Suchergebnisse

17 USC 105 interim-entered record; under temporary embargo. ; Network and Distributed Systems Security (NDSS) Symposium 2021 ; In this paper, we computationally analyze Passkey Entry in its entirety as a cryptographic authenticated key exchange (AKE) – including user-protocol interactions that are typically ignored as out-of-band. To achieve this, we model the user-to-device channels, as well as the typical device-to-device channel, and adversarial control scenarios in both cases. In particular, we separately capture adversarial control of device displays on the initiating and responding devices as well as adversarial control of user input mechanisms using what we call a CYBORG model. The CYBORG model enables realistic real-world security analysis in light of published attacks on user-mediated protocols such as Bluetooth that leverage malware and device displays. In light of this, we show that all versions of Passkey Entry fail to provide security in our model. Finally, we demonstrate how slight modifications to the protocol would allow it to achieve stronger security guarantees for all current variants of passkey generation, as well as a newly proposed twofold mode of generation we term Dual Passkey Entry. These proof-of-concept modifications point to improved design approaches for user-mediated protocols. Finally, this work points to categories of vulnerabilities, based on compromise type, that could be exploited in Bluetooth Passkey Entry. ; U.S. Government affiliation is unstated in article text.

17 USC 105 interim-entered record; under review. ; In the new, ever-changing cyber domain, it is crucial that the military establishes a method of delivering large data payloads to remote locations that minimizes radio frequency (RF) signature for receivers, thereby reducing the associated geolocation potential. This paper introduces three cryptographic protocols for different components of a delivery architecture for a large data payload from a trusted, back-end source to receivers: a low-response protocol for initial transmission and confirmation and two possible inter-unit distribution protocols with differing optimizations based on connectivity scenarios. All three protocols expressly aim to minimize the radio frequency (RF) footprint created on the receiver end. We provide security models and analyze the security protocols, and furthermore provide a worst-case example bound on RF footprint created at the receivers for each protocol, with variable inputs for data transmission size. These protocols introduce a means for accounting for both security (authentication) and safety (minimized RF footprint) in the delivery of critical data payloads to remote receivers.

17 USC 105 interim-entered record; under temporary embargo. ; Cyber security is a multi-functionary area of practice; effective solutions are difficult because of the diverse range of expertise required and the involvement of fallible humans. The impact and number of successful attacks grows every year even while cyber security spending grows at a double-digit annual rate. To fundamentally improve the state of cyber security, research must consider cross-disciplinary techniques and investigate novel paths; incremental progress is unlikely to fundamentally improve the state of the practice. ; U.S. Government affiliation is unstated in article text.