorithm is applicable to all finite digitsets. However, the algorithm to find average jointHamming density is not. In many digit sets, thenumber of states in the Markov chain in the Markovchain is not finite, e.g. the representation in whichDS = {0, 1, 3} and d = 1. In (12), we provide theproof of the finiteness of the Markov chain in a class ofrepresentation which cover all representations practi-cally used in multi-scalar multiplication. Also, we areworking on finding other reduction methods, whichenable us to discover the value for wider class of rep-resentations.

The remainder of this paper is organized as fol-lows: We discuss the background knowledge of thisresearch in Section 2. In Section 3, we propose aminimal weight conversion algorithm, with the expla-nation and the example. In Section 4, we present thealgorithm to construct the Markov chain used for an-alyzing the digit set expansion from the conversionin Section 3. Then, we use that Markov chain to findthe minimal average joint Hamming density. Last, weconclude the paper in Section 5.

2 Definition

Let DS be the digit set, n, d be positive integers,E{DS , d} be a conversion function from Zd to (Dn

S)d

such that if

E{DS , d}(r1, . . . , rd) = 〈(ei,n−1 ei,n−2 . . . e1,0)〉di=1

= 〈(ei,t)n−1t=0 〉

di=1,

when∑n−1

t=0 ei,t2t = ri, where ri ∈ Z and ei,t ∈ DS for

all 1 ≤ i ≤ d. We call 〈(ei,t)n−1t=0 〉

di=1 as the expansion

of r1, . . . , rd by the conversion E{DS, d}. We alsodefine a tuple of t-th bit of ri as,

E{DS , d}(r1, . . . , rd)|t = 〈e1,t, . . . , ed,t〉.

As a special case, let Eb{d} be the binary conver-sion changing the integer to its binary representationwhere DS = {0, 1}.

Eb{1}(12) = 〈(1100)〉,

Eb{2}(12, 21) = 〈(01100), (10101)〉.

Also, define Rt as

Rt = Eb{d}(r1, . . . , rd)|t = 〈e1,t, . . . , ed,t〉

. In our minimal weight conversion, Rt is consideredas the input of bit t.

Next, we define JWE{DS ,d}(r1, . . . , rd), the jointHamming weight function of integer r1, . . . rd repre-sented by the conversion E{DS, d}, by

JWE{DS ,d}(r1, . . . , rd) =n−1∑

t=0

jwt,

where

jwt =

{

0, if E{DS , d}(r1, . . . , rd)|t = 〈0〉,1 otherwise ,

For instance,

JWEb{1}(12) = 2,

JWEb{2}(12, 21) = 4.

The computation time of the scalar point multipli-cation depends on the joint Hamming weight. This isbecause we deploy the double-and-add method, thatis

d∑

i=0

riPi = 2(. . . (2(2Kn−1 + Kn−2)) . . . ) + K0,

where

Kt =

d∑

i=0

ei,tPi.

Since Kt = O, if

E{DS , d}(r1, . . . , rd)|t = 〈0〉,

we need not to perform point addition in thatcase. Thus, the number of point additions isJWE{DS ,d}(r1, . . . , rd)− 1. For instance, if

K = 12P1 + 21P2,

we can compute K as

K = 2(2(2(2P2 + P1) + D)) + P2,

where D = P1 + P2, that has already been precom-puted before the computation begins. We need 4point doubles and 3 point additions to find the re-sult.

When {0, 1} ⊂ DS , we are able to represent somenumber ri ∈ Z in more than one way. For instance,if DS = {0,±1},

12 = (01100) = (10100) = (11100) = . . . ,

when 1 = −1.Let Em{DS, d} be a minimal weight conversion

where

Em{DS, d}(r1, . . . , rd) = 〈(ei,n−1 . . . ei,0)〉di=1

is the expansion such that for any 〈(e′i,n−1 . . . e′i,0)〉ti=1

where∑n−1

t=0 ei,t2t =

∑n−1t=0 e′i,t2

t, for all 1 ≤ i ≤ d,

n−1∑

t=0

jw′t ≥ JWEm{DS ,d}(r1, . . . , rd),

and


16

jw′t =

{

0 if 〈e′1,t, . . . , e′d,t〉 = 〈0〉,

1 otherwise .

For instance,

Em{{0,±1}, 2}(12, 21) = 〈(10100), (10101)〉,

JWEm{{0,±1},2}(12, 21) = 3.

Then, the number of point additions needed is 2.Also, we call Em{DS , d}(r1, . . . , rd) as the minimalweight expansion of r1, . . . , rd using the digit set DS .

If DS2⊆ DS1

, it is obvious that

JWEm{DS2,d}(r1, . . . , rd) ≥ JWEm{DS1

,d}(r1, . . . , rd).

Thus, we can increase the efficiency of the scalar-point multiplication by increaseing the size of DS .However, the bigger DS needs more precomputationtasks. If d = 2, we need one precomputed point whenDS = {0, 1}, but we need 10 precomputed pointswhen DS = {0,±1,±3}.

Then, one of the contributions of this paper is toevaluate an efficiency of each digit set DS on multi-scalar multiplication. We use the average joint Ham-ming density defined as

AJW (E{DS , d}) =

limn→∞

2n−1∑

r1=0

· · ·

2n−1∑

rd=0

JWE{DS ,d}(r1, . . . , rd)

n2dn.

It is easy to see that AJW (Eb{d}) = 1− 12d . In this

paper, we find the value AJW (Em{DS, d}) of someDS and d. Some of these values have been found inthe literature such as

AJW (Em{{0,±1,±3, . . . ,±(2p−1)}, 1}) =1

p + 1(4).

Also,

AJW (Em{{−l,−(l− 1), . . . ,−1, 0, 1, u− 1, u}, d})

for any positive number d,u, and natural number l,have been found by Heuberger and Muir (2, 3).

3 Minimal Weight Conversion

In this section, we propose a minimal weight conver-sion algorithm based on the dynamic programmingscheme. The input is 〈r1, . . . , rd〉, and the output isEm{DS, d}(r1, . . . , rd), which is the minimal weightexpansion of the input using the digit set DS . Thealgorithm begins from the most significant bit (bitn − 1), Rn−1, and processes left-to-right to the leastsignificant bit (bit 0), R0.

For each t (n > t ≥ 0), we calculate minimalweight expansions of the first n − t bits of the in-put r1, . . . , rd (

⌊

r1

2t

⌋

, . . . ,⌊

rd

2t

⌋

) for all possible carryGt defined below. We state some notations in ouralgorithm as follows:

• The carry array Gt = 〈g1,t, . . . , gd,t〉 is a possibleinteger array as carry from bit t − 1. For theinput

Rt = 〈e1,t, . . . , ed,t〉

and output

R∗t = 〈e∗1,t, . . . , e

∗d,t〉 ∈ Dd

S ,

the following formula should be satisfied:

Rt + Gt = R∗t + 2Gt+1.

Since R∗t ∈ Dd

S , possible values of gi,t is cal-culated from DS. We define the carry set CS

by the set of possible carry values for DS . InAppendix B, we give the detail of the carryset CS , and prove that the set is always finiteif DS is finite. For example, when the digitset DS = {0,±1,±3}, the carry set is CS ={0,±1,±2,±3}. It is noted that Gt = 〈0〉 fort = 0 and t = n as boundary conditions.

• The minimal weight array wt is the array of thepositive integer wt,Gt

for any Gt ∈ CdS . The inte-

ger wt,Gtis the minimal joint weight of the first

n− t bits of the input r1, . . . , rd (⌊

r1

2t

⌋

, . . . ,⌊

rd

2t

⌋

)

for carry Gt = 〈gi,t〉di=1, e.g.

wt,Gt= JWEm{DS ,d}(

⌊r1

2t

⌋

+g1,t, . . . ,⌊rd

2t

⌋

+gd,t).

• The subsolution array Qt is the array of thestring Qt,〈i,Gt〉 for any 1 ≤ i ≤ d and Gt ∈

CdS . Each Qt,〈i,Gt〉 represents the minimal weight

expansion of the first n − t bits of the inputr1, . . . , rd when we carry Gt = 〈gi,t〉

di=1, e.g.

Qt,Gt= 〈Qt,〈i,Gt〉〉

di=1 =

Em{DS, d}(⌊r1

2t

⌋

+ g1,t, . . . ,⌊rd

2t

⌋

+ gd,t).

We note that the length of the string Qt,〈i,Gt〉

is n− t, and wt,Gtis the joint Hamming weight

of the string Qt,〈1,Gt〉, . . . , Qt,〈d,Gt〉. There may

exist some gi,t ∈ CS such that⌊

r1

2t

⌋

+gi,t can notbe represented using the string length n − t ofDS. In that case, we represent Qt,〈i,Gt〉 with thenull string, and assign wt,Gt

to ∞.

In the process at the bit t, we find the minimalweight array wt and the subsolution array Qt fromthe input Rt, the minimal weight array wt+1, and thesubsolution array Qt+1. For the process, we definethe function MW such that

(wt,Gt, Qt,Gt

) = MW (wt+1, Qt+1, Rt, Gt).

Since wt = 〈wt,Gt〉Gt∈Cd

Sand Qt = 〈Qt,Gt

〉Gt∈CdS, we

also define

(wt, Qt) = MW (wt+1, Qt+1, Rt).

It is important to note that wt is only depend onwt+1 and Rt, and we can use only two arrays to repre-sent all wt and wt+1 to reduce memory consumption.Similarly, we store all Qt using two arrays.

Here, we will show the basic idea of our proposedalgorithm with an example.

Example 1 Compute the minimal weight expan-sion of 3 and 7 when the digit set is {0,±1,±3},Em{{0,±1,±3}, 2}(3, 7). Note that the binary rep-resentation Eb{2}(3, 7) = 〈(011), (111)〉.

• Step 1 Consider the most significant bit, the in-put

R2 = Eb{2}(3, 7)|t=2 = 〈0, 1〉.


17

For the digit set DS = {0,±1,±3}, the carryset is calculated as CS = {0,±1,±2,±3}. Thus,there are 25 pairs for possible carries G2. Forexample, when G2 = 〈0,−1〉, R2 + G2 = 〈0, 1〉+〈0,−1〉 = 〈0, 0〉, so that the Hamming weightw2,〈0,−1〉 = 0. As a boundary condition, we donot generate carry from the most significant bitbecause we want to keep the length of the bitstring unchanged.

If G2 = 〈1, 0〉, the input with the carry,

R2 + G2 = 〈0, 1〉+ 〈1, 0〉 = 〈1, 1〉,

and w2,〈1,0〉 = 1. The Hamming weight w2,G2is

1 for any G, such that

R2 + G2 ∈ DdS − {〈0〉}.

If G2 = 〈0, 1〉,

R2 + G2 = 〈0, 1〉+ 〈0, 1〉 = 〈0, 2〉,

and w2,〈0,1〉 = ∞, because 2 is not in DS . TheHamming weight w2,G is∞ for any G2, such thatR2 + G2 /∈ Dd

S .

• Step 2 Next, we consider bit 1. In this bit,

R1 = Eb{2}(3, 7)|t=1 = 〈1, 1〉.

Consider the case when the carry from the leastsignificant bit G1 = 〈1, 0〉. Then, R1 + G1 =〈2, 1〉. There are 4 ways to write 〈2, 1〉 in theform 2Gt+1 + R∗

t where Gt+1 ∈ CdS is the carry

to the most significant bit and R∗t ∈ Dd

S is thecandidate for the output. That is

〈2, 1〉 = 2× 〈1, 0〉+ 〈0, 1〉

= 2× 〈1,−1〉+ 〈0, 3〉

= 2× 〈1, 1〉+ 〈0,−1〉

= 2× 〈1, 2〉+ 〈0,−3〉.

The Hamming weight should be

wt,Gt= min

Gt+1,R∗

t

[wt+1,Gt+1+ JW (R∗

t )].

From the calculation for bit 2 shown in Page 3,

w2,〈1,0〉 = w2,〈1,−1〉 = w2,〈1,2〉 = 1,

w2,〈1,1〉 =∞.

And,

JW (〈1, 0〉) = JW (〈0, 3〉)

= JW (〈0,−1〉)

= JW (〈0,−3〉)

= 1.

Then,

w1,〈1,0〉 = minG2,R∗

t

[w2,G2+ JW (R∗

1)] = 1 + 1 = 2.

We show the array w1,G1on this bit in Table 1.

• Step 3 On the least significant bit, the inputR0 = 〈1, 1〉. Also, as a boundary condition, weset G0 = 〈0〉, and therefore, the value w0,〈0,0〉

is the minimal Hamming weight. When G0 =〈0, 0〉, R0 + G0 = 〈1, 1〉. Similar to bit 1, we find

w0,〈0,0〉 = minG1,R∗

0

[w1,G1+ JW (R∗

0)],

such that 2×G1+R∗0 = 〈1, 1〉, and G1 ∈ Cd

S , R∗0 ∈

DdS. We show the value of each possible G1, R

∗0

with w1,G1, JW (R∗

0), and w1,G1+JW (R∗

0) in Ta-ble 2. Shown in the table, the minimal Hammingweight is

minG1,R∗

0

[w1,G1+ JW (R∗

0)] = 2.

Algorithm 1 Minimum joint weight conversion toany digit sets DS in the binary expansion

Require: r1, . . . , rd

The desired digit set DS

Ensure: Em{DS, d}(r1, . . . , rd)1: Let CS be a carry set such that for all c ∈ CS and

d ∈ DS , c+d2 , c+d+1

2 ∈ CS .

2: Let wt be an array of wt,Gtfor any Gt ∈ Cd

S .wn,Gn

← 0 if Gn−1 = 〈0〉.wn,Gn

←∞ otherwise.3: Let Qt ← 〈Qt,〈i,Gt〉〉 for any 1 ≤ i ≤ d and Gt ∈

CdS .

All Qn,〈i,Gt〉 are initiated to a null string.4: for t← n− 1 to 0 do5: Rt ← Eb{d}(r1, . . . , rd)|t.6: (wt, Qt)←MW (wt+1, Qt+1, Rt)

(We define the function MW in Algorithm 2)7: end for8: Let Z ← 〈0〉.

Em{DS, d}(r1, . . . , rd)← 〈Q0,〈i,Z〉〉di=1

Algorithm 2 Function MW compute the subsolu-tion for bit t given the subsolution of bit t+1 and theinput in bit t

Require: The minimal weight array of more signifi-cant bits wt+1, the subsolution of more significantbits Qt+1, and the input Rt

Ensure: The minimal weight array wt and the sub-solution Qt

1: for all Gt = 〈gi,t〉di=1 ∈ Cd

S do2: AE = 〈aei〉

di=1 ← Rt + Gt

3: for all R∗t = 〈r∗i,t〉

di=1 ∈ Dd

S do4: if 2|(aei − r∗i,t) for all 1 ≤ i ≤ d then

5: Gt+1 ← 〈aei−r∗

i,t

2 〉di=1

6: weR∗

t← wt+1,Gt+1

if Gt+1 = 〈0〉.weR∗

t← wt+1,Gt+1

+ 1 otherwise.7: else8: weR∗

t←∞

9: end if10: end for11: Let weEA is the one of the minimal values

among we.12: wt,Gt

← weEA

13: Let EA = 〈eai〉di=1.

14: CE = 〈cei〉di=1 ← 〈

aei−eai

2 〉di=1

15: Qt,〈i,Gt〉 ← 〈Qt+1,〈i,CE〉, eai〉 for all 1 ≤ i ≤ d16: end for

We show the detailed algorithm in Algorithm 1and Algorithm 2, which is shown on Page 5. Thereare some points to be noted as follows:


18

Table 1: The minimal Hamming weight of bit 1, w = w1,G1, when the input bit R1 = 〈1, 1〉, and the array

w1,G1of the most significant bit is computed as in the first bullet of Example 1

G1 w G1 w G1 w G1 w G1 w G1 w G1 w〈−3,−3〉 1 〈−2,−3〉 1 〈−1,−3〉 0 〈0,−3〉 1 〈1,−3〉 1 〈2,−3〉 1 〈3,−3〉 ∞〈−3,−2〉 2 〈−2,−2〉 1 〈−1,−2〉 1 〈0,−2〉 1 〈1,−2〉 2 〈2,−2〉 1 〈3,−2〉 ∞〈−3,−1〉 1 〈−2,−1〉 2 〈−1,−1〉 1 〈0,−1〉 2 〈1,−1〉 1 〈2,−1〉 2 〈3,−1〉 ∞〈−3, 0〉 2 〈−2, 0〉 1 〈−1, 0〉 1 〈0, 0〉 1 〈1, 0〉 2 〈2, 0〉 1 〈3, 0〉 ∞〈−3, 1〉 ∞ 〈−2, 1〉 ∞ 〈−1, 1〉 ∞ 〈0, 1〉 ∞ 〈1, 1〉 ∞ 〈2, 1〉 ∞ 〈3, 1〉 ∞〈−3, 2〉 2 〈−2, 2〉 2 〈−1, 2〉 2 〈0, 2〉 2 〈1, 2〉 2 〈2, 2〉 2 〈3, 2〉 ∞〈−3, 3〉 1 〈−2, 3〉 2 〈−1, 3〉 1 〈0, 3〉 2 〈1, 3〉 1 〈2, 3〉 2 〈3, 3〉 ∞

Table 2: List of possible G1, R∗0 such that 2×G1 + R∗

0 = 〈1, 1〉 and G1 ∈ {0,±1,±2,±3}2, R∗0 ∈ {0,±1,±3}2,

with w1,G1(refer to Table 1), JW (R∗

0), w1,G1+ JW (R∗

0) of each G1,R∗0

G1 R∗0 w1,G1

JW (R∗0) w1,G1

G1 R∗0 w1,G1

JW (R∗0) w1,G1

+JW (R∗0) +JW (R∗

0)〈−1,−1〉〈3, 3〉 1 1 2 〈1,−1〉〈−1, 3〉 1 1 2〈−1, 0〉〈3, 1〉 1 1 2 〈1, 0〉〈−1, 1〉 2 1 3〈−1, 1〉〈3,−1〉 ∞ 1 ∞ 〈1, 1〉〈−1,−1〉 ∞ 1 ∞〈−1, 2〉〈3,−3〉 2 1 3 〈1, 2〉〈−1,−3〉 2 1 3〈0,−1〉〈1, 3〉 2 1 3 〈2,−1〉〈−3, 3〉 2 1 3〈0, 0〉〈1, 1〉 1 1 2 〈2, 0〉〈−3, 1〉 1 1 2〈0, 1〉〈1,−1〉 ∞ 1 ∞ 〈2, 1〉〈−3,−1〉 ∞ 1 ∞〈0, 2〉〈1,−3〉 2 1 3 〈2, 2〉〈−3,−3〉 2 1 3

• Algorithms 1,2 have been proved to be the op-timal algorithm, i.e. minimal joint Hammingweight conversion algorithm. The proof is shownin Appendix C.

• The size of the array wt and Qt is equal to ||CS ||d

and dn||CS ||d respectively. That number makes

the memory required by our algorithms largerthan the previous works. As this algorithm isgeneralized for any digit sets, further optimiza-tion is difficult. It might be possible to make thearray size lower when the method is implementedon their specific digit set.

• Shown in Algorithm 1 Lines 4-7, we run the algo-rithm from left to right (the most significant bitto the least significant bit). Left-to-right algo-rithms is said to be faster than right-to-left algo-rithms, as the more significant bits usually arriveto the system before. However, Algorithm 1,2 isnot online, as it cannot produce the subsolutionbefore all input bits arrive.

4 Average Joint Hamming Density Analysiswith Markov Chain

In this section, we propose the algorithm to analyzethe average joint Hamming density for each digit set.For this purpose, we propose a Markov chain whereits states are minimal weight arrays w, and transi-tion is function MW . As we will focus on only thejoint Hamming weight without regarding which bitwe are computing, we represent wt+1, wt with wx, wy

respectively. Also, we refer Gt as G.As we have seen in the previous section, we do

not have to consider Q in function MW when we areinterested only the Hamming weight. Then, we canredefine the function MW as

wy = MW (wx, R).

4.1 Markov Chain Construction Algorithm

Algorithm 3 Construct the Markov chain used forfinding the minimal average Hamming density

Require: the digit set DS

The number of scalars dEnsure: Markov chain A = (QA, Σ, σA, IA, PA)

1: Σ← {0, 1}d, QA ← �, σA ← �2: CS : carry set for DS

3: wI ← 〈wI,G〉G∈CdS, where

wI,〈0〉 ← 0 and wI,G ←∞ otherwise4: Qu← {wI}5: while Qu 6= � do6: let π ∈ Qu7: wx ← π, Qu← Qu− π8: for all R ∈ Σ do9: wy ←MW (wx, R)

10: σA ← σA ∪ {(wx, R, wy)}11: PA(wx, R, wy)← 1

|Σ|

12: if wy /∈ QA and wy 6= wx then13: Qu← Qu ∪ {wy}14: end if15: end for16: QA ← QA ∪ {wx}17: end while18: IA(w)← 1 if w = wI , IA(w)← 0 otherwise.

From Algorithms 1,2, we propose Algorithm 3 toconstruct the Markov chain. We illustrate the mainidea of Algorithm 3 in Figure 1 for DS = {0,±1}and d = 1. Thus, the figure shows the Markovchain for finding AJW (Em{{0,±1}, 1}). Initially, theMarkov chain is considered as a tree rooted by thenode 〈∞, 0,∞〉, which is the initial state of Algo-rithm 1. Note that CS = {0,±1} for DS = {0,±1},and each state of the Markov chain represents wwhich contains three values 〈w〈−1〉, w〈0〉, w〈1〉〉 asso-ciated with each value in CS . Because of the bound-ary solution explained in Section 3, the initial stateshould be 〈∞, 0,∞〉. Each node wx has two children,wy = MW (wx, 〈0〉) and wy′ = MW (wx, 〈1〉). TheMarkov chain should be a tree with infinite length.


19

Figure 1: A state of constructing the Markov chainfor finding AJW (Em{{0,±1}, 1}) by Algorithm 3.States 〈0, 1,∞〉 and 〈1, 2,∞〉 are shown to be equiv-alent, and can be grouped.

Now, consider nodes with same label as one node.Also, all children of 〈1, 2,∞〉 are almost similar to thechildren of 〈0, 1,∞〉. The only difference is the addi-tion of one to every entries of each node. Then, wecan consider 〈0, 1,∞〉 to be equivalent to 〈1, 2,∞〉,and note this information as the weight of the transi-tion from 〈0, 1,∞〉 to 〈1, 2,∞〉. We consider 〈0, 1,∞〉and 〈1, 2,∞〉 to be in the same equivalent class . Thisexample will be shown in detail in Example 3 of Ap-pendix A.

LetA = (QA, Σ, σA, IA, PA),

where

• QA is a set of states,

• Σ is the alphabet, i.e., the set of all possible dig-its,

• σA ⊆ QA × Σ×QA is a set of transitions,

• IA : QA → R+ is an initial-state probabilities foreach state in QA,

• PA : σA → R+ is the transition probabilities foreach transition in σA.

The algorithm is described as follows:

• We define the set QA as the set of equiva-lence classes of the possible value of wt in Al-gorithms 1,2. Let wx = 〈wx,G〉G∈Cd

Sand wx′ =

〈wx′,G〉G∈CdS

be the possible value of wt. We con-

sider wx and wx′ equivalent if and only if

∃p∀G(wx,G + p = wx′,G)

when p ∈ Z and G ∈ CdS .

With this method, the number of states inMarkov chain becomes finite in our interesteddigit sets. However, the number can be very largewhen the digit set becomes larger. For example,the number of states is 1, 216, 376 for d = 3 andDS = {0,±1,±3}.

In many digit sets, the number of states in theMarkov chain in the Markov chain is not finite,e.g. the representation in which DS = {0, 1, 3}and d = 1. In (12), we provide the proof of thefiniteness of the Markov chain in a class of rep-resentation which cover all representations prac-tically used in multi-scalar multiplication. Also,we are working on finding other reduction meth-ods, which enable us to discover the value forwider class of representations.

• To find the average joint Hamming density, weneed to find the possibility that the Markov chainis on each equivalence class after we input a bitstring length n → ∞. That is the stationarydistribution of the Markov chain. We considerthe function MW , defined in Algorithm 2, asthe transition from the equivalence class of wx

to the equivalence class of wy, where the inputof the transition is R. It is obvious that if wx isequivalent w′

x and wy = MW (wx, R),

wy′ = MW (w′x, R),

wy and wy′ are equivalent. Then, the transitionis well-defined. By this definition,

Σ = {0, 1}d,

as in Line 1 of Algorithm 3. Also, the set oftransition σA is defined as

σA = {(wx, R, wy)|wy = MW (wx, R)}.

• We initiate wt in Algorithm 1 Line 2. We referthe value initiated to wt as wI , as shown in Line 3of Algorithm 3. We set the value wI as the initialstate of the Markov chain. By the definition ofIA, IA(wI ) = 1, and IA(w) = 0 if w 6= wI , asshown in Algorithm 3 Line 18.

• We generate the set of state QA using the algo-rithm based on the breadth-first search schemestarting from wI . This is shown in Algorithm 3Lines 5-17.

• Since the occurence possibility of all alphabets isequal, the transform possibility PA(γ) = 1

|Σ| for

all γ ∈ σA. This is shown in Algorithm 3 Line11.

Let C be a number of states. We number eachstate d ∈ QA as dp where 1 ≤ p ≤ C. Let πT = (πT

p )

be a probabilistic distribution at time T , i.e. πTp is

the possibility that we are on state dp after received

input length T . Let P = (Ppq) ∈ R|QA|×|QA| be thetransition matrix such that

Ppq =∑

R∈Σ

PA(dp, R, dq).

Without loss of generality, assume d1 representing thestate that corresponds to the equivalence class of wI .Then, π0 = (1, 0, . . . , 0)t. From the equation πT+1 =πT P , we find the stationary distribution such thatπT+1 = πT by the eigen decomposition.

The next step is to find the average Hamming den-sity from the stationary distribution π. Define WKas a function from σA to the set of integer by

WK(τ) = wy,〈0〉 − wx,〈0〉,

when τ = (wx, G, wy) ∈ σA. The function can bedescribed as the change of the Hamming weight inthe case that the carry tuple is 〈0〉. We compute theaverage Hamming density by the average value of thechange in the Hamming weight when n is increasedby 1 in the stationary distribution formalized as

AJW (Em{DS, d}) =∑

τ∈σA

πf(τ)WK(τ)

|Σ|,

when f(τ) = wx if τ = (wx, G, wy).


20

Table 4: The average joint Hamming density, AJW (Em{DS , d}), when DS = {0,±1,±3, . . . ,±(2h+1)} foundby our analysis method, with the number of states in the Markov chain on each case

h d = 1 d = 2 d = 3 d = 4

13 ≈ 0.3333 1

2 = 0.5 2339 ≈ 0.5897 115

179 ≈ 0.64240 (Existing work (14)) (Existing work (1)) (Existing work (15)) (Existing work (15))

(9 states) (64 states) (941 states) (16782 states)

14 = 0.25 281

786 ≈ 0.3575 2037251349809043 ≈ 0.4090

1 (Existing work (4)) (Improved result) (New result)(38 states) (3189 states) (1216376 states)

29 ≈ 0.2222 1496396

4826995 ≈ 0.31002 (Existing work (11)) (New result)

(70 states) (19310 states)

15 = 0.2 0.2660

3 (Existing work (4)) (New result)(119 states) (121601 states)

421 ≈ 0.1904 0.2574

4 (Existing work (11)) (New result)(160 states) (130262 states)

Table 3: Comparing our result with the other pre-vious works when expand a pair of integers using{0,±1,±3}

Research Average JointHamming Weight

Avanzi, 2002 (9) 38 = 0.3750

Kuang et al., 2004 (10) 121326 ≈ 0.3712

Moller, 2004 (11) 411 ≈ 0.3636

Dahmen et al., 2007 (5) 239661 ≈ 0.3616

Our Result 281786 ≈ 0.3575[Optimal]

4.2 Analysis Results

By using the analysis method proposed in Subsection4.1, we can find many crucial results on the averagejoint Hamming density. Some results are shown inTable 4. Our results match many existing result (1,4, 7, 14). And, we discover some results that havenot been found in the literature. We can describe theresults as follows:

• When d = 1, we can find the average jointHamming density of all digit sets DS ={0,±1,±3, . . . ,±(2h + 1)} when h ≤ 31. Ifh = 2p− 1 for some p ∈ Z, our results match theexisting results by Muir and Stinson (4). And,we observe from the results that there is a rela-tion between h and the average joint Hammingdensity. Let p be an integer such that

2p−1 − 1 < h < 2p − 1,

AJW (DSh, 1) =

2p

(p + 1)2p + (h + 1).

where DSh= {0,±1,±3, . . . ,±(2h + 1)}.

• When d = 2, we can find the average joint Ham-ming density of DS = {0,±1,±3, . . . ,±(2h+1)}

when h ≤ 5. And, when d = 3, we can findthe average joint Hamming density of DS ={0,±1,±3}. The most significant results is thecase when d = 2, and DS = {0,±1,±3}. Thisproblem was raised as a future work by Solinasin 2001 (1), and there are many works proposedthe upper bound of the minimal average jointHamming density in this case. We can find theminimal average Hamming density, and give thesolution of this open problem. We show our re-sult compared with the previous works in Table3.

5 Conclusion and Future Works

In this paper, we propose the generalized minimalweight conversion algorithm for d integers. The algo-rithm can be applied to any finite digit set DS . Then,we propose the algorithm to construct a Markov chainwhich can be used for finding the average joint Ham-ming density automatically. As a result, we candiscover some minimal average joint Hamming den-sity automatically without the prior knowledge of thestructure of the digit set. This helps us explore the av-erage Hamming density of the unstructured set. Forexample, we find that the minimal average density is281786 ≈ 0.3575 when d = 2 and DS = {0,±1,±3}. Thisimproves the upper bound presented by Dahmen etal., that is 239

661 ≈ 0.3616.Many ideas proposed in this paper are also intro-

duced in the minimal weight conversion algorithm fordouble-base chain (16), and the analysis of the ef-ficiency of the chain is one of the most interestingproblem we are challenging.

References

[1] Solinas, J.A.: Low-weight binary representationfor pairs of integers. Combinatorics and opti-mization research report CORR, Centre for Ap-


21

plied Cryptographic Research, University of Wa-terloo (2001)

[2] Heuberger, C., Muir, J.A.: Minimal weight andcolexicographically minimal integer representa-tion. Journal of Mathematical Cryptology 1(2007) 297–328

[3] Heuberger, C., Muir, J.A.: Unbalanced digitsets and the closest choice strategy for minimalweight integer representations. Designs, Codesand Cryptography 52(2) (2009) 185–208

[4] Muir, J.A., Stinson, D.R.: New minimal weightrepresentation for left-to-right window methods.Technical report, Department of Combinatoricsand Optimization, School of Computer Science,University of Waterloo (2004)

[5] Dahmen, E., Okeya, K., Takagi, T.: A new upperbound for the minimal density of joint represen-tations in elliptic curve cryptosystems. IEICETrans. Fundamentals E90-A(5) (2007) 952–959

[6] Dahmen, E., Okeya, K., Takagi, T.: An ad-vanced method for joint scalar multiplicationson memory constraint devices. In: Security andPrivacy in Ad-hoc and Sensor Networks. Vol-ume 3813/2005 of Lecture Notes in ComputerScience., Springer (2005) 189–204

[7] Dahmen, E.: Efficient algorithms for multi-scalar multiplications. Master’s thesis, Depart-ment of Mathematics, Technical University ofDarmstadt (2005)

[8] Okeya, K.: Joint sparse forms with twelveprecomputed points. IEICE Technical ReportIEICE-109(IEICE-ISEC-42) (2009) 43–50

[9] Avanzi, R.: On multi-exponentiation in cryp-tography. Cryptology ePrint Archive, 2002/154(2002)

[10] Kuang, B., Zhu, Y., Zhang, Y.: An improvedalgorithm for uP + vQ using JSF1

3. In: Ap-plied Cryptography and Network Security. Vol-ume 2004/3089 of Lecture Notes in ComputerScience., Springer (2004) 467–478

[11] Moller, B.: Fractional windows revis-ited:improved signed-digit representations for ef-ficient exponentiation. In: Information Securityand Cryptology - ICISC 2004. Volume 3506/2005of Lecture Notes in Computer Science., Springer(2005) 137–153

[12] Suppakitpaisarn, V., Edahiro, E., Imai, H.: Cal-culating Average Joint Hamming Weight forMinimal Weight Conversion of d Integers In:Workshop on Algorithms and Computation -WALCOM 2012. Lecture Notes in Computer Sci-ence., Springer (2012), (to be appeared)

[13] Haggstrom, O.: Finite Markov Chains and Algo-rithmic Application. 1 edn. Volume 52 of LondonMathematical Society, Student Texts. CambrideUniversity, Coventry, United Kingdom (2002)

[14] Egecioglu, O., Koc, C.K.: Exponentiation usingcanonical recoding. Theoretical Computer Sci-ence 129 (1994) 407–417

[15] Heuberger, C., Katti, R., Prodinger, H., Ruan,X.: The alternating greedy expansion and appli-cations to left-to-right algorithms. IEICE Trans.Fundamentals E90-A (2007) 341–356

[16] Suppakitpaisarn, V., Edahiro, E., Imai, H.: Fastelliptic curve cryptography using optimal double-base chains Cryptology ePrint Archive, Report2011/030 (2011)

[17] Schmidt, V.: Markov Chains and Monte-CarloSimulation. Department of Stochastics, Univer-sity Ulm (2006)

Appendix A: More Examples

In this section, we give more examples for better un-derstanding of the algorithm proposed in Section 3,4.Example 2 is the example for the minimal weight con-version in Section 3, and Examples 3,4 are the exam-ples for the Markov chain construction proposed inSection 4.

Example 2 Compute Em{{0,±1,±3}, 2}(23, 5) us-ing Algorithm 1,2.

• Eb{2}(23, 5) = 〈(10111), (00101)〉.

• When DS = {0,±1,±3}, Cs = {0,±1,±2,±3}.

• To simplify the explanation, we present it whenthe loop in Algorithm 1 Lines 4-7 assigned t to0, that is the last time on this loop. This meanswe have computed w1 and Q1. In this example,wt = 〈wt,Gt

〉Gtwhere Gt ∈ {0,±1,±2,±3}2. As

w1, Q1 has 49 elements, we are not able to listthem all. To show some elements of w1, Q1,

w1,〈0,0〉 = 3, w1,〈1,0〉 = 2, w1,〈2,0〉 = 3.

Q1,〈1,〈0,0〉〉 = (1011),

Q1,〈1,〈1,0〉〉 = (0300),

Q1,〈1,〈2,0〉〉 = (0301),

Q1,〈2,〈0,0〉〉 = (0010),

Q1,〈2,〈1,0〉〉 = (0010),

Q1,〈2,〈2,0〉〉 = (0010).

• Although, the loop in Algorithm 2 examines allG0 ∈ Cs2, we focus our interested the step whereG0 = 〈0〉. Note that in this case

AE ← 〈1, 1〉+ 〈0, 0〉 = 〈1, 1〉.

• Now, we focus our interested to the loop in Algo-rithm 2 Line 3-10. If R∗

0 = 〈0, 0〉, ae1 − r∗0,1 = 1and 2 - (ae1 − r∗0,1). Then, we〈0,0〉 ←∞.

• If R∗0 = 〈1, 1〉,

G1 ← 〈ae1 − r∗0,1

2,ae2 − r∗0,2

2〉 = 〈0, 0〉.

As stated on the first paragraph, w1,〈0,0〉 = 3.Then, we〈1,1〉 ← 3 + 0 = 3 by Line 6.

• If R∗0 = 〈−1,−3〉,

G1 ← 〈ae1 − r∗0,2

2,ae1 − r∗0,2

2〉 = 〈1, 2〉.

Then, we refer to w1,〈1,2〉 which is 1. Then,we〈−1,−3〉 ← 1 + 1 = 2.


22

• In Line 11, we select the least number among we,and the minimum value is we〈−1,−3〉 = 2. Then,w0,〈0,0〉 = 2.

Q0,〈1,〈0,0〉〉 ← 〈Q1,〈1,〈1,2〉〉,−1〉 = (03001).

Q0,〈2,〈0,0〉〉 ← 〈Q1,〈2,〈1,2〉〉,−3〉 = (01003),

which is the output of the algorithm.

Example 3 Construct the Markov chainA = (QA, Σ, σA, IA, PA) for findingAJW (Em{{0,±1}, 1}).

• As DS = {0,±1}, Cs = {0,±1}. Then,

w = 〈w〈−1〉, w〈0〉, w〈1〉〉.

The initial value of w, wI is

wI = 〈∞, 0,∞〉.

• Consider the loop in Lines 5-17. On the firstiteration, wx = wI in Line 7. If R is assigned to〈0〉 in Line 8, the result of the function MW inLine 9, wy is

wA = 〈1, 0, 1〉.

Then, we add α = 〈wI , 〈0〉, wA〉 to the set σA asshown in Line 10. The probability of the transi-tion α is 1

|Σ‖ = 1|{0,1}| = 1

2 . Also, we add wA to

the set Qu.

• Similarly, if R = 〈1〉, wy is

wB = 〈0, 1,∞〉.

Then, wB ∈ QA, and 〈wI , 〈1〉, wB〉 ∈ σA.

• Next, we explore the state wA, as we explore theset QA by the breadth-first search algorithm. IfR = 〈0〉, wy is 〈1, 0, 1〉. And if R = 〈1〉, wy is〈1, 1, 0〉. Then,

〈〈1, 0, 1〉, 〈0〉, 〈1, 0, 1〉〉 ∈ σA,

〈〈1, 0, 1〉, 〈1〉, 〈0, 1, 1〉〉 ∈ σA.

The first transition is the self-loop. Hence, weneed not to explore it again.

• We explore the state wB , the result is

〈〈0, 1,∞〉, 〈0〉, 〈1, 1, 2〉〉 ∈ σA,

〈〈0, 1,∞〉, 〈1〉, 〈1, 2,∞〉〉 ∈ σA.

We note that 〈1, 1, 2〉 is equivalent to 〈0, 0, 1〉,and we denote it as 〈0, 0, 1〉. Also, 〈1, 2,∞〉 isequivalent to 〈0, 1,∞〉. Then, the second transi-tion is the self-loop.

• Then, we explore the state 〈0, 1, 1〉. We get thecondition

〈〈0, 1, 1〉, 〈0〉, 〈1, 1, 2〉〉 ∈ σA,

〈〈0, 1, 1〉, 〈1〉, 〈1, 2, 1〉〉 ∈ σA.

We denote 〈1, 1, 2〉 and 〈1, 2, 1〉 by 〈0, 0, 1〉,〈0, 1, 0〉 respectively.

Figure 2: The Markov chain constructed by Algo-rithm 3 used for finding AJW (Em{{0,±1}, 1})

• We explore 〈0, 0, 1〉 and get the condition

〈〈0, 0, 1〉, 〈0〉, 〈1, 0, 1〉〉 ∈ σA,

〈〈0, 0, 1〉, 〈1〉, 〈0, 1, 1〉〉 ∈ σA.

• Exploring 〈0, 1, 0〉 makes we get

〈〈0, 1, 0〉, 〈0〉, 〈1, 1, 1〉〉 ∈ σA,

〈〈0, 1, 0〉, 〈1〉, 〈1, 1, 0〉〉 ∈ σA.

We denote 〈1, 1, 1〉 as 〈0, 0, 0〉.

• From the state 〈0, 0, 0〉, we get

〈〈0, 0, 0〉, 〈0〉, 〈1, 0, 1〉〉 ∈ σA,

〈〈0, 0, 0〉, 〈1〉, 〈0, 1, 0〉〉 ∈ σA.

• From the state 〈1, 1, 0〉, we get

〈〈1, 1, 0〉, 〈0〉, 〈2, 1, 1〉〉 ∈ σA,

〈〈1, 1, 0〉, 〈1〉, 〈1, 1, 0〉〉 ∈ σA.

We denote 〈2, 1, 1〉 as 〈1, 0, 0〉.

• Last, from the state 〈1, 0, 0〉, we get

〈〈1, 0, 0〉, 〈0〉, 〈1, 0, 1〉〉 ∈ σA,

〈〈1, 0, 0〉, 〈1〉, 〈0, 1, 0〉〉 ∈ σA.

• We show the Markov chain in Figure 1.

Example 4 Construct the Markov chainA = (QA, Σ, σA, IA, PA) for findingAJW (Em{{0,±1}, 2}).

• As DS = {0,±1}, Cs = {0,±1}. Then,

w = 〈w〈−1,−1〉, w〈−1,0〉, w〈−1,1〉,w〈0,−1〉, w〈0,0〉, w〈0,1〉,w〈1,−1〉, w〈1,0〉, w〈1,1〉〉.

The initial value of w, wI is

wI = 〈∞, ∞, ∞,∞, 0, ∞,∞, ∞, ∞〉.


23

Figure 3: The Markov chain constructed by Algo-rithm 3 after the second iteration of the loop in Lines8-17

• Consider the loop in Lines 5-17. On the firstiteration, wx = wI in Line 7. If R is assigned to〈0, 0〉 in Line 8, the result of the function MWin Line 9, wy is

wy = wA = 〈1, 1, 1,1, 0, 1,1, 1, 1〉.

Then, we add α = 〈wI , 〈0, 0〉, wA〉 to the set σA

as shown in Line 10. The probability of the tran-sition α is 1

|Σ‖ = 1|{0,1}2| = 1

4 . Also, we add wA

to the set Qu.

• The algorithm explores all R ∈ {0, 1}2. The re-sult is shown in Figure 2.

• On the second iteration, wx = wA. If R is as-signed to 〈0, 0〉, the result of the function MW iswA itself. Therefore, the Markov chain consistsof the self-loop at the state corresponding to wA.

Appendix B: the Carry Set

In this section, we present the algorithm to find thecarry set CS in Algorithms 1,2. We show the methodin Algorithm 4. It is based on breadth-first searchscheme. And, we find the upper bound of the cardi-nality of the carry set in Lemma 5.1.

Algorithm 4 Find the carry set of the given digit set

Require: the digit set DS

Ensure: the carry set CS

1: Ct← {0}, CS ← �2: while Ct 6= � do3: let x ∈ Ct4: Ct← Ct ∪ ({x+d

2 ∈ Z|d ∈ DS} − CS − {x})

5: Ct← Ct ∪ ({x+d+12 ∈ Z|d ∈ DS} − CS − {x})

6: CS ← CS ∪ {x}7: Ct← Ct− {x}8: end while

Lemma 5.1 Given the finite digit set DS, Algorithm3 always terminates. And,

||CS || ≤ maxDS −min DS + 2,

when CS is the output carry set.

Proof Since

CS = {c− d + e

2∈ Z|d ∈ DS ∧ c ∈ CS ∧ e ∈ {0, 1}},

min CS ≥min CS −maxDS

2.

Then,min CS ≥ −maxDS .

Also,max CS ≤ −min DS + 1.

We conclude that if DS is finite, CS is also finite.And, Algorithm 3 always terminates.

||CS || ≤ maxDS −min DS + 2.

Appendix C: The Optimality of Algorithm 1,2

In this section, we present the mathematical proofthat Algorithm 1,2 proposed in Section 3 is the min-imal weight conversion.

Lemma 5.2 For any positive integer 0 ≤ t ≤ n− 1.Qt+1,〈i,Gt+1〉, which are assigned in Line 7 of Al-

gorithm 1, represent the minimal weight expansionof the prefix string length n − t of the bit stringEb{d}(r1, . . . , rd), when the carry from less significantbits to the prefix is Gt+1. And, wt+1,Gt+1

is the jointhamming weight of Qt+1,〈1,Gt+1〉, . . . , Qt+1,〈d,Gt+1〉.

Proof We use the mathematic induction for provingthis lemma.

We begin the proof by the case when t = n−1. Inthis case, all Qn−1,〈i,Gn−1〉 have length (n−(n−1)) =1. The subsolution Qn−1,〈i,Gn−1〉 should satisfy

Qn−1,〈i,Gn−1〉 = 〈aei〉,

if AE ∈ Dsd, because it does not produce any carriesto more significant bits. Then, wn−1,Gn−1

= 0 whenAE = 〈0〉 and wn−1,Gn−1

= 1 otherwise.We initialize lw in Algorithm 1 Line 2 such that

wn,Gn= 0 if G = 〈0〉, and wn,Gn

= ∞ otherwise.Then, weR∗

n−1, which is assigned in Algorithm 2 Line

6, is ∞ if Gn 6= 〈0〉. If there are some finite elementsamong we, weR∗

n−1will not be the minimal element

on Algorithm 2 Line 11 and will not be assigned toQn−1,〈i,G〉 in Algorithm 2 Line 15. Hence, all selected

EA = 〈eai〉di=1 satisfy

cei =aei − eai

2= 0,

for all 1 ≤ i ≤ d. That means aei = eai, and we canconclude that Qn−1,〈i,G〉 = 〈aei〉. Also, we prove thatwn−1,Gn−1

= 0 when Gn−1 = 〈0〉 and wn−1,Gn−1= 1

otherwise by Algorithm 2. We prove the statementwhen T = n− 1.

It is left to show that if the lemma holds whent = K, it also holds when t = K − 1, for any K ≥ 1.

Assume that when t = K, wK+1,GK+1, QK+1,GK+1

are the optimal weight and the optimal expansion ofthe prefix string length n−K for any G ∈ Csd. Weclaim that wK,GK

, QK,GKare also the prefix string

length n−K + 1.First, we prove that wK,GK

is the joint Hammingweight of

QK,〈1,GK〉, . . . , QK,〈d,GK〉


24

for any GK ∈ Csd. It is obvious that weEA selectedin Algorithm 2 Line 11 equals wK+1,CE , when EA =〈0〉 and wK+1,CE + 1 otherwise, by Algorithm 2 Line6 (CE is defined in Algorithm 2 Line 14). By theassignment in Algorithm 2 Line 15,

QK,〈i,GK〉 = 〈QK+1,〈i,CE〉, eai〉.

Since, the joint hamming weight ofQK+1,〈1,CE〉, . . . , QK+1,〈d,CE〉 is equal to wK+1,CE

by induction, the property also holds for each QK,GK.

Next, we prove the optimality of QK,〈i,GK〉.Assume contradiction that there are some stringPK,〈i,GK〉 such that

PK,〈i,GK〉 6= QK,〈i,GK〉

for some 1 ≤ i ≤ d, and some GK ∈ Csd. And, thejoint hamming weight of PK,〈1,GK〉, . . . , PK,〈d,GK〉 isless than QK,〈1,GK〉, . . . , QK,〈d,GK〉. Let the last digitof PK,〈i,GK〉 be lpi. If lpi = eai for all 1 ≤ i ≤ d, thecarry is

〈aei − eai

2〉di=1 = CE.

By induction, the joint Hamming weightQK+1,〈1,CE〉, . . . , QK+1,〈d,CE〉 is the minimal jointHamming weight. Then, the joint hamming weightof P is greater or equal to Q. If lpi 6= eai for some1 ≤ i ≤ d, the carry is

H = 〈hi〉di=1 = 〈

aei − lpi

2〉di=1.

By induction, QK+1,〈i,H〉 is the minimal weight ex-pansion. Then,

JW (PK,〈1,H〉, . . . , PK,〈d,H〉) ≥

W (QK+1,〈1,H〉, . . . , QK+1,〈d,H〉) + JW (〈lp1〉, . . . , 〈lpd〉),

when JW is the joint hamming weight function.By the definition of WE, it is clear that

JW (QK+1,〈1,H〉, . . . , QK+1,〈d,H〉) +

JW (〈lp1〉, . . . , 〈lpd〉) = weI ,

when I = 〈lp1, . . . , lpd〉.In Algorithm 2 Line 11, we select the minimal

value of weEA. That is

weEA ≤ weI .

As

weEA = JW (QK,〈1,GK〉, . . . , QK,〈d,GK〉),

we can conclude that

JW (PK,〈1,GK〉, . . . , PK,〈d,GK〉) ≥

JW (QK,〈1,G〉, . . . , QK,〈d,G〉).

This contradicts our assumption.

Theorem 5.3 Let Z = 〈0〉. 〈Q0,〈i,Z〉〉di=1 in Algo-

rithm 1 Line 9 is the minimal joint weight expansionof r1, . . . , rd on digit set Ds.

Proof 〈Q0,〈i,G〉〉di=1 are the optimal binary expansion

of the least significant bit by Lemma 5.2. Since thereis no carry to the least significant bit, 〈Q0,〈i,{0}〉〉

di=1

is the optimal solution.


25


26

State convergence in the initialisation of the Sfinks stream cipher

Ali Alhamdan1 Harry Bartlett1,2 Leonie Simpson1,2 Ed Dawson1

Kenneth Koon-Ho Wong1

1 Information Security InstituteQueensland University of Technology,

126 Margaret Street, Brisbane Qld 4001, Australia,Email: [email protected], {e.dawson, kk.wong}@qut.edu.au

2 Faculty of Science and Technology,Queensland University of Technology,

GPO Box 2434, Brisbane Qld 4001, AustraliaEmail: {h.bartlett, lr.simpson}@qut.edu.au

Abstract

Sfinks is a shift register based stream cipher designedfor hardware implementation. The initialisation stateupdate function is different from the state updatefunction used for keystream generation. We demon-strate state convergence during the initialisation pro-cess, even though the individual components used inthe initialisation are one-to-one. However, the com-bination of these components is not one-to-one.

keywords: stream cipher, initialisation process,state convergence, Sfinks

1 Introduction

The Sfinks stream cipher was submitted to eS-TREAM, the ECRYPT call for stream cipher propos-als in April 2005, by Braeken, Lano, Mentens, Preneeland Verbauwhede (Braeken et al. 2005). It is a bit-based stream cipher that takes an 80-bit secret keyand 80-bit IV as inputs and has a 256-bit internalstate. Sfinks is categorized as PROFILE 2A, suitablefor hardware applications and with an associated au-thentication method.

The Sfinks stream cipher was attacked by Courtois(2005) using basic and fast algebraic attacks. Thesealgebraic attacks exploit the state update functionused during keystream generation, but do not makeuse of the initialisation process. Courtois found thatSfinks can be broken with complexity of 271 compu-tations using 243 keystream bits, which is faster thanthe claimed security level of 280.

As noted above, the Sfinks stream cipher is brokenas a keystream generator. The purpose of this paperis to investigate the strategy used for initialisation.We note that the state update functions are differentduring initialisation and keystream generation. Us-ing a modified version of the keystream generationstate update function during initialisation may pro-duce some security benefits. However, for Sfinks, wefind that although the state update function duringkeystream generation is one-to-one, this is not thecase during initialisation. We investigate the resulting

Copyright c© 2012, Australian Computer Society, Inc. Thispaper appeared at the 10th Australasian Information Secu-rity Conference (AISC 2012), Melbourne, Australia, January-February 2012. Conferences in Research and Practice in In-formation Technology (CRPIT), Vol. 125, Josef Pieprzyk andClark Thomborson, Eds. Reproduction for academic, not-for-profit purposes permitted provided this text is included.

state convergence in this paper. This paper considersspecifically the properties of the initialisation processrather than the keystream generation of Sfinks streamcipher.

State convergence occurs when two or more statesat time t are mapped to the same state after t + αiterations, for some α > 0 and the states do not di-verge after this point. That is state convergence oc-curs when the state update function is not one-to-one.State convergence may occur during the initialisationprocess or keystream generation. This may reducethe effective key-IV size and leave the stream ciphervulnerable to attacks such as distinguishing attacks(Rose & Hawkes 2002) or time-memory-data tradeoffattacks (Biryukov & Shamir 2000).

This paper is organized as follows. Section 2presents a brief description of the Sfinks keystreamgenerator, including details of the initialisation pro-cess. In Section 3, an analysis of the Sfinks initial-isation process is presented. Section 4 discusses theresults and concludes the work.

2 Description of Sfinks

The Sfinks stream cipher (Braeken et al. 2005) hastwo main components: a shift register, S, and a non-linear one-to-one inversion function INV as shown inFigure 1. Let sit denote the contents of register stage iat time t, where i = 0, 1, . . . 255 and t ≥ −128. Sfinksuses an 80-bit secret key K = k79, . . . , k0 and 80-bitinitial value IV= v79, . . . , v0.

During keystream generation, the 256-bit shift reg-ister is regularly clocked. The linear feedback func-tion is described as following.

s255t+1 = s212t ⊕ s194t ⊕ s192t ⊕ s187t ⊕ s163t

⊕ s151t ⊕ s125t ⊕ s115t ⊕ s107t ⊕ s85t (1)

⊕ s66t ⊕ s64t ⊕ s52t ⊕ s48t ⊕ s14t ⊕ st

The nonlinear function INV can be considered asa 16 × 16 bit S-box. The inversion function is usedduring both initialisation and keystream generation,but in different ways in each case. Let x and y de-note the 16-bit input and output of INV respectively,where x = (x16, . . . , x1) and y = (y15, . . . , y0). INVis an invertible function, F16

2 → F162 that calculates

the inverse of the 16-bit input, modulo the primitivepolynomial X16 + X5 + X3 + X2 + 1. The 16 inputbits are taken from 16 register stages as follows.


27

(x16, . . . , x1) = (s255, s244, s227, s193, s161,

s134, s105, s98, s74, s58, (2)

s44, s21, s19, s9, s6, s1)

The 16-bit output of the S-box, y, is treated as16 bit values (y15, . . . , y0). During the initialisation,all of the 16-bit output of INV is fed back to spec-ified stages of the shift register. During keystreamgeneration, only one bit of the output of the INVcontributes to the formation of the keystream bit.

2.1 Initialisation process

The initialisation process takes as input the 80-bit keyand 80-bit IV and performs 128 iterations (startingat t = −128) to produce the 256-bit initial registerstate. Once this initial state is obtained, keystreamgeneration can begin. The initialisation process isperformed in two phases, which we refer to as loadingand diffusion.

2.1.1 Loading phase

In the loading phase, firstly, all of the register stagesare set to zero. Then the 80-bit secret key and 80-bit IV are transferred to specified positions in theshift register. The secret key is loaded into the statesuch that s96+i

−128 = ki, for 0 ≤ i ≤ 79, and the IV

is loaded into the state such that s176+i−128 = vi, for

0 ≤ i ≤ 79. The register stage s95−128 = 1 and the

remaining si−128 = 0, for 0 ≤ i ≤ 94.The output of the S-box is set to all-zero for the

first seven 16-bit outputs, y−134+t = (0, . . . , 0) for0 ≤ t ≤ 6. In (Braeken et al. 2005) the process isdescribed as necessary to clear the pipeline stages inthe hardware and to provide the initial values of theoutput of S-box to allow for the delay of 7 steps.

When both the secret key and IV have been trans-ferred and the rest of state bits are fixed to the desig-nated values, the Sfinks stream cipher is in its loadedstate. Following this, the diffusion phase begins.

2.1.2 Diffusion phase

The diffusion phase consists of 128 iterations of theinitialisation state-update function. Each iterationcan be considered as a function which maps the statespace to itself. After the diffusion phase is completed,the keystream generator is said to be in its initialstate. Figure 2 gives a general overview of state up-date function during the diffusion phase of the Sfinksstream cipher.

For the first seven iterations, the initialisation pro-cesses are performed in a purely linear manner (withthe effect of linear feedback of shift register only), asthe output bits of the nonlinear function are zeros,(y−134, . . . , y−128) = (0, . . . , 0).

For the remaining iterations, the initialisation pro-cess is performed using the linear feedback of the shiftregister and the output of the nonlinear S-box func-tion. The S-box output feeds back into 16 specifiedstages of the shift register with a time delay of 7 stepsas detailed below.

sit = si+1t−1 ⊕ yi mod 16

t−7 (3)

for i = {11, 17, 41, 52, 66, 80, 111, 118, 142, 154, 173,179, 204, 213, 232, 247}. All other bits are clocked

normally, i.e. sit = si+1t−1 for all other i and the shift

register feedback function (Equation 1) still applies.At each iteration, the shift register is clocked and thenthe INV function is called to calculate the inverseof the 16-bit input to the S-box. This is stored asthe S-box output. The 16-bit output of the S-box isXORed with the contents of 16 specified stages of theshift register to form the contents of another 16 stagesof the shift register. The S-box function is the onlynonlinear component in the initialisation process. Acomplete description of the state update function is:

sit =

si+1t−1 for i = {0, 1, . . . , 254} except {11, 17, 41, 52, 66, 80,

111, 118, 142, 154, 173, 179, 204, 213, 232, 247}

si+1t−1 ⊕ yi mod 16

t−7 for i = {11, 17, 41, 52, 66, 80, 111, 118, 142, 154,173, 179, 204, 213, 232, 247}⊕

j sjt−1 for i = 255

for j = {212, 194, 192, 187, 163, 151, 125, 115, 107,85, 66, 64, 52, 48, 14, 0}

At t = 0, the Sfinks stream cipher has completedthe initialisation processes and is ready for keystreamgeneration. During keystream generation, the registerfeedback is linear. The least significant bit of the16-bit output value of the S-box is XORed with thevalue of stage s0 to produce each keystream bit, witha delay of 7 steps applied to both values. That is,zt = s0t−7 ⊕ y0t−7.

3 Analysis of initialisation processes

Analysis of the Sfinks stream cipher initialisation pro-cess is complicated by the delay of 7 steps in feedingthe S-box output back into the register. However weobserve that the correspondence between this delay ofseven steps and the difference between certain inputand output taps leads to state convergence as shownbelow. In the remainder of this paper, we refer tostages of S which provide inputs to the S-box as in-put stages and stages of S which receive outputs fromthe S-box as output stages respectively.

From Figure 2, note that the distance betweensome input and output stages is equal to the delaytime. Specifically, there is one case where sit is anoutput stage and si+7

t−7 is an input stage. In this case,

recall from Equation 3 that sit = si+1t−1⊕yi mod 16

t−7 , and

note that if we complement both si+1t−1 and yi mod 16

t−7

then the same value of sit will be obtained. However,si+1t−1 = si+7

t−7 under regular clocking, and the S-box

output yi mod 16t−7 depends on the contents of the in-

put stage si+7t−7. That is,

sit = si+7t−7 ⊕ yi mod 16

t−7 = si+7t−7 ⊕ yi mod 16

t−7 (4)

where s and y represent the complements of s and yrespectively.

It is possible that complementing the contents ofthe input stage si+7

t−7 may cause the required change

in the S-box output bit yi mod 16t−7 . This situation pro-

vides the basis of a search for states which converge.

3.1 States which converge

An examination of the Sfinks register shows there isonly one input stage with a distance to the next out-put stage equal to 7 steps. That input stage is s161


28

S-Box (inversion)16-bit x 16-bit

16-bits

FeedbackClock

Delay-7

Delay-7

255

244

227212

194193192

187

163161

151

134125

115

10710598 85 74 64 5866 52 48 44 21 19 14 9 6 1 0

Figure 1: Keystream generator of Sfinks stream cipher

161 154 161 154

S-Box

Clock

Figure 3: Input and Output stages have 7 steps delay

and the output stage is s154. The contents of s161 cor-respond to the S-box input x12, and the S-box outputy10 is fed back to s154. Specifically, s161t−7 = x12t−7 ands154t = s155t−1 ⊕ y10t−7. According to Equation 4, thevalue of s154t will not be changed if complementingthe input bit s161t−7 = x12t−7 results in the output bity10t−7 being complemented as well. Therefore, we lookfor pairs of S-box inputs (x16, . . ., x1) which differonly in bit x12 and for which the corresponding pairof outputs (y15, . . ., y0) differ in bit y10.

Consider firstly the input pair for which the outputpair differ only in y10, as illustrated in Figure 3. Sucha pair of S-box inputs (and corresponding output)exists, and is presented in Table 1. For emphasis, x12

is underlined and bold font, as is y10. Table 2 gives anexample of two 256-bit register states SA

t−7 and SBt−7

which converge to the same state after 7 iterations.For efficient presentation the hex representation of the256-bit binary state is given. Note that all registerstages except s161 are the same. SA

t−7 and SBt−7 both

converge to St.Since the register S is 256 bits long, and there

are 16 stages used as input to the S-box, if we fixthe contents of these 16 stages to the pattern givenin Table 1, we are free to choose any values for theremaining 240 stages. Therefore, there are 2240 pairsof states which converge after 7 iterations. One suchpair is presented in Table 2.

For the S-box pair in Table 1 discussed in the illus-tration above the inputs differed only in position x12

and the outputs differed only in position y10. In gen-

Table 1: A special S-box pair which differ in x12 andy10 only

Input OutputS-box sequence x16 . . . . . . . . . . . . . . . . . . . . . . . . x1 y15 . . . . . . . . . . . . . . . . . . . . . . . . y0

Stage No. 255

244

227

193

161

134

105

98

74

58

44

21

19

9 6 1 111

142

173

204

11

154

41

232

247

118

213

52

179

66

17

80

1st value 1 1 0 1 0 0 0 0 1 1 1 0 0 0 1 0 0 1 1 0 1 1 0 0 0 1 1 1 0 0 0 12nd value 1 1 0 1 1 0 0 0 1 1 1 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 1 1 0 0 0 1

Table 2: Two states (hex) differing only in stage s161

which converge

SAt−7 F19B7E15AF4FF1338DDF0800AD8C56A42913E4B90CBEEFD3A4075AFD3351E5C1

SBt−7 F19B7E15AF4FF1338DDF0802AD8C56A42913E4B90CBEEFD3A4075AFD3351E5C1

St BBE336FC2B7E9FE2671B9E10055B58AD481227C972187DDFA7580EB5FA66ABCB

eral, however, it is not necessary to apply such a strictcondition on the output bits. Referring to Equation 3,and considering 6 consecutive steps of regular clock-ing, we have sit = si+1

t−1 ⊕ yi mod 16t−7 = si+7

t−7 ⊕ yi mod 16t−7

for any output bit. If complementing the input bits161t−7 (which is x12t−7) causes yi mod 16

t−7 to be changed,

it may be possible to complement si+7t−7 to obtain a

second state that gives the same value for sit. Recallthat 16 stages of the shift register S receive the out-put of the S-box at each iteration of the state updatefunction. Of these 16 output stages, there are onlysix (s11t−7, s17t−7, s41t−7, s52t−7, s80t−7, s111t−7) which directlyor indirectly affect an input stage during the six con-secutive clocks. For example, the output y9 of theS-box is fed back to s41 and there is an input to theS-box within the delay time at stage s44. Allowingthis bit to change, may result in divergence in latersteps. Note also that if an input bit of the shift reg-ister feedback is complemented at time t− 7, we alsoneed the stage s0t−7 to be complemented to assurethat the new bit s255t−6 will not be changed. Therefore,


29

01448526485

105

115

125

151

163

187

193

194

212

255

1112171841425366678081

111112

118119

142143

154155

173174

179180

204205

213214

232233

247248 169192144587498

107

134

161

192

227

244

S-Box (inversion)16-bit x 16-bit

16-bits

Feedback

16-bits output to shift registerDelay-7

Clock

Figure 2: Initialisation processes of Sfinks stream cipher

when considering pairs of inputs and outputs of theS-box for which convergence occurs the values of thesix S-box outputs (y0, y1, y4, y9, y11 and y15) mustbe fixed. Therefore, we look for pairs of the S-box in-puts which differ only in x12 and for which the outputbits differ in y10 and possibly in any bit of y2, y3, y5,y6, y7, y8, y10, y12, y13 and y14.

We used an exhaustive computer search to lookfor pairs of S-box inputs that satisfy the conditionsdescribed above, and found 273 pairs of the S-box in-puts (and corresponding outputs) with such patterns.Table 3 gives three different examples of these S-boxinput and output pairs. Note that the only differencein each input pair is the underlined bold bit x12. Inthe output pair, the underlined bold bits are the bitswhich differ in each pair (which must include y10) andthe bits y0, y1, y4, y9, y11 and y15 (shown in italics)should be the same in each pair. For each pair in Ta-ble 3, Table 4 provides an example of two states basedon that pattern that converge to the same state after7 iterations.

Table 3: Examples of complying pairs of S-box inputsand outputs


Stage No. 255

244

227

193

161

134

105

98

74

58

44

21

19

9 6 1 111

142

173

204

11

154

41

232

247

118

213

52

179

66

17

80

1stpair 1st value 0 0 0 0 0 0 0 0 1 0 1 0 0 1 1 1 0 1 0 0 0 1 0 0 1 0 0 1 0 0 1 0

2nd value 0 0 0 0 1 0 0 0 1 0 1 0 0 1 1 1 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 0

2ndpair 1st value 0 0 0 0 0 0 0 0 1 1 1 0 1 1 1 0 0 0 1 0 0 1 1 1 1 1 0 0 1 1 1 1

2nd value 0 0 0 0 1 0 0 0 1 1 1 0 1 1 1 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 1 1

3rdpair 1st value 0 0 0 0 0 0 0 1 1 0 0 1 1 0 1 1 1 1 1 0 1 1 0 0 1 1 1 1 0 0 0 1

2nd value 0 0 0 0 1 0 0 1 1 0 0 1 1 0 1 1 1 0 0 1 1 0 0 1 0 1 1 1 0 0 0 1

From above, there are 273 pairs of S-box inputssatisfying the convergence conditions out of the 215

possible input pairs. If we assume the possible valuesfor the S-box input bits are distributed randomly andindependently, this state convergence has a probabil-ity of 273

215 = 2−6.9.

Table 4: Three examples; each two states which con-verge to the same state

1stpair SA1

t−7 318B7E15AF4FF1318DDF0800ADAC56A42913E4B90CBEEFD3A0075AFD3351E7C3

SA2t−7 718BFE15BF4FF1318DDF0802AD8C56A40913E4B90CBEEFD3A0075AFD3351E7C2

St BAE316FC2B5E9FE2631BBE10055B18AD485227C972197DDFA7500EB5FA64A3CF

2ndpair SB1

t−7 718B7E15AF4FF1318DCF0800AD8C56A42913E4B90CBEEFD3A4075AFD3359E7C1

SB2t−7 718B7E15AF4FF1318DDF0802AD8C56A42913E4B90CBEEFD3A4075AFD3359E7C1

St 7E6317FC2B5E9FE26313BE10055B18AD481227C972187DDBA7480CB5FA64B3CF

3rdpair SC1

t−7 318B7E15AF4FF1318DCF0800ADAC56A42913E4BD0CBEEFD3A0074AFD3379E5C3

SC2t−7 718BFE15AF47F1318DDF0802AD8C56A42913E4BD0CBEEFD3A0074AFD3379E5C3

St FAE316FC2B7E9FE2631BBE10055B18AD4812A7C97A187DDFA7500E95FA66FBCB

3.2 State convergence across the initialisa-tion process

Recall from Section 2.1.1, that the loaded state ofSfinks has a defined format, with s95−128 = 1 and

si−128 = 0 for i = 0, . . . , 94. This slightly reduces theoccurrence of state convergence for the first few iter-ations of the diffusion process but does not prevent italtogether.

According to the reference implementation ofSfinks (Lano 2005), the S-box first receives live in-puts from the input stages at t = −127 (after thefirst clock of the shift register). Convergence can notoccur until 7 steps after this, at t = −120.

Based on the general case discussed above, how-ever, state convergence can occur immediately afterthese 7 iterations. All that is required to impose theadditional condition that y2 also remain unchangedwhen x12 is complemented. Table 5 shows a pairof input and output bits of the S-box that can oc-cur after the first iteration and converge after 7 it-erations. This pair satisfies the condition discussedabove, and therefore will lead to convergence after 7steps at t = −120. A pair of converging states basedon this pattern is presented as an example in Table6.

Thus, we see that state convergence can occurthroughout the diffusion process of Sfinks cipher.There are 120 iterations that may carry a state con-vergence during the initialisation. Based on the prob-ability of convergence detemined above, an approxi-mate estimate for the proportion of distinct states re-


30

Table 5: A pair of S-box inputs and outputs that canoccur at t = −120


Stage No. 255

244

227

193

161

134

105

98

74

58

44

21

19

9 6 1 111

142

173

204

11

154

41

232

247

118

213

52

179

66

17

80

1st value 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 1 1 1 1 1 1 12nd value 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 1 1 0 1 1 1

Table 6: Two states (hex) which converge to the samestate at t = −120

SA−127 319B7E15AF4FF13189DF0800ADAC56A40913E4B90CBEEBD3A0074AFD3351E580

SB−127 719B7E15AF4FF1318DCF0802AD8C56A42913E4B90CBEEBD3A0074AFD3351E581

S−120 3EE336FC2B7E9FE2631BBE10015B18AD485227C972187DD3A7500C95FA64A3CB

maining after 128 iterations is (1−2−6.9)120 = 0.9963.Thus, the number of reachable distinct states is ap-proximately (1− 2−6.9)120 × 2160 = 2158.55. This canbe regarded as an approximate upper bound as theremay be other mechanisms of convergence in additionto these we have identified.

4 Discussion and conclusion

This paper demonstrates that state convergence oc-curs during the initialisation phase of the Sfinks ci-pher. This is due to a combination of the delay infeeding the S-box output back to the shift registerand the shift register tap spacing. Specifically, thisis caused by the correspondence between the 7-clockfeedback delay and the distance of 7 steps betweencertain input and output stages. The combination ofthis with the specific S-box used here results in aninitialisation state update function that is not one-to-one, thereby resulting in the state convergence.

The relationship between the input/output stagesand the delay time as shown by Equation 3 is 7 stepsfor the Sfinks stream cipher. However, if the delayin Equation 3 is changed to another number and thespacing between any input and output stages is equalto this delay number, then the state convergence canstill occur. The approach described in this paperwould be applied to detect such convergence with thefocus on a different input to the S-box.

The delayed S-box feedback in Sfinks adds com-plexity to the analysis of the initialisation processfor this cipher, at the expense of additional memoryand a slight delay in producing keystream. However,it is questionable whether the increased complexity,(which reduces efficiency) has resulted in a corre-sponding increase in security. In fact, it may havecontributed to a reduction of security, as the combi-nation of this feedback delay and the shift register tapspacing result in the occurrence of state convergencein this cipher. It is actually possible to avoid thestate convergence in this design by introducing mi-nor changes to tap locations, even so, it is not clearthat the delay itself is necessary for the security ofthe cipher.

When considering the design of the state updatefunction used during initialisation, it is worth notingthat the INV function (represented as the S-box) andthe shift register feedback function used for keystreamgeneration (Equation 1) are individually one-to-one.However, the combination of these functions whichoccurs during initialisation is not one-to-one. This

demonstrates that designers should be careful whencombining components to ensure that the combina-tion does not have undesirable properties.

Sfinks is designed for use with an 80-bit key and80-bit IV. As the state size (256 bits) is greater thanthe sum of the key and IV size, it seems reason-able to assume that 2160 different keystream couldbe produced. However, the state converges problemdemonstrated in this paper reduces the number of dis-tinct keystream. We estimate the number of distinctkeystream is less than 2158.55. Although the impactof this convergence on the security of Sfinks is minor,it can be avoided entirely by more careful design.

The weakness in the initialisation process of Sfinksmay occur in other ciphers which use a modified ver-sion of the keystream generation state update func-tion as the initialisation method. Even slight modi-fications may change the properties of the state up-date function. To avoid state convergence, the stateupdate function must be one-to-one. Even where in-dividual components of the state update function areone-to-one as for Sfinks, it is important to check thatthe combination is one-to-one as well, to avoid stateconvergence.

References

Biryukov, A. & Shamir, A. (2000), Cryptanalytictime/memory/data tradeoffs for stream ciphers, inT. Okamoto, ed., ‘ASIACRYPT’, Vol. 1976 of Lec-ture Notes in Computer Science, Springer, pp. 1–13.

Braeken, A., Lano, J., Mentens, N., Preneel, B.& Verbauwhede, I. (2005), ‘SFINKS: A syn-chronous stream cipher for restricted hardware en-vironments’, eSTREAM, ECRYPT Stream CipherProject, Report 2005/026. http://www.ecrypt.eu.org/stream.

Courtois, N. (2005), Cryptanalysis of Sfinks, inD. Won & S. Kim, eds, ‘ICISC’, Vol. 3935 of LectureNotes in Computer Science, Springer, pp. 261–269.

Lano, J. (2005), ‘Sfinks stream cipher sourcecode’, eSTREAM, ECRYPT Stream CipherProject. http://www.ecrypt.eu.org/stream/sfinks.html.

Rose, G. & Hawkes, P. (2002), On the applicabilityof distinguishing attacks against stream ciphers, in‘Proceedings of the 3rd NESSIE Workshop’, Cite-seer, p. 6.


31


32

Cryptanalysis of RC4-Based Hash Function

Mohammad Ali Orumiehchiha Josef Pieprzyk Ron Steinfeld

Center for Advanced Computing, Algorithms and Cryptography, Department of Computing,Faculty of Science, Macquarie University, Sydney, NSW 2109, Australia

Email: {mohammad.orumiehchiha,josef.pieprzyk,ron.steinfeld}@mq.edu.au

Abstract

RC4-Based Hash Function is a new proposed hashfunction based on RC4 stream cipher for ultra lowpower devices. In this paper, we analyse the securityof the function against collision attack. It is shownthat the attacker can find collision and multi-collisionmessages with complexity only 6 compress functionoperations and negligible memory with time complex-ity 213. In addition,we show the hashing algorithmcan be distinguishable from a truly random sequencewith probability close to one.Keywords: RC4-Based Hash Function, RC4 StreamCipher, Cryptanalysis, Collision resistance.

1 Introduction

Cryptographic hash functions are functions that mapan input of arbitrary length to a string of a fixedlength. It means that the output of a hash func-tion has a fixed length but the input stream can be astring of an arbitrary length (as short as a single bitor as long as several terabytes). Hash functions areindispensable for variety of security applications thatinclude message authentication, integrity verification,and digital signatures. Recent developments in anal-ysis of hash functions have demonstrated that mostmembers of the MD family have many weaknesses thatmay compromise security of applications in which thehash functions are used. It turns out that for hashfunctions such as MD5, SHA-0 and SHA-1 (6; 7; 8),there are attacks that allow to find random collisionsfaster than expected. These advances in cryptanalysisof hashing functions is the main reason for the NISTcall for the new SHA-3 cryptographic hash standard(4). SHA-3 is public and has generated a lot of inter-est from the cryptographic community.

There has been a constant flow of new design ideasand new analysis techniques. One such idea is theusage of stream ciphers to construct new hash func-tions. The RC4 stream cipher - designed by Rivest in1987 (5)- seems to be an attractive option to build afast and light-weight hash function(1; 2). It is a verysimple and elegant cipher that can be implemented us-ing relatively modest computing resources. More im-portantly, RC4 has been studied for many years andits efficiency makes it a good cryptographic tool for

Copyright c©2012, Australian Computer Society, Inc. This pa-per appeared at the 10th Australasian Information SecurityConference (AISC 2012), Melbourne, Australia. Conferencesin Research and Practice in Information Technology (CRPIT),Vol. 125, Josef Pieprzyk and Clark Thomborson, Ed. Repro-duction for academic, not-for-profit purposes permitted pro-vided this text is included.

building hash functions that can be implemented asa light-weight algorithm. In 2006 Chang, Gupta, andNandi (2) proposed a hash function that uses RC4 asthe building block. The hash function was called RC4-Hash. The compression function in RC4-Hash appliesthe key scheduling algorithm (KSA) that is one of themain components of RC4. Because of a specific struc-ture of RC4-Hash, the generic attacks (that are soeffective against hash functions from the MD family)fail to work. However, in 2008 Idesteege and Preneel(3) have showed that RC4-Hash is not collision resis-tant.

Recently Yu, Zhang, and Haung (1) came up withan another hash function design that is based on RC4as well. The function was called the RC4-based hashfunction and in the paper we are going to call itRC4-BHF. In addition to the KSA function, the RC4-BHF hash function uses also two other RC4 functions,namely KSA* and PRGA*. The aim of the designerswas to avoid the attacks by Idesteege and Preneel.The KSA* function is similar to KSA but without theinitialization part. The PRGA* is similar to the orig-inal pseudorandom generation algorithm (PRGA) ofRC4 with a difference that PRGA* does not gener-ate output but changes the internal state. Note thatpadding of messages in RC4-BHF is different from theone used in RC4-Hash. The brief description of RC4-BHF is given in the next Section. Full details aboutRC4-BHF can be found in (1). The authors of RC4-BHF argue that their hash function is collision resis-tant and very efficient. They claim that RC4-BHFis roughly 4.6 times faster than SHA-1 and 16 timesfaster than MD4 (1).

In this paper, we show that their claim about se-curity of RC4-BHF is not true and we describe howto find collisions. We propose two attacks includingcollision attack and distinguishing attack. In the firstone, by using periodic manner of internal states, weconstruct colliding message pairs with complexity 213

compress function operations. And also we exploitthis attack to make multicollisions. In the second at-tack, we show that output of RC4-BHF is distinguish-able from random sequences.

The rest of the paper is structured as follows. Sec-tion 2 gives details of the RC4-BHF construction. Sec-tion 3 consists the main results of this work. In thissection, after identifying weak points of the algorithm,we present a method to find colliding messages andalso show how to construct a distinguisher for the hashfunction. Section 4 concludes the work.


33

2 Description of the RC4-BHF hash function

The hash function has been designed by Yu, Zhangand Hung in 2010 and the reader interested in its fulldescription is referred to (1). The hash function usesthe building blocks used in the RC4 stream cipher.These blocks, however, are modified by the authors.The blocks in question are:

• KSA (key scheduling algorithm of RC4) – thisfunction takes as an input a 64-byte message M =(M [0], . . . ,M [63]) and outputs the internal state〈S, i, j〉, where S = (S[0], . . . , S[255]) is a 256-byte sequence and j is a 1-byte index. And alsoa 1-byte index called i. The function is describedin Figure 1.

1. Input: Message M

2. Output: Internal State 〈S, i, j〉

3. for i = 0 to 255

4. S[i] = i;

5. end for

4. for i = 0 to 255

6. j = (j + S[i] + M [i mod 64]) mod 256;

7. swap(S[i], S[j]);

8. end for

Figure 1: KSA Function

Note that the KSA function is called at the verybeginning of the RC4-BHF to initialize the inter-nal state.

• KSA* – the function takes the pair: the messageM , the internal state 〈S, i, j〉 as the input andprovides an updated internal state. The full de-tails are given in Figure 2.

1. Input: Message M and Internal State 〈S, i, j〉

2. Output: Updated Internal State 〈S, i, j〉

3. for i = 0 to 255

4. j = (j + S[i] + M [i mod 64]) mod 256;


6. end for

Figure 2: KSA* Function

• PRGA* (pseudorandom generation algorithm) –the function takes the pair: an integer len, theinternal state 〈S, i, j〉 as the input and generatesan updated internal state on its input. The pseu-docode of the function is given in Figure 3.

1. Input: Integer len, Internal State 〈S, i, j〉

2. Output: Updated Internal State 〈S, i, j〉

3. for i = 0 to len

4. i = i + 1 mod 256;

5. j = (j + S[i]) mod 256;


7. end for

Figure 3: PRGA* Function

The building blocks (functions) are used to createa sequence of compression functions according to thewell-known Merkle-Damgard (MD) structure. Givena binary message M of an arbitrary length, the hash-ing algorithm proceeds through the following steps:

1. padding – binary representation of the paddinglength is appended to the message and then anappropriate number of bits (constant or random)is attached so the number of bits in the resultingmessage is a multiple of 512. Consequently, themessage can be represented as a sequence of M =(M1, . . . ,Mn), where each Mi is a 512-bit long (oralternatively 64-byte) sequence,

2. compression – the message M1 is used to ini-tialize the internal state 〈S, i, j〉 as follows

〈S, i, j〉 ← KSA(M1)

and then the function PRGA* modifies the statedepending on the length len1 of the message M1

(len1 = M1 mod 25)

〈S, i, j〉 ← PRGA∗(len1, 〈S, i, j〉).

For k; k = 2, . . . , n, the internal states are up-dated step by step

〈S, i, j〉 ← PRGA∗(lenk, KSA∗(Mk, 〈S, i, j〉)

where lenk = Mk mod 25. Figure 4 illustratesthe compression process. Note that the numberof rounds applied in PRGA* is controlled by theinteger leni = (Mi mod 25).

3. truncation – the output of the compression stepconsists of 258 bytes (256 bytes of the state to-gether with 2 index bytes). The final hash valueincludes the least significant bit of each state byteand the indices. This means that hash value is272-bit long.

The internal state of RC4-BHF 〈S, i, j〉, where Sindicates internal state of RC4-BHF and (i, j) are theindices used in KSA, KSA*, and PRGA* functions.The state can be divided to four parts S0, S1, S2, S3,where

S0 = {sk | 0 ≤ k < 64},S1 = {sk | 64 ≤ k < 128},S2 = {sk | 128 ≤ k < 192},S3 = {sk | 192 ≤ k < 256},

where sk is the k-th byte of the internal state.


34

Figure 4: RC4-BHF Scheme

3 Cryptanalysis of RC4-BHF

In this section, we prove that RC4-BHF is not collisionresistant. The proposed attack takes 213 compressionfunction operations and negligible memory. To ap-ply collision attack on the algorithm, first we describethe weaknesses of hashing algorithm and then by ex-ploiting these weaknesses, we propose collision attackand also present two distinguishers to tell apart theoutputs generated by either RC4-BHF or a randomnumber generator.

3.1 The weaknesses of RC4-BHF

Before describing our attack, we discuss properties ofthe RC4-BHF that underpin our attack.

1. The internal state is controlled by the input mes-sages and can be manipulated by an appropriatechoice of message bytes. In particular, we willshow that we can select messages in a such waythat the internal state repeats periodically.

2. The execution of the function PRGA* is con-trolled by the integer len. Note that if len = Mk

mod 25 = 0, then the function PRGA* is not ex-ecuted and can be skipped.

3. The index i is defined to be a byte or integerbetween 0 and 255. But after each execution ofthe function KSA*, the index i = 255. Similarly,after each execution of PRGA*, the index i canbe an integer between 0 and 31. These propertiesare not used in collision attack but they may beexploited to enhance distinguishing attack on thescheme.

Now, we can describe our collision attack on the RC4-BHF.

3.2 Collision attack on RC4-BHF

The attack takes advantage of the periodicity of thefunction KSA* as formulated in the following theo-rem.

Theorem 1 Given the function KSA* of theRC4-BHF. Let the input internal state beS = 〈S0, S1, S2, S3, 63〉, the output internal statebe S′ = 〈S′0, S′1, S′2, S′3, 63〉 and the message sequencebe M = (m0, . . . ,m63), where mi = −(si − 1)mod 256; 0 ≤ i < 64 . Then

KSA∗(〈S0, S1, S2, S3, 63〉) = 〈S′0 = S0, S′1 =

S2, S′2 = S3, S

′3 = S1, 63〉

Proof. It can be easily shown by applying KSA*on the internal state or by induction such as a gener-alisation of Theorem 2 from (3). Denote by 〈S(i), j(i)〉the internal state of RC4-BHF after the i-th step ofthe compression function KSA*. Note that

M [i mod 64] = mi mod 64 = −(si mod 64−1) mod 256.

First, we prove by induction that for every i < 256,the following equations hold:

j(i) = i + 63 mod 256, and

S(i)[i + 1 mod 256] = si+1 mod 64,

S(i)[i + 2 mod 256] = si+2 mod 64,

...

S(i)[i + 64 mod 256] = si+63 mod 64.

It is clear that this holds before the first step, i.e.,for i = −1, since j(−1) = 1, S(−1)[0] = S[0] = s0 tillS(−1)[63] = S[63] = s63. Assume that the conditionholds after step i (i < 255). Then, the update of thepointer j in the (i + 1)-th step is

j(i+1) = j(i) + S(i)[i + 1] + M [i mod 64] mod 256= ((i + 63) + si+1) mod 256+ (−(si+1 mod 64− 1) mod 256= i + 64 mod 256.

Thus, S(i+1) is found by swapping the (i + 1)-thand (i + 64)-th element of S(i). Hence, S(i+1)[i +64 mod 256] = S(i)[i + 1 mod 256] = si+1 mod 64. Ofcourse, S(i+1)[i+64 mod 256] = S(i)[i+2 mod 256] =si mod 64. This implies that the condition also holdsfor step i + 1. After 254 steps, all the elements of Shave been rotated as follows:

S0, S1, S2, S3

S0, S2, S3, S1

Observe that if we apply the result of Theorem 1 inthree consecutive calls to KSA* (3 ∗ 256 steps), then


35

the first state repeats. The situation is illustratedbelow:

S0, S1, S2, S3

KSA∗=⇒ S0, S2, S3, S1

KSA∗=⇒ S0, S3, S1, S2

KSA∗=⇒ S0, S1, S2, S3

This means that the application of the functionKSA* three times to the state causes that the samestate is reached. Note that in addition to the aboveperiodic behaviour of internal states, one can chooseother specific messages to achieve the same periodicbehaviour with longer periods. In (3), this behaviourof internal states of RC4 stream cipher is investigatedand the reader is referred to it for details. Note thatthe construction of colliding message pairs is easy. Toapply attack on RC4-BHF, we need to satisfy two con-ditions:

Condition 1: j must be equal 63, andCondition 2: the least 5 significant bits of −(s63−

1) mod 256 must be zero.(1)

We expect that these requirements will be satisfiedafter testing ≈ 28 ∗ 25 messages.

3.3 Other Period Properties

As mentioned before, in addition to cycles of length 3,other cycles can be found for the KSA* function. Infact, the relation M [i mod 64] in the functions KSAand KSA* can be used to apply other input messagesto construct internal states with periods 7, 15, 31, 63,127.

In similar way to Theorem 1, we can formulate ap-propriate conditions for internal state and the messageM . The results are summarized in Table 1.

Using Table 1, we can find other colliding messages.Finding appropriate internal state requires the sameeffort (given by the time complexity column) for allcycles. Although we present two methods for the cycleequal to 3, these methods can be easily generalized forother cycles different from 3. In next section we showhow we can construct colliding messages.

3.4 Finding Collisions

To construct colliding messages, two methods can beused.

• Method 1. In this method, after applying mes-sage M0, we obtain the suitable internal stateto satisfy the conditions (1). Then, by apply-ing message M1 three times and padding block,the hash value will be computed. Now, to gen-erate other same hash value, we can repeat themessage M1 as in blocks of 3 and finally applypadding block and compute the final hashing di-gest. The following relations show how colliding

messages can be constructed by method 1.

M0 = M0 || Padding

M1 = M0 ||MP || Padding

M2 = M0 ||MP ||MP || Padding

...

Mn = M0 ||MP ||...||MP || Padding

where MP = M1||M1||M1 and M i, 0 ≤ i ≤ n, arecolliding messages.

Table 2: Example for Method 1 including M0, M1,M2and generated hash value.

M0 (64-byte) M1 (64-byte) HashValue(272-bis)

1 03DE074C6CB1A37A201C0C8187BA036E87A3CCC89C35DF742B14E0D6136FD1398685877117685ABE130121F415555ED9D506B5CF411DA3B3CF066C0411DC5548

FF520B5101BFC98C743E178B6521E7A30C2E95C43FA77B25E2E8BB5A3DD0D9CF299EDA05B118CA1A57676E4FB8041FF520BCED4178A94D7FCD399347AA9F5B40

0350EA164598FCEC553FF9C69535B6281F87F26601D26F48EEF7298564265C95007B

2 004BB7F857C5080B47B92603AED61799F14278CAA881CCD997991397E1739FE27885236CD8AE0DBEF561157C710616EA139D1DAF75A5C0D9FC3CB2220D879471

52D5AFD2DA1ACFAB46F514E32F9784086CB228253A649BE57835E699275A799CC8D4F2D7F3DB95F8A21DAA37DD94E4AC128BB62909E0B566560487BA6EC3EA00

E42DD7152E9EAB3F4851B2A0AFD358F2B98DF9720CD285FDCA314801842ECF4B0009

We expect that after 28.25 = 213 executions ofthe compression function for random messages, asuitable M0 can be found. Table 2 presents twoexamples of messages M0, messages M1 and hashvalues obtained using Method 1.Note that changing the length of input mes-sage M i does not effect on padding content.So, we can construct arbitrary number ofcolliding messages with same hash value. Thisproperty can be used to compute multi-collisions.

• Method 2. The principle used is the same as inthe previous method. We first find two messagesM0 and M1 which satisfy the condition (1). Afterthese two messages, the messages M1, M3 can bemade using Theorem 1.Finally, collision pairs canbe made by the following relations:

M0 = M0||M1||M1||M1||M2||Padding

M1 = M0||M2||M3||M3||M3||Padding

...

We expect that after (28.25)2 executions of thecompression function for random messages, asuitable M0 and M2 can be found. Table 3 shows


36

Table 1: Properties and conditions to apply collision attack on Algorithm for other cyclesTheCycleLength

Condition1

Condition 2 Time Com-plexity

Relations

1 7 j = 31 −(s31 − 1) mod 64 = 0 28.25 mi = −(si − 1) mod 256 , mi = mi+32, 0 ≤ i < 322 15 j = 15 −(s15 − 1) mod 64 = 0 28.25 mi = −(si − 1) mod 256 , mi = mi+16 = mi+32 =

mi+64, 0 ≤ i < 163 31 j = 7 −(s7 − 1) mod 64 = 0 28.25 mi = −(si − 1) mod 256 , mi = mi+8 = mi+16 =

... = mi+56, 0 ≤ i < 84 63 j = 3 −(s3 − 1) mod 64 = 0 28.25 mi = −(si − 1) mod 256 ,mi = mi+4 = mi+8 = ... =

mi+60, 0 ≤ i < 45 127 j = 1 −(s1 − 1) mod 64 = 0 28.25 mi = −(s0 − 1) mod 256 i even

mi = −(s1 − 1) mod 256 i odd6 255 j = 0 −(s0 − 1) mod 64 = 0 28.25 mi = −(s0 − 1) mod 256 , 0 ≤ i < 64

two examples of messages M0, M1 M2, M3, andhash values obtained using Method 2.

Table 3: Example for Method 2 including M0,M1,M2,M3 and generated hash values.

M0 (64-byte)

M1 (64-byte)

M2 (64-byte)

M3 (64-byte)

HashValue(272-bis)

1 273A4F51FAA4A7CF3225E7000A9ACDBCCABD7CAC49991F5BB042CF9080C2B7DCD756756FEFDBC42FE783580CC6CC0A8DBDB335AFAC2460F0E8B61DA73C953096

BAFB22B06E1F20C50948DF65A260D573927B5606251987840044523F1435862FFC41E3CEBBDDB3D0A5885890D759AACB89CD72D2C1D3BDABC7364505F3EECF80

8FFD0B0A03E6C6BF7714E1C0BF9B71DE3AED7139574F655657893E7155E27E14844B9CE8B9DBAACC297B352473E36D73E1C5852DEA475DC6FCB75F0F797AA7C2

4459229F9B50A1E3F8A3A772D464CA054F5DE62884295ADCB32609210CC0E1A4DDBBC8AE71E00A1243B77EAB017B1F480B4AE7958A1B4EB8D2F902FDDAB01900

BEDEF05971ACF6A3AF045311041728D5D77ED3385D58408546A3040B575767FE0029

2 7B45A927E089C366BB75CB2E06E9AD053F3A007FBF33F06048597B01DD73E1F5D64A55EB33AEF9D631B9094C1B58562C6306F784F1DB3BB2BBC6E2C996178C36

5A154DFF7B6D869E3DC2DF253F894F68D2B2F7761C4674CA6A8B5B944EF6BFABB5792BC5D89B7CA926D0118C83698D6BA0BB9D9061014CB68477F8A31D6536C0

5CFA81B5EE3730B8FB0B01A35FB4C45B78E9ECD37CD388301059752B16A0D2B7C6D2B5E4001F1C04E002270C94C6843D6A482A032DFE4A1DB23882FEAEA65573

587C8C025B0B462BB83B3C40FFEDF472B6CCD8CF6299285A8FCA0768E2EB787D36EA2A6C2E94B3019103B1697BC3D05700313FD496C7521FFDC19BC859649580

11D3C92263F9EFB165B6370AA78D669079B207062FE4122826919A04FBDFED970019

3.5 Randomness properties of hash digest

As mentioned in Section 2, the hash value is generatedby concatenating the least significant bits of each byteof the final internal state S and two bytes indices iand j. Note that the first 256 bits of the hash value isthe least significant bit of the numbers 0 till 255 which

are swapped based on three functions KSA, KSA*,andPRGA*. Although the positions of the integers arechanged but their values are not modified and it meansthat the hamming weight of the first 256 bits of hashvalue for every input message with arbitrary lengthwill be exactly 128.

In addition, index i in the last round just dependsto the last input message Mn as i = Mn mod 25 and soit will be an integer between 0 and 31. The designersdedicated one byte for index i in the hash value. Sofirst we can see that the three most significant bits forall input messages will be zero and second attackercan change the other five bits of 259-th -263-th bitsby changing five least significant bits of the last inputmessage Mn with probability one. Of course, if weconsider the effect of padding block in the last round,then the index i will be fixed while padding block doesnot change. These two weaknesses lead attacker toa strong distinguisher with distinguishing advantageclose to 1.

4 Conclusion

We presented collision attack on RC4-BHF. The at-tack requires negligible memory and time complexity213 compress function (KSA*) operations. The practi-cality of the attack has been demonstrated with somecolliding messages for RC4-BHF. We also showed thehashing algorithm can be distinguishable from a trulyrandom sequence with probability close to one.

References

[1] Yu Q., Zang C.N., Hung X., ”An RC4-Based HashFunction for Ultra-Low Power Devices”, 2nd Inter-national Conference on Computer Engineering andTechnology (ICCET), pp. 323-328, IEEE Publica-tion, 2010.

[2] Chang, D., Gupta, K.C., Nandi, M.: ”RC4-Hash:A New Hash Function Based on RC4”. In: Barua,R., Lange, T. (eds.) INDOCRYPT 2006. LNCS,vol. 4329, pp. 80-94. Springer, 2006.

[3] S. Indesteege, and B. Preneel, ”Collisions for RC4-Hash,” In Information Security - 11th Interna-tional Conference, ISC 2008, Lecture Notes inComputer Science 5222, C. Lei, V. Rijmen, andT. Wu (eds.), Springer-Verlag, pp. 355-366, 2008.

[4] NIST: Cryptographic hash algorithm competitionhttp://www.nist.gov/hash-competition.

[5] Schneier, B.:” Applied Cryptograph”y, 2nd edn.John Wiley and Sons, Chichester, 1996.


37

[6] Wang, X., Yu, H.: How to Break MD5 andOther Hash Functions. In: Cramer, R. (ed.) EU-ROCRYPT 2005. LNCS, vol. 3494, pp. 19-35.Springer, 2005.

[7] Wang, X., Yu, H., Yin, Y.L.: Efficient Colli-sion Search Attacks on SHA-0. In: Shoup, V.(ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1-16.Springer, 2005.

[8] Wang, X., Yin, Y.L., Yu, H.: Finding Collisionsin the Full SHA-1. In: Shoup, V. (ed.) CRYPTO2005. LNCS, vol. 3621, pp. 17-36, Springer, 2005.


38

Towards a Secure Human-and-Computer Mutual AuthenticationProtocol

Kenneth Radke1,2 Colin Boyd1 Juan Gonzalez Nieto1 Margot Brereton2

1 Information Security Institute2 School of Design

Queensland University of TechnologyEmail: {k.radke, c.boyd, j.gonzaleznieto, m.brereton} @qut.edu.au

Abstract

We blend research from human-computer interface(HCI) design with computational based crypto-graphic provable security. We explore the notion ofpractice-oriented provable security (POPS), movingthe focus to a higher level of abstraction (POPS+)for use in providing provable security for securityceremonies involving humans. In doing so we high-light some challenges and paradigm shifts required toachieve meaningful provable security for a protocolwhich includes a human. We move the focus of secu-rity ceremonies from being protocols in their contextof use, to the protocols being cryptographic buildingblocks in a higher level protocol (the security cere-mony), which POPS can be applied to. In order toillustrate the need for our approach, we analyse both aprotocol proven secure in theory, and a similar proto-col implemented by a financial institution, from bothHCI and cryptographic perspectives.

Keywords: Ceremony, human, HTTPS, TLS, secu-rity, privacy, provable security, authentication

1 Introduction

Humans have had a need to communicate securelyfor thousands of years, with documented evidence ofthe use of a scytale (used for transposition ciphers)as early as 475BC (Mollin 2005). With the prolifera-tion of computers over the last half century, and thecapacity computers provide for cryptanalysis, calcula-tions in confidentiality-ensuring cipher schemes havequickly become too complex for the general populaceto complete by hand. This has led to a situationwhere trust is required by the general user with re-gards to whether their communication and assets re-main private and secure. For example, typical crypto-graphic security solutions may include hash functions.The general populace is unaware what hash functionsare, they certainly do not understand the functional-ity they provide, and they do not know which hashfunctions are being used on their behalf and whichones are known to be insecure. We focus on mutualauthentication, using browser-based1 protocols, par-ticularly providing the human with assurance thatthey are communicating with the party they intend tobe communicating with. We blend concepts from the


1Defined by Gajek et al. as protocols realizable within the con-straints of commodity Web browsers (Gajek et al. 2008).

provable security community, network security com-munity, human computer interface (HCI) design com-munity, and sociotechnical community. Our contribu-tion includes a presentation of deficiencies in modelsand protocols previously published. We also outlinea set of minimum guidelines that human-computerauthentication protocols should have over and abovecomputer-computer authentication protocols.

We blend HCI research and cryptographic researchto create a useful protocol-including-a-human provingmethodology. We highlight human-centred consider-ations which must be included when analysing sucha protocol, and outline central issues in assessing se-curity which requires a shift in thinking. To moti-vate our approach we analyse both a protocol provensecure in theory, and a similar protocol deployed inpractice by a financial institution, from both HCI andcryptographic perspectives.

2 Background and Related Work

To create a mutual authentication protocol between ahuman and a computer, which is secure with respectto the common understanding of confidentiality andintegrity2, a number of fields of research need to beexamined. The combination of an adversary havingthe capabilities of a computer and one of the partiesbeing a computer, means that lessons learned in thenon-computer world cannot be directly applied. Forexample, an attack in a physical environment (such asa robbery) may need a success rate of, at worst, one inten to be worthwhile for the perpetrator; whereas inthe cyberworld attacks that work one time in a millioncan be seen as successful (Shostack & Stewart 2008).So this suggests cryptography with enough security towithstand a computer attack is required, and yet hu-mans are known to have neither the patience, nor thecapacity, to compute the necessarily large numericalvalues required for modern cryptography. Further, ifmodern cryptography is used, then the human losesvisibility, the process becomes non-transparent, andhence, for the general populace, blind trust is requiredthat the data is secure.

Further, cryptography is no longer required onlyby nation states, the military, or secret lovers. Today,the general populace, in developing and first worldcountries, have huge amounts of data and communi-cations they would like protected, and there are manyreal-world settings, such as smart phones, RFID tags,and e-commerce, that require protected communi-cation. This means that, even if we could some-how remove the advantage that computers provide

2For definitions of authentication, integrity and confidential-ity see (ISO/IEC 27001 Information technology - Security tech-niques - Information security management systems - Require-ments 2005, Menezes et al. 1996).


39

the cryptanalyst over human capabilities, for exam-ple by using CAPTCHAs (eg in (Dziembowski 2011))or POSHs (Daher & Canetti 2008), the amount ofencrypting and decrypting required makes anythingmore than human involvement in the cryptosystemat critical authentication steps unrealistic.

In this background section, with our goal being asecure authentication protocol which is not only us-able by humans, but also understandable by humansin such a way that blind trust is not required, wewill cover the ideals of provable security, security cer-emonies3, and we will examine some HCI design andsociotechnical considerations.

2.1 Provable Security

In 1993, Bellare and Rogaway responded to a need toadd more rigour to authentication protocol analysis(Bellare & Rogaway 1993a). They applied reductiontechniques for proving algorithms4 to authenticationand key distribution protocols. These techniques hadbeen previously used by Goldwasser, Micali, Rivest,Blum and Yao in other cryptographic primitive set-tings ((Yao 1982, Goldwasser & Micali 1984, Blum &Micali 1984, Goldwasser et al. 1988) cited in (Bellare& Rogaway 1993a)). The critical concept of a reduc-tionist proof of security is that, if an adversary canbreak the protocol, then the adversary can also breakthe underlying cryptographic primitive.

Perhaps a more significant contribution of Bellareand Rogaway’s 1993 work was the concept of practice-oriented provable security (POPS). Provable securityresearch prior to this had been based on only the-oretical primitives (Bellare 1999), such that at thetime of Bellare and Rogaway’s 1993 papers provablysecure cryptographic primitives tended to be muchless efficient than primitives used in practice (Bellare& Rogaway 1993a,b). Since there was no intersectionbetween provably secure cryptographic primitives andthe primitives used in practice, provable security pre-1993 was just theory. With the addition of an ide-alised model, the random oracle, protocols using theprimitives used in practice could have security proofsdeveloped.

Unfortunately, the concept behind POPS has notextended as far as required into protocol design, par-ticularly in the area of protocols which involve hu-mans. A fundamental ideal of POPS is that at nopoint should a protocol be able to be broken with-out breaking the underlying cryptographic primitive,and hence the protocol should not be weaker thanthe underlying primitive. In reality, particularly withrespect to humans 5, this is not the case. For exam-ple, humans have shown themselves to be suscepti-ble to many social engineering attacks, which allowthe theoretically secure protocols (which have a re-ductionist proof) to be broken in practice. Further,humans do not execute a protocol as the protocol de-signer thought they would. The reasons protocols,proven secure mathematically, are broken when hu-mans use them, can be summarised to the model usedfor the security proof was insufficient. Such a state-ment masks a variety of sources of deficiency, some ofwhich include:

3Ceremony (a term coined by Jesse Walker) analysis is protocolanalysis with the human interaction explicitly included (Ellison2007).

4These reductionist proof techniques were collectively calledprovable security.

5Beyond human involvement and potential social attacks, infor-mation is leaked concerning otherwise secure protocols via meanssuch as observing computation time and power consumption, col-lectively known as side-channel attacks.

• modelling a human is too difficult, and hence hu-mans are either left out of the model and securityproof, or else humans are given unrealistic pow-ers such as being expected to follow the protocol100% correctly, 100% of the time; or they areexpected to completely forget previous actions.

• The model, and hence the security proof of theprotocol, does not include critical out-of-band(OOB)6 communication and necessary setupsteps prior to the protocol running.

• The protocol definition, and hence the securityproof based on the model, does not include thecomplete design (for one example, see Section3.1). Most particularly, decisions that affect se-curity, particularly HCI decisions, are left out ofthe protocol definition and are hence being madeby non-security-aware practitioners.

Two promising directions in the provable securitycommunity have been made by Hopper and Blum(Hopper & Blum 2001), and by Gajek et al. (Gajeket al. 2008). Hopper and Blum’s contribution wasto provide a goal of creating (α, β, t) protocols foruse by humans, in which at least (1 − α) of the hu-man population can do what they need to do, in atmost t seconds, with probability of correct executionof the protocol greater than (1− β). This data couldbe collected empirically, and their idea was to createlight-weight cryptographic protocols that would havea mathematical proof of security, with ideally 90% ofthe population executing the protocol correctly inside10 seconds, 90% of the time (Hopper & Blum 2001).Unfortunately, the protocol they suggested resultedin 10% of the population executing the protocol cor-rectly inside 300 seconds, 80% of the time, and hasgone on to become the basis of light-weight protocolsfor constrained devices, such as RFID, rather thanhuman executable protocols (for example, see (Juels& Weis 2005, Hammouri & Sunar 2008, Bringer et al.2006)). However, the concept of combining empir-ical evidence of usability with a security proof is apromising direction.

Secondly, Gajek et al. presented a protocol for mu-tual authentication between a human and an onlineinstitution, via the web (Gajek et al. 2008). This pro-tocol, discussed in depth in section 3.1 and the basisof our proposal, has a number of innovative and use-ful features. Firstly, for the purposes of the securityproof, the human is separated from their computerand web browser, so that the authentication betweenthe human and a server has three parties, being thehuman, the human’s computer with a web-browser,and the server. Secondly, the human and the human’scomputer are given specific functions in the securityproof model. These functions were that the browseron the human’s computer renders a webpage (basedon browser state), and the human must be able torecognise what Gajek et al. called a human perceptibleauthenticator (HPA) (Gajek et al. 2008). The HPAcan be anything, but in the Gajek et al. protocol theHPA was an image which was previously selected bythe user and sent to the server. By adding these func-tions, the human’s involvement is partitioned fromthe non-human protocol messages, and a formal proofof security is created. The proof concludes with thesecurity of the protocol being bounded by the proba-bility of a human to recognise their previously chosenHPA from the set of all possible values (specifically

6Out-of-band channels are auxiliary channels, such as receivingan email which must be responded to as part of a signup processon a website.


40

taking into account other values which a human wouldfind indistinguishable from their chosen HPA).

This technique of creating a protocol proof withthe human assumptions being included but parti-tioned in such a way that a human trial will informhow secure the protocol is, is a significant step for-ward in the quest to prove protocols secure for hu-man use. However, a complete design, informed byiterative cumbersome protocol-specific human stud-ies following each new protocol design and developedproof, would potentially take years with no guaran-tee of success. Human protocols do need to be verifiedvia human trial post-theoretical proof, however sim-ply writing a security proof in terms of the humanis not sufficient and a method of arriving at a morelikely to succeed design is required.

Modern cryptography has matured enough, and anecessity for provably secure human-computer proto-cols has become critical, such that a timely paradigmshift concerning the building blocks of secure proto-cols is required. Just as Bellare and Rogaway de-fined POPS in 1993 (Bellare & Rogaway 1993a,b),thus shifting the focus to protocols and primitives inuse at the time (Bellare 1999), we propose that thereis now a requirement for a further paradigm shift,to move to a higher level of abstraction. That is, totreat building blocks for human interaction protocols,such as HTTPS, as primitives, and to create securityproofs based on that in the interests of creating proto-cols better suited to humans. In this way, we proposePOPS+. The technique remains the same, as doesthe quality of the proof. That is, if you believe thatHTTPS is secure, and a reduction can be made fromthe security of HTTPS to the security of a protocol,then, as long as there remains no program that canbreak HTTPS, the protocol will remain secure.

2.2 Ceremonies

In recent years there has been a recognition and con-certed effort to include the social sciences in informa-tion security in the research community7. This multi-disciplinary approach brings into context the humanusage of information security systems. As Shostackand Stewart state, “. . . our approach to informationsecurity is flawed” and “the way forward cannot befound solely in mathematics or technology” (Shostack& Stewart 2008).

The concept of a security ceremony has been usedby Ellison, in network security settings, to capturethe human element in the protocol usage (Ellison &Dohrmann 2003, Ellison 2007). In Ellison’s main pa-per on the topic in 2007, the human was modelledas another node on the network, and hence a partof what must be considered from a security point ofview. At the time, this innovation did not lead to anyformal proofs of security, and only initial work waspresented on how the human nodes could be mod-elled, but simply having the human as a node onthe network, distinct from their computer, allowedcertain attacks to be clearly presented and demon-strated. Most particularly, the technique demon-strated an attack which exploits an interface designwhich hides information, that the computer has, fromthe human who needs the information to give that hu-man any hope of making an informed decision (Ellison2007).

Since 2007, security ceremonies have been investi-gated in the fields of formal methods, including thePKI context, which provided some early steps on how

7As can be seen by workshops and conferences such as SHB,WEIS, and SOUPS.

a human may be modelled (Martina & Carlos 2008,Martina et al. 2009); in applied cryptography whichadded extra human elements to allow for humans tovouch for other humans as an extra factor in identifi-cation (Brainard et al. 2006); and in the network se-curity community with a focus on a defence-in-depthapproach, via use of forcing functions8 (Karlof et al.2009).

Recent research has shown that ceremony analysisis protocol analysis in its context of use (Radke et al.2011). This raised concerns about conducting a morecomplete analysis, in particular including humans in aprotocol’s security proof, as a method for proving thesecurity of the non-human part of the protocol beinginvestigated. For example, a protocol such as HTTPS(HTTP over TLS), can be used in a variety of ways ona variety of devices. If the device, method, and userof the protocol are included in the ceremony, thenmany ceremonies for HTTPS which will be widelyused have not been created yet (and the devices onwhich they will be used have not been created yet).This viewpoint means that proving the security ofHTTPS via use in a ceremony will create a proof ofsecurity for HTTPS which is applicable to only thatceremony.

2.3 HCI and Sociotechnical considerations

HCI research on browser-based authentication pro-tocols has revealed much concerning what humanscan, what humans will not, and what humans can-not, do, drawing over the years from what Harrisonet al. have identified as three broad paradigms of HCIresearch – a-theoretic, cognitive and situated (Harri-son et al. 2007). Lessons can be learned from initialwork by Simon (Simon 1969, 1996), which showed usthe boundaries of human short term recall, and cogni-tive load issues, through to specific controlled studieson decision making in use of security systems. Anexample of such research is by Schechter et al. whocreated a study in which bank websites were progres-sively changed, to become less and less secure, and theresearchers determined whether the participants con-tinued to enter their password into the website (whichthey did) (Schechter et al. 2007). Recent work has in-dicated that a recent security improvement, which at-tempts to provide users with the necessary authenti-cation information via the use of Extended ValidationCertificates9, and the associated inbuilt functionalityin current browsers to colour code and present typ-ically real world company name information to theuser, is not being used by web-users in their web se-curity decision making (Radke et al. 2010).

Dourish has provided a bridge between social sci-ence and HCI design, contributing significantly in ar-eas such as defining and using context (for example,in Dourish (2004)). Of specific concern, when definingcontext, was the impression (still common seven yearslater) that context is fixed, explicit and can be ade-quately captured by explicitly measurable informa-tion rather than something that is “. . . being continu-ally renegotiated and defined in the course of action”(Dourish 2004). One simple application of the con-cept of context is the case of the rushing user10. AsDhamija et al. describe, security is typically not the

8A core property of a forcing function is to prevent a user fromproceeding, until a critical step is completed.

9Extended Validation SSL Certificates – The Certification Au-thority/Browser Forum. http://www.cabforum.org/.

10A rushing user is used by Kumar et al. to describe a user who,in a rush, takes the shortest path through a protocol, skipping stepswhich are not required for subsequent steps to work (Kumar et al.2009).


41

http://www.cabforum.org/

primary task and hence users may not notice securityindicators or read warning messages (Dhamija et al.2006). There is also a body of work which focuseson achieving security by aligning what a system doeswith the user’s mental models of that system (Smith2003, Yee 2004). As Smith states, “Repeatedly, Iended up with problems because what computers aredoing with cryptography doesn’t match the mentalmodel that humans have - end users as well as sys-tem programmers (Smith 2003).” More recent workincludes Chiasson et al.’s research into constructing aset of design principles for security management sys-tems (Chiasson et al. 2007).

While the concept of aligning the actual systemto the user’s mental model of the system (or viceversa) is useful at a guiding level along the lines of“the user must understand what the system is do-ing, and what the response to her actions will be,”the concept of the human cognitive model that existsprior to the situation is a contentious one. There issignificant evidence that people co-construct mean-ing using embodied competencies and situational cir-cumstances (Suchman 2007). Suchman argues under-standing conversations and interactions, as dynamicco-constructions, could prove more useful for design-ers of human-machine interactions. The lesson wetake from this body of work is the necessity for theuser to be in control and to have visibility of (andto understand and actively participate in), ideally,the cryptographic authentication processes. This isin keeping with the central concept of Norman’s pop-ular design book, which is “when people have troublewith something, it isn’t their fault - it is the fault ofthe design (Norman 2002).”

3 Human Protocols

We now focus our attention on protocols involving hu-mans, specifically two cases, from which we will drawseveral critical lessons. The first case is by Gajeket al. and describes mutual authentication via theweb, from which we will learn techniques used forproofs (Gajek et al. 2008). The second case is a com-parative study, by Kumar et al., for pairing methodsfor previously unassociated devices over some human-imperceptible communication channel (such as blue-tooth). This section will show us several importantaspects of a human protocol, such as being resistantto the already discussed rushing user (Kumar et al.2009).

3.1 Provably Secure Browser-Based User-Aware Mutual Authentication over TLS

In the past, it has been typical for papers analysinghuman protocols to present a range of known attacks,such as naive keylogging attacks, phishing attacks,eavesdropping, shoulder surfing, etc, and then, in aninformal way, describe how their protocol addressesthese concerns, perhaps via statistical analysis on asmall set of users. This process remains widely usedtoday (for example, Oorschot & Wan (2009), Aru-mugam & Sujatha (2010)). This is the style of pro-tocol creation and analysis that the provable securitymovement of the past twenty years has sought to su-persede. Therefore it was a significant step, by Gajeket al., to create a proof of security for a protocol in-volving a human (Gajek et al. 2008). A sketch of theirprotocol follows:

1. The protocol is between a server, a human’s com-puter running a web browser (which has state),and the human.

2. Before the protocol begins, the human has se-lected a HPA and provided that HPA to theserver. The HPAs suggested by Gajek et al. area personally selected image or voice recording.

3. Both the server and the human’s computer haveauthentication certificates and associated privatekeys, and a secure TLS connection is estab-lished between the browser and the server, whenthe browser on the human’s computer opens theserver’s webpage. This process authenticates theserver to the human’s browser and from the hu-man’s browser to the server.

4. The server sends the human the HPA that thehuman has stored with the server (by completinga lookup of the human’s browser-specific certifi-cate, to know whose HPA to send), via the webbrowser which renders the HPA for the user, andthis authenticates the server to the human.

5. Having recognised the HPA, the human sends theserver their traditional login and password, thusauthenticating the human to the server.

Investigation of the Gajek et al. protocol, modeland proof reveals a number of salient points. Thesepoints may be categorised into HCI issues and cryp-tographic issues.

3.1.1 HCI Issues

For the points of interest that can be drawn from theGajek et al. case, we will assume the HPA is an image(though these comments apply equally to voice andseveral other types of HPA). As stated in section 2.1,one of the reasons protocols proven to be secure fail,when subjected to use by a human, is due to the pro-tocol specification not extending far enough into theHCI implementation. Thus, HCI designers, who arenot security professionals, are making decisions thatsecurity professionals should have made. Issues thatcould result from the Gajek et al. protocol include:

1. Perhaps the most significant issue is requiring thedesigner to ensure that at least the image is fullydisplayed (ie images have not been turned off inthe browser, and the image is fully downloaded)before the login and password box is presented tothe user. Otherwise, there is no authenticationfrom the server to the human, not even poten-tially any authentication from the server to thehuman, and authentication from the server to thehuman is the aim of the protocol. This goes be-yond the rushing user concern, which this pro-tocol does not resist at all, since the human canenter their login and password regardless of whatimage, or whether an image, is sent.

2. As soon as multiple people send images to aserver, design decisions will be made regardingwhat format to store them in, what size to storethem in, and what resolution to store them in.This will be done to ensure only a fixed amountof storage is used, and that similar quality im-ages are used. The end result being that someimages (which were too small or too low qual-ity) may be rejected, and other images will losesignificant detail.

3. Since the decisions at the client end are alsonot specified, different designers of website loginforms will make different decisions about how todisplay the images. These decisions include the


42

shape of the image (at least, portrait or land-scape) and the size of the image area on the web-page, which will all impact how many HPAs arehuman distinguishable from the complete set ofHPAs.

The authors have seen a variant of the Gajek etal. protocol implemented by a financial institution.In this real world example, the user does not havea certificate, and instead the user’s username is sentfrom the user to the bank, which the bank uses toidentify which HPA to send back to the user. Uponthe receipt of the HPA from the bank, the user sendstheir traditional login and password information tothe bank.

Exploring this real world example is worthwhileto determine the sorts of design decisions that can bemade by implementers of systems. Design decisions,that the creators of this login ceremony have made,include:

1. The bank’s users are presented with a set of im-ages to choose their HPA from. That is, the bankhas overcome the issues concerning the range ofimage sizes, shapes, formats, resolutions etc, byproviding the set of images to choose from. Un-fortunately, this set of images is quite small, lessthan 20, so the dictionary space |W | of this partof the HPA is quite small.

2. The implementers have added a pass-phrasewhich the users submit when they select theirimage in the once-off setup stage. Both the im-age and the passphrase (two parts to this HPA)are sent from the bank to the human at each lo-gin.

3. The bank’s login proceeds without the imagepart of the HPA being downloaded. That is, evenif the user turns off image downloads in theirbrowser, the login and password entry fields stillappear and the user can still login to the system.

4. This protocol is in no way rushing-user resistant.That is, the user can enter their login and pass-word without looking at the HPA at all, andhence the protocol can be completed without therecognise task being executed.

3.1.2 Cryptographic Issues

The main cryptographic issues that surround theGajek et al. protocol are entwined in human issues.From a cryptographic point of view, both securityof the channel and authentication of the two partiesis achieved by the use of HTTPS and certificates atboth ends (TLS in client authentication mode). Thereason why HPAs are used is due to the recognitionthat users do not check, know to check, know how tocheck, certificates. So there is an interesting combina-tion in the security proof where effectively authenti-cation of the user is provided by the user’s certificate(wrapped in various cryptographic primitives such askeyed hashes), and authentication of the server isachieved via the HPA. This is in contrast to the wordsused in the paper, which clearly and intuitively statethat TLS ensures that the browser knows it is com-municating with the server, and the server knows thatit is communicating with the browser, at which pointthe respective keys (HPA server to human; passwordhuman to server) can be securely exchanged. Oncethe HPA is recognised by the human, the server isauthenticated to the human; and once the passwordis matched by the server, the human is authenticatedto the server (Gajek et al. 2008).

There are three central observations:

1. Essentially the server’s password (user’s HPA) isbeing sent to the human before the human hasbeen authenticated. Most particularly, the sepa-ration of the human from the human’s browser-computer combination, means that while thebrowser has been authenticated to the servervia the browser’s certificate, anyone, especiallysomeone other than the intended user, could besitting at the terminal. This would allow an ad-versary, sitting at the user’s terminal, to acquirethe HPA and later masquerade to the user as theserver. If we are to use the HPA as a real in-dicator of authentication and hence security ofthe system, then there is no difference betweena server sending a HPA to an unauthenticatedhuman and a human sending a password to anunauthenticated server. This weakness is a re-sult of a limitation of the security model used forthe protocol proof, since these sorts of attackswere not modelled.

2. Further, in the real world implementation, sincethe human’s browser has no certificate, then theserver is sending the HPA without authenticationat the client end, ensuring replay and MITM at-tacks11 are possible. This means that this proto-col provides no extra security above a standardlogin and password protocol with no HPA.

3. The human’s password, sent in message 5 of theGajek et al. protocol (see Section 3.1), does notform part of the proof of security of the protocol.Again, this is because the security model usedexcluded the possibility of the non-intended-userusing the computer, the authentication of theuser’s browser is sufficient to authenticate theuser.

As stated earlier in sections 1 and 2, the inten-tion is to create a protocol which is transparent tothe human that provides the human with assurancethat they are communicating with the party they in-tend to be communicating with. Users should not beexpected to accept that the password that the bankhas for them, the HPA, is sent to them before theyhave consciously provided anything to the bank toauthenticate themselves. An interesting observationfrom the Gajek et al. protocol is that, if the HPA istruly being used as the method to authenticate theserver, then the certificate, at least at the server’send, is not required. Indeed, if we presume that usersare not checking security certificate information aspart of their security decision making process (as evi-denced by studies in Radke et al. (2010) and Schechteret al. (2007)) this does suggest a shift in perspectiveof where the certificate should be used. For exam-ple, we could ensure that all banks are made awareof certificates and check for certificates, while we can-not ensure that all users are aware of certificates andcheck for certificates, therefore the suggestion wouldbe to have the certificates at the user’s end (to beissued at the same time as the login and passwordinformation is issued to the customer by the bank).This may involve an addition to the TLS protocol, orcan be constructed using current traditional server-authentication methods by moving the server’s roleto the client, such that the client, who has the certifi-cate, becomes the “server”, with one extra message

11A man-in-the-middle (MITM) attack is an attack where athird party intercepts messages between two communicating par-ties, typically without either intended party detecting this, allow-ing the MITM attacker to listen in and manipulate messages.


43

flow in the initialisation of TLS. We shall call thismode which has a certificate at what is traditionallyconsidered the client end, and no certificate at what istraditionally considered the server end, certificateless-server mode.

We also seek to create a protocol which is rushinguser resistant, that ensures the user is actually check-ing the authentication provided by the server, whichis not enforced in the Gajek et al. protocol. Anotherlesson learned by the investigation of the Gajek et al.protocol is the ideal that the human, rather than theserver, takes the initial steps in the protocol.

A final point on the Gajek et al. protocol is moreof a philosophical ideal. The ideal is that the humandoes not know that this is the real protocol. Thatis, the human is presented with a website and simplyfollows the instructions - there is no necessity to pre-learn this protocol. This raises an interesting issue,and that is that the adversary can, instead of attack-ing the Gajek et al. protocol directly, simply createa new website with a new protocol (which does noteven have to be related to the real protocol). There-fore, ideally a protocol is created which the human isforced to initiate, and as the initiator, rather than thefollower, the human needs to learn what the protocolshould look like. This ideal, combined with trans-parency of the authentication process, should makethe protocol substitution resistant.

3.2 Usability Testing of Human Protocols

Kumar et al. researched 13 different wireless de-vice pairing methods (Kumar et al. 2009). While thestudy used now outdated mobile telephones, severallessons learned about how humans take part in proto-cols can be directly applied. Wireless device pairingtypically has unavoidable human involvement, andhence each method which typically combines cryp-tographic elements with human interaction, is a sep-arate non-trivial security ceremony involving a hu-man. Kumar et al. designed and executed a humanstudy which, over the course of three sessions, com-pared more than 40 (total) variations of the pairingmethods. The study’s participants were timed, hadtheir actions logged, completed pre- and post- ques-tionnaires, and an interview. The security ceremonieswere assessed for robustness and usability. Robust-ness results were categorised into safe errors12 andfatal errors13. Usability was assessed in three cate-gories, being: completion time; successful completion;and user’s perception of ease-of-use and personal pref-erence (Kumar et al. 2009).

Two outcomes of Kumar et al.’s research that aredirectly applicable to human protocol design in gen-eral. Firstly, protocols should be designed to be rush-ing user resistant, by ensuring that a user’s responsesdepend on prior steps. The user cannot just “accept”,or, even worse, ignore. Secondly, the human initiat-ing the protocol is important. There were other usefulconclusions, regarding what sorts of activities gener-ate the least number of false positives and false neg-atives, but they are more protocol specific (Kumaret al. 2009).

12A safe error is any non-fatal error, typically a false positive,a rejection of a successful pairing.

13A fatal error is a false negative, or the acceptance of a failedpairing instance (as defined in (Uzun et al. 2007)).

4 Towards A Human-Computer Mutual Au-thentication Protocol, Provably Secure inPOPS+

We target two central improvements and considera-tions which should be included in authentication pro-tocols involving a human. They include

1. Rushing user resistance

2. A security proof at a level above the crypto-graphic level

4.1 Rushing user resistance

Mutual authentication, for example where a bank au-thenticates itself to its account holder, as well as theaccount holder authenticating themselves to the bank,is important. In most protocols where an entity is au-thenticated to a human, there will be a step similarto the recognise function of the Gajek et al. proto-col proof (Gajek et al. 2008). In this step, the entitywill show something (a HPA) to the human, and thehuman is meant to examine this HPA and if it is cor-rect they proceed, and if the HPA is incorrect theyshould abort the protocol run. Unfortunately, as wehave shown, both in the research literature and incommercial implementations, quite often there is noassurance that the human has completed the recog-nise assessment - a human who skips such a step iscalled a rushing user.

To increase the chances of humans completing therecognise step, rushing user resistance should be in-cluded in the protocol. A construction that could beadded to most such protocols is to send the humanuser not just the real HPA (HPA1), but also a falseHPA (HPA2) in random order. Now, beyond send-ing to the server their user name and password, thehuman must also select which of the two HPAs wastheir HPA. If the human selects the wrong HPA, thenthe server must abort the protocol even if the loginand password the human provides are correct.

There are a number of intricacies with this solu-tion, especially when trying to combine the crypto-graphic elements with the human elements:

• This solution does not enhance the cryptographicsecurity of the protocol. Rather, this step is onlyin place to ensure that the human follows theprotocol. This element is not captured in currentcomputational-based security proofs and models.

• Beyond not enhancing the cryptographic secu-rity, this action decreases the cryptographic se-curity in that the adversary now has twice asmany chances of sending the human a legitimateHPA (if only two HPAs are sent to the human)since two HPAs are now sent to the human.

• Whether the human is completing the recognisestep is being checked by the server, in that ifthe wrong HPA is selected then the server shouldabort the protocol and force the human to startagain. If the server is the adversary, then theadversary will accept the username and passwordregardless of which HPA the human chooses. Sothis training of the human to follow the protocolcorrectly will only work while legitimate protocolruns occur with the real server.

• The improvement to the human’s behaviour infollowing the protocol will happen over time.This is another concept not captured in currentsecurity proofs and models.


44

4.2 Security proofs at a level above the cryp-tographic level

This paper has introduced the concept of POPS+,being that a security ceremony is, at the level thatmost security professionals consider security, simplya protocol which includes a human. In the same waythat practice oriented provable security (POPS) ofblock ciphers is not proven by examining a proto-col including a block cipher, the POPS+ security ofa higher level cryptographic building block such asHTTPS should not be proven by examining a pro-tocol which includes HTTPS. The proof of HTTPSis completed elsewhere, and, once proven secure, thesuper-protocol which uses HTTPS is proven secure.In this way we have moved beyond ceremonies beingprotocols in their context of use to being protocolswhich include lower level protocols.

To allow this analysis of suitability of a protocolfor human use to happen, ideal instances of the cryp-tographic building blocks can be used. For example,an ideal secure channel providing confidentiality, in-tegrity, and authentication for the participant withthe private key where the other participant is knownto check the certificate, would be used for a HTTPSsecured channel. Cryptographers would argue that ifthe communication channel is secure then the proto-col becomes trivial. However, a secure channel is noguarantee that the correct information is being passedto and from the human, which is the focus of this levelof analysis. By assuming that cryptographic buildingblocks, such as the channel, are secure, greater atten-tion can be focused on the protocol flows that interactwith the human allowing for quicker and easier cere-mony design and analysis.

5 Conclusion

We have drawn inspiration from a variety of sources,including the provable security cryptographic commu-nity, network security community, Human ComputerInterface (HCI) design community, wireless commu-nication device pairing, and the sociotechnical com-munity, to create generic enhancements which can beapplied to human usable human-computer mutual au-thentication protocols. Human usable protocols werefound to require rushing user resistance, achieved byensuring subsequent protocol steps depended on pre-vious protocol steps, and spoofing resistance, achievedby ensuring transparency of the protocol to the hu-man, necessitating the protocol be taught/learned,and ensuring that the human initiates the protocol.These aspects were shown to be missing in researchliterature and current commercial implementations.

This paper suggests a shift in thinking regardingceremony analysis. Previously, ceremony analysis hasbeen regarded by some as a more complete version ofprotocol analysis which explicitly includes human in-teraction, setup steps and OOB communication, thusproving a ceremony secure is proving the protocol se-cure. Recent work has highlighted an issue with this,regarding each ceremony as a protocol in its contextof use, meaning that proving a protocol secure in oneceremony does not prove the protocol secure in anyother ceremony. This paper takes that a step further,treating the underlying protocol as a cryptographicprimitive or building block, and considering the cer-emony as a protocol which uses that building block(protocol, such as TLS).

We have highlighted that cryptographic buildingblocks, such as TLS, have become mature to thepoint where a further level of abstraction is possi-

ble from the level that was applied when practice-oriented provable security (POPS) was promoted byBellare and Rogaway 18 years ago. This allows, forthe security proof of security ceremonies that includehumans, to abstract away the cryptographic buildingblocks and extend the security proofs into the human-computer interface. We have called this paradigmshift POPS+. The philosophy remains the same,and that is, a reductionist proof such that the wayto break the protocol is to break the cryptographicbuilding block, and as long as the building block re-mains secure, the protocol remains secure.

Acknowledgments

The authors acknowledge and appreciate the discus-sions with Mark Manulis, Douglas Stebila, the In-formation Security Group at Royal Holloway Univer-sity of London, and Chai Wen Chuah concerning real-world protocols. The anonymous reviewers were alsovery helpful, not just for this paper but for the future.

References

Arumugam, G. & Sujatha, R. (2010), ‘Secured au-thentication protocol system using images’, IJCSIS8(8).

Bellare, M. (1999), ‘Practice-oriented provable-security’, Lectures on Data Security pp. 1–15.

Bellare, M. & Rogaway, P. (1993a), Entity Authenti-cation and Key Distribution, in D. R. Stinson, ed.,‘CRYPTO’, Vol. 773 of LNCS, Springer, pp. 232–249.

Bellare, M. & Rogaway, P. (1993b), Random oraclesare practical: A paradigm for designing efficientprotocols, in ‘CCS’, ACM, pp. 62–73.

Blum, M. & Micali, S. (1984), ‘How to generate cryp-tographically strong sequences of pseudo-randombits’, SIAM J. Comput. 13(4), 850–864.

Brainard, J. G., Juels, A., Rivest, R. L., Szydlo, M.& Yung, M. (2006), Fourth-factor authentication:somebody you know, in ‘CCS’, ACM, pp. 168–178.

Bringer, J., Chabanne, H. & Dottax, E. (2006),

HB++: a Lightweight Authentication Protocol Se-cure against Some Attacks, in ‘SecPerU’, IEEEComputer Society.

Chiasson, S., van Oorschot, P. & Biddle, R. (2007),Even experts deserve usable security: Design guide-lines for security management systems, in ‘SOUPSWorkshop on Usable IT Security Management(USM)’, Citeseer, pp. 1–4.

Daher, W. & Canetti, R. (2008), POSH: A Gener-alized CAPTCHA with Security Applications, inD. Balfanz & J. Staddon, eds, ‘AISec ’08’, ACM,pp. 1–10.

Dhamija, R., Tygar, J. & Hearst, M. (2006), Whyphishing works, in ‘Proceedings of the SIGCHI con-ference on Human Factors in computing systems’,ACM, p. 590.

Dourish, P. (2004), ‘What we talk about when we talkabout context’, Personal and ubiquitous computing8(1), 19–30.

Dziembowski, S. (2011), ‘How to pair with a human’,Security and Cryptography for Networks pp. 200–218.


45

Ellison, C. (2007), ‘Ceremony Design and Analy-sis’, Cryptology ePrint Archive, Report 2007/399.http://eprint.iacr.org/.

Ellison, C. & Dohrmann, S. (2003), ‘Public-key sup-port for group collaboration’, ACM Trans. Inf.Syst. Secur. 6(4), 547–565.

Gajek, S., Manulis, M., Sadeghi, A.-R. & Schwenk,J. (2008), Provably Secure Browser-Based User-Aware Mutual Authentication over TLS, in M. Abe& V. D. Gligor, eds, ‘ASIACCS’, ACM, pp. 300–311.

Goldwasser, S. & Micali, S. (1984), ‘Probabilistic en-cryption’, J. Comput. Syst. Sci. 28(2), 270–299.

Goldwasser, S., Micali, S. & Rivest, R. L. (1988),‘A digital signature scheme secure against adap-tive chosen-message attacks’, SIAM J. Comput.17(2), 281–308.

Hammouri, G. & Sunar, B. (2008), PUF-HB: ATamper-Resilient HB Based Authentication Proto-col, in ‘ACNS’, Vol. 5037 of Lecture Notes in Com-puter Science, pp. 346–365.

Harrison, S., Tatar, D. & Sengers, P. (2007), Thethree paradigms of HCI, in ‘Alt. Chi. Session at theSIGCHI Conference on Human Factors in Comput-ing Systems San Jose, California, USA’, Citeseer.

Hopper, N. J. & Blum, M. (2001), Secure HumanIdentification Protocols, in C. Boyd, ed., ‘ASI-ACRYPT’, Vol. 2248, Springer, pp. 52–66.

ISO/IEC 27001 Information technology - Securitytechniques - Information security management sys-tems - Requirements (2005), ISO.

Juels, A. & Weis, S. A. (2005), Authenticating perva-sive devices with human protocols, in ‘CRYPTO’,Vol. 3621 of Lecture Notes in Computer Science,Springer, pp. 293–308.

Karlof, C., Tygar, J. D. & Wagner, D. (2009),Conditioned-safe ceremonies and a user study ofan application to web authentication, in ‘Proceed-ings of the Network and Distributed System Secu-rity Symposium, NDSS 2009, San Diego, Califor-nia, USA’, The Internet Society.

Kumar, A., Saxena, N., Tsudik, G. & Uzun, E.(2009), ‘A comparative study of secure device pair-ing methods’, Pervasive and Mobile Computing5(6), 734–749.

Martina, J. & Carlos, M. (2008), Why should we an-alyze security ceremonies, in ‘Applications of Logicin Computer Security. The 15th International Con-ference on Logic for Programming, Artificial Intel-ligence and Reasoning’.

Martina, J. E., de Souza, T. C. S. & Custodio, R. F.(2009), Ceremonies Formal Analysis in PKI’s Con-text, in ‘CSE ’09: Proceedings of the 2009 Interna-tional Conference on Computational Science andEngineering’, IEEE Computer Society, Washing-ton, DC, USA, pp. 392–398.

Menezes, A., van Oorschot, P. C. & Vanstone, S. A.(1996), Handbook of Applied Cryptography, CRCPress.

Mollin, R. (2005), Codes: The Guide to Secrecy fromAncient to Modern Times, Chapman & Hall/CRCPress.

Norman, D. (2002), The design of everyday things,Basic Books New York.

Oorschot, P. & Wan, T. (2009), ‘Twostep: An au-thentication method combining text and graphicalpasswords’, E-Technologies: Innovation in an OpenWorld pp. 233–239.

Radke, K., Boyd, C., Brereton, M. & Nieto, J. G.(2010), How HCI Design Influences Web SecurityDecisions, in ‘OzCHI’, ACM.

Radke, K., Boyd, C., Nieto, J. G. & Brereton,M. (2011), Ceremony analysis: Strengths andweaknesses, in ‘IFIP SEC’11’, LNCS (to appear),Springer.

Schechter, S., Dhamija, R., Ozment, A. & Fischer,I. (2007), Emperor’s new security indicators: Anevaluation of website authentication and the effectof role playing on usability studies, in ‘In Proceed-ings of the 2007 IEEE Symposium on Security andPrivacy’, Citeseer.

Shostack, A. & Stewart, A. (2008), The New Schoolof Information Security, Addison-Wesley Profes-sional, Upper Saddle River, N.J.

Simon, H. (1969), The science of the artificial, MITpress.

Simon, H. (1996), The Sciences of the Artificial. 3rded., The MIT Press, Cambridge, Massachusetts.

Smith, S. (2003), ‘Humans in the loop: Human-computer interaction and security’, Security & Pri-vacy, IEEE 1(3), 75–79.

Suchman, L. (2007), Human-machine reconfigura-tions: Plans and situated actions, Cambridge UnivPr.

Uzun, E., Karvonen, K. & Asokan, N. (2007), ‘Usabil-ity analysis of secure pairing methods’, FinancialCryptography and Data Security pp. 307–324.

Yao, A. C.-C. (1982), Theory and applications oftrapdoor functions (extended abstract), in ‘FOCS’,IEEE, pp. 80–91.

Yee, K. (2004), ‘Aligning security and usability’, Se-curity & Privacy, IEEE 2(5), 48–55.


46

http://eprint.iacr.org/

Analysis of Object-Specific Authorization Protocol (OSAP)using Coloured Petri Nets

Younes Seifi1,2 Suriadi Suriadi1 Ernest Foo1 Colin Boyd1

1Queensland University of Technology (QUT)Brisbane, Australia

Email: [email protected]

Email: {s.suriadi,e.foo,c.boyd}@qut.edu.au2Bu-Ali Sina University, Hamadan, Iran

Abstract

The use of Trusted Platform Module (TPM) is be-coming increasingly popular in many security sys-tems. To access objects protected by TPM (suchas cryptographic keys), several cryptographic proto-cols, such as the Object Specific Authorization Pro-tocol (OSAP), can be used. Given the sensitivity andthe importance of those objects protected by TPM,the security of this protocol is vital. Formal meth-ods allow a precise and complete analysis of crypto-graphic protocols such that their security propertiescan be asserted with high assurance. Unfortunately,formal verification of these protocols are limited, de-spite the abundance of formal tools that one can use.In this paper, we demonstrate the use of ColouredPetri Nets (CPN) - a type of formal technique, toformally model the OSAP. Using this model, we thenverify the authentication property of this protocol us-ing the state space analysis technique. The results ofanalysis demonstrates that as reported by Chen andRyan the authentication property of OSAP can beviolated.

Keywords: Coloured Petri Nets; CPN; CPN/Tools;security analysis; TPM, OSAP; Trusted Computing

1 Introduction

CPN is a type of formal method introducedin (Jensen; 1992, 1994, 1997) as a graphical languageto model and analyze systems. The mathematicalfoundation of CPN provides well-defined semanticswhich facilitates the unambiguous and precise model-ing of a system and its properties. Yet, the graphicalmodeling interface of CPN makes it a user-friendlyand arguably easy to use and understand. CPN mod-els are also executable and to create these executablemodels, specifications must be complete. Throughthe process of model creation, execution, and simula-tion, protocol designers may detect flaws and errorsin the protocol design, and may subsequently improvethe correctness of the protocol.

Most importantly, however, is that CPN as a gen-eral purpose formal modeling tool can generate thestate space information of the model. This state spacecan then be used by standard state space analysis


techniques (such as computational tree logic - CTL)to verify various system properties, both standardproperties (such as liveliness and boundedness) andverifier-defined properties (such as security-relatedproperties). Formal analysis of a protocol usingCPN can be aided with a tool known as the CPNTools (Jensen et al.; 2007). These tools automatemany of the tasks required to model, simulate, andanalyze systems and protocols.

CPN has been widely used (Jensen et al.; 2007) asa language to model and validate systems like commu-nication protocols, software and engineering systems.Practical implementations of using CPN in businessprocess modeling, manufacturing systems, agent sys-tem and workflow modeling are available now. Anumber of usages of CPN in modeling and analyz-ing cryptographic protocols are introduced in previ-ous works section.

The Object Specific Access Protocol (OSAP) is acryptographic protocol defined as part of the trustedcomputing (TC) platforms. This protocol governshow one can access the Trusted Platform Module(TPM)’s protected objects (such as cryptographickeys). Given the importance and sensitive of objectsprotected by TPM, it is important that we analyze itprecisely such that we can be confident of its security.As Trusted computing (TC) platforms are expectedto be an important component of a secure computingparadigm, any breach in the OSAP protocol will havea major impact on the TC platforms in general.

The use of formal methods to assert, with highassurance, the security of cryptographic protocolshas been an active research area in the last fewdecades. Through formal analysis, errors in famousprotocols like the Needham-Schroeder Public Key(NSPK) (Lowe; 1995), have been found 17 years af-ter it was introduced. This has made the use of au-tomated tools for protocol verification more evident.Such an analysis is normally aided with formal tools,including AVISPA (Vigano; 2006), CASPER (Lowe;2002), ProVerif (Blanchet; 2001), Hermes (Bozgaet al.; 2003), NRL protocol analyzer (Meadows; 1996),Isabelle (Paulson; 1994), PRISM (Kwiatkowska et al.;2004), Athena (Song; 1999), Securify (Cortier; 2003)and Scyther (Cremers; 2008) to verify security prop-erties.

Unfortunately, formal analysis of TPM-relatedprotocols, such as the OSAP, is limited. As moremethods, approaches and tools are used to analyzeTPM protocols, the more confidence one can gain re-garding the security, the reliability, and trustworthi-ness of these protocols.

The main contribution of this paper is the demon-stration of the applicability of Coloured Petri Nets (a


47

type of formal methods) in the modeling and verifica-tion of a representative TPM protocols, namely theOSAP protocol.

In this paper, the hierarchical approach of CPNis used to model one session of the OSAP. From thismodel, a state space is generated and is then usedto analyze the authentication property of OSAP. Inparticular, a number of states representing the viola-tion of the authentication property are first defined.Then, state space analysis and CTL logics are used toverify whether the violation conditions defined earliercan occur in the state space. Our formal verificationof OSAP arrives at the same conclusion as reportedby Chen and Ryan (Chen and Ryan; 2009): that theauthentication property of OSAP can be violated.

This paper is structured as follows. Section 2 in-troduces the OSAP protocol, the concept of CPNmodeling, state space analysis and ASK-CTL (a di-alect of CTL supported by CPN Tools). The model-ing of the OSAP using CPN Tools is then describedin Section 3. Section 4 shows how the authentica-tion property of OSAP is defined and how ASK-CTLverifies the satisfaction of this property. Section 5discusses related work, followed by the conclusion inSection 6.

2 Preliminaries

This section discusses trusted computing, authoriza-tion protocols of TPM, CPN modeling, state spaceanalysis and ASK-CTL. Trusted Computing (TC)is a new technology that is used in security systems.Trusted computing is defined by Trusted ComputingGroup (TCG) as a computer system for which an en-tity inside the system is responsible for supervision ofsystem behavior to be the same as what is predictedfor it (TCG; 2007). One of the main creations ofTCG’s efforts is the Trusted Platform Module(TPM)chip which is to be used for system supervision. TPMchip adds “roots of trust” (TCG; 2007) into computerplatform to establish a chain of trust.

Access to roots of trust is governed by the use ofauthorization protocols. They provide access to theTPM secrets. These protocols are one of the funda-mental protocols of trusted computing that are usedbefore other protocols, to check whether the user pro-cess is eligible to have access to the TPM secrets ornot. These protocols are illustrated in more detail innext section.

2.1 Authorization protocols

Authorization protocols or TPM command validationprotocols are one of the most important categories ofprotocols defined by TCG. TCG enforces all com-mands to the TPM that affect security, privacy orreveal platform secrets to be authorized. Authoriza-tion is based on a secret provided by the caller as apart of the command.

It is possible that different authorization sessionsconnect to one TPM. For each session a unique ses-sion identifier, unique nonce for each end point, a hashdigest for messages which have been sent or receivedand an ephemeral secret, used to tie message exclu-sively to a specific object or to encrypt message trafficif necessary, will be allocated.

These sessions are established to provide autho-rized access to the TPM. Any entity which decidesto participate in an authorization session must pro-vide a pass-phrase which is used to authorize and au-thenticate it. The pass-phrase, authorization secretor Attestation Identity Key (AIK) is a 160-bit value

which is ideally random and non-guessable. The sizeof this secret is the same as the size of a SHA-1 opera-tion result. After hashing secrets, salts and any othervalues, the result will be a fixed sized value, called au-thorization data (authData) (Chen and Ryan; 2009).

Authorization data can be associated with anyTPM object, TPM command, TPM command inter-face or TPM itself. An authorized session betweenthe caller and TPM before creating the new auth-Data is created. Authorization protocols have beendesigned in a manner that never relies on the secu-rity properties of communication protocols. WhenTPM is communicating with other user processes italways assumes they are un-trusted in relation to it-self (TCG; 2007). There are different authorizationprotocols. In the next section OSAP which is used inthis research is illustrated.

Object-Specific Authorization Protocol(OSAP)

OSAP is a challenge and response protocol used bythe TPM object caller to demonstrate its knowl-edge of authorization data. This protocol is usedto provide access to just one type of TPM ob-ject. A sample usage of this protocol that asksTPM to create a key is illustrated in (Chenand Ryan; 2009). Figure 1 from the same sourcedemonstrates the protocol sequences. In this fig-ure a name for each message exchange is considered.The names of exchanges 1 to 4 are Exchange#1,Exchange#2, Exchange#3 and Exchange#4 . Todesign the CPN model, the processes ‘ProcessTPM OSAP’, ‘Process TPM CreateWrapKey mes-sage’ and ‘Process TPM OSAP response’, ‘ProcessTPM CreateWrapKey(...) Response’ are added tothe TPM and user side. The defined operation forthese processes is extracting input parameters andstoring them in designated places for future usage.

1. In the first step, the user process sets up anOSAP session. The goal of this step is to requestTPM to create a key based on a preloaded keyin the TPM named the parent key. The handleof the parent key is pkh (parent key handle) andad(pkh) is its authorization data. Both pkh andad(pkh) are included in the TPM OSAP com-mand and are sent to the TPM.

2. TPM, after receiving the TPM OSAP command,generates ne, n

osape and assigns a new session au-

thorization handle ah. These new items are sentto the user as the response.

3. The TPM and user process calculate the sharedsecret. Calculation of shared secret is done us-ing hmac algorithm. The input arguments of thehmac algorithm are ad(pkh), nosap

e and nosapo .

4. The user process calls the TPM CreateWrapKeyfunction. The ah, pkh, no and newauth aresent by this function to the TPM. To protectnewauth, it is XORed with SHA1(S, no).

5. When this command is received, the TPM checksthe HMAC and creates the new key. Then pri-vate key and new authData are put in an en-crypted (using s as the key) package. The en-crypted package and public key are put in key-blob. The keyblob is returned by the TPM andis authenticated with an HMAC. The hmac iscreated with no and n

′

o nonces and is keyed onS .


48

TPM

� � hmac��

, ��

��#2 : ��, �� , ��

Exchange #4 : keyblob, ��) , hmac*��

) , ��

Process TPM_CreateWrapKey message

Process TPM_OSAP

USER

� � hmac��

, ��

��#1 : TPM_OSAP34�, ��

�� #3 : TPM_CreateWrapKey��, 34�, ��, < , �=>1�, �� ⊕

��?�@A� , �B��*��, ��

Process TPM_OSAP response

Process TPM_CreateWrapKey(...) Response

Figure 1: OSAP sequence diagram

6. The encrypted package is decrypted and auth-data will be retrieved from it. If the receivedauthdata is not the same as new created auth-data by user then the protocol will be termi-nated. Otherwise protocol will be continued andends normally.

This protocol can be modeled using different tools.The ‘Modeling OSAP using CPN’ section illustratesthe usage of CPN for modeling mentioned steps. Thenext section will describe CPN modeling.

2.2 CPN modeling

The CPN models are depicted as graphical draw-ings composed of places, transitions, arcs and in-scriptions(written text in the CPN ML programminglanguage). Places are shown using circles and el-lipses. Transitions shown by rectangles describe ac-tions. The transitions and places are connected toeach other using arrows called arcs. For any arc, anarc inscription can be written in CPN ML language.Input arc inscriptions are used to define the bindingof tokens from input places to transition. The outputarc inscriptions are used to define tokens that will beput into the output place of a transition. A placecan have zero or more tokens of the colour set of theplace. For each of these tokens a data value from agiven type has been considered. The data value ofeach token is called the token colour . The set of allthe tokens that can exist in a place is defined as itscolour set . The colour set of each place is writtenbelow the place using an inscription. The value ofeach variable specifies its binding . The number oftokens and their colours in all the individual placesspecifies the marking of the CPN model. The numberof tokens in just one place and their colours specifythe marking of that place. Most of the times next toeach place another inscription except its colour set iswritten that determines the initial marking of place.

For each transition, a pair consisting of transitionand binding of all the variables of transition is calledthe binding elements. It is possible to consider spe-cial inscriptions named guards for transitions. Theseinscriptions are boolean expressions that when theyare evaluated to true the transition can be enabled.Otherwise even if all the input tokens are providedthe transition can not be enabled.

Tokens do not move between pages of the CPNmodel, rather, pages are connected through specialplaces which are marked as either an input, an output,or an input/output socket. The place that consti-tutes the interface through which one page exchangestokens with the others is an input/output port . The

input sockets are the input places of substitution tran-sitions, while their output places are output socket .The other method of moving tokens between differ-ent pages is fusion set . Fusion sets glue a number ofplaces in one or more CPN pages together. They allcreate a compound place across the model.

A sample CPN model is shown in Figure 2. In thismodel the defined colour set for Sender and Receiveris STRING . This colour set like a variable in pro-gramming languages allows tokens with the type ofSTRING to be stored. The initial marking of placeSender is 1`“ONE” ++ 1`“SAMPLE”. Variable vswith string colour set is used to move the token be-tween place and transition. This place is connectedto transition ‘Send Packet’ . This transition whenguard, [vs=“ONE”] is evaluated to TRUE and re-quired input tokens are provided by input places, canbe enabled. In the model of Figure 2, for the firsttoken, [vs=“test”] guard is TRUE and ‘Send Packet’is enabled. When this transition is enabled its borderbecomes thicker than when it is disabled. In the nextstep the token is moved to the ‘Receiver’ place. Forthe second token of place Sender, because the guard[vs=“ONE”] is evaluated to FALSE, the Send tran-sition will not be enabled and this token remains inits place. The final marking of this model is shown inFigure 3.

vsvs SendPacket

[vs="ONE"]

Receiver

DATA

Sender

1`"SAMPLE "++1`"ONE"

DATA

2

1`"ONE"++1`"SAMPLE "

Figure 2: Sample CPN model and its initial marking

vsvs SendPacket

[vs="ONE"]

Receiver

DATA

Sender

1`"SAMPLE "++1`"ONE"

DATA

1

1`"ONE"

1

1`"SAMPLE "

Figure 3: Final marking of sample CPN model

2.3 State Space Analysis

Simulation of a CPN model analyzes a finite numberof executions. This helps validate the model by de-


49

tecting and finding errors in the CPN model. It candemonstrate the model is working correctly. How-ever, it is impossible to guarantee the correctness ofa model with 100% certainty because all the possibleexecutions are not covered (Jensen et al.; 2007).

A full state space generation (Occurrence Graph-OG, reachability graph/tree) calculates all possibleexecutions of the model. It calculates all reachablemarkings and binding elements of the CPN model.The result is represented in a directed graph whereits nodes are a set of reachable markings and the arcscorrespond to the occurring binding elements.

Occurrence sequence describes different occurringsteps and the reached intermediate markings to exe-cute a CPN model. If a marking via an occurrencesequence is reachable and it starts from the initialmarking then it is called a reachable marking (Jensenet al.; 2007).

In most cases after producing all states theStrongly Connected Component Graph (SCC-graph)is generated. The SCC-graph nodes are subgraphscalled Strongly Connected Components(SCC). Dis-joint division of the nodes in the state space createsthe SCC. This division is in a manner that two statespace nodes are in the same SCC if and only if theyare mutually reachable. This means that a path existsin the state space from the first node to the secondnode and vice versa. The structure of the SCC-graphcan provide information about the behavior of themodel (Jensen et al.; 2007).

State space analysis or model checking is mainlyused for model based verification of concurrent sys-tems. It is applied successfully in many formal modelsas the analysis method. State space explosion is itsmain limitation. The CPN models should be designedcarefully to prevent state space explosion. This re-search uses the CPN/Tools to create and analyze themodel.

2.4 The CPN/Tools ASK-CTL

State spaces analysis tools usually provide a num-ber of standard properties such as liveliness that canbe evaluated. However, all the required verificationproperties are not included in these tools. Temporallogics like CTL are able to reason about certain factsbased on model’s state (Cheng et al.; 1997). CTLprovides a model of time such that its structure is likea tree. In this structure the future is not determinedand different paths can occur in the future. Any ofthe branches might be an actual path that is realized.Software applications like model checkers use CTL informal verification of hardware or software artifacts.

ASK-CTL is an extension of CTL (Clarke et al.;1986) temporal logic implemented in CPN/Tools.This extension takes into account both the stateinformation and arc information. The ASK-CTLstatement is interpreted over the state space of theColoured Petri net model. Then the model checker ofCPN/Tools checks the formula over the state spaceand defines whether it is true or false. Completeinformation about the ASK-CTL can be studied in(Christensen and Mortensen; 1996).

This research uses ASK-CTL to verify the authen-tication property of the OSAP protocol. Using ASK-CTL formula to verify the CPN model, will ensurethat all the specific verified properties are valid in aspecific marking of the model. Otherwise, any partof the criteria of the verified property can be valid indifferent markings that other conditions of propertymay be incorrect.

3 Modeling OSAP using CPN

To create the CPN model of the OSAP protocol andverify its authentication property the following stepsare considered:

1. A CPN model for the protocol and intruder isdesigned and implemented. This stage consistsof a number of steps including:

(a) Identifying all the participating entitiesof the protocol and modeling them inthe CPN modeling tool (for this researchCPN/Tools)

(b) Designing and implementing requiredcolour sets, variables, ML functions andCPN pages.

2. Validating the CPN model using simulation toensure that the model behaves as specified in thestandard.

3. Calculate the state space

4. Validate the authentication property using ASK-CTL.

In the first step a CPN model for the OSAP protocoland intruder is designed and implemented. To designthe CPN model at first three different entities, user,TPM and intruder are identified. The designed colourset for the entities are shown in the Appendix A.

To store all the knowledge of intruder a specialdatabase, using csINTDB colour set, is designed. Thedetailed information about this DB is illustrated in3.2 sub-section.

To prevent state space explosion problem csSEQcolour set is designed. This colour set is used towrite specific guards for transitions. More informa-tion about this mechanism is provided in 3.1.2 sub-section. Variables that are used in the CPN modelare shown in the Appendix A.

Modeling an OSAP protocol and verifying its au-thentication property needs a special intruder model.This model is illustrated in section 3.3. The CPNmodel of intruder in Exchange#1 and Exchange#2 issimilar to intruder in Exchange#3 and Exchange#4 .Thus in this paper just the first two intruder modelsare described.

After illustrating the necessary colour sets and in-truder model the main page of the CPN model is il-lustrated in ‘OSAP CPN model’ section. This sectiondescribes how different substitution transitions areenabled and run. More detailed information about allthe modules, substitution transitions, variables, ML-functions and other parts of CPN model are available.

CPN model verification using simulation is con-ducted in CPN/Tools. It is shown that the model isoperating based on its definitions. When the statespace calculation finishes within a reasonable timewe knew that state space explosion has not occurred.Running the ASK-CTL formula verifies the authenti-cation property.

3.1 Managing state space

The state space of the CPN model takes a long time tobe created and the model can suffer from state spaceexplosion problem in the absence of optimizationtechniques. To prevent these problems, we includetwo techniques to mitigate the state space explosionproblem: model parameterization and sequence-tokenmechanism.


50

3.1.1 Model Parameterization

To prevent the state space explosion problem, weparameterize the model via two boolean parame-ters: the vinc int and the vexcl tpms. Assigning atrue/false value to vinc int causes the OSAP modelto include/exclude the intruder model. In the formercase, it represents the original protocol without in-truder consideration. Assigning a true/false value tovexcl tpms will cause the model to bypass/include theTPM in the OSAP session.

These two variables can split the state space SCCto smaller SCCs. The smaller SCC can be calculatedfaster. The state space explosion problem does nothappen during the computation of this model. Thesmaller SCC is a subset of complete SCC. Thereforeif any authentication violation condition be found init, the whole model SCC contains that violation con-dition.

3.1.2 Sequence token mechanism

The OSAP CPN model without any optimizationhas the problem of state space explosion. When thenumber of occurrence graph nodes of state space in-creases significantly this problem occurs. To pre-vent this issue the number of occurrence graph statesshould be reduced. This reduction can be done by us-ing other tools that implement more optimized statespace analysis algorithms such as (Westergaard et al.;2009) or by improving the CPN model to make itmore efficient preventing its useless states to be en-abled.

In this research the latter approach is chosen toreduce the number of states and prevent state spaceexplosion. Al-Azzoni in (Al-Azzoni; 2004) proposes atoken passing mechanism to prevent concurrent runsof different transitions. To implement this method atoken moves from one transition to the next transi-tion. This approach in complicated models with var-ious pages creates difficulties in managing tokens andconnecting arcs, because additional arcs and placesare required to move tokens.

To make this approach more manageable, in ourmodel, a specific colour set named csSEQ and a spe-cial fusion set named GF seq, that is accessible by allpages, is defined. This colour set determines whichCPN page is or will be the active page at any giventime.

The current active page is always stored in theGF seq fusion set and the CSI place (a place locatedin all the model pages) becomes accessible for thetransitions in the page. When the transition fetchesthe sequence token from the CSI place it can eitherchange it to determine the next active page or doesnot change it to stay in the current page. For examplein page U2, Figure 4, the current page of the modelis fetched from the GF seq fusion set using the CSIplace and the vseq variable. When the value of vseqis equal to ‘user2’ the process ‘Process TPM OSAPResponse’ transition can be enabled.

The next page that should be run after the U2page, based on OSAP session main page, Figure 7, isU3 . Thus, the ‘Process TPM OSAP Response’ tran-sition changes the current sequence value to ‘user3’and stores its token in GF seq fusion set using fusionplace CSO . This approach is followed for all pages.

This method prevents concurrent runs of protocolin the current model. However, if the analyzed prop-erty is violated in one session it will be violated ina number of concurrent sessions. To analyze parallelsessions this approach can be extended by adding theidentifier of other session(s) transitions to the csSEQ

colour set. Moreover, at the end of running one CPNpage, the CPN model randomly assigns one of theidentifiers of all the pages that can be run in parallelto the sequence token.

3.2 Intruder’s database

The intruder model contains a database (DB) whichstores all the intruder knowledge. This database is alocation to accumulate all the sent and received mes-sages through the intruder. It also stores the initialknowledge of the intruder. The colour set csINTDBis designed for this purpose.

The initial values of the intruder’s database onlycontain those values that are assumed to be publiclyknown, which include the parent key handle - pkh andthe corresponding authorization data ad(pkh).1

3.3 Intruder model

The intruder model of OSAP is based on the Dolev-Yao approach (Yao; 1983). The Dolev-Yao modelconsiders the intruder as the medium that transfersmessages. It can edit, remove, forward, duplicate andcreate new messages. In other words, it acts as aman in the middle who can modify messages betweenthe user and the TPM, or it can bypass the TPMaltogether (see Figure 5 and Figure 6 for illustration).

The OSAP intruder can store any sent and re-ceived message in its database. For each whole mes-sage, the message and each of its fields are stored inthe database. After that either a whole message isfetched from database and is sent to TPM or user, ora new message is created by fetching its fields from theintruder’s database. When a new message is created,the retrieved fields from the DB can be created by theintruder or they can be stored in the DB, as parts ofprevious messages, during previous exchanges.

genuine

message

faked

message

Intruder Receiver Sender

Figure 5: Sent message is changed by the intruder

genuine

message

faked

message

Intruder 1 Receiver Sender

Intruder 2 Receiver Sender

Figure 6: Intruder has bypassed receiver

A more detailed explanation of our intruder modeland our modeling approach is provided in AppendixB.

3.4 OSAP CPN model

After designing colour sets, variables and requiredfunctions, based on the shown protocol in Figure 1the main page of the CPN model is designed, Fig-ure 7. The OSAP protocol is composed of four dif-ferent exchanges. In any exchange, TPM and the

1This assumption is consistent with the formal model shownpreviously in (Chen and Ryan; 2009).


51

user3

e

(vah,vne,vne_osap)

vne_osap vnevah

Process TPM_OSAPResponse

[vseq=user2]

CSO

GF_seqcsSEQ

CSIGF_seq

csSEQ

ne_osap_user

ne_osap_usercsNONCE

ne_user

ne_usercsNONCE

ah_user

ah_user

csOSAP_RESPONSE

Start SharedSecret

OutUNIT

Out

ah_user ne_user

GF_seq GF_seq

vseq

csAUTH_HANDLE

ne_osap_user

ReceivedTPM_OSAP ResponseInIn

Figure 4: Page U2 module of the OSAP CPN model

user are either the sender or receiver, whilst the in-truder acts as both the sender and receiver. Theprotocol is started from the user and it finally endswith the user. To make the model more readableand to simplify the modeling process, a hierarchicalCPN model is proposed in Figure 7. The first substi-tution transition of this model is used to create theTPM OSAP (pkh, nosap

o ) message. This message issent to the TPM. However, the intruder can inter-cept this message. The intruder, using the Intruder 1substitution transition, is able to send the originalor faked message toward TPM or user. If it sendsthe message to the TPM, because of the specific for-mat of the message in Figure 7, it can be receivedonly by the ‘Process TPM OSAP’ substitution tran-sition. If the message is sent to the user again, thisnew message should be created by intruder. The In-truder 2 substitution transition is the only transitionthat can do this, thus the method of message move-ment is changed from the Figure 5 approach to theFigure 6 approach.

When the Figure 5 approach is chosen the mes-sage is processed by the ‘Process TPM OSAP’ sub-stitution transition. Then the message Exchange#2and shared secret S are created by ‘Send TPM OSAPResponse’ and ‘Create Shared Secret TPM’ substi-tution transitions. The result will be sent towarduser. Intruder 2 is able to intercept the message Ex-change#2 . It can send the faked message to the useror TPM again. However, because sending new mes-sage directly from Intruder 2 to Intruder 3 and thento the TPM does not affect the analysis of authenti-cation property no path between Intruder 2 and In-truder 3 is created.

The ‘Process TPM OSAP Response’ after process-ing the message, creates the shared secret. ThenTPM CreateWrapKey(...) generates the Exchange#3and sends it to the TPM. What happens for thismessage is the same as Exchange#1 . It is in-tercepted by Intruder 3 . Then will be forwardedto either TPM and will be processed by ‘ProcessTPM CreateWrapKey message’, or the Intruder 4and will be replaced by a faked message. In the formercase ‘Send TPM CreateWrapKey Response’ will beexecuted as the next step. In the latter case after theIntruder 4, ‘Process TPM CreateWrapKey(...) Re-sponse’ is executed and the protocol will be ended.

In Exchange#1 the role of Exclude Intruder 1 andInclude Intruder 1 transitions is to produce planned

configuration for OSAP. When Intruder 1 is ex-cluded, the Exclude Intruder 1 transition is enabled,intruder is bypassed and TPM OSAP message movesfrom Sent TPM OSAP message 1 to the ReceivedTPM OSAP message place. Including Intruder 1 inthe model enables Include Intruder 1 transition andmoves the TPM OSAP message toward Intruder 1 .To implement the required configuration of CPNmodel equivalent places and transitions are consid-ered in Exchange#2, Exchange#3 and Exchange#4 .

At the start of a protocol a token with a colourset of csSEQ and the colour of user1, is stored inthe place ‘Start Session 1’ . This colour determinesthat TPM OSAP(pkh, no osap) is the first substitu-tion transition that is enabled. This token during thesimulation and analysis moves from one transition tothe other and specifies the sequence of the protocolrun. It is the token that is used to implement se-quence token mechanism.

4 Verification of the model using state-space

In this research the CPN/Tools state space is used toevaluate the authentication property of OSAP proto-col. To evaluate the authentication property a CPNmodel is created for OSAP. To validate this modelit is simulated without intruder. The completion ofthe model during the simulation with correct resultsdemonstrates the validity of the model. To verify theauthentication property, we firstly define several for-mal notations, predicates, and operator that we willneed to use. Then, we formalize a condition (in anASK-CTL statement) whose fulfillment will violatethe authentication property of the OSAP protocol.We then execute the statement to verify if the au-thentication property can be violated.

The designed CPN model in this research checksthe authentication property of OSAP protocol. Toverify this property the violation conditions are de-fined, then the CPN model investigates whether theyare fulfilled or not.

A simple way to demonstrate the violation of theauthentication property is by demonstrating the abil-ity of an intruder to complete the OSAP protocolsuccessfully (that is, with the user accepting the newsession authorization data at the end of the protocolwithout even involving the TPM whatsoever in theprocess.

In other words, in our model, the authentication


52

vw

rapkey_rs

p

vosap_re

s

vosap_re

s

vosap_re

s

vosap_m

sg

vosap_m

sg

vosap_m

sg

vosap_re

s

vosap_re

s

vw

rapkey_m

sg

vw

rapkey_m

sg

vw

rapkey_rs

p

int2

vseq

vseq

int4

vseq

vseq

vseq

vseq

vosap_re

s

()

()

vosap_m

sg

()

()

vw

rapkey_rs

p

()

vw

rapkey_m

sg

() vw

rapkey_m

sg

() ()

vosap_re

s

()

()() ()

vosap_re

s

vosap_m

sg

()

vosap_m

sg

seq

[vin

c_in

t=tr

ue]

[vin

c_in

t=fa

lse]

[vin

c_in

t=fa

lse]

[not

vin

c_in

t]

[vseq=

bypass2]

[vseq=

bypass1]

[bypass_tp

m=

fals

e]

[bypass_tp

m=

fals

e]

[bypass_tp

m=

fals

e]

[bypass_tp

m=

fals

e]

[bypass_tp

m=

fals

e]

csW

RAPKEY_RESPO

NSE

csW

RAPKEY_M

SG

csO

SAP_M

SG

csSEQ

csSEQ

csSEQ

csSEQ

csO

SAP_RESPO

NSE

UN

IT

UN

IT

csW

RAPKEY_RESPO

NSE

UN

IT

csW

RAPKEY_M

SG

UN

IT

UN

IT

UN

IT

UN

IT

csO

SAP_RESPO

NSE

csO

SAP_M

SG

csO

SAP_M

SG

1`user1

csSEQ

Pro

cess

TPM

_O

SAP R

esponse

U2

U2

vw

rapkey_rs

p

End S

essio

n 1

Sta

rt S

essio

n 1

TPM

_O

SAP(p

kh,

no_osap)

U1

U1

Sent

TPM

_O

SAP

message1

vosap_m

sg

vosap_m

sg

Intr

uder_

1

Int_

1In

t_1

Exclu

de

Intr

uder

1

Bypass

Token 1

Run

Intr

uder

2Cut

Sequence 1

vseq

csSEQ

Run int

Token2

vseq

vosap_re

s

csO

SAP_RESPO

NSE

Pro

cess

TPM

_O

SAP

T1

T1

Receiv

ed

TPM

_O

SAP

message

Sta

rt S

eq

2

Send T

PM

_O

SAP

Response

T2

T2

Sta

rt S

hare

d

Secre

t

Cre

ate

Share

d S

ecre

tTPM

T3

T3

CSO

1

GF_seq

GF_seq

Sent

TPM

_O

SAP

message2

Inclu

de

Intr

uder

1

Intr

uder_

2

Int_

2In

t_2

Sent

TPM

_O

SAP

Response2

csO

SAP_RESPO

NSE

End S

SCre

ation

Hash is

Done

Receiv

ed T

PM

_O

SAP

Response

Sta

rt c

reating

Share

d S

ecre

t

Cre

ate

Share

d S

ecre

tU

ser

U3

U3

Sta

rt S

eq

3

Inclu

de

Intr

uder

2Sent

TPM

_O

SAP

Response1

Exclu

de

Intr

uder

2

vw

rapkey_m

sg

TPM

_Cre

ate

Wra

pKey

Receiv

ed m

essage

Pro

cess

TPM

_Cre

ate

Wra

pKey

message

T4

T4

Sta

rt S

eq

4

Send

TPM

_Cre

ate

Wra

pKey

Response

T5

T5

vw

rapkey_m

sg

vseq

csSEQ

vseq

TPM

_Cre

ate

Wra

pKey

Sent

Response1

TPM

_Cre

ate

Wra

pKey(.

..)

U4

U4

TPM

_Cre

ate

Wra

pKey

Sent

message1

Exclu

de

Intr

uder

3

[vseq=

bypass1]

[vin

c_in

t=tr

ue]

[vin

c_in

t=tr

ue]

TPM

_Cre

ate

Wra

pKey

Rec R

esponse

Pro

cess

TPM

_Cre

ate

Wra

pKey(.

..)

Response

U5

U5

vw

rapkey_rs

p

[vin

c_in

t=tr

ue]

csW

RAPKEY_RESPO

NSE

Run int

Token 4

Run

Intr

uder

4

[vseq=

bypass2]

CSO

2G

F_seq

GF_seq

Cut

Sequence 2

Bypass

Token 2

Intr

uder_

3

Int_

3In

t_3

TPM

_Cre

ate

Wra

pKey

Sent

message2

Inclu

de

Intr

uder

3

csW

RAPKEY_M

SG

vw

rapkey_m

sg

Inclu

de

Intr

uder

4

TPM

_Cre

ate

Wra

pKey

Sent

Response2

vw

rapkey_rs

p

Intr

uder_

4

Int_

4In

t_4

TPM

_O

SAP

Response

Exclu

de

Intr

uder

4

[vin

c_in

t=fa

lse]

vw

rapkey_rs

p

Figure 7: main page of OSAP protocol CPN model


53

property of the OSAP protocol is violated if theintruder intercepts the message during during Ex-change#1 and Exchange#3 and does not forwardthe message to the TPM; instead, the Intruder 2 andIntruder 4 modules are executed following the inter-ception of the messages (from the user) during Ex-change#1 and Exchange#3 respectively.

We can formalize the authentication violation con-dition by using the ASK-CTL statement. To do so,we define the following notations and predicates:

• let M be the set of all reachable marking of theOSAP CPN model,

• M0 be the initial marking of the OSAP CPNmodel,

• [M0〉 be the set of all reachable markings fromM0,

• POSAP SessionReceived TPM OSAP message be a CPN place

with the name of Received TPM OSAP messageon the CPN page called OSAP Session,

• Marking(Mi, POSAP SessionReceived TPM OSAP message) repre-

sents the set of tokens at the CPN placePOSAP SessionReceived TPM OSAP message at a marking Mi

where Mi ∈M0〉,

• MNoOSAPMsg = {Mi|Mi ∈ [M0〉∧|Marking(Mi, P

OSAP SessionReceived TPM OSAP message)| ==

∅ be a set of markings representing the situationwhereby no initial OSAP message (that is,message from user to the TPM in Exchange#1 )is received by the TPM,

• MNoCreateWrapKeyMsg = {Mi|Mi ∈ [M0〉∧|Marking(Mi, P

OSAP SessionTPM CreateWrapKey Received message)|

== ∅ be a set of markings representing thesituation whereby no create wrap key message(that is, message from user to the TPM inExchange#3 ) is received by the TPM, and

• MEndSuccess = {Mi|Mi ∈ [M0〉∧|Marking(Mi, P

OSAP SessionEnd Session 1 )| > 0 be a set

of markings representing the situation wherebythe OSAP session was completed and acceptedby the user as successful.

The main ASK-CTL operator we use to formalizethe violation condition of the authentication propertyis the EXIST UNTIL(F1,F2) operator (F1 and F2 areboolean formula). This operator returns true if thereexists a path whereby F1 holds in every marking alongthe path from a given marking (e.g. M0) until itreaches another marking whereby F2 holds.

Having described the above notations, predicates,and operator, we can now formally assert that theauthentication property of the OSAP protocol is vio-lated if, from M0, the following ASK-CTL statement

• EXIST UNTIL[(MNoOSAPMsg ∧MNoCreateWrapKeyMsg),MEndSuccess]

returns true.Results: we have generated the state space of our

OSAP model and we have executed the above ASK-CTL statement. Our model shows that the aboveASK-CTL statement is true which means that theauthentication property of the OSAP protocol doesnot hold.

5 Previous works

Coloured Petri Nets have been used by (Doyle et al.;1997) for analyzing cryptographic protocols. Theyhave modeled each legitimate protocol entity and in-truder using Petri Net Objects(PNO). Intruder cando a variety of actions. Ultimate goal of the anal-ysis is to determine whether protocol can withstandintruder attacks and actions or not. The large num-ber of attacks that intruder may pursue makes handanalysis impossible. The Prolog is used for analy-sis in this research. This research provides a modelfor handset authentication protocol used in CT2 andCT2Plus wireless communication protocols and ana-lyzes them.

The Station-to-Station (STS) security protocol isanalyzed in (Aly and Mustafa; 2003) using CPN.Aly and Mustafa use CPN to model all the protocolobjects and intruder. They deduce describing pro-tocol entities and its attacker using CPN provides asolid foundation for protocol analysis. However, otheranalysis approaches do not offer these features.

Al-Azzoni in (Al-Azzoni et al.; 2005) has useda hierarchical CPN model to analyze TMN key ex-change protocol. The proposed approach at first mod-els TMN entities. The intruder CPN model is de-signed and added to the protocol model in the nextstep. The Design/CPN tool is used to analyze thecreated model. Concept of DB-place is introduced tosimplify representation of the intruder’s knowledge.This concept is used in this research to design theDB of intruder. Al-Azzoni uses the application ofthe token passing scheme to resolve the problem ofstate space explosion that during the simulation inDesign/CPN occurs. This research is based on Al-Azzoni’s approach. Moreover, a current state tokenmechanism is used to determine current page of themodel that should be run using fusion sets. In thismechanism a guard is added to transitions of a nom-inated page. This guard enables a transition justwhen container page of transition is the active pageof model.

6 Conclusion and Future Works

The goal of this research is to analyze the OSAP pro-tocol using CPN. The results of the analysis showthat authentication property of this protocol can beviolated. This model is designed based on assump-tions from (Chen and Ryan; 2009). The analysis canbe completed by different assumptions to study theprotocol in more detail.

The approach used can be applied to other securityproperties such as secrecy. Analyzing other proper-ties would require some refinements in the model toadd the required places, transitions and colour sets.It is necessary to write new ASK-CTL formulas tovalidate results. It is even possible to use CPN fordefining new security properties and analyze them toinvestigate new problems. This goal can not be eas-ily achieved using specific purpose security analysistools. However, the process of analyzing the sameproperty for general purpose tools such as CPN ismore time consuming than specific purpose tools. Tomake the modeling time as fast as possible new mod-ules, libraries and constructs should be added to theCPN.

The designed intruder model based on Dolev-Yaoapproach can be replaced by other models. How-ever, this replacement needs significant changes. Suchchanges would require effort and time. Because theDolev-Yao attacker model is a powerful and popular


54

attacker model used in analyzing protocols, change isnot recommended.

The OSAP protocol is a part of trusted computingprotocols. As mentioned earlier, one of the advan-tages of using CPN for modeling is its ability to com-pose different models. This makes CPN a solution forcombining OSAP with other trusted computing pro-tocols. The combined model can then be analyzed.

The main disadvantage of using CPN in model-ing is its firm connection with protocol structure. Inthe created model, any inconsiderable change in pro-tocol and its message structure can cause significantchanges in the CPN model. This leads to inevitablecascaded changes in the CPN model. However, thisfirm connection helps designers to be more familiarwith the protocol specifications. Specifications canbe compared with their implementations, to investi-gate whether they are compliant with each other ornot. The other drawback of using CPN is state spaceexplosion during state space analysis. Unfortunately,this issue can not be predicted before ending the pro-tocol design.

As future work CPN can be used for modeling Ses-sion Key Authorization Protocol (SKAP), proposedin (Chen and Ryan; 2009), Digital Rights Manage-ment (DRM) and other protocols that their specifi-cation and prospected analyzed security property iscompatible with CPN capabilities.

References

Al-Azzoni, I. (2004). The verification of cryptographicprotocols using coloured petri nets, Master’s thesis,Department of Software Engineering.

Al-Azzoni, I., Down, D. G. and Khedri, R. (2005).Modeling and verification of cryptographic proto-cols using coloured petri nets and esign/cpn, Nord.J. Comput. 12(3): 200–228.

Aly, S. and Mustafa, K. (2003). Protocol verificationand analysis using colored petri nets, Depaul Uni-versity. July .

Blanchet, B. (2001). An efficient cryptographic pro-tocol verifier based on prolog rules, CSFW, number0-7695-1146-5, IEEE Computer Society, pp. 82–96.

Bozga, L., Lakhnech, Y. and Perin, M. (2003). Her-mes: An automatic tool for verification of secrecyin security protocols, Computer Aided Verification,Springer, pp. 219–222.

Chen, L. and Ryan, M. (2009). Attack, solutionand verification for shared authorisation data intcg tpm, Formal Aspects in Security and Trust,pp. 201–216.

Cheng, A., Christensen, S. and Mortensen, K.(1997). Model checking coloured petri nets exploit-ing strongly connected components, Citeseer.

Christensen, S. and Mortensen, K. (1996). De-sign/CPN ASK-CTL Manual.

Clarke, E., Emerson, E. and Sistla, A. (1986). Auto-matic verification of finite-state concurrent systemsusing temporal logic specifications, ACM Trans-actions on Programming Languages and Systems(TOPLAS) 8(2): 244–263.

Cortier, V. (2003). A guide for securify.

Cremers, C. (2008). The scyther tool: Verification,falsification, and analysis of security protocols,Computer Aided Verification, Springer, pp. 414–418.

Doyle, E., Tavares, S. and Meijer, H. (1997). Au-tomated security analysis of cryptographic proto-cols using coloured petri net specifications., Mas-ter’s thesis, Queen' s University at Kingston.

Jensen, K. (1992). Coloured petri nets. basic con-cepts, analysis methods and practical use. basicconcepts, Springer, Berlin vol. 1.

Jensen, K. (1994). Coloured petri nets. basic con-cepts, analysis methods and practical use. analysismethods, Springer, Berlin vol. 2.

Jensen, K. (1997). A brief introduction to colouredpetri nets, in E. Brinksma (ed.), TACAS, num-ber 3-540-62790-1 in Lecture Notes in ComputerScience, Springer, Enschede, The Netherlands,pp. 203–208.

Jensen, K., Kristensen, L. and Wells, L. (2007).Coloured petri nets and cpn tools for modellingand validation of concurrent systems, InternationalJournal on Software Tools for Technology Transfer(STTT) 9(3): 213–254.

Kwiatkowska, M., Norman, G. and Parker, D. (2004).Prism 2.0: A tool for probabilistic model checking,Quantitative Evaluation of Systems, 2004. QEST2004. Proceedings. First International Conferenceon the, IEEE, pp. 322–323.

Lowe, G. (1995). An attack on the needham-schroeder public-key authentication protocol, In-formation processing letters 56(3): 131–133.

Lowe, G. (2002). Casper: A compiler for the analysisof security protocols, Computer Security Founda-tions Workshop, 1997. Proceedings., 10th, IEEE,pp. 18–30.

Meadows, C. (1996). The nrl protocol analyzer: Anoverview, J. Log. Program. 26(2): 113–131.

Paulson, L. (1994). Isabelle: A generic theoremprover, Springer.

Song, D. X. (1999). Athena: A new efficient auto-matic checker for security protocol analysis, CSFW,pp. 192–202.

TCG (2007). Tcg specification architecture overviewrevision 1.4.

Vigano, L. (2006). Automated security protocol anal-ysis with the avispa tool, Electr. Notes Theor.Comput. Sci. 155: 61–86.

Westergaard, M., Evangelista, S. and Kristensen,L. M. (2009). Asap: An extensible platformfor state space analysis, in G. Franceschinis andK. Wolf (eds), Petri Nets, number 978-3-642-02423-8, Springer, Paris, France, pp. 303–312.

Yao, A. (1983). On the security of public key pro-tocols, IEEE Transactions on Information Theory29(2): 198–208.


55

01 colset csTERMS = with null | ah | ahi |no_osap | ne | ne_osap |ne_osap1 | no | ne1 | ni1 |pkh_pub | pkhi | keyblob |keyblobi | ad_pkh_pub |newauth | authdatai;

02 colset csATTACK = with posattack | negattack;03 colset csSEQ = with user1 | user2 |

user3 | user4 | user41 | user42 |user43 | user5 | int1 | int2 | int3 |int4 | intx3 | tpm1 |tpm2 | tpm3 |tpm4 | tpm5 | bypass1 |bypass2 | endses | terminateses;

04 colset csAUTH_HANDLE = subset csTERMS with [ah,ahi];

05 colset csNONCE = subset csTERMS with [no_osap,ne, ne_osap, no, ne1, ni1];

06 colset csPUBKH = subset csTERMS with[pkh_i, pkh_pub];

07 colset csPubKey = subset csTERMS with [pub_key];08 colset csAUTH_DATA = subset csTERMS with

[ad_pkh_pub,newauth,authdatai];09 colset csOSAP_MSG = product

csPUBKH * csNONCE;10 colset csOSAP_RESPONSE = product

csAUTH_HANDLE * csNONCE * csNONCE;11 colset csSHARED_SECRET = product

csAUTH_DATA * csNONCE * csNONCE;12 colset csKEYBLOB = product

csSHARED_SECRET * csAUTH_DATA;13 colset csXOR_OUTPUT = product

csSHARED_SECRET * csNONCE *csAUTH_DATA;

14 colset csHMAC_OUTPUT = productcsSHARED_SECRET * csNONCE * csNONCE;

15 colset csWRAPKEY_INPUT = productcsAUTH_HANDLE * csPUBKH *csNONCE * csXOR_OUTPUT;

16 colset csWRAPKEY_MSG = productcsWRAPKEY_INPUT * csHMAC_OUTPUT;

17 colset csWRAPKEY_RESPONSE = productcsKEYBLOB * csNONCE *csHMAC_OUTPUT;

18 colset csINTDB = unionfipkh : csPUBKH +finonce : csNONCE +fiah : csAUTH_HANDLE +fixor_output : csXOR_OUTPUT +fihmac_output : csHMAC_OUTPUT +fikeyblob : csKEYBLOB +fiosap_msg : csOSAP_MSG +fiosap_res : csOSAP_RESPONSE +fiwrapkey_msg : csWRAPKEY_MSG +fiwrapkey_rsp : csWRAPKEY_RESPONSE +fiwrapkey_input : csWRAPKEY_INPUT +fiss : csSHARED_SECRET +fiauthdata : csAUTH_DATA;

Figure 8: List of CPN model colour sets

A Colour Set Definition

The colour sets and variables definition used in theOSAP model are detailed in Figure 8 and Figure 9 re-spectively. Understanding these colour sets and vari-ables is preliminary in learning how Figures 4, 7, 10and Figure 11 models work. The design method ofCPN models can be used to model and analyze otherprotocols.

B Details of the Intruder Model

In the OSAP CPN model, Figure 7, the behavior ofthe intruder varies in different exchanges. For thefirst exchange the intruder model operation is basedon what was illustrated for Figure 6. In the secondmessage exchange the intruder’s role is like Figure 5,but Intruder 2 is not always enabled by the TPM.Sometimes, when Intruder 1 has bypassed the TPM,Intruder 2 can start its operation from the transi-

val vinc_int = true;val vexcl_tpms = true;var e : UNIT;var vseq, vseq1, vseq2 : csSEQ;var tmpstr : STRING;var vosap_res : csOSAP_RESPONSE;var vne, vne1, vnonce1,

vnonce2 , vne_osap, vno,vne_osap1, vno_osap : csNONCE;

var vah : csAUTH_HANDLE;var vosap_msg : csOSAP_MSG;var vauthdata, vnewauth : csAUTH_DATA;var vss: csSHARED_SECRET;var vxor_output : csXOR_OUTPUT;var vwrapkey_input,

vwrapkey_output : csWRAPKEY_INPUT;var vwrapkey_msg : csWRAPKEY_MSG;var vwrapkey_rsp : csWRAPKEY_RESPONSE;var vhmac_output, vhmac_user,

vhmac_tpm : csHMAC_OUTPUT;var vkeyblob : csKEYBLOB;var vpkh, vpkhu, vkh : csPUBKH;

Figure 9: List of model variables

tion that should create a new message. In the thirdsequence, the Intruder 3 acts exactly the same as In-truder 1 . It can either send a faked message directlyto the TPM or bypass the TPM and ask Intruder 4to create a faked message and send it to the user.Intruder 4 accomplishes the same operations of In-truder 2 for different input message colour sets.

The main goal of the intruder’s CPN model is toverify the authentication property. When this prop-erty is violated the intruder can bypass the TPM or itcan fake messages that are sent from TPM to the user.Because of the first situation (intruder can bypassthe TPM) a connection between Intruder 1 and In-truder 2 and another connection between Intruder 3and Intruder 4 is created.

To introduce functionalities of the intruder, thenext two sections illustrate the CPN model of ‘In-truder 1’ and ‘Intruder 2’ in more detail.

The Intruder 1 functionality

The input token of Intruder 1 (Figure 10, page Int 1of OSAP CPN model) substitution transition isstored in the tmp storage place. Then the ‘store mes-sage parts in DB’ transition stores each of its fields,pkh and no osap, in the intruder’s database, fipkh andfinonce, fields respectively. This transition is enabledwhen the current sequence token, coming from theCSI place and always stored in GF seq global fusionset, is equal to int1 . The considered guard for transi-tion, [vseq=int1], is used to enable the transition. Toprevent this transition from being enabled more thanonce, the ‘JO1’ place, holding just one token, is con-nected to the transition. At the end of this transitionthe sequence token is moved to the ‘ST1’ place andwill enable the ‘Store Whole message in DB’ transi-tion.

The ‘Store Whole message in DB’ transition storesthe token of ‘Sent TPM OSAP’ place in fiosap msgfield of intruder’s database. This token at the start ofthe Intruder 1 page was stored in ‘Tmp echg1’ fusionset. The functionalities of ‘JO2’ and the [vseq=int1]guard are the same as the equivalent place and guardfor the ‘store message parts in DB’ transition. At theend of this transition the sequence token will move tothe ‘ST2’ place. At ST2 based on the model con-figuration the next steps of the model will be de-termined. If TPM is excluded([vexcl tpm andalsovinc int] is evaluated to TRUE) then intruder does


56

bypass1

bypass1

vseq

vseq

vseq

vseq

vseq

vseq

vseq

finonce(vno_osap)

tpm1

fakedxchg1(vosap_msg)vosap_msg

vosap_msg

(vpkh, vno_osap)

vosap_msg

vseq

e

e

e

e

vseq

vseq

fipkh(vpkh)

(vpkh,vno_osap)vosap_msg

vosap_msg

vosap_msg

vseq

vseq

finonce(vno_osap)

fipkh(vpkh)

fiosap_msg(vosap_msg)

fiosap_msg(vosap_msg)

Bypass all TPMtransitions

[vseq=int1]

Bypass one TPMtransition

[vseq=int1]

TPMincluded

[ not vexcl_tpms andalso vinc_int]

TPM excluded

[vexcl_tpms andalso vinc_int]

check attack

start fieldsstorage

Create newmessage

[vseq=int1]

Forward stored message

[vseq=int1]

Store Whole message

in DB

[vseq=int1]

Store message parts

in DB

[vseq=int1]

ST2_2

csSEQ

ST2

csSEQ

inTokennonce1

GF_intDB csINTDB

CSO

GF_seq csSEQ

Run intruder2

OutcsSEQ

tmp outputTPM_OSAPmessage

csOSAP_MSG

int1change

csATTACK

CSI

GF_seqcsSEQ

JO4

1`()

UNIT

JO3

1`()

UNIT

JO2

1`()

UNIT

JO1

1`()

UNIT

ST1

csSEQ

tmp storage

Tmp_echg1 csOSAP_MSG

Sent TPM_OSAP

Tmp_echg1 csOSAP_MSG

ST2_1

csSEQ

outTokennonceGF_intDB

csINTDB

outTokenpubkhGF_intDB

csINTDB

IntruderDB

GF_intDBcsINTDB

Whole token

GF_intDBcsINTDB

inTokenpubkh

GF_intDB csINTDB

Sent TPM_OSAP

PacketIncsOSAP_MSG

outputTPM_OSAPmessageOut

csOSAP_MSG

Out

GF_intDB

GF_intDB

GF_intDB

GF_intDB

Tmp_echg1

GF_seq

GF_intDB

Out

GF_seq

In

Tmp_echg1

GF_intDB

1

1

1

1

Figure 10: CPN model of Intruder 1 module

not create any message and after bypassing TPM en-ables Intruder 2 . Including TPM in the model movessequence token to the ST2 1 place. At this time threedifferent transitions can be enabled.

First, the TPM can be bypassed by enabling the‘Bypass TPM’ transition. This transition moves thesequence token to the ‘Run intruder 2’ place. Thismakes intruder 2 enabled and none of the TPM tran-sitions in the TPM-related pages will be enabled.

Second, the ‘Forward stored message’ transitioncan be enabled. A token from the intruder’s databaseis fetched by ‘Intruder DB’ place and then it is storedin the ‘tmp output TPM OSAP message’ place. Thistoken after been checked by ‘check attack’ transitionwill be sent to the receiver.

Third, the ‘Create new message’ transition can beenabled. After that all the required tokens are fetchedfrom the intruder’s database to compose a new mes-sage. The new token is again checked by the ‘checkattack’ transition and then will be sent to the TPM.

The Intruder 2 functionality

The CPN model of Intruder 2 substitution transi-tion is shown in figure 11. The name of CPN pageof Intruder 2 in figure 7 is Int 2 . The input tokenmoves from OSAP Session to the Int 2 page using‘Sent TPM OSAP Response’ input port. To makethe model simpler the Tmp xch fusion set is created.This fusion set easily provides access to the OSAPresponse message. The ‘Store Whole message in DB’and ‘Store message parts in DB’ transitions function-ality is the same as the corresponding transitions inInt 1 page.

The difference between Intruder 1 and Intruder 2

is in the method of getting the token by ST2 . In In-truder 1 the stored sequence token in this place onlycomes from the previous transition of the Int 1 page.However, in Intruder 2 this token can come eitherfrom the OSAP Session page or from the ‘Store mes-sage parts in DB’ transition in page Int 2 . Whenthe input token of ST2 comes from OSAP sessionpage the TPM is bypassed by Intruder 1 and thenthe Intruder 2 substitution transition is enabled im-mediately after Intruder 1 . Bypassing TPM meansthat there is no OSAP message sent from TPM tothe user. Thus Intruder 2 does not need to store anymessage or its parts in the intruder’s database. Thefunctionality of Intruder 2 starts from the ST2 place.In this place based on the model configuration if TPMis excluded from the model an intruder required to-ken is inserted into the intruder database. Otherwisethe sequence token moves to the ST3 place. In ST3place either the ‘Forward stored message’ or ‘Createnew message’ substitution transition will be enabled.Whether the former transition is enabled or the latter,their operation is the same as the corresponding tran-sitions in the Int 1 page. The transitions and placeslocated between ST3 1 to ST3 3 provide the sequen-tial access of intruder to the finonce field of intruderdatabase to prevent racing condition deadlock.


57

fiah(ah)

vseq

vseq

vseq

vseq

vseq

vseq

vseq

vseqvseq

vseq

vseq

vseq

vne_osap

vnevseq

vne

finonce(vne)

vseq vseq

vne_osap

finonce(vne_osap)

vseq

finonce(vne_osap)

finonce(vne)vseq

fakedxchg2 (vosap_res)

vosap_res

(vah, vne, vne_osap)

vosap_res

vosap_res

vseq

user2

user2

e

e

e

e

vseq

vseq

vseq

vseq

(vah, vne, vne_osap)

vosap_res

vosap_res

vosap_res

fiah(vah)

fiosap_res(vosap_res)

fiosap_res(vosap_res)

fiah(vah)

Start create newmessage

put intruderah in DB

TPM isincluded

[not vexcl_tpms]

TPM isExcluded

[vexcl_tpms]

Start fetchingnonce

[vseq=int2]

fetch vne

[vseq=int2]

fetch vne_osap

[vseq=int2]

TPM isBypassed

[vseq=int2]

check attack

start fieldsstorage

Forward stored message

[vseq=int2]

Create newmessage

[vseq=int2]

Store Whole message

in DB

[vseq=int2]

Store message parts

in DB

[vseq=int2]

intruderah

GF_intDB csINTDB

ST2_2

csSEQ

ST2

csSEQ

ST2_1

csSEQ

ST3_3

csSEQ

tmpvne

csNONCE

tmpvne_osap

csNONCE

outTokenne

GF_intDB csINTDB

outTokenne_osap

GF_intDB csINTDB

ST3_2

csSEQ

ST3_1

csSEQ

inTokenne_osap

GF_intDB csINTDB

inTokenne

GF_intDB csINTDB

BypassToken

In csSEQ

int2change

csATTACK

Tmp Received TPM_OSAP Response

csOSAP_RESPONSE

CSI

GF_seqcsSEQ

CSOGF_seq csSEQ

JO1

1`()

UNIT

JO2

1`()

UNIT

JO4

1`()

UNIT

JO3

1`()

UNIT

ST3

csSEQ

ST1

csSEQ

TPM_OSAP Response

Tmp_xch2csOSAP_RESPONSE

tmp storage

Tmp_xch2 csOSAP_RESPONSE

outTokenah

GF_intDB csINTDB

IntruderDB

GF_intDBcsINTDB

Wholetoken

GF_intDBcsINTDB

inTokenah

GF_intDB csINTDB

Received TPM_OSAP ResponseOut

csOSAP_RESPONSE

Sent TPM_OSAP Response

IncsOSAP_RESPONSE

GF_intDBTmp_xch2

GF_seq

GF_seq

GF_intDB

GF_intDB

GF_intDB

In

Out

In

GF_intDB

Tmp_xch2GF_intDB

GF_intDB

GF_intDB GF_intDB

1

1

1

1

Figure 11: CPN model of Intruder 2


58

Tool-Supported Dataflow Analysis ofa Security-Critical Embedded Device

Chris Mills Colin J. Fidge Diane Corney

Faculty of Science and Technology,Queensland University of Technology, Brisbane

Abstract

Defence organisations perform information securityevaluations to confirm that electronic communica-tions devices are safe to use in security-critical sit-uations. Such evaluations include tracing all possibledataflow paths through the device, but this processis tedious and error-prone, so automated reachabil-ity analysis tools are needed to make security eval-uations faster and more accurate. Previous researchhas produced a tool, Sifa, for dataflow analysis ofbasic digital circuitry, but it cannot analyse data-flow through microprocessors embedded within thecircuit since this depends on the software they run.We have developed a static analysis tool that pro-duces Sifa-compatible dataflow graphs from embed-ded microcontroller programs written in C. In thispaper we present a case study which shows how thisnew capability supports combined hardware and soft-ware dataflow analyses of a security-critical commu-nications device.

Keywords: Information security evaluation; Dataflowanalysis; Static analysis; Embedded devices

1 Introduction

Security-critical communications devices used to safe-guard data confidentiality and integrity in govern-ment, military and industrial applications must berigorously evaluated before they are deployed. Typ-ical ‘domain separation’ devices used to control theflow of information between classified and unclassifiedcommunications networks include data diodes (whichenforce unidirectional information flow), encryptiondevices (which allow classified data to be sent overinsecure networks), trusted filters (which constrict in-formation flow) and keyboard-video-mouse switches(which allow a single workstation to access both high-security and low-security computers).

International standards, such as the Common Cri-teria for Information Technology Security Evalua-tion (ISO 2009), mandate information security, or‘infosec’, evaluations of such devices. For instance,

This research was funded in part by the Defence Signals Direc-torate and the Australian Research Council via ARC Linkage-Projects Grant LP0776344.

Copyright c©2012, Australian Computer Society, Inc. This pa-per appeared at the Tenth Australasian Information SecurityConference (AISC2012), Melbourne, Australia, 30th January–2nd February 2012. Conferences in Research and Practice inInformation Technology (CRPIT), Vol. 125, J. Pieprzyk andC. Thomborson, Ed. Reproduction for academic, not-for-profitpurposes permitted provided this text is included.

within Australia the Defence Signals Directorate fol-lows such standards to produce a list of trustworthydevices, known as the Evaluated Products List1.

A particularly challenging aspect of ‘high-grade’infosec evaluations is to trace all (potential) dataflowpaths through the device. With respect to the de-vice’s electronic circuitry this process is notoriouslytedious and error-prone, but it becomes virtually im-possible when embedded microprocessors are encoun-tered on the circuit board. The number of dataflowpaths through embedded program code far outweighsthe number of physical connections in the surround-ing circuitry and, unlike a circuitry schematic dia-gram, potential dataflow paths through software arenot self-evident from mere inspection of the sourcecode.

To help alleviate this problem we recently com-pleted a static analyser (Fidge & Corney 2009) whichcan extract dataflow graphs from Embedded C pro-grams in a form compatible with an existing tool forreachability analyses of digital circuitry (McComb &Wildman 2005). The combination of these two toolsthus promises to support seamless automated analy-ses of dataflow through both the electronic circuitryand embedded software of security-critical communi-cations devices.

In this paper we present a detailed case studydemonstrating for the first time how these tools canbe used together to analyse an actual domain separa-tion device, tracing dataflow through both its hard-ware architecture and embedded software. The deviceitself is a testbed specifically intended for experimen-tation with infosec evaluation processes. The analy-sis produced all of the known dataflow paths throughthis device, as well as revealing some that were notanticipated.

2 Previous and related work

Overall our concern is with automated tools that canhelp an information security evaluator understand the(potential) flow of data through an electronic device,including both its electronic circuitry and embeddedsoftware.

There are, of course, numerous electronic circuitsimulators available as both educational and debug-ging aids. These include Spice2, the Electric VLSIDesign System3 and NGSpice4. However these arefor modelling simple electronic components, semicon-ductors and logic gates, not microcontroller software.

1http://www.dsd.gov.au/infosec/epl/2http://bwrc.eecs.berkeley.edu/classes/icbook/spice/3http://www.staticfreesoft.com/4http://ngspice.sourceforge.net/


59

There are also many multiprocessor simula-tors such as PTLSim5 for the x86 microprocessor,CASPER6 for the OpenSPARC T1, the SESC Su-perESCalar Simulator7, and the IBM Full SystemsSimulator8 for the PowerPC processor, but these toolsgenerally focus on simulating a single processor at thelevel of individual instruction cycles.

Much closer to our needs are simulators for entirecircuit boards, together with their embedded micro-processors, including commercial tools such as WindRiver Simics9 and OVPSim10.

However, all of the above-cited tools are simula-tors for helping a developer debug a device by exam-ining one functional behaviour at a time. An info-sec evaluator is instead faced with the problem ofanalysing a given device which is presumed to befunctionally correct and does not need debugging.Furthermore, a security evaluator needs to considerall possible behaviours of the device, not just a few.This requirement is best served not by a simulatorbut by a static analyser which can explore all of thedevice’s behaviours at once. Finally, none of the toolscited above are designed specifically for security eval-uations.

Much more useful for this purpose are tools thattreat security-critical circuitry as a graph which canbe analysed topologically. For instance, the Uni-versal Virtual Laboratory includes a circuit analy-sis module which can determine whether or not twoseemingly-different circuits are topologically equiv-alent (Mahalingam, Butz & Duarte 2005). Moreimportantly, however, the Secure Information FlowAnalyser, Sifa, performs topological analyses of cir-cuitry schematics specifically to support informationsecurity evaluations (McComb & Wildman 2005).

We therefore used the Sifa tool as the startingpoint for our own research; its capabilities are de-scribed further in Section 3.1 below. In essence, thegoal of our overall project is to extend Sifa with theability to analyse embedded program code as well ascircuitry.

3 Dataflow analysis tools used

Before presenting the case study, this section brieflydescribes both of the tools that were used, namelythe Secure Information Flow Analyser (McComb& Wildman 2007) and our new C-to-Sifa Con-verter (Fidge & Corney 2009).

3.1 The Secure Information Flow Analyser

Sifa, the Secure Information Flow Analyser, is anopen-source11 software tool developed for the DefenceSignals Directorate to assist with infosec evaluation ofelectronic circuits (McComb & Wildman 2005). It in-corporates a simple graph editor to allow device mod-els to be constructed manually, but can also importcircuitry schematics expressed in the Vhdl hardwaredesign language.

Sifa represents electronic circuitry as a graph ofports, which form the basis for its reachability anal-yses (McComb & Wildman 2006). Typically portsdenote physical pins and connections on a circuitboard. Ports can be grouped to form components.

5http://www.ptlsim.org/6http://coe.uncc.edu/∼kdatta/casper/casper.php7http://iacoma.cs.uiuc.edu/∼paulsack/sescdoc/8http://www.research.ibm.com/systemssim/9http://www.windriver.com/products/simics/

10http://www.ovpworld.org/technology ovpsim.php11http://sifa.sourceforge.net/

These usually represent discrete electronic compo-nents on the board such as logic gates, integratedcircuit chips, connectors, etc. Sifa allows compo-nents to be grouped hierarchically, thus providinga highly flexible modelling capability. Furthermore,Sifa treats all identically-named ports as denotingthe same physical object. This allows circuitry dia-grams to be split horizontally into different ‘pages’,with identically-named ports acting as off-page con-nectors, or vertically into layered models, allowing thesame circuit to be described at different levels of ab-straction simultaneously.

Sifa provides a variety of graph-theoretic func-tions for analysing models of security-critical cir-cuitry (McComb & Wildman 2007). These includeidentifying all components between two points in thegraph (which helps exclude components that haveno security significance), finding cutsets between twopoints (which helps identify places in the circuit whereinfosec evaluations can be done most efficiently), andcomparing two different graphs for overall equivalence(which allows an abstract model of expected data flowto be compared with the actual data flow in the con-crete circuit).

However, Sifa’s most important function is itsability to identify all dataflow paths between selectedpoints in a graph, typically between a high-securitydata source and a low-security data sink. Since acircuitry graph is usually fully-connected (i.e., ev-ery electronic component is connected directly or in-directly to every other one), Sifa uses the conceptof a device’s operating modes to allow such graphsto be partitioned meaningfully. The user can defineintra-component data flow with respect to particu-lar modes. Modes are further divided into normaland ‘fault’ behaviours, with a probability attachedto the latter. (Sifa has no semantic understandingof modes, however, using them merely as a syntacticway of partitioning the search space.)

Sifa thus performs a mode-specific analysis ofinter-component reachability and presents the userwith a list of those paths through the circuit thatconnect selected data sources and sinks in particularmodes. The infosec evaluator can then inspect eachsuch path to determine whether or not it poses a se-curity risk. While adequate for circuits comprisedof simple electronic components only, this processencounters difficulties coping with the complex be-haviours of embedded microprocesors. The infosecevaluator is obliged to separately analyse the programcode to determine how data may flow through thesecomponents.

3.2 The C-to-SIFA Converter

To solve this problem, we recently completed a ‘C-to-Sifa Converter’. This is a compiler-like programthat converts Embedded C code to Sifa-compatibledataflow graphs capable of being integrated into hard-ware circuitry models. Its input consists of computerprograms written in Custom Computer Services’ Cdialect for Programmable Integrated Circuit micro-controllers12, and its output is an XML descriptionof a dataflow graph that can be loaded directly intoSifa. A preliminary description of the principles un-derlying the tool can be found elsewhere (Fidge &Corney 2009), with a more detailed description of thefinal implementation to appear in a forthcoming pa-per.

To model (potential) data flow through programcode the tool uses the Augmented Static Single

12http://www.ccsinfo.com/


60

if (u > 0) {t = t + v;

} else {t = w;

}

Figure 1: Example of a conditional statement.

if-Φ

_ > 0 +

t₀

u > 0

t₂

w

t₁

u v

component

portLegend:

data flow

control influence

Figure 2: Dataflow graph generated by the C-to-SifaConverter for the code fragment in Figure 1.

Assignment representation, originally developed forperforming ‘taint analyses’ of security-critical pro-grams (Scholz, Zhang & Cifuentes 2008). In partic-ular, this representation considers not just explicitdata flow between program variables, but also theimplicit information flow created by one variable’svalue exercising control over assignments to anothervariable (Sabelfeld & Myers 2003). For instance,given the C program fragment in Figure 1, the C-to-Sifa Converter will produce the Augmented SSAdataflow graph in Figure 2. As in traditional data-flow graphs (Cytron, Ferrante, Rosen, Wegman &Zadeck 1989) it uses a ‘φ’ node to merge alternativedataflow paths through the if statement, in this caseshowing that variable t’s final value (t2) may be de-rived either from the initial values of variables t and vor from variable w. In addition, however, the Aug-mented SSA graph also shows relevant control flows,in the same way as Gated Single Assignment repre-sentation (Ballance, Maccabe & Ottenstein 1990), inthis case showing that variable u’s value exercises con-trol over the final value of variable t.

Apart from implementing the basic conversionfrom imperative programming code to dataflowgraphs, we also needed to extend the analysis to han-dle program constructs peculiar to embedded code.These included input and output statements that in-teract directly with the surrounding hardware, low-level, non-block structured control-flow statementssuch as breaks and continues, asynchronous controlflow via hardware interrupts, and byte- and bit-leveldata operations.

The case study described below also highlightedsome practical issues that needed to be solved withinthe C-to-Sifa Converter. For instance, since the de-vice analysed contains two separate microcontrollersit was necessary to uniquely distinguish the data-

flow nodes generated for each of the two embeddedprograms (because Sifa unifies all identically-namednodes) via a command-line option for prefixing thenames of graph nodes with a microcontroller-specificidentifer. Also, the large number of dataflow nodesgenerated for program code relative to its surround-ing circuitry makes it difficult to interpret the longdataflow paths generated by Sifa, so the source codeprogram’s line number is included in the name of eachdataflow graph node generated.

Most significantly, the user needs a way to link themicrocontroller pins appearing in the circuitry dia-gram to corresponding input and output statementsin the program code (Fidge & Corney 2009). A vari-ety of potential solutions to this were contemplated,such as adding a ‘bridging’ component to the Sifamodel to explicitly link hardware and software fea-tures, or providing a configuration file to the C-to-Sifa Converter to tell it what names are used for themicrocontroller’s pins in the hardware schematic. Forthe purposes of this particular case study, however,it was found to be expedient to simply directly editthe pin names in the (hand-crafted) hardware modelto match those in the (automatically-generated) soft-ware model, especially since only a handful of themany pins on the microprocessor chips were used totransfer data.

4 The case study

To test the combined capabilities of Sifa and the C-to-Sifa Converter we performed a small, but com-plete, case study to show how potential data flow canbe traced through both the hardware and software ofan embedded domain-separation device.

4.1 The data diode device

The subject of the trial was a ‘data diode device’ pro-duced by Australia’s Defence Signals Directorate13 asan unclassified and non-proprietary testbed for exper-imenting with infosec evaluation techniques (Mallen2003). Our project team was given access to the de-vice’s design drawings, circuitry schematics and codelistings, as well as a functional version of the deviceitself. A data diode device is typically used as partof a gateway between a high-security network and alow-security one, in order to ensure that there is noinformation leakage from the former to the latter.

The particular data diode device analysedhere (Mallen 2003) contains two circuit boards con-nected by a ribbon cable as shown in Figure 3. The‘red’ circuit board is connected to the high-securitynetwork via an RS232 serial cable and the ‘black’ cir-cuit board is similarly connected to the low-securitynetwork. (This split architecture is intended to aidsecurity evaluation of the device; high-security datashould be found on the red circuit board only andthe ribbon cable forms a narrow, well-defined bottle-neck between the two security domains.) Both circuitboards contain their own Programmable IntegratedCircuit microcontroller each running a different pro-gram written in Custom Computer Services’ C di-alect. Both microcontrollers directly control LEDs onthe device’s front panel to display its communicationstatus (‘ready for data’ or ‘waiting for acknowledge-ment’). Two switches on the front panel (‘reset’ and‘ack mode’) are connected directly to the black micro-controller, and indirectly through the ribbon cable to

13http://www.dsd.gov.au/


61

Data diode device

Bla

ck (

low

-sec

urit

y) n

etw

ork

Black circuit board Red circuit board

Black micro-processor

Red micro-processor

Red

(hi

gh-s

ecur

ity)

netw

ork

LEDsSwitches

Black serial

port

Red serial port

Figure 3: Block architecture of the data diode device.

the red microcontroller, to allow the operator to con-trol the device’s operating mode.

The data diode device’s primary function is to al-low data bytes to flow from the low-security networkto the high-security one (i.e., from left to right in Fig-ure 3) but not vice versa. However, to support com-munication over unreliable networks, this particulardevice also allows acknowledgements to be returnedfrom the high-security network to the low-security one(i.e., from right to left in Figure 3). Such a capabil-ity is, of course, clearly dangerous because it allowsinformation to flow from the high-security domain tothe low-security one.

To (partially) mitigate this threat, the acknowl-edgement function is directly controlled by the op-erator via a front panel switch. Furthermore, entirebytes returned by the high-security network are notdirectly forwarded to the low-security one. Instead,the red microprocessor compares the returned bytewith the one just sent. Depending on whether or notthey match it sets one of two binary signals sent to theblack microprocessor. Finally, the black microproc-essor converts these signals into one of two characters(‘Y’ or ‘N’) returned to the low-security network, thusconstricting (but not entirely eliminating) the flow ofinformation in the unsafe direction.

Overall, therefore, this data diode device offers anideal testbed for infosec evaluation procedures sinceit has both a well-defined safe behaviour (the black-to-red data path) and a potentially unsafe behaviour(the red-to-black acknowledgement path).

4.2 Modelling and analysis process for thecase study

To perform the analysis a model of the data diodedevice’s hardware layout was first developed usingSifa’s built-in editor, as shown in Figure 4. No Vhdlrepresentation of the circuitry was available, so themodel was constructed manually, but this was nota major problem since this device’s hardware is rel-atively simple; the black circuit board’s model con-tained nine distinct components and the red board’smodel contained eight. (As is usual in these evalu-ations, power circuitry components, such as capac-itors and resistors, were not modelled.) Appropri-ate mode-specific connectivity through each of these

components, except for the microcontrollers, was de-fined for the two main operating modes of the datadiode device, namely ‘ack mode on’ and ‘ack modeoff’. (Another advantage of the data diode device asa testbed is that its significant operating modes areobvious in its design.)

Next, the source code programs for the two micro-controllers were processed by the C-to-Sifa Con-verter. (Both programs are written in the EmbeddedC dialect for the PIC16F877 microcontrollers used inthe data diode device.) Although the programs be-ing analysed were quite small, the resulting dataflowgraphs were still highly complex. The ‘black’ pro-gram consisted of only 106 lines of commented, for-matted C code, plus a 248 line header file, but re-sulted in a graph containing 195 Sifa ports groupedto form 87 dataflow graph components. Similarly,the red program’s 109 lines, plus header file, gener-ated 200 ports forming 89 dataflow components. Partof these graphs is shown in Figure 5. (Sifa does nothave an in-built graph layout tool, and the C-to-SifaConverter merely generates nodes in a simple grid,without giving consideration to layout issues such asminimising line cross-overs. Fortunately, the infosecevaluator will not normally be obliged to study thesegraphs, relying merely on the output from the analy-sis, unless an exceptionally-detailed understanding ofa particular dataflow path is required.)

It was then possible to load both the hardwareand software models into Sifa, select source and sinknodes, and automatically analyse the model to finddataflow paths of potential security signficance. Avariety of analyses were performed to ensure that allthe dataflow pathways anticipated for this device weredetected by the combined hardware-software model.Several of the paths returned by Sifa were then hand-checked in order to ensure that they conformed withour understanding of the way the device processesand forwards data. Doing this confirmed that the en-tire toolchain was working correctly and also helpedus understand some unexpected, but logically ‘cor-rect’, false-positive paths produced. (Inevitably astatic analysis such as that performed by Sifa will tosome extent overapproximate the actual paths thatoccur dynamically. While we can seek to minimisesuch false-positives, their existence is a fundamentallimitation of static analyses.)


62

Figure 4: Models of the data diode’s black and red circuit boards in Sifa’s editing window.

5 Dataflow analysis results

Having completed the hardware and software modelsa number of dataflow analyses were performed to testthe combined capabilities of the existing Sifa tool andour new C-to-Sifa Converter.

5.1 An explicit dataflow path

As an initial test we selected the incoming line of thedata diode device’s black serial connector as the datasource of interest and the outgoing line of the redserial connector as the data sink, in order to iden-tify (safe) dataflow paths from the low-security net-work to the high-security network via the data diode.As expected, Sifa reported the existence of one suchpath. This path, which comprised 20 distinct steps,represents the ‘normal’ flow of data bytes through thedevice.

Such paths are essentially just a list of ports, butto make them easier to interpret Sifa’s interactiveinterface allows the user to single-step through thetrace, automatically highlighting corresponding com-ponents in the graph and the operating modes inwhich they can be traversed. Doing this for the pathfound in this case allowed us to see how data cantravel from the black network to the red one, viaboth hardware and software within the data diodedevice, and relate this path back to the original cir-cuitry schematics and code listings (Figures 6 to 9).

In this case, starting from the black serial port (onthe left of Figure 6), data bytes travel via the RS232receiver component to pin A0 of the black micro-controller. The microcontroller’s program (Figure 7)reads these bytes into a local variable, inputChar,and later sends them to pin A1. (The pins operatedon by the getc and putc statements are determinedby the preceding ‘#use’ compiler directive.) This is

66 if (getNextChar==TRUE) {. . .

70 #use rs232(baud=9600,Xmit=PIN A1,Rcv=PIN A0,parity=n,bits=8)

71 inputChar = getc();

72 // Disable ready LED73 output low(PIN C7);75 if (input(PIN c2)) {76 // Set waiting for ack LED77 output high(PIN C6);78 lastC0 = input(PIN C0);79 lastC1 = input(PIN C1);80 }81 putc(inputChar);

82 }

Figure 7: Program code (lines 71 and 81) that trans-fers data from black microprocessor pin A0 to pin A1.

an example of direct data flow between hardware pinsand software variables via explicit assignments in theprogram code, and demonstrates the C-to-Sifa Con-verter’s ability to model these relationships.

From black microcontroller pin A1 the bytes travelto the red circuit board via the ribbon cable (right-hand side of Figure 6). On the red circuit board (leftof Figure 8) the bytes travel via an optocoupler (usedto ensure unidirectional data flow along this circuit)and enter the red microcontroller via its A0 pin.

Similarly to the other embedded program, the redmicrocontroller’s code (Figure 9) transfers data bytesbetween its hardware pins A0 and A1 via an interme-diate software variable, rxChar. From pin A1 eachbyte is forwarded to the data diode device’s red serialport via an RS232 driver (right-hand side of Figure 8).

Sifa’s identification of this expected data path


63

Figure 5: Part of the automatically-generated (and unformatted) model of data flow through the red micro-processor’s software in Sifa’s editing window.

66 while (TRUE)67 {69 output high(PIN C7);70 #use rs232(baud=9600,Xmit=PIN A1,

Rcv=PIN A0,parity=n,bits=8)

71 rxChar = getc();

72 putc(rxChar);

74 output low(PIN C7);75 if (input(PIN C2)) {76 . . .

Figure 9: Program code (lines 71 and 72) that trans-fers data from red microprocessor pin A0 to pin A1.

helped confirm the correct functioning of the C-to-Sifa Converter and demonstrates the ability to findcomposite hardware-software dataflow paths createdby explicit data assignments.

5.2 Some implicit dataflow paths

More importantly, we then analysed the model us-ing the data diode’s red serial connector as the datasource and its black connector as the sink, in order toidentify potentially unsafe data flows from the high-security domain to the low-security one. Given theobvious dangers associated with the data diode de-vice’s acknowledgement function it was no surprise

that Sifa identified the existence of such a path, butit was interesting to note that ten distinct high-to-lowpaths were produced, the longest of which involved 46steps from source to sink.

Upon investigation, it was discovered that thislarge number of dataflow paths in the ‘reverse’ direc-tion is due to the numerous conditional (‘if’) state-ments in the part of the program code that processesacknowledgements. For instance, both microcont-rollers have program code that is conditional on theposition of the ‘ack mode’ switch on the data diodedevice’s front panel. Also, the red microcontrollerexecutes different code depending on whether or notthe byte returned by the high-security network is thesame as the last byte sent to it. Similarly, the blackmicrocontroller’s program tests the values of both thepositive and negative acknowledgement signals gen-erated by the red microprocessor and performs dif-ferent actions accordingly. Putting all of these al-ternative behaviours together accounts for the manydistinct dataflow paths found by Sifa. Furthermore,the computational complexity involved in traversingthese paths accounts for their significant length.

For instance, one of the potentially dangerousdataflow paths from the high-security domain tothe low-security one concerns negative acknowledge-ments, produced when the data diode sends a byte tothe high-security network but a non-matching byte isreturned. Sifa’s analysis shows that this path startsfrom the red serial port (on the right of Figure 10)


64

Figure 6: Data path (left to right) through the black circuit board via the black microprocessor.

Figure 8: Data path (left to right) through the red circuit board via the red microprocessor.


65

Figure 10: Control path (right to left) for negative acknowledgements through the red circuit board via thered microprocessor.

and travels through the red processor board’s RS232receiver and an AND gate before reaching pin A2 onthe red microcontroller. The AND gate (bottom cen-tre of Figure 10) is connected to the ‘ack mode’ switchon the data diode device’s front panel (via the blackcircuit board) and is used to ensure that acknowledge-ment data reaches the red microcontroller only whenthe data diode device is in acknowledgement mode.

Sifa’s trace through the red microcontroller’s pro-gram code for this particular path (Figure 11) showsthat the byte is read from hardware pin A2 into soft-ware variable ackChar (line 88). Later this variableis compared to the last byte sent to the high-securitydomain (line 99), held in variable rxChar. If the val-ues do not match then the binary signal produced bymicrocontroller pin C1 is toggled to indicate a nega-tive acknowledgement (line 104).

Notice in this code that there is no direct transferof data from pin A2 to pin C1. The byte received viapin A2 influences the binary signal sent via pin C1,but no values from the byte are forwarded directly.This is, therefore, an example of implicit informationflow between software variables and hardware pins,again confirming the C-to-Sifa Converter’s ability tocapture such system properties.

From red microcontroller pin C1 the signal thentravels directly via the ribbon cable (left of Figure 10)to pin C1 of the black microcontroller (from the rightin Figure 12).

The black microcontroller’s program code repeat-edly samples the signal on this pin to see if it haschanged, in which case it sends a negative acknowl-edgement character ‘N’ to the low-security network.These multiple samples account for some of the dif-ferent dataflow paths found by Sifa. For instance, a

78 #use rs232(baud=9600,Xmit=PIN A1,Rcv=PIN A2,parity=n,bits=8)

87 if (kbhit()) {88 ackChar = getc();

89 } else {90 timeout error = TRUE;91 }93 output low(PIN C6);95 if (timeout error) {96 noAck = !noAck;97 output bit(PIN C1, noAck);98 } else {99 if ( ackChar == rxChar) {

100 yesAck = !yesAck;101 output bit(PIN C0, yesAck);102 } else {103 noAck = !noAck;104 output bit(PIN C1, noAck);

105 }106 }

Figure 11: Data-flow path (lines 88, 99 and 104)through the red microprocessor’s code that translatesdata received from pin A2 into a ‘negative acknowl-edgement’ control signal sent via pin C1.

short path through the black microcontroller’s code(Figure 13) occurs when the signal sampled frompin C1 (line 92) is used in a condition which di-rectly controls whether or not the ‘N’ character is sent(line 95).

However, since the sampled signal is comparedwith a previous sample from the same pin, a longer


66

Figure 12: Control path (right to left) for negative acknowledgements through the black circuit board via theblack microprocessor.

75 if (input(PIN c2)) {77 output high(PIN C6);78 lastC0 = input(PIN C0);

79 lastC1 = input(PIN C1);

80 }81 . . .84 if (input(PIN C2)) {85 if (input(PIN C0) != lastC0) {86 . . .91 }92 if ( input(PIN C1) != lastC1 ) {93 if (!getNextChar) {94 #use rs232(baud=9600,

Xmit=PIN A2,Rcv=PIN A0,parity=n,bits=8)

95 putc(’N’);96 getNextChar = TRUE;97 output low(PIN C6);98 }99 lastC1 = input(PIN C1);

100 }101 }

Figure 13: Two data-flow paths (lines 92 (left) and 95,and lines 79, 92 (right) and 95) through the blackmicroprocessor’s code that translate a control signalreceived from pin C1 into a ‘negative acknowledge-ment’ data value sent via pin A2.

path that ends at the same output statement beginsby sampling a previous value from pin C1 (line 79)into a software variable, lastC1, which is then com-pared with the current sample (line 92), thus alsoinfluencing whether or not the negative acknowlege-ment character is sent (line 95). Such alternativepaths, due to conditional statements in the programcode, were found to account for the many differenthigh-to-low dataflow paths detected. Depending on

the rigour of the security evaluation, the infosec evalu-ator may care to study each such path individually ormay simply note the existence of potential data flowbetween the relevant microprocessor pins, regardlessof its specific cause.

Finally, the acknowledgement character sent fromthe black microcontroller via its pin C1 reaches theblack network via another AND gate (bottom left ofFigure 12) and the black processor board’s RS232driver.

Paths such as this one, plus the various others pro-duced in this case, again confirm the toolchain’s abil-ity to automatically identify complex dataflow pathswhich may be worthy of close scrutiny.

5.3 Some less obvious paths

Apart from the crucial paths between the data diodedevice’s red and black serial ports, we also exploredour toolchain’s ability to identify other paths bothwithin and through the device. In particular, weanalysed the potential destinations of data emanat-ing from the switches on the device’s front panel, andpossible sources of signals driving the front panel’sLEDs. In practice the device itself would normallyreside physically within a high-security domain, sothere is no serious danger of an adversary receiving acoded message via the LEDs. However, the positionof the switches could conceivably be detectable by anobserver in the low-security domain, representing amore realistic threat.

For instance, Sifa’s analysis, using our hardwaremodel and the software model generated by the C-to-Sifa Converter, revealed 14 distinct dataflow pathsfrom the ‘ack mode’ switch on the data diode de-vice’s front panel to the low-security serial port. Aswas the case for the acknowledgement bytes describedabove, this large number of paths proved to be dueto the numerous conditional statements in the micro-controllers’ programs that rely on the position of thisswitch. In essence, of course, the existence of these


67

68 output high(PIN C7);69 getNextChar = FALSE;70 #use rs232(baud=9600,Xmit=PIN A1,

Rcv=PIN A0,parity=n,bits=8)71 inputChar = getc();73 output low(PIN C7);

Figure 14: Part of the black microprocessor’s code re-sponsible for reading data bytes (line 71) and flashingthe ‘ready to receive data’ LED (lines 68 and 73).

paths simply confirms the obvious fact that an ob-server in the low-security domain can determine theposition of the (high-security) ‘ack’ switch merely bynoting the presence or absence of acknowledgementscoming from the data diode device in response tobytes sent to it.

We also found numerous dataflow paths from the‘ack mode’ switch to the two ‘waiting for ack’ LEDson the data diode device’s front panel (one LED isattached to each circuit board). This is to be ex-pected because the position of this switch determineswhether or not signals are sent to these LEDs. How-ever, there were no paths from this switch to the‘ready to receive data’ LEDs. Similarly, no pathswere found leading from the red serial port to the‘ready to receive data’ LED on the red circuit boardsince this port only receives acknowledgements, notdata bytes. These results conformed precisely withour understanding of the data diode device’s internalbehaviour.

Some of the results were not so obvious, however.For instance, we were surprised to discover that thecombined hardware-software analysis produced pathsleading from the red serial port, which receives ac-knowledgement bytes only, to the ‘ready to receivedata’ LED attached to the black circuit board, whichdisplays the status of data bytes travelling in the op-posite direction! Inspection of the black microcont-roller’s program code revealed that this interaction isdue to the acknowledgement signals received by theblack microcontroller from the red one controlling as-signments to a software variable, getNextChar, whichin turn is used to control code that sends signals tothis LED (via black microcontroller pin C6). This wasa good example of the C-to-Sifa Converter identify-ing paths not expected by the research team. (Fur-thermore, it was noted that the program code couldbe restructured to eliminate this flow, although inpractice it does not represent a serious security threatgiven the assumption that the LEDs are accessible inthe high-security domain only.)

A particularly counterintuitive finding was thatno dataflow paths were produced from the black se-rial port to the black circuit board’s ‘ready to re-ceive data’ LED, which flashes once for each databyte received. The relevant part of the black micro-controller’s program is shown in Figure 14. TheLED is first switched on (line 68), the data byteis read (line 71), and the LED is then switched off(line 73). However, despite the clearly-evident se-quential relationship between execution of these threestatements, there is, in fact, no dataflow relationshipbetween them. The byte read from pin A0 into vari-able inputChar is not sent to the LED connected topin C7. Nor does the byte received control the signalssent to the LED; the same signals are sent to the LEDregardless of the value of the byte received. Thus theC-to-Sifa Converter correctly produced no dataflowconnection between inputs on pin A0 and outputs topin C7 in this case. This is in accordance with thewell-established principle of noninterference as a fun-

damental way of modelling information flow (Goguen& Meseguer 1982). There is, however, a timing rela-tionship between these actions because the ‘low’ sig-nal cannot be sent to pin C7 until the byte frompin A0 has been read. A ‘timing channel’ thus ex-ists between these pins, but our toolchain does not(currently) attempt to perform timing analyses.

A similar case of an expected path not being foundwas from the red serial port, which receives acknowl-edgement bytes from the high-security domain, tothe ‘waiting for ack’ LED attached to the red circuitboard, which flashes to indicate to the operator thatan acknowledgement is being processed. Again thisfinding by Sifa and the C-to-Sifa Converter was vin-dicated by manual inspection of the red microcont-roller’s program code, which showed that the samesignals are always sent to flash this LED regardlessof the value of the acknowledgement byte received.In fact, it is the position of the ‘ack mode’ switchthat influences the behaviour of this LED, not theacknowledgement bytes themselves. Again there isa timing relationship between these actions, but noactual data flow.

6 Conclusion

One of the key steps during information security eval-uations of communications devices is to trace all po-tential data flow through the device’s circuitry andembedded program code. We have created a toolchainwhich automates this process by combining an exist-ing circuitry analysis tool, Sifa, with a new analy-sis tool for embedded program code, the C-to-SifaConverter. In this paper we have used a small, butcomplete, case study to show how this toolchain al-lows the flow of data to be traced seamlessly andaccurately through a security device’s hardware andsoftware. At the time of writing we are conductingfurther case studies involving interrupt-driven micro-controller programs.

References

Ballance, R. A., Maccabe, A. B. & Ottenstein,K. J. (1990), The program dependence web:A representation supporting control-, data-,and demand-driven interpretation of imperativelanguages, in ‘Proceedings of the ACM SIG-PLAN Conference on Programming LanguageDesign and Implementation (PLDI’90), NewYork, USA, June 20–22’, ACM, pp. 257–271.

Cytron, R., Ferrante, J., Rosen, B. K., Weg-man, M. N. & Zadeck, F. K. (1989), An effi-cient method of computing Static Single Assign-ment form, in ‘Proceedings of the 16th ACMSIGPLAN-SIGACT Symposium on Principlesof Programming Languages (POPL’98), Austin,USA’, ACM, New York, USA, pp. 25–35.

Fidge, C. J. & Corney, D. (2009), Integrating hard-ware and software information flow analyses, in‘Proceedings of the ACM SIGPLAN/SIGBED2009 Conference on Languages, Compilers, andTools for Embedded Systems (LCTES 2009),Dublin, June 19–20’, ACM, pp. 157–166.

Goguen, J. & Meseguer, J. (1982), Security policiesand security models, in ‘IEEE Symposium onSecurity and Privacy’, IEEE Computer Society,pp. 11–20.


68

ISO (2009), ISO/IEC Standard 15408-1:2009, In-formation Technology—Security Techniques—Evaluation Criteria for IT Security—Part 1: In-troduction and General Model, 3.1 edn, Interna-tional Organization for Standardization, Geneva,Switzerland.

Mahalingam, A., Butz, B. P. & Duarte, M. (2005), Anintelligent circuit analysis module to analyze stu-dent queries in the Universal Virtual Laboratory,in W. Oakes, D. Voltmer & C. Yokomoto, eds,‘Proceedings of the 35th ASEE/IEEE Frontiersin Education Conference (FIE’05), Indianapolis,USA’, Institute of Electrical and Electronics En-gineers, New Jersey, USA, pp. F4E–1–F4E–6.

Mallen, S. (2003), Serial data diode device—Operation manual, Technical report, DefenceSignals Directorate.

McComb, T. & Wildman, L. P. (2005), SIFA: A toolfor evaluation of high-grade security devices, inC. Boyd & J. Nieto, eds, ‘Proceedings of theTenth Australasian Conference on InformationSecurity and Privacy (ACISP 2005), Brisbane,Australia’, Vol. 3574 of Lecture Notes in Com-puter Science, Springer-Verlag, Berlin, pp. 230–241.

McComb, T. & Wildman, L. P. (2006), User guidefor SIFA v.1.0, Technical report. Available fromhttp://sifa.sourceforge.net/.

McComb, T. & Wildman, L. P. (2007), A com-bined approach for information flow analy-sis in fault tolerant hardware, in ‘Proceedingsof the Twelfth IEEE International Conferenceon Engineering of Complex Computer Systems(ICECCS 2007)’, IEEE Computer Society Press.

Sabelfeld, A. & Myers, A. C. (2003), ‘Language-basedinformation-flow security’, IEEE Journal on Se-lected Areas in Communications 21(1), 1–15.

Scholz, B., Zhang, C. & Cifuentes, C. (2008), User-input dependence analysis via graph reachabil-ity, in ‘Proceedings of the Eighth IEEE Interna-tional Working Conference on Source Code Anal-ysis and Manipulation (SCAM 2008), Beijing,September 28–29’, IEEE, pp. 25–34.


69


70

Data Flow Analysis of Embedded Program Expressions

Christopher Doble Colin J. Fidge Diane Corney

Faculty of Science and Technology,Queensland University of Technology, Brisbane

Abstract

Data flow analysis techniques can be used to help as-sess threats to data confidentiality and integrity insecurity-critical program code. However, a fundamen-tal weakness of static analysis techniques is that theyoverestimate the ways in which data may propagateat run time. Discounting large numbers of these false-positive data flow paths wastes an information secu-rity evaluator’s time and effort. Here we show how toautomatically eliminate some false-positive data flowpaths by precisely modelling how classified data isblocked by certain expressions in embedded C code.We present a library of detailed data flow modelsof individual expression elements and an algorithmfor introducing these components into conventionaldata flow graphs. The resulting models can be usedto accurately trace byte-level or even bit-level dataflow through expressions that are normally treated asatomic. This allows us to identify expressions thatsafely downgrade their classified inputs and therebyeliminate false-positive data flow paths from the se-curity evaluation process. To validate the approachwe have implemented and tested it in an existing dataflow analysis toolkit.

Keywords: Security-critical software; Data flow anal-ysis; Taint analysis; Embedded programs; Downgrad-ing

1 Introduction

Data flow analysis is a method of examining a sys-tem and how its constituents interact with each other.These interactions are embodied in the flows of datacontained within the system, with the meaning of aflow depending on the type of system being analysed:for hardware it may represent the path of an electri-cal signal, while for software it may show that a par-ticular value influences the output of a computation.Founded on the lattice model of secure informationflow (Denning 1976), secure data flow analysis makesuse of this technique to enforce or verify a system’s

This research was funded in part by the Defence Signals Direc-torate and the Australian Research Council via ARC Linkage-Projects Grant LP0776344.

Copyright c©2012, Australian Computer Society, Inc. This pa-per appeared at the Tenth Australasian Information SecurityConference (AISC2012), Melbourne, Australia, 30th January–2nd February 2012. Conferences in Research and Practice inInformation Technology (CRPIT), Vol. 125, J. Pieprzyk andC. Thomborson, Ed. Reproduction for academic, not-for-profitpurposes permitted provided this text is included.

security. Static analysis of data flow through security-critical program code, sometimes called ‘taint’ analy-sis, is relevant to protecting both data confidentialityand data integrity (Pistoia et al. 2007).

Several secure data flow analysis systems target-ing software can be found in the literature (Suh et al.2004, Newsome & Song 2005, Myers 1999, Song et al.2008), but they all share a significant problem: thesecurity classes of expressions are determined en-tirely from the security classes of their inputs; theexpression’s behaviour is not taken into considera-tion. This problem stems from the lattice model ofsecure information flow (Denning 1976) where the se-curity class of a function f(a1, . . . , an) is equal tothe least upper bound of the input security classes,i.e., the least security class greater-than or equal-toall input security classes for parameters a1 to an.This definition means that downgrading expressions(Li & Zdancewic 2005)—through which data maysafely flow from a high-security domain to a low-security domain—cannot be recognised, leading tofalse-positive errors (Newsome et al. 2009) in whichthe analysis system states that a permissible flow isimpermissible. For example, the security class of ex-pression ‘secret * 0’ is equal to that of classifiedvariable secret, even though we can learn nothingabout this integer’s value from the expression’s con-stant output.

Data flow analyses are important for informationsecurity, or ‘infosec’, evaluations of the kind per-formed by Australia’s Defence Signals Directoratein its Australasian Information Security EvaluationProgramme1. This programme evaluates informationtechnology products against the Common Criteriafor Information Technology Security Evaluation (ISO2009) so that consumers of security-critical hardwareand software can make informed procurement deci-sions, especially for government or military purposes.Most of these evaluations concern embedded systems,i.e., machines with limited resources, running soft-ware whose primary purpose is to interact with thephysical world (Lee 2002). To accommodate theseresource constraints, embedded software makes fre-quent use of bitwise operations to pack and unpackvalues from sub-byte sections of memory, meaningthe security classes of data are often determined atthe level of individual binary digits. Embedded pro-gram code analyses are thus particularly susceptibleto false-positive errors because downgrading expres-sions may go unrecognised.

The work of ‘infosec evaluators’ of embedded sys-tems can be supported by automated tools that iden-tify potential data flow paths worthy of detailed inves-tigation. One such tool is SIFA, the Secure Informa-tion Flow Analyser (McComb & Wildman 2005), in

1http://www.dsd.gov.au/infosec/aisep/


71

which graph representations of security-critical elec-tronic circuitry may be developed and analysed invarious ways (McComb & Wildman 2007), especiallyto identify data flow paths. As an extension to thistool, we recently produced a ‘C-to-SIFA Converter’,a compiler-like tool that produces SIFA-compatibledata flow graphs of C code running on embedded mi-crocontrollers. This tool, combined with SIFA, pro-vides automated support for data flow analyses ofboth the hardware and software of security-criticalembedded devices (Mills et al. 2012).

However, the data flow analyses performed by theC-to-SIFA Converter follow the traditional approachof treating each operation in a program code expres-sion as atomic, thus failing to recognise potentially-downgrading expressions (Li & Zdancewic 2005). Ouraim here, therefore, is to reduce the number of false-positive data flow paths generated during analysis ofembedded software. To achieve this we (1) developeda library of detailed data flow models of C operatorsfor different data representations, (2) devised an algo-rithm for inserting these models into a given data flowgraph, (3) implemented the library and algorithm asan add-on module for the C-to-SIFA Converter, and(4) used case studies to confirm that the new moduleimproved SIFA’s ability to trace data flow throughsecurity-critical embedded software.

2 Related and previous work

Our concern is with analysing the way classified datamay be transferred through expressions in embeddedprogram code, with the aim of recognising expressionsthat successfully downgrade classified data. Here wereview related and previous work from the areas ofsecure data flow analysis, program code certification,and embedded system certification.

2.1 Secure data flow analysis

In general, data flows may be identified either byexamining a system’s construction—statically—or byobserving its behaviour—dynamically. Here we areinterested in static analysis only; information aboutdynamic analysis for protecting data security can befound elsewhere (Suh et al. 2004, Newsome & Song2005).

Many practical static data flow analysis systemsare presented in the literature (Myers 1999, Songet al. 2008) but unfortunately they all generate false-positive errors (Newsome et al. 2009). Our goal is tohelp reduce this problem by developing a techniqueto precisely trace data flows through expressions, al-lowing downgrading expressions, i.e., those that pro-duced unclassified outputs from classified inputs (Li& Zdancewic 2005), to be recognised.

Secure data flow analysis is founded upon the lat-tice model of secure information flow presented byDenning (1976). Explicit and implicit flows of dataare differentiated, with the former occurring whendata is transferred directly from one object to an-other, as in assignment statements, and the latterwhen execution of an explicit flow is controlled by an-other expression, such as when an assignment occurswithin a conditional statement. For program codeanalysis Volpano, Smith & Irvine (1996) express thisconcept as a type-inference system and mathemati-cally prove its soundness as a form of noninterference(Goguen & Meseguer 1982). These principles can beimplemented as a static program code analysis (Pis-toia et al. 2007) to trace the flow of security-criticaldata.

Importantly, however, static analyses can onlyidentify potential data flows, many of which maynever actually occur at run time. They thus over-estimate the flow of data, producing false-positive re-sults which waste the security evaluator’s time andeffort, motivating our interest in more precise analy-sis of code expressions.

In closely related work, Newsome et al. (2009) in-troduced a concept of influence which quantifies “howmuch” of a computation’s inputs affect its output.They propose that security policies make use of thisproperty, providing the example rule of “data influ-enced by x or more bits by the network may not beloaded into the program counter.” However, this con-cept is also susceptible to false-positive errors becauseit is not known exactly which bits of the output areaffected by the inputs; this makes it impossible totrace the original inputs through subsequent opera-tions that remove data. For example, if we know thata value x has 4 bits of influence over another value y,and half of y is removed, it cannot be determined howmany bits of x remain. Our goal is instead to tracethe flow of individual bytes or even bits precisely.

Another highly relevant area of previous work isresearch into how information can flow through ar-rays in high-level languages. For instance, it has beenobserved that as well as an array’s contents, its lengthand the indices at which certain values appear in thearray can encode information (Deng & Smith 2004).More importantly, there has also been research intohow to accurately trace the flow of classified informa-tion through specific array elements (Rus et al. 2007),rather than treating the array as atomic, which causesinsertion of a single classified element to ‘taint’ thewhole array. This research is obviously closely relatedto our own since all variables in computer programscan be modelled as arrays of bits. In fact, the prob-lem we face in analysing embedded software is simplerthan the general case for arrays because embeddedcode expressions make frequent use of hardwired con-stants, so we can often tell statically exactly whichbits are affected by an operation, while this is ex-tremely difficult for symbolic array indices (Rus et al.2007).

2.2 Program code security certification

Denning & Denning (1977) build on the lattice modelof permissable data flows (Denning 1976) to presentmechanisms for certifying that a program is securebased on the flows of data within it; if it containsany impermissible flows, it could potentially leak sen-sitive information and is thus insecure. They extendthe lattice model to include arrays, exceptions, andprocedure calls so that these may also be certifiedthrough static analysis of program source code.

Several static and dynamic secure data flow anal-ysis systems can be found in the literature. One suchsystem is JFlow (Myers 1999), an extension to theJava language that adds a number of constructs en-abling compile-time static analysis. Another system,BitBlaze (Song et al. 2008), supports both static anddynamic analysis of binary programs providing theyuse one of the several instruction sets supported bythe tool. In our own research we have developeda static analysis tool for tracing data flow throughsecurity-critical C code in embedded devices (Millset al. 2012).

However, all of these systems exhibit the sameproblem discussed in the previous section. They fol-low traditional data flow principles in which opera-tions in expressions are treated as atomic, which re-sults in false-positive errors because operations which


72

block classified data are not recognised as such. Topartially solve this problem, Suh et al. (2004), New-some & Song (2005) and Song et al. (2008) identify aset of “constant functions” whose inputs do not affecttheir output, providing as an example the instruction‘xor eax, eax’ which zeros the eax register. If givensecurity-sensitive inputs, these constant functions be-come downgrading expressions. It is claimed that allthree systems recognise a subset of these functions,but the authors do not explicitly state which are sup-ported. Newsome & Song (2005) note that identifica-tion of these functions would greatly reduce the num-ber of false-positive errors generated; this is also ourobjective, but our research aims to go further by alsorecognising operations that let some data through.

2.3 Embedded system certification

A special case of program code certification involvesanalysis of security-critical embedded code, i.e., soft-ware which interacts directly with its hardware en-vironment. This is important in the context of in-ternational standards, such as the Common Criteriafor Information Technology Security Evaluation (ISO2009), which mandate information security, or ‘in-fosec’, evaluations of electronic devices intended tosafeguard data in government and military applica-tions. Within Australia the Defence Signals Direc-torate follows such standards to produce a list oftrustworthy devices, known as the Evaluated ProductsList2. Our own research concerns the need to supportsuch evaluations by automating data flow analysis ofembedded software in the context of its surroundingdigital circuitry (Mills et al. 2012).

This is challenging because embedded softwaretypically contains bit-level and byte-level data oper-ations not normally encountered in application soft-ware. To overcome memory constraints, embeddedsoftware often makes use of bitwise operations topack and unpack data values. These operations mayserve as downgrading expressions, by masking or oth-erwise eliminating security-critical bits, making em-bedded software analyses particularly susceptible tofalse-positive data flow errors if the function of theseoperations is not modelled accurately.

Previous research on automating data flow anal-ysis of embedded devices produced SIFA, the SecureInformation Flow Analyser, an open-source3 softwaretool developed to automate data flow analysis of dig-ital circuitry (McComb & Wildman 2005). SIFA rep-resents electronic circuitry as a graph of components,each of which has a number ports on its periphery.Inter-component connections can be made by linkingports on different components, and intra-componentdata flow is modelled by defining how data is trans-ferred between ports on the same component. SIFAprovides a variety of graph-theoretic analysis func-tions (McComb & Wildman 2007), the most impor-tant being its ability to identify all data flow pathsbetween selected ports, usually from a high-securitydata source to a low-security data sink.

In our own research we have developed a ‘C-to-SIFA Converter’, a compiler-like static analyser thatconverts embedded C code to SIFA-compatible dataflow graphs that can be integrated into circuitry mod-els. This capability supports seamless data flow anal-yses through an embedded device’s hardware andsoftware (Mills et al. 2012). However, the tool fol-lows standard data flow graph building principles inwhich each operator in an expression is represented

2http://www.dsd.gov.au/infosec/epl/3http://sifa.sourceforge.net/

as an atomic component and each program variableor constant is modelled as a single arc (Scholz et al.2008).

Thus, our tool also suffers from the inability torecognise expressions that downgrade classified dataat the bit or byte level. Our goal here, therefore, wasto extend the capabilities of the C-to-SIFA Converterto give it a more precise ability to analyse data flowthrough expressions in embedded C code.

3 The component library

The first part of our solution was to develop a SIFA-compatible library of data flow components thatmodel the way data flows through operations in Cexpressions precisely. This section discusses the ra-tionale for the library’s design and presents some rep-resentative component models.

3.1 Threat model

In designing the library we had to first decide pre-cisely what was meant by ‘data flow’. The ways inwhich information can flow through program expres-sions can be subtle. For instance, the value of ex-pression ‘A + B’ tells us nothing about the values ofoperands A and B. However, the value of expression‘A * B’ always reveals whether or not the signs of theoperands were the same. Furthermore, if the expres-sion’s value is a prime number then we know the ex-act value of the operands! Rather than entering intocomplex deliberations about what information can beinferred from expression values, we therefore insteadchose to adopt the simple and clear noninterferencemodel of data flow cited above. Thus, unless it canbe proven otherwise, we conservatively assume thatthe values of an expression’s operands all exert somediscernable influence on the expression’s value. Thus,both operands A and B are assumed to affect the valueof expression ‘A + B’, even though little or nothingcan be learnt about their precise values without addi-tional information, but the value of expression ‘A * 0’is assumed to reveal nothing at all about operand Asince constant 0 entirely dominates the result.

This overall argument is based on a scenario inwhich the ‘attacker’ of our program has access to itssource code listing and can observe all data emanatingfrom the embedded device containing the microcon-troller running the compiled code. This is a worst-case attacker profile for an embedded security-criticaldevice, so our model is thus safely conservative, eventhough it will sometimes overestimate data flow. (Ifthe attacker had powers greater than this, e.g., phys-ical access to the device and the ability to insert de-bugging probes into the microcontroller to observememory or register values, then no defence is possi-ble.)

3.2 Design process

In order to accurately trace data flow through theexpressions that the C-to-SIFA Converter encounters,we must first understand how the component partsof these expressions behave in isolation. As the tooltargets embedded C code, there are several kinds ofexpression element, including but not limited to:

• bitwise, logical, and mathematical operators suchas <<, &&, or +,

• calls to built-in and user-defined functions suchas abs() or rand(),


73

Left-Shift

Each input bit (port) is connected tothe output bit x positions the left,where x is the shift amount.

Shown is a left-shift by 2.

Input Ports

Output Ports

Intra-componentconnections

Inter-componentconnections

Figure 1: A component depicting a left-shift by 2.

• identifiers and variables such as PI or x,

• literal values of varying types such as 42 or ‘c’,and

• type casts such as (int) or (float).

We considered the behaviour of a significant num-ber of these expression elements under various cir-cumstances. These ranged from different input types(e.g., floating-point values) to specific sets of inputvalues (e.g., powers of two). The results of these stud-ies were modelled as SIFA components which may beconnected to form data flow graphs modelling entireexpressions. Particular emphasis was put on identify-ing expression elements that remove data as they havethe potential to be used in downgrading expressions(Li & Zdancewic 2005).

The C-to-SIFA Converter targets the CCS Em-bedded C compiler, so this compiler’s reference man-ual4 was used to determine which expression elementsshould be analysed, and to gain a basic understand-ing of their behaviour. A number of other works werethen consulted to further develop our understandingof the elements’ behaviour (Tanenbaum et al. 1982,Seacord 2006). The expression elements were thentranslated to SIFA components as explained in Sec-tion 3.3 below.

Given the vast number of C expression elementsthat the tool may encounter, we could model only asubset of them in the time available for this researchproject. We were guided in our choices by some C pro-gram fragments supplied to the research team by theDefence Signals Directorate as examples of ‘typical’software found in security-critical embedded devicesundergoing analysis in the Australasian InformationSecurity Evaluation Programme. We considered allbitwise, logical, and mathematical operators, but ex-cluding assignment operators such as ‘+=’ and ‘|=’because they can be expanded into two simpler oper-ations. A subset of standard C library functions andtype casts were also considered. These are the ex-pression elements most frequently used in embeddedC code encountered by AISEP security evaluators,and are thus the most likely to cause false positives.

3.3 Expression components

A component—an entry in the component library—describes the behaviour of a particular expression el-ement under some circumstance, often for specific in-put values. The data flow components are represented

4http://www.ccsinfo.com/

in SIFA’s graphical notation as a named collection of‘ports’. (In fact, SIFA’s graph analysis algorithmstreat a model’s ports as the graph’s nodes, ratherthan the components.) An example library compo-nent for a left-shift by 2 on an 8-bit value is shown inFigure 1.

A component may have any number of input andoutput ports that represent data flowing into and outof it, respectively. These ports also act as “connectionpoints” from which inter- or intra-component connec-tions may be made. Inter-component connections jointhe output ports of one component to input portsof another; it is this type of connection that allowsentire expressions to be modelled using components.Intra-component connections join input and outputports of a single component and model the flow ofdata through it. Both types of connection dependon the component’s input and output representations(Section 3.4), but intra-component connections alsodepend on the behaviour of the expression elementbeing modelled.

To determine what intra-component connectionsshould be made through a component, we followedthe concept of noninterference, originally defined byGoguen & Meseguer (1982). Volpano et al. (1996)provide an alternate definition that is more suited toour work as it concerns memory and the variableswithin it as opposed to the original definition whichconsiders users and the actions that they may per-form. Using this concept, if an input port is nonin-terfering with all output ports, it does not affect thecomponent’s output and is said to be “removed.” Ifan input port may affect an output port however, anintra-component connection is made between them.This means that there are situations where an inputport may be connected to several output ports or viceversa. For example, when performing addition a carrywill occur if two bits of equal significance are both 1,which may cause another carry and so on.

Literal constant inputs are not compatible withthis definition of removal as they are immutable inthe context of static data flow analysis: they cannotbe changed without modifying the program’s sourcecode. It is for this reason that entries in the com-ponent library do not include input ports for literalvalues. Were they to be included, they would serveonly to complicate the data flow graph and wouldprovide no benefit as it is assumed that all “note-worthy” constants (e.g., the seed of a pseudorandomnumber generator used to create encryption keys) willbe named in the source program. (This particular is-sue was much discussed during development of the C-


74

Ports

Bits

Binary Representation Sign & Magnitude Representation Single Value Representation

Figure 2: Three of the data representations used in the component library, showing how the individual bits ofa value (bottom) are mapped to ports in the model (top).

to-SIFA Converter. Ultimately it was decided that in-formation security evaluators would not usually wantto trace the ‘flow’ of a hardwired constant, althoughsome provision for this is built into the tool.)

3.4 Data representations

At times it is convenient to explain the behaviourof an expression element in terms of logical aspectsof values rather than the underlying bits of memory.For example, it is clearer to say that the absolute-value function fabs() removes the sign of its operand,rather than saying the leftmost bit is discarded. Fur-thermore, to minimise the complexity of the data flowgraphs, we want to avoid tracing every individual bitthrough an expression in situations where this doesnot provide any helpful information.

Binary Representation

Single Value Representation

Figure 3: An undesirable connection between two rep-resentations in which a single value (top) connects toall bits in a binary representation (bottom).

To do this, the inputs and outputs of all compo-nents in the component library are expressed in par-ticular representations that map the underlying bitsof values to components’ ports. By mapping certaingroups of bits to a single port, components can effec-tively operate on logical aspects of values; this letsus create components for expression elements whosebehaviour would otherwise be prohibitively complexto analyse. Three of the representations used in thecomponent library are shown in Figure 2:

• binary representation where each bit is mappedto its own port,

• sign and magnitude representation where thesign bit is mapped to one port and the remain-ing bits (the magnitude) are mapped to another,and

• single value representation where all bits aremapped to a single port.

As representations simply map bits to ports, wecan make inter-component connections between any

two representations while maintaining the integrityneeded for data flow analysis. Providing the repre-sentations have the same underlying data type, thisis achieved by iterating over all bits of the data, andconnecting the ports that represent each bit.

Connections between some representations are un-desirable, however, as they result in an apparent du-plication of data that undermines the integrity of thedata flow analysis. This occurs when the first repre-sentation maps two or more bits to a single port, andthe second representation maps those same bits to agreater number of ports. This can be seen in Figure 3where a single value representation is connected to abinary one. Connecting data representations in thisway is unhelpful because bitwise data flow cannot betraced through the single value representation.

3.5 Some typical library components

The component library contains data flow compo-nents for arithmetic operators, comparison and rela-tional operators, logical operators, bitwise operators,type conversions and standard library functions. Foreach operator there may be several data flow com-ponents for different representations and for differ-ent compile-time constant operands. There are fartoo many components to show here, but a few ofthe more interesting examples are described below.In each case A and B denote variables whose valuesare not known statically, and x and y are integersused to denote unspecified parts of a compile-timeconstant, e.g., 2x denotes any integer that is a powerof 2. (These values are part of the component defini-tion, not necessarily the expression.)

Figure 4: Library component for modulus expression‘A % B’ using sign-and-magnitude representation.

For instance, Figure 4 shows the component forsign-and-magnitude representation of the modulusoperator. In this case the magnitude of the result (atthe bottom of the figure) is affected by the magnitudesof both operands, but the sign of the result is affectedonly by the sign of the first operand. Thus, this oper-ation would successfully downgrade an expression inwhich only the value of the second operand’s sign wasclassified.


75

Figure 5: Library component for addition ‘A + B’ us-ing binary representation.

Figure 6: Library component for unsigned integer di-vision ‘A / 2x’, where x is 3, using binary represen-tation.

Figure 7: Library component for bitwise conjunction‘A & x’, where constant x’s value has the bit patternshown on the right, using binary representation.

A more complex component is for the binary rep-resentation of integer addition, as shown in Figure 5.In this case each input bit affects all outputs of equalor higher significance, because the addition of any twobits may cause a carry.

The component in Figure 6 models a special case ofunsigned integer division in which the second operandis a compile-time constant and a power of 2. In effect,this operation is equivalent to a right shift, ‘A >> x’,so it may downgrade input A by removing its right-most x bits. (This particular component does notapply to signed values.)

Obvious cases of downgrading often occur with bit-wise operations. For instance, Figure 7 shows theresult of performing a logical ‘and’ operation on abyte A and a compile-time constant bit pattern. Inthis case bits in A that correspond to zeros in thesecond operand are downgraded.

A less-obvious example is the less-than-or-equalcomparison in Figure 8. In this case the secondoperand is a constant whose value can be expressedin the form 2x − 1. Since the x least-significant bitsof the first operand A cannot sum to more than 2x−1they cannot influence the result and hence are effec-tively downgraded.

Many components have no data flow from their in-put(s) to their outputs at all. Most notably, the valueof expressions that produce a constant value do not

Figure 8: Library component for integer comparison‘A <= 2x − 1’ using binary representation.

Figure 9: Library component for type conversion‘(T)A’, where target type T has a greater range thanthat of signed integer A, using binary representation.

reveal anything about the values of their operands.Some examples include ‘A * 0’, ‘A % 1’, ‘A == A’ and‘B >= x’ where B is an m-bit two’s complement inte-ger and x is the minimum such value −2m−1. Thelibrary also contains components modelling the be-haviour of expressions involving the special C floatingpoint value ‘not a number’, many of which also returnconstant results.

Finally, not all operators of security relevance inthe library involve blocking data. In a few instances,such as that shown in Figure 9, classified data maybe duplicated. In this case a signed integer is cast toa type with a larger range (e.g., ‘short’ to ‘long’) inwhich case sign extension is applied and the sign bitis copied multiple times.

4 Expression tracing functions

Having defined the library of data flow components,the second challenge was to use them in the data flowgraphs generated for embedded C code expressions bythe C-to-SIFA Converter. In this section we explainhow this tool was extended, including the algorithmsfor selecting library components and for connectingthem together.

4.1 Rationale

As mentioned previously, we developed the C-to-SIFAConverter to support the work of AISEP securityevaluators (Mills et al. 2012). The tool automatesthe creation of data flow graphs for embedded soft-ware, taking embedded C source code as input, andconstructing a data flow graph in a format readableby SIFA (McComb & Wildman 2005). The tool itselfis written in C] 3.0 and targets embedded C code thatcompiles under the CCS compiler.

At the start of this research the C-to-SIFA Con-verter followed the lead of other secure data flowanalysis systems and treated expression operators asatomic, resulting in false-positive errors, i.e., connec-tions through the graph in situations where a moredetailed analysis would show that there is no data


76

+ ComponentsController()+ ReplaceNode(node : Node) : Node

ComponentsController ComponentSet+ GetComponentForNode(node : Node) : Component– GetMaximumRepresentation() : Type# MakeNode() : Node# MakeMaximumRepresentation(number : uint, type : TypeNode) : Representation# MaximumRepresentation : Type# Node : Node# OutputType : TypeNode# Parents : Node[]# RepresentationAllowed(representation : Type) : bool

+ Component(node : Node)+ CompareTo(component : Component) : int+ Node : Node+ PercentRemoved : double+ ReplaceNode(node : Node)

Component+ ExpressionNode(node : Node)+ ConnectPorts(inputPort : Port, outputPort : Port)+ ConnectPorts(inputPort : uint, outputPort : uint)+ PortsAreConnected(inputPort : Port, outputPort : Port) : bool+ PortsAreConnected(inputPort : uint, outputPort : uint) : bool+ WriteFaultData(sifaWriter : SifaWriter)

ExpressionNode

+ RepresentationBuilder()+ ModelNodeInputs(node : Node) : Representation[]+ ModelNodeOutput(node : Node) : Representation– ModelPortsAndType(ports : Port[], type : TypeNode) : Representation

RepresentationBuilder

Representation# Representation(ports : Ports[], type : TypeNode)# Representation(type : TypeNode)+ AddToNodeInputs(node : Node)+ AddToNodeOutputs(node : Node)+ CompareRepresentations(a : Type, b : Type) : int+ CompareTo(representation : Representation) : int+ Connect(representation : Representation)+ GetPort(index : uint) : Port+ GetPortForBit(bit : uint) : Port# GetPortIndexForBit(bit : uint) : uint+ IsConnectedTo(representation : Representation) : bool+ NumberOfBits : uint+ NumberOfPorts : uint# Ports : Port[]# Type : TypeNode

Node

BinaryRepresentation

SignAndMagnitudeRepresentation

SingleValueRepresentation

AdditionComponentSet

BitwiseANDComponentSet

BitwiseORComponentSet

BitwiseXORComponentSet

...

Figure 10: Classes developed to implement the expression tracing functionality.

flow. Our new expression tracing functionality aimedto resolve this issue by replacing atomic componentswith more accurate ones sourced from the componentlibrary.

Being an extension to the existing C-to-SIFA Con-verter, the expression tracing functionality was alsowritten in C] 3.0. The set of classes and methodsdeveloped is shown in Figure 10. To help guaran-tee the program’s correctness, test-driven develop-ment was utilised, with the final test suite containing125 unit tests. The ReplaceNode() method of theComponentsController class acts as the interface tothe expression tracing tracing functionality, taking aNode from the data flow graph (an abstraction of aSIFA component) and replacing it with a more accu-rate one sourced from the component library. Thisprocess can be divided into two distinct stages: se-lection of the replacement, and replacing the existingNode. Detailed discussions of these two stages areprovided in Sections 4.3 and 4.4, respectively.

4.2 Representations

Representations are modelled in the expression trac-ing functionality by the abstract Representationclass and its subclasses. Methods are providedto, among other things, retrieve the Port rep-resenting a particular bit and connect arbitraryRepresentation instances. Each subclass imple-ments the protected GetPortIndexForBit() methodwhich effectively provides the “subclass-specific” logicused in the aforementioned functions. Three sub-classes are defined in the expression tracing function-ality:

• BinaryRepresentation where each each bit ismapped to its own port,

• SignAndMagnitudeRepresentation where thesign bit is mapped to its own port, and all otherbits (the magnitude) are mapped to another, and

• SingleValueRepresentation where all bits aremapped to a single port.

A Representation instance can be created in oneof two ways: it may be instructed to create its ownPort array, or it can use an array sourced from an ex-isting Node. The former method is used when creatinga new Node, while the latter is used when creating aRepresentation for an existing one. Each subclassimplements constructors for both of these methods sothat they may calculate the number of required portsor validate those that were given.

Making use of the second method is theRepresentationBuilder class which provides func-tions to create Representation instances mod-elling input or output ports of an existing Node,ModelNodeInputs() and ModelNodeOutputs(). Asa component may have several logical inputs, the for-mer method returns an array, while the latter returnsa single object. This functionality is used extensivelywhen replacing Nodes, with Representations beingbuilt for all parents and children, and then connectedto the new Node using Representation.Connect().The RepresentationBuilder functions work byfirstly identifying all subclasses of Representationthat could validly be used at this point in the dataflow graph, as per the principles in Section 3.4 above,and by then selecting the most precise representationavailable.

4.3 Component selection

The ComponentSet class hierarchy is the result oftranslating the component library to code, with eachsubclass representing a logically related group of com-ponents. These components may be accessed by call-ing the GetComponentForNode() method which re-turns the most suitable replacement for the givenNode, or null if none are available. To find allpotential replacements for a particular Node, thismethod is firstly called on all ComponentSet sub-classes. This design was chosen as it allows log-ically related components to be grouped togetherin the code, but leaves the nature of that re-lation up to the developer. In the expressiontracing functionality, components are grouped by


77

(a) (b)

A AB B

Figure 11: Data flow through expression (A & B) << 4 modelled using different representations.

the expression elements that they model, resultingin subclasses such as AdditionComponentSet andBitwiseANDComponentSet. As intra-component con-nections may not be set on instances of the base code’sNode class—it assumes that all input ports are con-nected to all output ports—replacement componentsare constructed using its ExpressionNode subclass.

The ComponentSet class offers a number of“helper” methods to support the creation of re-placement components in its subclasses. One suchmethod is RepresentationAllowed() which returnsa boolean value indicating whether the replacementcomponent may use the given Representation, en-forcing the constraint on connections from less- tomore-precise representations as discussed in Sec-tion 3.4. However, this method differs slightly fromthe original definition when the Node that is to bereplaced has multiple parents with varying outputrepresentations. In this situation, the replacementcomponent may use the most-precise of the parents’output representations to ensure that removal of thatparent’s data is recognised.

This is demonstrated in Figure 11 where thebitwise and component uses (a) the most-preciseof the parents’ output representations (binary) andthe four most-significant bits of B are removed,as opposed to (b) the least-precise representation(single value) where this removal is not recog-nised. The GetMaximumRepresentation() methodcalculates and returns the most-precise of the par-ents’ output representations, or simply returnsBinaryRepresentation when there are no parents.

Once the set of potential replacement componentshas been compiled, the best of these must be selected.As the goal of this research is to better recognise ex-pressions that remove data, the best component isthe one that removes the greatest percentage of itsinput ports. Percentage removed is used over numberremoved as the significance of a single port varies be-tween representations; it is better to remove a port insingle value representation than in binary representa-tion. This process is aided by the Component class’simplementation of the IComparable<Component> in-

terface, allowing the potential replacements to besorted by percentage of input ports removed. Shouldmultiple components remove the same percentage oftheir input ports, the component with the most-precise representation is chosen.

Unlike entries in the component library, compo-nents constructed by ComponentSet subclasses in-clude ports for literal value inputs. These portsare not involved in any intra-component connections,however, making the components effectively equal tothose of the component library. This approach wastaken as the C-to-SIFA Converter’s base code alreadyinserts literal value nodes into the data flow graph,and it allows for the future addition of an option totrace literal values of interest, i.e., “magic numbers.”

As the component selection algorithm is affectedby the output representations of a node’s parents, theorder in which nodes are replaced is significant. Ifa child node is replaced before its parent, the mostappropriate component may not be selected as theparent’s output will be in single value representation.To ensure that the most appropriate components areused throughout the entire data flow graph, replace-ment should start at nodes without parents (e.g., lit-eral value nodes or those for the rand() function)and follow on those encountered while performing abreadth-first graph traversal from the same node.

4.4 Component replacement

Once an appropriate replacement has been found,the existing Node must be removed from the dataflow graph and its replacement inserted. Thisis a two step procedure. First, all connec-tions involving the existing Node are mirrored withits replacement. Supporting this process is theRepresentationBuilder class which provides meth-ods to construct Representation instances for exist-ing Nodes and thus allows them to be connected, aswas discussed in Section 4.2. The second step is tosever all connections to the existing Node, removingit from the data flow graph.


78

(a)

(b)

Figure 12: Data flow graph for expression ‘rand() & 0x0F’ in (a) the original and (b) the updated tool.

5 Evaluation

In this section we demonstrate the effectiveness ofour extension to the C-to-SIFA Converter’s expres-sion modelling functionality on some small case stud-ies involving expressions or program segments citedin other works or that the tool was known to havedifficulty with. If the updated version of the tool ar-rives at the same conclusion as the previous works orovercomes the difficulties it previously faced, it can besaid to have greater accuracy and will result in fewerfalse-positives.

For each case study, an equivalent C program wasdeveloped and passed to both the original and up-dated versions of the C-to-SIFA Converter. The re-sulting data flow graphs were opened in SIFA andanalysed using its “find all paths” function whichenumerates all paths between selected “source” and“sink” ports. If a path exists between two ports, datais assumed to flow between them. In the SIFA screen-shots in Figures 12 to 14 the source and sink portsappear in red and black, respectively, as is customaryin the infosec community.

5.1 Case study: Masking using bitwise ‘and’

After introducing the concept of influence, Newsomeet al. (2009) provide several examples to demonstrateits behaviour and use. One such example is the as-signment ‘V = base + (I & 0x0F)’, for which theauthors conclude that variable I has 4 bits of influenceover variable V. This example demonstrates that the

expression’s bitwise and operation removes all butthe 4 least-significant bits of I.

Our C program mirroring this example performsthe same masking operation, but instead uses the out-put of the rand() function because the value of I inthe expression is unknown. As can be seen at thetop of Figure 12, the original version of the C-to-SIFA Converter treated the bitwise and operation asatomic. When SIFA was used to analyse data flowit merely reported that the rand() function’s valueaffected the expression’s output. The updated tool,however, recognised that a bitwise component couldbe used in this situation. As shown at the bottom ofFigure 12, it expanded the values into binary repre-sentation and arrived at the same conclusion as New-some et al. (2009), with SIFA now reporting that onlythe 4 least-significant bits of rand() pass through thebitwise and operation. The more detailed data flowgraph thus allows us to see which parts of the valueare effectively blocked.

5.2 Case study: Dropping bits via integer di-vision

Another example of influence provided by Newsomeet al. (2009) is the assignment ‘V = I / 2’, for whichthe authors conclude that variable I has control overall but the most-significant bit of variable V. This ex-ample demonstrates that division by 2x for x ≥ 0 isequivalent to a right-shift by x places. In this case, xequals 1.


79

(a)

(b)

Figure 13: Data flow graph for expression ‘rand() / 2’ in (a) the original and (b) the updated tool.

The C program used to mirror this example per-forms the same division operation but again on thevalue of the rand() function, for the same reasonsas in the previous case study. As can be seen atthe top of Figure 13, the previous version of the toolagain treats the operation as atomic and SIFA merelyreports that the rand() function’s value affects thewhole expression’s value. However, the bottom of Fig-ure 13 shows that our extended C-to-SIFA Converteragain expanded the values into a binary representa-tion, and inserted an appropriate division component,allowing SIFA’s data flow analysis to recognise thatthe least-significant bit of the value produced by therand() function is removed by the division operation.Again this accords with the assessment of this expres-sion by Newsome et al. (2009).

5.3 Case study: Ineffective bits in a compar-ison

To help us understand how the C-to-SIFA Convertercould be used by AISEP security evaluators, the De-fence Signals Directorate provided this project with apackage of code fragments intended to be representa-tive of the sort of embedded C code they encounter

during their evaluations. One of these code frag-ments contains the expression ‘source reg > 0x7F’which effectively removes the 7 least-significant bits ofsource reg as they alone cannot make the value ex-ceed 0x7F (127); it is the most significant bit that de-termines the expression’s output. This demonstratesthat relational operators may be used to downgradedata similarly to bitwise operators.

Again, the C program used to mirror this exampleuses the rand() standard library function in place ofthe unknown value source reg. Once more the topof Figure 14 shows that the previous version of thetool treats the greater-than operation as atomic andprovides no detail about how data flows through it.However, the bottom of Figure 14 shows how the up-dated tool expands the values into binary representa-tion and correctly removes the 7 least-significant bitsof rand(), allowing only the most-significant bit topass through.

6 Discussion and future work

This research project was time-constrained, so we didnot attempt to create library components for all ofthose expression elements supported by the CCS com-


80

(a)

(b)

Figure 14: Data flow graph for expression ‘rand() > 0x7F’ in (a) the original and (b) the updated tool.

piler. Instead we considered certain bitwise, logical,and mathematical operators, as well as a subset ofstandard C library functions and type casts, that werefound in the package of code fragments provided tothe project by the Defence Signals Directorate as rep-resentative of the sort of embedded C code encoun-tered during infosec evaluations

The accuracy of the new expression tracing func-tionality could be further increased by creating sup-port for more expression elements such as operationsthat involve the special floating-point values Inf (in-finity) and NaN (not a number). Better type cast sup-port would be particularly beneficial as such opera-tions are used frequently within embedded code andcan potentially remove significant amounts of data.

While adding support for expression elements in-creases the tool’s accuracy directly, adding represen-tations does so indirectly as it facilitates the creationof components. Several other representations werecontemplated during the development of the com-ponent library, but were not considered importantenough to implement given the ‘typical’ code frag-ments provided by the DSD. They include:

• byte representation where groups of 8 bits arerepresented by a single port,

• sign, mantissa, and exponent representationwhere bits are grouped based on how floating-point values are stored in memory (e.g., as perthe IEEE 754 standard), and

• sign, integral portion, and fractional portion rep-

resentation (but we cannot determine which bitscomprise these portions without knowing thevalue).

A nontrivial undertaking that could significantlyincrease the tool’s accuracy would be to implementsome symbolic execution functionality, e.g., by associ-ating additional metadata with the data values beingtraced through components. For example, after dataflows through a left-shift by x, we know that its xleast-significant bits are 0; this would allow more ap-propriate components to be used later in the data flowgraph, further reducing false-positive errors. Thisfunctionality could be implemented by developing anabstraction of data to which information can be at-tached, and then doing so as data is traced throughthe data flow graph.

Finally, the expression tracing extension to theC-to-SIFA Converter was constrained in some waysby the tool’s existing code base. Data could not betraced through type casts, for example, because theextensions works by replacing nodes of a given dataflow graph constructed by the base code, and the ver-sion of the C-to-SIFA Converter used in this projectdid not insert nodes for type casts. (The C-to-SIFAConverter is still being refined, however, so such acapability could be added later.)

7 Conclusion

In this research we have developed a technique toprecisely trace data flow through embedded program


81

expressions and used it to reduce the overestima-tion of data flow made by an existing static-analysistoolkit intended for evaluating security-critical pro-gram code. Small case studies such as those shownabove have demonstrated that the enhanced toolkitis more accurate and generates fewer false-positive er-rors through the increased recognition of downgrad-ing expressions (Li & Zdancewic 2005). This has thepotential to save time and effort for information secu-rity evaluators of embedded devices. At the time ofwriting we are conducting larger case studies (Millset al. 2012) and further expanding the capabilities ofthe toolkit. As noted above, there are also a numberof ways in which the expression tracing functionalitydescribed herein could be improved even further.

References

Deng, Z. & Smith, G. (2004), Lenient array opera-tions for practical secure information flow, in ‘Pro-ceedings of the Seventeenth IEEE Computer Se-curity Foundations Workshop (CSFW 2004), Cali-fornia, USA’, IEEE Computer Society, WashingtonDC, USA, pp. 115–125.

Denning, D. (1976), ‘A lattice model of secureinformation flow’, Communications of the ACM19(5), 236–242.

Denning, D. & Denning, P. (1977), ‘Certification ofprograms for secure information flow’, Communi-cations of the ACM 20(7), 504–513.

Goguen, J. & Meseguer, J. (1982), Security policiesand security models, in ‘Proceedings of the 1982IEEE Symposium on Security and Privacy’, pp. 11–20.

ISO (2009), ISO/IEC Standard 15408-1:2009,Information Technology—Security Techniques—Evaluation Criteria for IT Security—Part 1:Introduction and General Model, 3.1 edn, Interna-tional Organization for Standardization, Geneva,Switzerland. Standardised version of the CommonCriteria for Information Technology SecurityEvaluation.

Lee, E. (2002), Embedded software, in M. Zelkowitz,ed., ‘Advances in Computers’, Vol. 56, Elsevier,pp. 55–95.

Li, P. & Zdancewic, S. (2005), Downgrading policiesand relaxed noninterference, in ‘Proceedings of the32nd ACM Symposium on Principles of Program-ming Languages (POPL’05)’, ACM, pp. 158–170.

McComb, T. & Wildman, L. P. (2005), SIFA: A toolfor evaluation of high-grade security devices, inC. Boyd & J. Nieto, eds, ‘Proceedings of the TenthAustralasian Conference on Information Securityand Privacy (ACISP 2005), Brisbane, Australia’,Vol. 3574 of Lecture Notes in Computer Science,Springer-Verlag, Berlin, pp. 230–241.

McComb, T. & Wildman, L. P. (2007), A com-bined approach for information flow analysis infault tolerant hardware, in ‘Proceedings of theTwelfth IEEE International Conference on Engi-neering of Complex Computer Systems (ICECCS2007)’, IEEE Computer Society Press.

Mills, C., Fidge, C. J. & Corney, D. (2012), Tool-supported dataflow analysis of a security-criticalembedded device, in J. Pieprzyk & C. Thombor-son, eds, ‘Proceedings of the Tenth Australasian

Information Security Conference (AISC 2012), Mel-bourne’, Vol. 125 of Conferences in Research andPractice in Information Technology, AustralianComputer Society.

Myers, A. (1999), JFlow: Practical mostly-static in-formation flow control, in ‘Proceedings of the 26thACM Symposium on Principles of ProgrammingLanguages’, ACM, pp. 228–241.

Newsome, J., McCamant, S. & Song, D. (2009), Mea-suring channel capacity to distinguish undue influ-ence, in S. Chong & D. Naumann, eds, ‘Proceed-ings of the ACM SIGPLAN Fourth Workshop onProgramming Languages and Analysis for Security(PLAS’09), Dublin, June 15’, ACM, pp. 73–85.

Newsome, J. & Song, D. (2005), Dynamic taint analy-sis for automatic detection, analysis, and signaturegeneration of exploits on commodity software, in‘Proceedings of the 12th Annual Network and Dis-tributed System Security Symposium’.

Pistoia, M., Chandra, S., Fink, S. J. & Yahav, E.(2007), ‘A survey of static analysis methods foridentifying security vulnerabilities in software sys-tems’, IBM Systems Journal 46(2), 265–288.

Rus, S., He, G. & Rauchwerger, L. (2007), Scal-able array SSA and array data flow analysis, inE. Ayguade et al., eds, ‘Proceedings of the 18th In-ternational Workshop on Languages and Compilersfor Parallel Computing (LCPC 2005)’, Vol. 4339of Lecture Notes in Computer Science, Springer-Verlag, pp. 397–412.

Scholz, B., Zhang, C. & Cifuentes, C. (2008), User-input dependence analysis via graph reachability,in ‘Proceedings of the Eighth IEEE InternationalWorking Conference on Source Code Analysis andManipulation (SCAM 2008), Beijing, September28–29’, IEEE, pp. 25–34.

Seacord, R. (2006), Secure Coding in C and C++,Addison-Wesley. ISBN 0-321-33572-4.

Song, D., Brumley, D., Yin, H., Caballero, J., Jager,I., Kang, M., Liang, Z., Newsome, J., Poosankam,P. & Saxena, P. (2008), BitBlaze: A new ap-proach to computer security via binary analysis, inR. Sekar & A. Pujari, eds, ‘Proceedings of the 4thInternational Conference on Information SystemsSecurity’, Vol. 5352 of Lecture Notes in ComputerScience, Springer-Verlag, Berlin, Germany, pp. 1–25.

Suh, G., Lee, J., Zhang, D. & Devadas, S. (2004), Se-cure program execution via dynamic informationflow tracking, in ‘Proceedings of the 11th Inter-national Conference on Architectural Support forProgramming Languages and Operating Systems’,pp. 85–96.

Tanenbaum, A., van Staveren, H. & Stevenson, J.(1982), ‘Using peephole optimization on interme-diate code’, ACM Transactions on ProgrammingLanguages and Systems 4(1), 21–36.

Volpano, D., Smith, G. & Irvine, C. (1996), ‘A soundtype system for secure flow analysis’, Journal ofComputer Security 4(3), 167–187.


82

A taint marking approach to confidentiality violation detection

Christophe Hauser1,2, Frederic Tronel1, Jason Reid2, Colin Fidge2

1 [email protected]

2 Queensland University of [email protected], [email protected]

Abstract

This article presents a novel approach to confidential-ity violation detection based on taint marking. In-formation flows are dynamically tracked between ap-plications and objects of the operating system suchas files, processes and sockets. A confidentiality pol-icy is defined by labelling sensitive information anddefining which information may leave the local systemthrough network exchanges. Furthermore, per appli-cation profiles can be defined to restrict the sets ofinformation each application may access and/or sendthrough the network. In previous works, we focusedon the use of mandatory access control mechanismsfor information flow tracking. In this current work,we have extended the previous information flowmodelto track network exchanges, and we are able to definea policy attached to network sockets. We show anexample application of this extension in the contextof a compromised web browser: our implementationdetects a confidentiality violation when the browserattempts to leak private information to a remote hostover the network.

1 Introduction

Over the past decade, firewalls and antivirus soft-ware have become a necessary addition to the se-curity components of operating systems, includ-ing those of mobile phones and embedded de-vices. More recently, sandboxing and access controltools such as AppArmor (Novell/SUSE n.d.) andSELinux (Stephen Smalley 2002) have also emerged,aiming to protect the operating system from un-trusted applications. However, even if such compo-nents successfully protect the applications and theoperating system, in practice they do not guaranteethe protection of confidential data or users’ privacy.The reason for this is that existing solutions either fo-cus on mandatory access control resulting in a lack offlexibility, or enforce data flow policies at the networkor transport level without any knowledge of the ac-tual content. With the growing number of untrustedapplications installed on portable computing devicessuch as smartphones, and the prevalence of untrustedscripts from remote services executed locally by webbrowsers, potential sensitive data leaks are becom-ing one of the most important threats for end users.For instance, a malicious script executed by a web

Copyright c!2012, Australian Computer Society, Inc. Thispaper appeared at the 10th Australasian Information Secu-rity Conference (AISC 2012), Melbourne, Australia, January-February 2012. Conferences in Research and Practice in In-formation Technology (CRPIT), Vol. 125, Josef Pieprzyk andClark Thomborson, Ed. Reproduction for academic, not-for-profit purposes permitted provided this text is included.

browser may illegally access sensitive information andsend it through the network, while the current usermay legally access it manually with the same appli-cation. Current approaches are not su!cient to dealwith such situations as they cannot catch indirect in-formation flows (Stephane Geller, Christophe Hauser,Frederic Tronel, Valerie Viet Triem Tong 2011) (e.g.,an information flow from the content of a sensitive filetowards a network socket opened by the web browser).In this work, we present a novel approach to confi-dentiality violation detection based on dynamic taintmarking. We extended and implemented Blare, amodel of information flow tracking at the operatingsystem level. Our extension is based on a network pol-icy, stating how information is allowed to leave thelocal system through network exchanges and whichapplications may do so. This article is organised asfollows: we first present existing work in the literaturerelated to operating system level security, mandatoryaccess control, firewalls and deep packet inspection inSection 3. Then, we present our approach of confi-dentiality violation detection based on taint markingand its implementation in the Linux kernel in Sec-tion 4. In Section 5.1, we report experimental resultsthat demonstrate the e"ectiveness and e!ciency ofthe proposed approach in detecting a leakage of sen-sitive data through a web browser running untrustedscripts. Finally, in Section 6, we discuss these resultsand possible future improvements.

2 Approach overview

We have developed a framework that allows users totrace how their private data is used by applications,and to monitor sensitive information that flows outover the network. Most of today’s personal comput-ers rely on untrusted third party applications such asbrowser plugins or so called ‘apps’. Many of theseare closed source, which makes static analysis impos-sible (in the case of native code). And even in thecase of opensource applications, there is always a riskof security flaws or coding errors potentially leakingsensitive data. Dynamically detecting the leak of sen-sitive information is challenging given that:

• One application can exchange information withanother using IPC, shared memory, etc.

• It is impractical to modify o"-the-shelf applica-tions; instead, we prefer to implement a referencemonitor in the operating system kernel as a morepragmatic solution.

• The performance overhead must be small tomaintain a responsive system, i.e., not a"ectingthe user’s experience and causing them to disablethe security mechanisms.


83

We use dynamic tracking of information flows be-tween objects of the operating system in order tomonitor sensitive data leaks. A defining aspect of ourapproach is that we distinguish data from contain-ers : data is the actual information we track, whereascontainers are storage entities such as files, memorypages, etc. Sensitive data is first identified and theircontainers are labeled with meta-data called tags. Asinformation flows between containers, tags are dy-namically updated to reflect the container’s content.

When it comes to protecting sensitive data againstleakage by untrusted applications or via malware thatexploits security flaws, existing approaches have sev-eral limitations. Individuals can use software fire-walls on their internet-connected personal/portablecomputing devices to filter network connections with-out changing the security policy of the underlyingoperating system. However, while such mechanismsmay successfully protect a host from outside threats,they typically do not prevent the leak of informationby untrusted or misconfigured applications. Deeppacket inspection firewalls are able to identify datapatterns in network packets, however this approachis too coarse-grained to e!ciently track the presenceof sensitive data in network exchanges and is thus notan e"ective solution to protect against sensitive dataleaks.

Mandatory access control tools such as AppAr-mor (Novell/SUSE n.d.) and Tomoyo (Harada et al.2003) are similarly not practical when it comes toprotecting confidentiality:

• When used in enforcement mode, informationflows are blocked, which may break some func-tionalities. This e"ectively renders the approachunusable for most end users.

• When used in permissive mode, these toolsare unable to track indirect information flows(Stephane Geller, Christophe Hauser, FredericTronel, Valerie Viet Triem Tong 2011).

Figure 1 presents our approach to taint trackingfor monitoring data leaks. A kernel reference monitorhas been implemented in the Linux Kernel and allowsfor e!cient dynamic information flow tracking at thelevel of system objects (processes, filesystem inodes,etc.).

Figure 1: Network information flow tracking

Sensitive data is labelled at the filesystem level,and the level of granularity of our approach is at thefile level (i.e., files are considered as atomic pieces ofinformation). Our implementation takes advantage ofthe Linux Security Modules (LSM) framework avail-able in the Linux kernel, and taint propagation is trig-gered by access control hooks. Our design goals are toprovide a model that is easy to use, does not lock allthe system by default by labelling only the sensitiveinformation, and does not miss any information flow(no false negatives). We consider false positives asan acceptable fact in most situations where sensitivedata is involved and should leak by no means.

3 Background

This section provides an overview of existing solutionssuch as firewalls, deep packet inspection, traditionaloperating system security mechanisms, access controland host-based intrusion detection systems. It alsohighlights the deficiencies in these approaches in ad-dressing the data leakage problem examined in thispaper.

3.1 Firewalls

Firewalls are devices or software that filter networktra!c at di"erent layers of the ISO network model.They can be set up to restrict access to a personal ma-chine or a company’s network from other untrustednetworks, thus creating trust boundaries (Ingham &Forrest 2002). Individuals can use software firewallson their personal/portable computers to define andenforce policies concerning both incoming and outgo-ing network tra!c. Deep Packet Inspection (DPI)firewalls identify anomalous patterns in tra!c vol-umes by inspecting both the headers and contentof packets. They provide the capability of identi-fying anomalous network tra!c as well as manag-ing normal tra!c. They also form the core of manycommercially-available firewalls and intrusion detec-tion systems (IDS). Tamer et al. (AbuHmed et al.2008) present a survey of the Deep Packet Inspectionalgorithms, implementation techniques, research chal-lenges and their usage in several existing technologiesfor intrusion detection systems. Some of the high-lighted challenges include the complexity of researchalgorithms, the ever-increasing number of attack sig-natures (which negatively impacts on performance)and the increasing prevalence of encrypted data whichDPI cannot examine. In terms of the problem this pa-per seeks to address, a key drawback of DPI is thatthe sensitive data must first be exhaustively enumer-ated in signatures and this may be di!cult for non-technical users.

3.2 Access control

Discretionary access control (DAC) is the most com-monly used access control model and is the default onUNIX based systems. Access is restricted given theidentity and the group of the subject trying to ac-cess an object. While traditional discretionary accesscontrol lets subjects transfer certain permissions toeach other at their own discretion and remains widelyused, previous research on mandatory access control(MAC) has led to implementations in common op-erating systems, such as Linux, FreeBSD, Mac OSX and Windows. Linux and FreeBSD have been ex-tended with generic access control frameworks: theLinux Security Modules (LSM) (Wright et al. 2002)and TrustedBSD (Watson & Vance 2003). These


84

frameworks provide sets of hooks for mediating accessto resources (files, sockets, IPC, etc.). So-called LSMmodules can implement various models and policieswithin the Linux kernel by using the LSM Framework.SELinux (Stephen Smalley 2002) emerged from re-search led by the National Security Agency. It is thefirst security module available in Linux, and it hasbeen designed to implement a flexible MAC mech-anism called domain and type enforcement (DTE).Other LSM modules include AppArmor (Novell/-SUSE n.d.), Smack (Schaufler n.d.) and Tomoyo(Harada et al. 2003). AppArmor (Novell/SUSE n.d.)is a MAC implementation available in the Linux ker-nel which aims to be a simpler alternative to SELinux.It is used by default by Novell in their products andcomes with a predefined policy, and a set of genericdefinitions to ease the di!culty of creating new poli-cies. When in use, LSM modules block illegal accessesto resources before they can occur. This is sometimesreferred to as enforcement mode. Most of these mod-ules also support a permissive mode, in which illegalaccesses are logged but not blocked. Such behaviouris comparable to policy-based IDSs (Georges et al.2009). By using MAC mechanisms, one can finelycontrol the operations each subject is allowed to per-form on the objects of the system. When configuredcorrectly, those mechanisms can significantly improvesecurity by rejecting illegal accesses that would havebeen allowed otherwise, and the policy is enforcedat the kernel level. However, there are a number oflimitations with these approaches regarding the mon-itoring of sensitive data leaks. First, access controlmechanisms cannot block indirect information flowsbut instead only control the legality of access to re-sources. The actual content of resources may ille-gally flow towards other processes through IPC, filesor other objects. Another limitation of access controlmechanisms in this context is that they block ille-gal accesses and thus modify the system’s behavior,possibly breaking functionalities. In some situations,users have to modify the security policy in order tobe able to perform manual actions, which may leadthem to disable the security mechanisms.

3.2.1 Information flow control and taint anal-ysis

In 1973, the Bell-LaPadula model was introduced(LaPadula & Bell 1973), with the primary goal ofprotecting confidentiality. It is also known as Mul-tilevel Security, and systems that implement it arecalled Multilevel secure or MLS systems (Andersonet al. 2001). In this model, subjects and objects arelabeled with a security level, which represents theirsensitivity or clearance. Any information flow from ahigh security classification to a lower security classi-fication is illegal (Bell & LaPadula 1976, Departmentof Defense 1987, Foley et al. 2006). Implementationsof MLS try to accurately observe data manipulationsin order to prevent illegal information flows. Op-erating systems with MLS implementations includeSELinux, FreeBSD, Solaris and BAE XTS-400. In1976, Denning introduced “a lattice model of secureinformation flow” (Denning 1976). She defines it as amathematical framework suitable for formulating therequirements of secure information flow among secu-rity classes. Most of the lattice-based informationflow models can be represented in Denning’s frame-work. Models of decentralised information flow con-trol based on lattice models (see Section 3.2.1) in op-erating systems such as Histar (Zeldovich et al. 2006)and Asbestos (Efstathopoulos et al. 2005) providean alternative to MAC but are still based on access

control mechanisms. Flume (Krohn et al. 2007) isa Linux implementation of decentralized informationflow control based on Asbestos labels, and contraryto the previous models, it uses standard OS abstrac-tions.

The protection of sensitive information is be-coming a serious concern. Recent works regard-ing the monitoring of private information includePanorama (Yin et al. 2007), TaintCheck (Newsome& Song 2005) and TaintDroid (Enck et al. 2010).Panorama is a system-wide information flow trackingmodel based on dynamic taint analysis. TaintCheckdynamically taints incoming data from untrustedsources (e.g. network) and detects when tainted datais used in any way that could be an attack. Both usefull system emulation at the instruction level to pro-vide very fine-grained approaches. However, the mainlimitation of such instruction-level models is a veryhigh penalty in terms of performances, a slowdown of20 times in average when using Panorama, and a slow-down of 1.5 to 40 times when using TaintCheck, ac-cording to their respective authors. TaintDroid(Encket al. 2010) is an information flow tracking systemfor realtime privacy monitoring on smartphones. It isbased on taint marking at four di"erent levels of gran-ularity, respectively at the variable, message, methodand file levels. TaintDroid has a performance over-head of 14% on CPU. However, TaintDroid is focusedon the Android platform using the Dalvick interpreterand therefore it does not apply to native applications,which represent most of the software present on stan-dard desktop operating systems.

3.2.2 Host-based intrusion detection

Where intrusion detection systems (IDSs) are oftennetwork related and based on network tra!c signa-tures, there also exist host based IDSs, observing op-erating system events and raising alerts when suspi-cious behaviours are observed. Network IDSs are notpractical to track sensitive data leaks for the same rea-son as firewalls and deep packet inspection, as thosedo not have any knowledge of application level infor-mation. This makes it di!cult to define signaturesthat can identify sensitive information.

Policy-based IDSs are anomaly detection IDSs fol-lowing a “default-deny” approach. A number of pre-vious works exist in this domain, using sandboxingmechanisms at the language level (Inoue & Forrest2002) or via Kernel based reference monitors such asBlueBox, REMUS, LIDS and Ko et al.’s system wrap-pers (Chari & Cheng 2003, Habib 2006, Bernaschiet al. 2002, Ko et al. 2000). Similar sandboxing mech-anisms also exist in user space, namely system intro-spection (Wagner 1999, Jain & Sekar 1999).

Contrary to access control mechanisms, such ap-proaches are permissive: they do not block informa-tion flows and thus do not modify the system behav-ior. However, they are inadequate for tracking infor-mation flows involving sensitive data. These modelsof intrusion detection e!ciently monitor access to re-sources when subjects access it but they have a com-mon limitation with access control mechanisms: onceaccess to a resource has been granted, they do notmonitor any further information flow towards otherprocesses or system objects.

4 Detection of confidentiality violations

Taint marking techniques along with an informa-tion flow policy have been used in previous worksfor host-based intrusion detection in Blare (Stephane


85

Geller, Christophe Hauser, Frederic Tronel, ValerieViet Triem Tong 2011). Our current research buildson this system for the detection of confidentiality vi-olations through untrusted applications over the net-work. This work is based on a subset of the Blaremodel, that we extended with support for networksockets and a network policy. Blare is able to dynam-ically observe information propagation. Adding sup-port for networking makes it possible to monitor out-going information while being aware of the involvedapplications and data.

4.1 Summary of the Blare model

Blare labels information with tags. Objects of the op-erating system which may contain information (suchas files, processes, IPC etc.) are called containerseach of which has a so-called information tag. Everytime an information flow occurs towards a container,its information tag is updated to reflect a maximal es-timation of its possible new content1. Such tags usemeta-data to describe information, and a distinctionis made between passive stored data and active codebeing executed by a process. The set of all passivedata in a system is noted I and the set of all activecode is noted X . This distinction is motivated byDenning’s assumption that “processes are the activeagents responsible for all information flows” (Denning1987). Information tags are sets of meta-informationdescribing the content of containers, namely any com-bination of X and I, that we denote as !(I ! X)2.Processes are the result of the execution of binaryprograms, most likely (but not necessarily) stored ondisk. Recall the distinction between active and pas-sive information. Passive information stored on diskis labelled with meta-data from I. Every element ofI has an image in X through a function exec() char-acterizing the execution. Since we do not have anya-priori means to know if information is executableor not, all information exists in both sets. When abinary containing executable information (i " I) isexecuted, the Information tag of the new process isinitialized to (x = exec(i)). This indicates which codeis currently being run by the process. After this, itsinformation tag is updated after every informationflow as described previously.

4.2 Network extension

We have developed an extension of Blare supervisingnetwork interactions. Network sockets are informa-tion channels, and we track information flowing to-wards them. There are di"erent families of sockets,including UNIX domain sockets and internet sock-ets. The latter are used to communicate with un-trusted remote hosts through the internet, and we fo-cus on their usage by userspace applications. Socketsby themselves are not labelled, as we consider thoseas part of the process memory. Instead, tracking isperformed when processes actually send informationthrough those information channels.

4.2.1 Network policy tag

The policy for communicating with internet socketsis defined globally through a unique shared network

1The new information tag is the union of the source’s infor-mation tag and the destination’s information tag: a conservativeestimate that is safe but may be an overestimation, reflecting a‘worst case’ scenario where the complete content of the source iscopied to the destination. This is necessary because it is impracti-cal to observe actual information flows (Zeldovich et al. n.d.).

2Powerset !(A) denotes all the subsets of A.

policy tag. The network policy tag is a tuple definingwhich combinations of information may legally leavethe local system through internet sockets, and option-ally which applications may communicate, as well aswhich information each application may communicate(per-application profiles).

A network policy tag is defined as follows:

Pnet " !(!(I ! X))

It is a tuple of sets that can contain any combinationof elements from I (passive data) and X (runningcode).

The following properties apply to Pnet:

• Elements of I in the sets of Pnet represent mutu-ally exclusive sets of data which can legally flowout of the system (i.e., only one of the sets islegal at one time).

• Elements of X in the sets of Pnet represent su-pervised3 code which is allowed to communicatethrough internet sockets.

• Any combination A # !(I ! X) in the sets ofPnet defines a profile for applications, where ele-ments of I define which data can be sent over thenetwork, and elements of X define which runningcode may send that information.

4.2.2 Legality of network information flows

When a process sends information through a socket,a legality verification is performed on its current in-formation tag against the global network policy tag.The information flow is legal if and only if the con-tent of its information tag is contained in one of thesubsets of the network policy tag.

Definition 1. For any information tag containing aset of data S # !(I!X), the boolean relation Legalnetis defined as follows:

Legalnet(S) $ %p " Pnet|S # p

4.3 Practical use cases

Our approach covers the following use cases. In thefollowing, the term labelling refers to the action ofattaching a unique information tag to a file.

4.3.1 All sensitive data must stay local

In this use case, the user of the system wants all ofthe sensitive data to stay local. Any network trans-fer of those data is a violation of the policy and ourextended version of Blare will report a privacy viola-tion alert. This can be accomplished by only labellingsensitive data (files) that should never flow out of thesystem. By defining an empty network policy tag,no data can legally flow out through network sockets,and the user will be notified every time a socket sendssuch tainted data over the network.

Pnet = {{}}

3The corresponding binary file is labelled with an informationtag.


86

4.3.2 Sensitive data may be sent over the net-work only through trusted applications

In this use case, the system contains both trusted anduntrusted applications, as well as some sensitive datawhich may flow over the network only through trustedapplications. This can be accomplished by labellingall the binary applications on the system along withall the sensitive data. The network policy tag is setto match the union of all the information tags of thebinaries and those of sensitive files on the filesystem.In this case, the network policy tag is a tuple withonly one set.

Pnet =N!

i=1

(S ! C)

Here S is the set of all the sensitive data and C theset of all trusted code.

4.3.3 Per-application profiles

In this use case, the system contains both trusted anduntrusted applications, and each trusted applicationmay send a di"erent set of sensitive data over thenetwork. This can be accomplished by labelling allthe binary applications on the system along with allthe sensitive data. Then, the network policy tag is atuple of several sets such as:

Pnet = {N!

i=1

(s ! c)|s # S, c # C, legal(c, s)}

where legal(a, b) states that the application a is al-lowed to send information b over the network.

4.4 Dynamic policy changes

Taint marking can sometimes lead to a growing num-ber of false positives due to the fact that tainted dataremains tainted until the system reboots, and infor-mation flows keep propagating tainted data betweenobjects of the operating system. This may lead torepetitive alerts about the same data leaking. Fur-thermore, the user or administrator may decide todeclassify some information that he or she previouslyconsidered as private, and allow it to flow over thenetwork.

For this reason, users can decide to modify thepolicy on the fly while the system is running. Newsets can be dynamically added to the network policytag at runtime. Several situations may occur:

• Only sensitive data has been labelled, and maynot flow over the network. There are no trustedapplications. In this case, the user can perma-nently neutralize alerts concerning a set of sen-sitive data S by adding a new tuple S to thenetwork policy tag.

• Both sensitive data and trusted application’scode have been labelled, and the user wants toneutralize alerts concerning one set of sensitivedata S leaked by processes running code C. Thiscan be performed by adding a new set to the net-work policy tag containing (C ! S).

4.5 Implementation

The reference monitor for this current model hasbeen implemented in Linux version 2.6.39, as a LinuxSecurity Module (LSM). This new implementationbuilds on a model described earlier in (StephaneGeller, Christophe Hauser, Frederic Tronel, ValerieViet Triem Tong 2011) along with our network ex-tension presented in this paper, and has been writtenfrom scratch using the C programming language. In-formation tags are implemented as linked lists of 64-bit signed integers, where positive values representthe set of passive data I and negative values repre-sent the set of active data (i.e., code of running pro-cesses) X . The Network policy tag is implemented asa linked list of legal sets, where each set is a red blacktree for fast o(log(n)) lookups. Labels are writtenin the security namespace of the extended attributesof the filesystem. A userspace interface is exportedthrough securityfs4 to load the network policy tag inkernelspace. Supervised socket families are AF INETand AF INET6. A userspace daemon reports alerts tothe user via the libnotify library. Userspace tools al-low us to manipulate filesystem extended attributesto set and edit information tags.

5 Experiments

5.1 Data leaks through a web browser

The following scenario shows how our new model andimplementation can detect confidentiality violationsby untrusted code interpreted by aWeb browser. Webbrowsers were initially simple applications display-ing HTML content to the final user, but those haveevolved into complex applications running JavaScriptand other interpreted languages on the client ma-chine, inevitably exposing user data to a numberof real threats. In this scenario, a client is run-ning a modified Linux kernel with our implementa-tion of Blare with the presented network extension.The client visits a malicious web page using MozillaFirefox 3.5 and the Java runtime environment plugin(JRE) version 6 update 10. This version is subjectto the “Java calendar deserialization” vulnerability(CVE 2008-5353) that may lead to the execution ofarbitrary code by an attacker. The client executesmalicious Java code exploiting this issue and embed-ding a payload that allows the attacker to get a re-mote shell on the machine.

Assume the folder/home/alice/confidential/contains 64 confidential files. We labeled these files asbeing confidential, and assigned an information tagcontaining a unique identifier between 1 and 64 toeach of them. The information tag of these files is aset containing one unique identifier, e.g., {1}. Thisexperiment is similar to the use case “all sensitivedata must stay local” introduced in Section 4.3.1. Wedefined an empty network policy tag as follows :

Pnet = {{}}.

In this configuration, any application sendingany of the labelled files to any remote host is asecurity policy violation and triggers an alert. Nowwe visited a crafted web page http://www.malicious-host/malicious-page.html embedding a maliciousJava applet containing an attack against the previ-ously mentioned vulnerability. This malicious pagecauses Mozilla Firefox to execute the Java virtualmachine (JVM) in a separated process, which in

4Securityfs is based on sysfs and is used by the LSM modules,generally mounted as /sys/kernel/security.


87

turn interprets the Java code containing a remoteshell allowing the attacker to connect to the localmachine. As the attacker accesses labelled files of thelocal filesystem, the information tag of the processrunning Java is updated with information tags ofthe files it reads. At the moment when it sendsinformation through a socket, our kernel referencemonitor considers that the data being sent containsinformation from the files it previously read, andproceeds to a lookup throughout the network policytag to ensure this behavior is allowed by the user.For every illegal attempt to illegally send informationby the Java process, we were warned by the referencemonitor with the following message:[BLARE POLICY VIOLATION] Illegal informationsent to socket byprocess [PID] running java

5.2 Evaluation of performances

The following is an evaluation of our implementationin terms of performances. We uncompressed a Linuxkernel source tree and used it as a dataset containing39048 files, that we individually labeled with a uniqueinformation tag. The machine we used is a Pentium4 3.0 Ghz with 2.5 Gb of RAM. We evaluated theperformances of our kernel following the scenario “allsensitive data must stay local” as presented in Section4.2.

30

40

50

60

70

80

90

100

0 50 100 150 200 250 300 350 400

CPU

idle

[%]

Time [s]

SSH data transfer

VanillaBlare

Figure 2: CPU overhead on SSH transfer

Figure 2 compares the CPU idle time when usingLinus Torvald’s kernel (that we call Vanilla) and theBlare kernel. As expected, the Vanilla kernel giveslower CPU overhead during the transfer (higher CPUidle value). Our security framework adds 30% to 40%of extra overhead to the data transfer.

Figure 3 compares the memory overhead of ourkernel and makes a comparison with a Vanilla kernelexecuting the same file transfer operation. As Blareis attaching meta-information to every system object,the memory consumption remains higher by 30% onaverage when using our Kernel.

5.2.1 Overall completion time

The overall completion time was 300% longer withour kernel than with the Vanilla kernel. This limi-tation is due to a bottleneck at the filesystem levelin our prototype. Extended attributes of the filesys-tem are used extensively in our implementation withno optimization. We believe that the overall perfor-mances of our system can be improved by optimizingthe current prototype.

50

60

70

80

90

100

110

120

130

140

150

0 50 100 150 200 250 300 350 400

Mem

ory

usag

e [M

B]

Time [s]

SSH data transfer

VanillaBlare

Figure 3: Memory overhead on SSH transfer

5.2.2 Detection rate

When experimenting with an empty network policytag, Blare reports all labelled information that is leav-ing the operating system with no false negatives. Bydesign, our conservative approach, as described inSection 4.1 does not allow false negatives. However, avariable number of false positives may occur, depend-ing on the presence of indirect flows where Blare overestimates the actual content. Due to the impracticalaspects of such an evaluation, we have not performedany comprehensive study of the false positive rate inthis study. This aspect will be further evaluated infuture work.

6 Discussion

6.1 Advantages

By design, our model does not involve false negativesas our tainting technique makes an overestimate ofany possible content residing in system objects afterany information flow occurs. Furthermore, we do notonly monitor network tra!c, but any information flowbetween objects of the operating system.

6.2 Usability

We consider the presence of false positives in thismodel as an acceptable fact in most situations giventhat it is meant to protect from situations whichshould happen by no means, based on the principleof non-interference (Ko & Redmond 2002). The falsepositives rate can be improved by filtering alerts inuserspace, for instance any sequence of false positivestriggered by the same event can safely be discardedafter the event has been reported. A more compre-hensive evaluation of the false positive rates will bestudied in future work.

This model does not replace access control mech-anisms, nor enforce any security policy but insteadhelps to ensure no unwanted behaviour happens be-tween some defined sets of data and the network. Thesituation where a web-browser accesses some personalinformation is a good example of our goals: whereaccess control could have been used to block this par-ticular access in the first place, it does not prevent anapplication from indirectly accessing the same infor-mation by another channel (shared memory, IPC withanother application etc.). Furthermore, in this exam-ple we focus on the fact that this information shouldnot leave the system through the network, therefore


88

no alert would be raised for an application that ac-cesses the information but does not send it over.

7 Conclusion

Most of today’s computer software includes a numberof third party applications and plugins from untrustedsources. Users have no control over the actions suchsoftware can perform, and no guarantee regarding theconfidentiality of their data. This article presented anapproach of confidentiality violation detection basedon dynamic data tainting to address this issue. Weimplemented a reference monitor in the Linux kernelallowing for system-wide information flow tracking.We presented a practical example showing how it ispossible to detect confidentiality violations using ourmodel.

References

AbuHmed, T., Mohaisen, A. & Nyang, D. (2008), ‘Asurvey on deep packet inspection for intrusion de-tection systems’, Arxiv preprint arXiv:0803.0037 .

Anderson, R. J., Stajano, F. & Lee, J.-H. (2001), ‘Se-curity policies’, Advances in Computers 55, 186–237.

Bell, D. E. & LaPadula, L. J. (1976), Secure computersystem: Unified exposition and multics interpreta-tion, Mtr-2997 ( esd-tr-75-306), MITRE Corp.

Bernaschi, M., Gabrielli, E. & Mancini, L. V. (2002),‘Remus: a security-enhanced operating system’,ACM Trans. Inf. Syst. Secur. 5, 36–61.

Chari, S. N. & Cheng, P.-C. (2003), ‘Bluebox: Apolicy-driven, host-based intrusion detection sys-tem’, ACM Trans. Inf. Syst. Secur. 6, 173–200.

Denning, D. E. (1976), ‘A lattice model of secure in-formation flow’, Commun. ACM 19(5), 236–243.

Denning, D. E. (1987), ‘An Intrusion-DetectionModel’, IEEE transaction on Software Engineering13(2), 222–232.

Department of Defense (1987), ‘Trusted networkinterpretation of the DoD TCSEC (red book)’,NCSC-TG-005.

Efstathopoulos, P., Krohn, M., VanDeBogart, S.,Frey, C., Ziegler, D., Kohler, E., Mazieres, D.,Kaashoek, F. & Morris, R. (2005), Labels andevent processes in the asbestos operating system, in‘SOSP ’05: Proceedings of the twentieth ACM sym-posium on Operating systems principles’, ACM,New York, NY, USA, pp. 17–30.

Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung,J., McDaniel, P. & Sheth, A. N. (2010), Taint-droid: an information-flow tracking system for re-altime privacy monitoring on smartphones, in ‘Pro-ceedings of the 9th USENIX conference on Operat-ing systems design and implementation’, OSDI’10,pp. 1–6.

Foley, S. N., Bistarelli, S., O’Sullivan, B., Her-bert, J. & Swart, G. (2006), Multilevel securityand the quality of protection, in ‘Proceedings ofFirst Workshop on Quality of Protection’, Springer,p. 2006.

Georges, L., Tong, V. V. T. & Me, L. (2009), Blaretools: A policy-based intrusion detection systemautomatically set by the security policy, in ‘Pro-ceedings of the 12th International Symposium onRecent Advances in Intrusion Detection (RAID2009)’.

Habib, I. (2006), ‘Getting started with the linux in-trusion detection system’, Linux J. 2006.

Harada, T., Horie, T. & Tanaka, K. (2003), ‘Accesspolicy generation system based on process execu-tion history’, Network Security Forum .

Ingham, K. & Forrest, S. (2002), A History andSurvey of Network Firewalls, Technical report.URL: http://www.cs.unm.edu/˜treport/tr/02-12/firewall.pdf

Inoue, H. & Forrest, S. (2002), Anomaly intrusiondetection in dynamic execution environments, in‘Proceedings of the 2002 workshop on New secu-rity paradigms’, NSPW ’02, ACM, New York, NY,USA, pp. 52–60.

Jain, K. & Sekar, R. (1999), User-level infrastructurefor system call interposition: A platform for intru-sion detection and confinement, in ‘Network andDistributed Systems Security Symposium’.

Ko, C., Fraser, T., Badger, L. & Kilpatrick, D. (2000),Detecting and countering system intrusions usingsoftware wrappers, in ‘Proceedings of 9th USENIXSecurity Symposium (SEC 2000)’.

Ko, C. & Redmond, T. (2002), Noninterferenceand intrusion detection, in ‘Proceedings of the2002 IEEE Symposium on Security and Privacy’,pp. 177–187.

Krohn, M., Yip, A., Brodsky, M., Cli"er, N.,Kaashoek, M. F., Kohler, E. & Morris, R. (2007),Information flow control for standard os abstrac-tions, in ‘Proceedings of the 21st Symposium onOperating Systems Principles’, Stevenson, WA.

LaPadula, L. J. & Bell, D. E. (1973), Secure computersystems: A mathematical model, MTR-2547 (ESD-TR-73-278-II) Vol. 2, MITRE Corp., Bedford.

Newsome, J. & Song, D. (2005), Dynamic TaintAnalysis for Automatic Detection, Analysis, andSignature Generation of Exploits on Commod-ity Software, in ‘Proceedings of the Network andDistributed System Security Symposium (NDSS2005)’.

Novell/SUSE (n.d.), Apparmor, application securityfor linux, Technical report.URL: http://wiki.apparmor.net

Schaufler, C. (n.d.), The simplified mandatory accesscontrol kernel, Technical report.URL: http://schaufler-ca.com

Stephen Smalley, C. V. (2002), ImplementingSELinux as a Linux Security Module, Technical re-port, NAI Labs.

Stephane Geller, Christophe Hauser, Frederic Tronel,Valerie Viet Triem Tong (2011), ‘Information flowcontrol for intrusion detection derived from macpolicy’, Proceedings of the IEEE International Con-ference on Computer Communications (ICC) .

Wagner, D. A. (1999), Janus: an approach for con-finement of untrusted applications, Technical re-port, Berkeley, CA, USA.


89

Watson, R. & Vance, C. (2003), The TrustedBSDmac framework: Extensible kernel access controlfor freebsd 5.0, in ‘In USENIX Annual TechnicalConference’, pp. 285–296.

Wright, C., Cowan, C., Smalley, S., Morris, J. &Kroah-Hartman, G. (2002), Linux security mod-ules: General security support for the linux kernel,in ‘USENIX Security Symposium’, pp. 17–31.

Yin, H., Song, D., Egele, M., Kruegel, C. & Kirda,E. (2007), Panorama: capturing system-wide in-formation flow for malware detection and analy-sis, in ‘Proceedings of the 14th ACM conference onComputer and communications security’, CCS ’07,pp. 116–127.

Zeldovich, N., Boyd-Wickizer, S., Kohler, E. &Mazieres, D. (2006), Making information flow ex-plicit in histar, in ‘OSDI ’06: Proceedings of the 7thsymposium on Operating systems design and im-plementation’, USENIX Association, Berkeley, CA,USA, pp. 263–278.

Zeldovich, N., Kannan, H., Dalton, M. & Kozyrakis,C. (n.d.), Hardware enforcement of application se-curity policies using tagged memory., in R. Draves& R. van Renesse, eds, ‘Proceedings of OSDI’,USENIX Association, pp. 225–240.


90

Improving the Efficiency of RFID Authentication withPre-Computation

Kaleb Lee Juan Manuel Gonzalez Nieto Colin Boyd

Faculty of Science and TechnologyQueensland University of Technology

[email protected], (j.gonzaleznieto, c.boyd)@qut.edu.au

Abstract

Security of RFID authentication protocols has re-ceived considerable interest recently. However, an im-portant aspect of such protocols that has not receivedas much attention is the efficiency of their communi-cation. In this paper we investigate the efficiency ben-efits of pre-computation for time-constrained appli-cations in small to medium RFID networks. We alsooutline a protocol utilizing this mechanism in order todemonstrate the benefits and drawbacks of using thisapproach. The proposed protocol shows promisingresults as it is able to offer the security of untraceableprotocols whilst only requiring the time comparableto that of more efficient but traceable protocols.

1 Introduction

RFID (Radio Frequency Identification) is a wirelessidentification method that utilizes the reception ofelectromagnetic or electrostatic radio waves (Shep-ard 2005). An RFID system typically consists ofthree components: RFID tags, RFID readers and aback-end database. Although most RFID networksmake use of a backend database, there are someapplications of RFID that do not require, or mayeven preclude, a connection with a backend database(Ahamed et al. 2008); however, in this paper we as-sume a database to be used. The most common, andwidespread type of RFID networks are low-cost pas-sive RFID networks. Such tags are distinguished bytheir dependency on a reader for power as well as theirlack of computational power (Rao S. 2007). PassiveRFID has been gaining popularity due to its relativelylow cost; passive systems are therefore ideal for a widerange applications including object tracking, supplychain management to traffic tolling.

As the applications of such RFID networks con-tinue to expand, the need for security and privacy alsobecomes more prominent. Many RFID authentica-tion protocols have been proposed that aim to providea higher level of security to low-cost RFID networks(Mikko Lehtonen et al. 2006); however, aside from se-curity issues special attention must also be taken toconsider the feasibility of these protocols. Although alarge amount of work has been previously focussed onovercoming the computational limitations of both thetag and the reader/database (Zhang & Baciu 2008),


(Toiruul et al. 2007), little effort has been concen-trated in the time efficiency of RFID authenticationprotocols, a very practical constraint.

In this paper we will explore the feasibility of thecurrent types of protocols in terms of their communi-cations efficiency as well as investigate the use of pre-computation as a means to allow protocols to over-come this time barrier. In this paper we show thatpre-computation is not only a viable method for im-proving the efficiency of RFID protocols, but also apractical means for achieving higher levels of securityin time-constrained applications. Using this method,we are able to greatly reduce the time required dur-ing authentication while at the same time remain withvery reasonable computational and memory require-ments. However, we also note that the use of pre-computation is most suited for small to medium RFIDnetworks.

2 Motivation and Previous Work

Efficiency and privacy are probably the two most im-portant factors when designing RFID authenticationprotocols. Protocols have to be efficient in a scal-able manner to adapt from small to large networks.RFID tags should also be untraceable in order toprotect privacy of users. At the same time proto-cols need to be computationally efficient for both thedatabase/reader and tag; most research emphasisesefficiency of tags as they are much more computation-ally limited when compared to readers and databases.However, little emphasis has been put on protocols fortime constrained applications, a major type of appli-cation for RFID.

For instance, consider a scenario where an orga-nization makes use of RFID smart cards for accesscontrol. Everyone inside the premises is required touse a smart card to open doors and access variousequipment and for the organization to log personnelmovement, for example by placing readers on doorsit is possible to log access. Another possible scenariomight be the tracking of inventory, where tags onitems are read by the reader as they pass though agate or door. Evidently such scenarios require au-thentication to be completed within a limited time-frame, namely the time which the tag takes to passthough the door/gate. However, under such circum-stances it is possible for adversaries to easily trackthe flow of equipment or inventory by simply placinga RFID reader to eavesdrop communication. This canpotentially lead to privacy breaches or financial loss.

Current RFID authentication protocols can beseparated into two main categories, stateful and state-less, as outlined by Alomair et al. (Alomair &Poovendran 2010). The two types are defined bytheir use of states, or more practically the manage-


91

ment of their (secret) identifiers. Whereas tags us-ing stateful protocols update their identifiers after ev-ery successful authentication session with the help ofthe reader/database, stateless protocols make use ofstatic constant identifiers but utilize other measures,most commonly pseudorandom number generators, toprovide security.

Stateless protocols such as the Randomized Hash-Lock protocol (Weis 2003), and tree-based protocolsfirst proposed by Molnar et. al. (Molnar & Wag-ner 2004), tend to display stronger security proper-ties compared to stateful protocols. Most importantly,nearly all stateless protocols are untraceable. This isbecause they typically make use of a pseudorandomnumber generator to randomize their responses, sothat an eavesdropper cannot correlate different tagresponses. However, this additional security prop-erty comes at the expense of scalability and efficiency.As the reader/database now has to perform exhaus-tive search of all existing identifiers stored in orderto authenticate just one tag, it is simply not feasiblefor networks with a large amount of tags to run theprotocol efficiently. Attempts to minimize the com-putational load on the reader/database using a tree-based hierarchy have been proposed by Molnar et al.(Molnar & Wagner 2004). Although this approachwas able to greatly reduce the computational load onthe reader/database it also introduced some practicalissues as the number of messages that must be ex-changed before a tag can be authenticated increasesaccordingly to the number of tags in the system.

There is a vast number of proposed stateful pro-tocols, particularly relative to the number of state-less protocols, and their efficiency varies greatly. Inthis paper we will be discussing one of the most ef-ficient types of stateful protocols known as indexedstateful protocols; examples include EMAP (Peris-Lopez, Hernandez-Castro, Estevez-Tapiador & Rib-agorda 2006), LMAP (Peris-lopez, Hern, Tapiador &Ribagorda 2006), LRMAP (Ha et al. 2007), and aprotocol of Dimitriou (Dimitriou 2005). These proto-cols are both scalable and efficient. They utilize aninvertible function to encrypt the tag’s identifier andtheir security is dependent on the function chosen.Such an approach does not require exhaustive searchof all existing identifiers at the reader/database, thusthey are typically very efficient when compared tostateless protocols and consequently scalable. How-ever, because they do not require responses from tagsto be randomized they can therefore be traced byboth passive and active adversaries. Identifiers areupdated only after each successful authentication, inorder to provide partial protection from the tag be-ing traced, but consequently they are susceptible tode-synchronization. De-synchronization occurs whenthe identifier, or state, stored on a tag does not matchthe identifier stored on the reader/database, causingauthentication to fail.

As reflected by the protocols, scalability, traceabil-ity and efficiency has been the main focus of mostresearch. Little attention has been given to the com-munication efficiency, particularly issues such as theamount of messages required to be exchanged and thetime required for each authentication. As there aremany time-constrained RFID applications, as men-tioned earlier, this can greatly affect the feasibilityof protocols. On a side note, it should be recognizedthat the problem of communication efficiency is muchmore prominent in stateless protocols than indexedstateful protocols.

Although there are a number of previous workssuch as these by Li et al. (Li et al. 2010) andPoulopoulos et al. (Poulopoulos et al. 2009) which fo-

cus on offering efficient authentication, they typicallydo not offer protection against tracing. In this pa-per, we show that the use of pre-computation can notonly greatly improve the communication efficiency ofRFID protocols, but also allows tags to be untrace-able to a certain extent. More recent work by Alo-mair et al. (Alomair et al. 2010) proposed a pro-tocol that allowed constant-time identification usingpre-computation. However, as their proposed proto-col makes use of an internal counter whose value isonly known by the tag, it requires very large amountsdata to be pre-computed before a system can be ini-tialized. We believe our approach is more flexible as itdoes not require the use of very large pre-computeddatabase and that our approach allows authentica-tion on an on-demand basis ultimately requiring lessoverall computation.

In summary, the novel contributions of this paperare:

• a method of employing pre-computation in thedesign of time-efficient RFID protocols;

• analysis of the security properties available usingour methods which shows that untraceability canbe achieved;

• design of a specific protocol utilizing the methodand a comparitive analysis of its efficiency andsecurity.

3 Phases and Time of Authentication Proto-cols

Typically an RFID protocol involves the exchangeof three messages between the reader and tag1. Asshown in Figure 1, in the first message, a is a broad-cast query sent from the reader to initiate a sessionwith the tag. The tag then responds with messageb, typically with information required for authentica-tion. The reader finally replies with the third messagec both as an acknowledgement to the authenticationrequest as well as other data, such as the new tagsecret, required to finish the session.

Figure 1: Communication of Typical AuthenticationProtocols

An authentication session is completed in threephases, Session Initiation, Session Process and Ses-sion Finalization.

1Most commonly stateless protocols have three message ex-changes. Although there are protocols with less than three mes-sages, as well as protocols that require more than three (most no-tably tree-based protocols) these can be easily adapted into ournotation simply by treating the last message as the third messageand all messages between the first and third combined to be thesecond message.


92

1. Session initiation is the phase in which thereader generates any data required for its initia-tion query, a. This phase commonly involves gen-erating and broadcasting a random nonce. Thefirst phase ends when a tag receives the query,thus entering the next phase.

2. The second phase is known as the Session Pro-cess phase, during which the tag generates andreplies with b to the point where the reader re-ceives b and has completed all operations for cto be transmitted. From the tag’s point of view,this phase typically involves encrypting its secretidentifier using the received (as well as possiblyits own generated) nonce before sending it as b.On receiving b, the reader does what is requiredto decrypt or verify b, commonly by searchingdatabase entries or performing various crypto-graphic operations. The second phase ends whenthe reader finishes verifying the identity of thetag, and if required perform any computationnecessary for the final message c.

3. The remaining phase, Session Finalization, con-sists of the final message c from the reader aswell as any remaining computation for both thereader and tag.

In generalizing protocol sessions into the abovephases we can now discuss time accordingly. Asshown in Figure 1, we consider three different notionsof time, Communication Time, Processing Time, andTotal time.

• Communication Time, as the name suggests, isthe time required for the communication of pro-tocol messages and all processing in-between, i.e.from the start of the reader transmitting messagea to the time the tag receives message c.

• Processing Time denotes the time from which thetag replies with b to the point before where thereader sends c. This is effectively the time duringwhich the database and reader are to performthe (typically) most demanding operations, theSession Process phase.

• Total time is the total amount of time spent onthe protocol session, i.e. the total time of thethree phases combined.

Practically, at a minimum, it is necessary for the tagto be in the range of the reader for the duration of theCommunication Time. Otherwise the session wouldnot complete leading to a failed session. Thereforein this paper our main aim is to minimize Communi-cation Time by offloading time-consuming computa-tions in the Session Process phase.

4 Phases and Time of Pre-Computed Proto-cols

The aim of pre-computation is to offload most of thecomputation required for the Session Process duringa protocol session in order to decrease the Communi-cation Time of a protocol. Although it is possible forindexed stateful protocols to utilize pre-computation,stateless protocols would see the most improvement,so our example protocol is a stateless protocol.

The phases of pre-computation protocols followvery similarly to that of non-pre-computation pro-tocols, as shown in figure 2. Pre-computed proto-cols introduces a Pre-Computation phase that hasto be completed before a session is initiated. Dur-ing this phase, the reader/database performs the

most expensive computational operations that wereoriginally performed during Session Process phase;in most cases it would be the hash operations,or cryptographic operations required for exhaustivesearch. Evidently, not all protocols can utilize pre-computation, only those where such offloading is pos-sible.

Figure 2: Communication of Pre-Computed Proto-cols

After most computation has been completed dur-ing the Pre-Computation phase, the resulting Ses-sion Process phase requires only minimal computa-tion. In the most extreme examples, such as the pro-tocol example given later in this paper, the readeris only required to perform a search of the pre-computed data, which requires only minimal time.Using such a method, we are able to reduce the Pro-cess Time dramatically and consequently also Com-munication Time, thus allowing parties to be authen-ticated within a smaller timeframe.

5 EP-UAP: Efficient Passively-UntraceableAuthentication Protocol

In this section, we present a simple example pro-tocol showing how pre-computation can be imple-mented. This protocol is based on the idea of Ran-domized Hash-Lock(Weis 2003), and can be consid-ered the pre-computed implementation of the Ran-domized Hash-Lock protocol. We will be analyzingthe efficiency and security of this protocol, and at thesame time comparing it to both indexed stateful andstateless protocols, in later sections.

5.1 Notation

The following notation is used to describe the EP-UAP protocol:

H a one-way hash functionT RFID TagR RFID Reader|| concatenation operation

ID1T unique tag identification code, stored in TID2T unique tag identification code, stored in T

RT a random nonce, generated by TRR a random nonce, generated by R

ID1R unique tag identification code, stored in RID2R unique tag identification code, stored in RmTR authentication challengemRT authentication challenge response

cT authentication challenge check


93

5.2 EP-UAP Pre-Computation Process

Pre-computation of EP-UAP consists of three steps:

1. Numerous random numbers, RR1, RR4, RR3, . . . ,are generated.

2. H(ID1R||RRn) are calculated for all existingID1R using a generated RRn.

3. Using H(ID1R||RRn) as an index for RRn all re-sults are stored in the database, after which wesay that RRn is (pre-)computed.

The above process can be repeated until all pos-sible values of RR are calculated, if resource on thedatabase allows, or can be repeated until a predeter-mined number of RR values are pre-computed. Formaximum efficiency this process is repeated until allpossible values of RR, however as this can consumea large amount of storage it is only recommended forreasonably small networks.

5.3 EP-UAP Authentication Process

Figure 3: EP-UAP Authentication Process

Authentication between a reader and tag consistsof the following three message exchanges, as shown infigure 3:

• In the initial step the reader broadcasts anauthenticated RR along with a communicationquery.

• After a query and RR has been received, T gen-erates a fresh random nonce RT which, in turn, issent to R along with an authentication challengemTR, where mTR = H(ID1T ||RR). T would con-tinue to compute the challenge check message cT ,where cT = H(ID2T ||RT ), whilst waiting for R’sresponse.

• Once R receives message (mTR,RT ), it searchesfor a IDi

1R where H(IDi1R||RR) = mTR for the

computed RR.

– If there exists IDi1R, where H(IDi

1R||RR) =mTR the tag would be considered to be au-thentic and the communicating tag wouldbe identified as IDi

1R. Subsequently the as-sociated IDi

2R would be used to constructthe challenge response message mRT , wheremRT = H(IDi

2R||RT ). mRT is then sentback to T as a response to mTR. Once Treceives mRT it verifies whether mRT = cT .

∗ If mRT = cT , R is deemed as authenticand T would unlock for further com-munication.

∗ If mRT 6= cT , R is considered to be hos-tile, consequently T will terminate thecurrent authentication session be ceas-ing further communication with R untilit receives a new query.

– If there does not exists IDi1R, where

H(IDi1R||RR) = mTR, T is considered to be

hostile, consequently R will terminate thecurrent authentication session, ceasing fur-ther communication with T.

5.4 EP-UAP Post-Authentication Process

The use of the post-authentication process is depen-dent on the security and resource requirements of adatabase. Three likely scenarios are described below.

• In this scenario resources of the database is lim-ited, and maximum security is not required. Un-der the given conditions, the number of pre-computed RR is most likely capped to a pre-determined value in order to restrict the use ofresources on the database. After each successfulauthentication between tag and reader/database,all values of H(ID1R,RRn) for the given RR aredeleted from the database to allow for a fresh RRto be pre-computed.

• In this scenario, resource is limited but maximumsecurity is preferred. Under the given conditions,the number of pre-computed RR is most likelycapped to a predetermined value in order to re-strict the use of resources on the database. Apool of all possible values of RR is also createdand stored in the database. After each successfulauthentication between tag and reader/database,all values of H(ID1R,RRn) for the given RR aredeleted from the database to allow for a freshRR to be pre-computed, the value of the authen-ticated RR would be removed from the pool ofavailable RR values. A fresh RR is randomly se-lected from the pool. If there are no availableRR, the pool will be recreated with all possiblevalues of RR and the previous process would berepeated.

• In this scenario, resource is not and maximumsecurity is preferred. Under the given condi-tions, the number of pre-computed RR is notcapped. A pool of all possible values of RR isalso created and stored in the database. Aftereach successful authentication between tag andreader/database, all values of H(ID1R,RRn) forthe given RR are deleted from the database to al-low for a fresh RR to be pre-computed, the valueof the authenticated RR would be removed fromthe pool of available RR values. A fresh RR israndomly selected from the pool. If there is noavailable RR in the pool, the pool will be recre-ated with all possible values of RR and the pro-cess would be repeated. The first time this occursthis database would have stored all possible val-ues of H(ID1R,RRn); thus no additional process-ing is required for future authentication sessionsuntil new tags are added in which all possible ofH(ID1R,RRn) would be created for that (ID).

6 Analysis of Protocols

In this section we compare the EP-UAP with threeother protocols, a indexed stateful protocol, LRMAP


94

(Ha et al. 2007), and two stateless protocols, random-ized hash-lock (Weis 2003) and a tree-based protocolproposed by Molnar et al. (Molnar & Wagner 2004).As most indexed stateful protocols are of similar ef-ficiency and scalability, any indexed stateful protocolshould be able to provide a general guideline regard-ing their efficiency. Stateless protocols, however, arevery different. We have chosen two of the earliestprotocols of each class of protocols which set very dif-ferent efficiency standards.

The randomized hash-lock is one of the first state-less protocols proposed and is of linear time, whereasthe tree-based protocol proposed by Molnar et al., oneof the first protocols proposed in order to improve theefficiency of linear-time stateless protocols, operatesunder logarithmic time. The efficiency of both classesof stateless protocols have remained largely within thesame range since their introduction (Yousuf & Pot-dar 2008), thus they should be sufficient as a base-line comparison. Overall the three protocols togethershould provide a good baseline comparison on the ef-ficiency of common RFID protocols.

6.1 Efficiency Analysis

First we discuss the efficiency of pre-computed pro-tocols using EP-UAP as an example. We focus onlyon the Session Process phase of the protocols, sinceif we assume that all protocols are used for the sameapplication, the efficiency of the other phases wouldmostly remain constant. In this section, we take intoaccount the worst case scenario of each protocol. Thefollowing notation is used throughout the remainderof this section.

N : The total number of tagsH : Time required to perform one cryptographic opera-

tion such as hashingT : Time required to transmit one message2

b: Branching factor of a M-ary tree-based protocol

The time required to complete the Session Processphase is given by the sum of the total time of com-putations required on the reader/database and tag aswell as the time for messages to be exchanged. Mostmessages exchanged are in the form of a challengeand response which is considered to be two messages,one from the challenger (typically a tag), and onefrom the respondent (typically the reader/database).Although practically there would be other factors in-volved, such as communication between reader anddatabase and the time required to perform searches,these operations are typically not specified by mostprotocols; hence we assume that these times are con-stant for all protocols thus omitted from the compar-ison. A summary of the comparison is given in table1; a graph of the relationships between the number oftags and time required is also shown in Figure 4.

6.1.1 LRMAP

In a typical scenario, the LRMAP protocol re-quires a total of 3 hash operations to be per-formed by the tag and another 3 to be performedby the reader/database, however in the case of de-synchronization the reader/database is required toperform an exhaustive search on all identifiers storedincreasing the amount of hash operations required byN resulting in a total of 3 +N operations. Note thatLRMAP could be considered as a ‘hybrid’ protocol,where during normal use it is an indexed stateful pro-tocol, but functions similarly to stateless protocols

Figure 4: Authentication Time vs Number of Tags

during de-synchronization. Hence here we focus onnormal usage scenarios where the tag is assumed tobe synchronized. Using LRMAP as an example, wecan safely conclude that in typical situations an in-dexed stateful protocol can offer constant authentica-tion performance, i.e. the time required for authenti-cation is independent of the number of tags or othersimilar factors.

As expected, regardless of the situation onlytwo messages are required to be exchanged un-der the LRMAP protocol during Session Processphase — one as an authentication challenge fromthe tag and the other a challenge response from thereader/database. As with nearly all indexed state-ful protocols, LRMAP can be used on small to largenetworks assuming that de-synchronization is rare.

6.1.2 Randomized Hash-Lock

Unlike indexed stateful protocols, stateless protocoldo not require identifiers to be updated, neglectingthe possibility of de-synchronization. As such thenumber of hash operations required to be performedby the reader/database under the randomized hash-lock protocol remains at a constant N, with only onehash operation required by the tag. However, sincethe load of the reader/database increases relative tothe total number of tags in the network, the time re-quired can potentially become unrealistically high ifthere is a large number of tags, hence this type ofprotocol is feasible on networks with a small numberof tags.

Under all situations, two messages are required tobe exchanged in the randomized protocol during Ses-sion Process phase — one as an authentication chal-lenge from the tag and the other a challenge responsefrom the reader/database.

As the randomized hash-lock protocol requires upto N (average of N

2 ) hash operations per authentica-tion, putting a large huge amount of computationalload on the reader/database, it is feasible for use onlyon small networks.

6.1.3 Tree-based Protocols

Tree-based protocols make use of an M-ary tree inorder to optimize the amount of computation loadon the database. However as we will outline, this


95

Protocol Time Required Network SizeLRMAP (6 [+ N ])H + 2T Small - Large

Randomized H-L (N )H + 2T SmallTree-based (b logb N)H + (logb N )T Small - MediumEP-UAP 3H + 2T Small - Medium

Table 1: Efficiency Comparison

approach is not without its drawbacks. Using a typi-cally top-down tree walking approach, there would bea total of logb N layers in the tree with each branchhaving b identifiers. As such, under exhaustive searchthe total number of hashes required to be performedby the reader/database would be b logb N . The num-ber of operations required to be performed by the tagwould consequently be the same.

Unlike the randomized hash-lock protocol, how-ever, the tree-based protocol authenticates by walkingthe tree layer by layer, consequently the total num-ber of messages required has also increased to logb Nwhich is the total number of layers in the tree. Thisis a major feasibility concern if a network has a largenumber of tags but with a small branching factor, asit would require a unrealistic number of messages perauthentication. On the other hand, if a network is tohave a large branching factor the protocol would re-quire more computation in exchange for less messagesper session.

Due to their tree walking nature, tree-based pro-tocols can be used on much larger networks com-pared to linear-time stateless protocols. The decreasein computational load to b number of hash oper-ations per step is a dramatic decrease when com-pared to N, keeping the computational load on thereader/database much more manageable.

6.1.4 EP-UAP

As the hash operations required to be performed havealready been pre-computed, only the verification ofauthenticity remains. As such the pre-computed pro-tocol requires only 1 hash operation to be computedby the reader/database, whereas the tag would onlyhave to compute 2, one as an authentication challengeand the other for verification. As expected, SessionProcess phase of EP-UAP is completed after two mes-sage exchanges.

This is a dramatic decrease in all areas when com-pared to the other protocols. Most importantly, theEP-UAP protocol, assuming that the amount of tagsin the system remains constant, offers constant-timeauthentication i.e. the amount of time required perauthentication session remains constant regardless ofthe number of tags, a feat achievable only by indexedstateful protocols.

Unlike other protocols, offloading the computa-tional load during authentication by pre-computingthe required operations places a new restriction onthese protocols, namely storage. Since pre-computedinformation must be stored in the database, it mightnot be feasible if there is a large number of tags onthe network. Thus the deployment of pre-computedprotocols is limited only in small to medium net-works. Nevertheless, we believe this is a worth-while investment given the vast improvement in effi-ciency. It should also be noted that this pre-computed‘database’ does not have to be stored or computedat a central location; in many situations it would bemore beneficial to have multiple independent systemswhere needed. For example, in smaller networks it isvery possible for the computation and data storage tobe managed by the reader.

6.2 Security Comparison

Security properties of protocols are more difficult tocompare due to the vast amount of factors. Indeed,it should be noted that the EP-UAP, the random-ized hash-lock, the tree-based protocol and some in-dexed stateful protocols such as EMAP and LMAP,are still relatively immature and have been shown tobe insecure in various aspects (Avoine et al. 2006),(Wang et al. 2007), (Lu et al. 2009), (Li & Deng 2007).Therefore it would be of limited interest to performin-depth analysis and/or comparisons at this point.Our purpose is rather to show the basic security limi-tations of each type of protocol and therefore we havepinpointed one particular important property: trace-ability.

For simplicity, we regard traceability as the abil-ity for an adversary to distinguish, or identify, a tagbased only on its responses3. We consider two lev-els of security in regard to traceability: passive andactive. Note that it is possible for protocols to beneither passive nor actively secure.

To clarify each of the levels we first introduce twotypes of adversaries, passive adversaries and activeadversaries. Passive adversaries have the ability toeavesdrop and block communication between a readerand tag but do not have the power to interact withsessions in any way. Active adversaries not only havethe ability to eavesdrop sessions but also insert, mod-ify and block messages between the reader and tag.The level of security of a given protocol is determinedby the type of adversary it is secure against. If it issecure against passive adversaries then it is passivesecure; similarly if it is secure against active adver-saries then it is considered active secure. If a protocolis active secure it is also passive secure, since an ac-tive adversary has all the power that a passive adver-sary possesses (Ding Zhen-hua 2008, Jung-Chun Kao2006). A summary of the comparison is shown inTable 2.

Protocol Passive ActiveIndexed Stateful N N

Stateless Y Y/NPre-Computed Y N

Table 2: Traceability Comparison

As indexed stateful protocols cannot update statesin the absence of an authentic reader and do not havethe ability of randomizing their responses, they areboth active and passively traceable. By eavesdrop-ping more than one consecutive unsuccessful authen-tication attempt, it is possible for an adversary toassociate the two sessions simply by matching the re-sponse sent by the tag as they should be the same.

Stateless protocols, on the other hand, have theability to randomize their responses using their em-bedded pseudorandom number generator, so they

3Note that there are many different factors that can cause tagsto be traceable but are not considered in this paper; these includeside-channel information (for instance the time required for authen-tication or whether authentication was successful), or extraction ofsecret information.


96

have the ability to be either passively untraceable orboth passive and actively untraceable depending onprotocol specification. It is possible for stateless pro-tocols to be actively untraceable if a protocol specifiesthat authentication challenge is to be randomized in-dependent of the reader’s query, else if the challengeis only randomized based on the query from a reader,it can only be passively untraceable. (Note that theparticular protocol (LRMAP) we used for comparisonis not vulnerable to this as it acts like a stateless pro-tocol after one unsuccessful authentication attempt,but this is an exception rather than norm.)

Aside from traceability under ideal scenarios, tree-based protocols are more susceptible to tracing ifsome tags have been compromised. Since tree-basedprotocols authenticate tags by walking from the topof the tree, down through each branch to a specificleaf, if the identifiers of the higher branches are com-promised it is possible to distinguish whether or notan uncompromised tag belongs to a specific branch.This attack is studied in further detail by Avoine etal. (Avoine et al. 2006), who also concluded that theimpact of such compromises on the logarithmic-timestateless protocol can be minimized by increasing thebranching factor of the tree. Note that this attackonly affects protocols where identifier are arranged insuch manner; other protocols such as stateful proto-cols and linear-time stateless protocols are not vul-nerable to this threat, as all identifiers stored on thetag are unique among all tags in the network.

Unfortunately since pre-computed protocols de-pend on the reader/database to randomize their re-sponse, it is possible for an adversary to impersonatea reader and actively query tags using a previouslyused nonce. An active adversary can simply replya previously used random nonce. Nevertheless, it ispossible for pre-computed protocols to be actively se-cure by introducing a nonce generated by the tag andfor the database to pre-compute the combination ofboth. However this would increase the amount ofcomputation required beyond the number of tags inthe system, a tradeoff that is difficult to justify.

7 Feasibility of EP-UAP

In this section we discuss the practical feasibility ofpre-computation using the EP-UAP protocol as anexample. The performance of the protocols will becompared by approximating the time required for oneauthentication in a network with the same amount oftags. The network used in the comparison is a small-to-medium network with 406900 tags. Tag identifiersare to be 256 bits in length — most implemented tagstoday only use around 64-bit to 128-bit identifiers andit is safe to assume that this number is only going toincrease. It is also assumed that the database can per-form around 100 MB of hash operations per second.This approximation is based on a dual-core processoroperating at 1.83 GHz released in 2007; more mod-ern processors commonly have more than twice theamount of cores operating at more than twice the fre-quency and quite possibly utilizing more efficient ar-chitectures, hence this estimation should prove usefulonly as a baseline. We also estimate the time requiredto transmit one message to be approximately 20ms.The results in this section are computed using theformulas from Table 1 under the above estimations.

As the efficiency of tree-based protocols dependson the branching factor of the tree, b, we give threeapproximations of tree-based protocols: first withminimum branching factor, from binary tree whereb = 2, a reasonable branching factor, where b = 25,

and finally a large branching factor (relative to thenumber of tags), where b = 212.

The results are given in Table 3. As show in thetable, indexed stateful protocols such as the LRMAPprotocol are expectedly the most efficient requiringa minimum of only 40 ms, whereas the randomizedhash-lock protocol requires the longest time. Themost interesting of the figures are perhaps for thetree-based protocols. In order to optimize the tree-based protocols, one must find a suitable balancebetween the amount of computational load on thereader/database, by increasing the branching factorthus increasing the security, and the number of mes-sages required for authentication, a very importantfactor into determining the time required to authen-ticate one tag. The EP-UAP protocol is also one ofthe most efficient protocols requiring only a minimumof 40ms for authentication.

Aside from the authentication, practically we alsohave to take into account the total time required forcomputation: process time. Whereas with the otherauthentication protocols the total time required isaround the same range as their process time, this isnot the case for pre- protocols. The notion of pre-computation is to minimize the time required for com-munication session by reallocating the time requiredfor authentication into two periods of time, wheremost time consuming computations are to be pro-cessed before the session begins. Howver, rhe total ofthe two times remain unchanged. Another limitationof pre-computation protocols is the amount of storagerequired. Using the data from Table 3 where there are406900 tags, the database is required to store at least100 MB of data. This might not be a major prob-lem as most modern systems typically have multiplegigabytes of RAM, but would nevertheless limit rateof authentication, i.e. the number of authenticationswithin a period of time.

One possible issue that limits the feasibility of pre-computation protocols are applications where therecould be a continuous high rate of authentication, re-sulting in the number of required authentications ex-ceeding the number of computations the database iscapable of. This issue can be partially eased by eitherincreasing the computational power of the databaseor increasing the memory, this can be achieved as thesystems can be independent of each other. This in-crease can also be temporary in applications wherethere are predicted periods of high demand, suchas workers coming and leaving work. However, weemphasize that a large network is required for suchevents to occur, ones that we do not recommend forpre-computation.

8 Conclusion and Future Work

This paper investigates the use of pre-computation asa means to minimize the time required for authenti-cation. By utilizing pre-computation we were ableto construct the EP-UAP protocol to demonstratethe benefits as well as outline the drawbacks of pre-computation. We were able to show that by using pre-computation we are able to provide untraceability ata comparable level to stateless protocols whilst main-taining within the efficiency range of indexed statefulprotocols, which do not provide any untraceability.However such protocols are only suited for small tomedium networks due to possible storage constraintsbut nevertheless an improvement over some statelessprotocols which are only suited for small networks.

As the EP-UAP protocol is designed as a proof-of-concept protocol, and still very immature, further


97

Protocol Protocol Computational Transmission Process TotalType Time (ms) Time (ms) Time (ms) Time (ms)

LRMAP Stateful (Indexed) 1.46 ×10−3 40 40 40Rand. Hash-Lock Stateless (Linear) 1000 40 1040 1040

Rand. Hash-Lock (avg) Stateless (Linear) 500 40 540 540Tree-based (b = 21) Stateless (Log’mic) 9.1 ×10−3 380 380 380Tree-based (b = 25) Stateless (Log’mic) 2.9 ×10−2 80 80 80Tree-based (b = 212) Stateless (Log’mic) 15 40 45 45

EP-UAP Pre-Computed 4.8 ×10−4 40 40 1040

Table 3: Comparison of Protocol Running Times

work is required in order to design a provably se-cure authentication protocol for RFID utilizing pre-computation. This would to allow for a more robustcomparison between protocols as well as a more in-depth analysis of the possible advantages or draw-backs of pre-computation.

References

Ahamed, S.I. Hoque E., R. F., F., K. & T., N. (2008),‘Ya-srap: Yet Another Serverless RFID Authen-tication Protocol’, Intelligent Environments, 2008IET 4th International Conference on NA(NA), 1– 8.

Alomair, B., Clark, A., Cuellar, J. & Poovendran,R. (2010), Scalable RFID Systems: a Privacy-Preserving Protocol with Constant-Time Identifi-cation, in ‘the 40th Annual IEEE/IFIP Interna-tional Conference on Dependable Systems and Net-works – DSN’10’, IEEE, IEEE Computer Society,Chicago, Illinois, USA.

Alomair, B. & Poovendran, R. (2010), ‘Privacy versusScalability in Radio Frequency Identification Sys-tems’, Computer Communication, Elsevier .

Avoine, G., Dysli, E. & Oechslin, P. (2006), ReducingTime Complexity in RFID Systems, in B. Preneel& S. Tavares, eds, ‘Selected Areas in Cryptogra-phy’, Vol. 3897 of Lecture Notes in Computer Sci-ence, Springer Berlin / Heidelberg, pp. 291–306.

Dimitriou, T. (2005), A Lightweight RFID Protocolto Protect Against Traceability and Cloning At-tacks, in ‘Security and Privacy for Emerging Areasin Communications Networks, 2005. SecureComm2005. First International Conference on’, pp. 59–66.

Ding Zhen-hua, Li Jin-tao, F. B. (2008), ‘A Tax-onomy Model of RFID Security Threats’, Com-munication Technology, 2008. ICCT 2008. 11thIEEE International Conference on 10-12 Nov. 2008NA(NA), 765 – 768.

Ha, J., Ha, J., Moon, S. & Boyd, C. (2007), LRMAP:Lightweight and Resynchronous Mutual Authenti-cation Protocol for RFID System, in ‘ICUCT’06:Proceedings of the 1st international conferenceon Ubiquitous convergence technology’, Springer-Verlag, Berlin, Heidelberg, pp. 80–89.

Jung-Chun Kao, Marculescu, R. (2006), ‘Eavesdrop-ping Minimization via Transmission Power Controlin Ad-Hoc Wireless Networks’, Sensor and Ad HocCommunications and Networks, 2006. SECON ’06.2006 3rd Annual IEEE Communications Society on28-28 Sept. 2006 2(NA), 707–714.

Li, J., Wang, Y., Jiao, B. & Xu, Y. (2010), An Au-thentication Protocol for Secure and Efficient RFIDCommunication, in ‘2010 International Conference

on Logistics Systems and Intelligent Management’,Vol. 3, pp. 1648 –1651.

Li, T. & Deng, R. (2007), Vulnerability Analysis ofEMAP-An Efficient RFID Mutual AuthenticationProtocol, in ‘Availability, Reliability and Security,2007. ARES 2007. The Second International Con-ference on’, pp. 238 –245.

Lu, L., Han, J., Xiao, R. & Liu, Y. (2009), Action:Breaking the Privacy Barrier for RFID Systems, in‘INFOCOM 2009, IEEE’, pp. 1953 –1961.

Mikko Lehtonen, T. S., Michahelles, F. & Fleisch,E. (2006), From Identification to Authentication -A Review of RFID Product Authentication Tech-niques, in ‘Printed handout of Workshop on RFIDSecurity - RFIDSec 06’.

Molnar, D. & Wagner, D. (2004), Privacy and Se-curity in Library RFID: Issues, Practices, and Ar-chitectures, in ‘CCS ’04: Proceedings of the 11thACM conference on Computer and communicationssecurity’, ACM, New York, NY, USA, pp. 210–219.

Peris-lopez, P., Hern, J. C., Tapiador, J. M. E. & Rib-agorda, A. (2006), Lmap: A Real Lightweight Mu-tual Authentication Protocol for Low-Cost RFIDTags, in ‘In: Proc. of 2nd Workshop on RFID Se-curity’, Ecrypt, p. 06.

Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J. & Ribagorda, A. (2006), Emap: AnEfficient Mutual-Authentication Protocol for Low-Cost RFID Tags, in R. Meersman, Z. Tari & P. Her-rero, eds, ‘On the Move to Meaningful Internet Sys-tems 2006: OTM 2006 Workshops’, Vol. 4277 ofLecture Notes in Computer Science, Springer Berlin/ Heidelberg, pp. 352–361.

Poulopoulos, G., Markantonakis, K. & Mayes, K.(2009), A Secure and Efficient Mutual Authentica-tion Protocol for Low-Cost RFID Systems, in ‘2009International Conference on Availability, Reliabil-ity and Security. ARES ’09’, pp. 706 –711.

Rao S., Thanthry N., P. R. (2007), ‘Rfid SecurityThreats to Consumers: Hype vs. Reality’, SecurityTechnology, 2007 41st Annual IEEE InternationalCarnahan Conference on 8-11 Oct. 2007 pp. 59 –63.

Shepard, S. (2005), RFID Radio Frequency identifi-cation, The McGraw-Hill Companies, Inc.

Toiruul, B., Lee, K. O. & Kim, J. M. (2007), SLAP- a Secure but Light Authentication Protocol forRFID Based on Modular Exponentiation, in ‘In-ternational Conference on Mobile Ubiquitous Com-puting, Systems, Services and Technologies, 2007.UBICOMM ’07.’, pp. 29 –34.


98

Wang, W., Li, Y., Hu, L. & Lu, L. (2007), Storage-Awareness: RFID Private Authentication based onSparse Tree, in ‘Security, Privacy and Trust in Per-vasive and Ubiquitous Computing, 2007. SECPerU2007. Third International Workshop on’, pp. 61 –66.

Weis, S. A. (2003), Security and Privacy in Radio-Frequency Identification Devices, PhD thesis, MIT.

Yousuf, Y. & Potdar, V. (2008), A Survey of RFIDAuthentication Protocols, in ‘Advanced Informa-tion Networking and Applications - Workshops,2008. AINAW 2008. 22nd International Conferenceon’, pp. 1346 –1350.

Zhang, X. & Baciu, G. (2008), Low Cost Minimal Mu-tual Authentication Protocol for RFID, in ‘IEEEInternational Conference on Networking, Sensingand Control, 2008. ICNSC 2008.’, pp. 620 –624.


99


100

Author Index

Alhamdan, Ali, 27

Bartlett, Harry, 27Boyd, Colin, 39, 47, 91Brereton, Margot, 39

Corney, Diane, 59, 71

Dawson, Ed, 27Doble, Christopher, 71

Edahiro, Masato, 15

Fidge, Coiln F, 59, 71Fidge, Colin, 83Foo, Ernest, 47

Hauser, Christophe, 83

Imai, Hiroshi, 15

Lee, Kaleb, 91Lee, Peter Hyun-Jeen, 3

Mills, Chris, 59

Narayan, Shivaramakrishnan, 3Nieto, Juan Gonzalez, 39Nieto, Juan Manuel Gonzalez, 91

Orumiehchiha, Mohammad Ali, 33

Parampalli, Udaya, 3Pieprzyk, Josef, iiiPieprzyk, Josef: Steinfeld, Ron, 33

Radke, Kenneth, 39Reid, Jason, 83

Sei, Younes, 47Simpson, Leonie, 27Suppakitpaisarn, Vorapong, 15Suriadi, Suriadi, 47

Thomborson, Clark, iiiTronel, Frederic, 83

Wong, Kenneth Koon-Ho, 27


101

Recent Volumes in the CRPIT Series

ISSN 1445-1336

Listed below are some of the latest volumes published in the ACS Series Conferences in Research andPractice in Information Technology. The full text of most papers (in either PDF or Postscript format) isavailable at the series website http://crpit.com.

Volume 113 - Computer Science 2011Edited by Mark Reynolds, The University of Western Aus-tralia, Australia. January 2011. 978-1-920682-93-4.

Contains the proceedings of the Thirty-Fourth Australasian Computer ScienceConference (ACSC 2011), Perth, Australia, 1720 January 2011.

Volume 114 - Computing Education 2011Edited by John Hamer, University of Auckland, New Zealandand Michael de Raadt, University of Southern Queensland,Australia. January 2011. 978-1-920682-94-1.

Contains the proceedings of the Thirteenth Australasian Computing EducationConference (ACE 2011), Perth, Australia, 17-20 January 2011.

Volume 115 - Database Technologies 2011Edited by Heng Tao Shen, The University of Queensland,Australia and Yanchun Zhang, Victoria University, Australia.January 2011. 978-1-920682-95-8.

Contains the proceedings of the Twenty-Second Australasian Database Conference(ADC 2011), Perth, Australia, 17-20 January 2011.

Volume 116 - Information Security 2011Edited by Colin Boyd, Queensland University of Technology,Australia and Josef Pieprzyk, Macquarie University, Aus-tralia. January 2011. 978-1-920682-96-5.

Contains the proceedings of the Ninth Australasian Information SecurityConference (AISC 2011), Perth, Australia, 17-20 January 2011.

Volume 117 - User Interfaces 2011Edited by Christof Lutteroth, University of Auckland, NewZealand and Haifeng Shen, Flinders University, Australia.January 2011. 978-1-920682-97-2.

Contains the proceedings of the Twelfth Australasian User Interface Conference(AUIC2011), Perth, Australia, 17-20 January 2011.

Volume 118 - Parallel and Distributed Computing 2011Edited by Jinjun Chen, Swinburne University of Technology,Australia and Rajiv Ranjan, University of New South Wales,Australia. January 2011. 978-1-920682-98-9.

Contains the proceedings of the Ninth Australasian Symposium on Parallel andDistributed Computing (AusPDC 2011), Perth, Australia, 17-20 January 2011.

Volume 119 - Theory of Computing 2011Edited by Alex Potanin, Victoria University of Wellington,New Zealand and Taso Viglas, University of Sydney, Aus-tralia. January 2011. 978-1-920682-99-6.

Contains the proceedings of the Seventeenth Computing: The Australasian TheorySymposium (CATS 2011), Perth, Australia, 17-20 January 2011.

Volume 120 - Health Informatics and Knowledge Management 2011Edited by Kerryn Butler-Henderson, Curtin University, Aus-tralia and Tony Sahama, Qeensland University of Technol-ogy, Australia. January 2011. 978-1-921770-00-5.

Contains the proceedings of the Fifth Australasian Workshop on Health Informaticsand Knowledge Management (HIKM 2011), Perth, Australia, 17-20 January 2011.

Volume 121 - Data Mining and Analytics 2011Edited by Peter Vamplew, University of Ballarat, Australia,Andrew Stranieri, University of Ballarat, Australia, Kok–Leong Ong, Deakin University, Australia, Peter Christen,Australian National University, , Australia and Paul J.Kennedy, University of Technology, Sydney, Australia. De-cember 2011. 978-1-921770-02-9.

Contains the proceedings of the Ninth Australasian Data Mining Conference(AusDM’11), Ballarat, Australia, 1–2 December 2011.

Volume 122 - Computer Science 2012Edited by Mark Reynolds, The University of Western Aus-tralia, Australia and Bruce Thomas, University of South Aus-tralia. January 2012. 978-1-921770-03-6.

Contains the proceedings of the Thirty-Fifth Australasian Computer ScienceConference (ACSC 2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 123 - Computing Education 2012Edited by Michael de Raadt, Moodle Pty Ltd and AngelaCarbone, Monash University, Australia. January 2012. 978-1-921770-04-3.

Contains the proceedings of the Fourteenth Australasian Computing EducationConference (ACE 2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 124 - Database Technologies 2012Edited by Rui Zhang, The University of Melbourne, Australiaand Yanchun Zhang, Victoria University, Australia. January2012. 978-1-920682-95-8.

Contains the proceedings of the Twenty-Third Australasian Database Conference(ADC 2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 125 - Information Security 2012Edited by Josef Pieprzyk, Macquarie University, Australiaand Clark Thomborson, The University of Auckland, NewZealand. January 2012. 978-1-921770-06-7.

Contains the proceedings of the Tenth Australasian Information SecurityConference (AISC 2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 126 - User Interfaces 2012Edited by Haifeng Shen, Flinders University, Australia andRoss T. Smith, University of South Australia, Australia.January 2012. 978-1-921770-07-4.

Contains the proceedings of the Thirteenth Australasian User Interface Conference(AUIC2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 127 - Parallel and Distributed Computing 2012Edited by Jinjun Chen, University of Technology, Sydney,Australia and Rajiv Ranjan, CSIRO ICT Centre, Australia.January 2012. 978-1-921770-08-1.

Contains the proceedings of the Tenth Australasian Symposium on Parallel andDistributed Computing (AusPDC 2012), Melbourne, Australia, 30 January – 3February 2012.

Volume 128 - Theory of Computing 2012Edited by Julian Mestre, University of Sydney, Australia.January 2012. 978-1-921770-09-8.

Contains the proceedings of the Eighteenth Computing: The Australasian TheorySymposium (CATS 2012), Melbourne, Australia, 30 January – 3 February 2012.

Volume 129 - Health Informatics and Knowledge Management 2012Edited by Kerryn Butler-Henderson, Curtin University, Aus-tralia and Kathleen Gray, University of Melbourne, Aus-tralia. January 2012. 978-1-921770-10-4.

Contains the proceedings of the Fifth Australasian Workshop on Health Informaticsand Knowledge Management (HIKM 2012), Melbourne, Australia, 30 January – 3February 2012.

Volume 130 - Conceptual Modelling 2012Edited by Aditya Ghose, University of Wollongong, Australiaand Flavio Ferrarotti, Victoria University of Wellington, NewZealand. January 2012. 978-1-921770-11-1.

Contains the proceedings of the Eighth Asia-Pacific Conference on ConceptualModelling (APCCM 2012), Melbourne, Australia, 31 January – 3 February 2012.

Volume 131 - Advances in Ontologies 2010Edited by Thomas Meyer, UKZN/CSIR Meraka Centrefor Artificial Intelligence Research, South Africa, MehmetOrgun, Macquarie University, Australia and Kerry Taylor,CSIRO ICT Centre, Australia. December 2010. 978-1-921770-00-5.

Contains the proceedings of the Sixth Australasian Ontology Workshop 2010 (AOW2010), Adelaide, Australia, 7th December 2010.

information security 2012 - australian computer society€¦ · information security 2012...

Documents