Active trial-and-error attack on SASC protocols

Heeyoul Kim; Younho Lee; Seong Min Hong; Hyunsoo Yoon

Active trial-and-error attack on SASC protocols

Heeyoul Kim, Younho Lee, Seong Min Hong, Hyunsoo Yoon

Dept. of Industrial Engineering

Korea Advanced Institute of Science and Technology

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

SASC (Server-Aided Secret Computation) protocols enable a client (a smart card) to borrow computing power from a server (e.g., an untrustworthy auxiliary device like an ATM) without revealing its secret information. In this paper, we propose a new active attack on server-aided secret computation protocols. We describe our attack by using Beguin and Quisquater's protocol. (We modify the protocol in order to immunize it against Nguyen and Stern's lattice reduction attack.) The proposed attack reduces the search space P to 1/p + pP, where 0 < p < 1. It is 2√ P for optimal p. Practically, it effectively threatens SASC protocols because an attacker can choose an appropriate value p according to the situation. Therefore, the security parameters in the existing SASC protocols must be reconsidered.

Original language	English
Pages (from-to)	105-110
Number of pages	6
Journal	International Journal of Network Security
Volume	2
Issue number	2
State	Published - 2006

Keywords

Active attack
SASC protocol
Smart card

Cite this

@article{69840153312648629bed06e93df9bd03,

title = "Active trial-and-error attack on SASC protocols",

abstract = "SASC (Server-Aided Secret Computation) protocols enable a client (a smart card) to borrow computing power from a server (e.g., an untrustworthy auxiliary device like an ATM) without revealing its secret information. In this paper, we propose a new active attack on server-aided secret computation protocols. We describe our attack by using Beguin and Quisquater's protocol. (We modify the protocol in order to immunize it against Nguyen and Stern's lattice reduction attack.) The proposed attack reduces the search space P to 1/p + pP, where 0 < p < 1. It is 2√ P for optimal p. Practically, it effectively threatens SASC protocols because an attacker can choose an appropriate value p according to the situation. Therefore, the security parameters in the existing SASC protocols must be reconsidered.",

keywords = "Active attack, SASC protocol, Smart card",

author = "Heeyoul Kim and Younho Lee and Hong, \{Seong Min\} and Hyunsoo Yoon",

year = "2006",

language = "English",

volume = "2",

pages = "105--110",

journal = "International Journal of Network Security",

issn = "1816-353X",

number = "2",

}

TY - JOUR

T1 - Active trial-and-error attack on SASC protocols

AU - Kim, Heeyoul

AU - Lee, Younho

AU - Hong, Seong Min

AU - Yoon, Hyunsoo

PY - 2006

Y1 - 2006

N2 - SASC (Server-Aided Secret Computation) protocols enable a client (a smart card) to borrow computing power from a server (e.g., an untrustworthy auxiliary device like an ATM) without revealing its secret information. In this paper, we propose a new active attack on server-aided secret computation protocols. We describe our attack by using Beguin and Quisquater's protocol. (We modify the protocol in order to immunize it against Nguyen and Stern's lattice reduction attack.) The proposed attack reduces the search space P to 1/p + pP, where 0 < p < 1. It is 2√ P for optimal p. Practically, it effectively threatens SASC protocols because an attacker can choose an appropriate value p according to the situation. Therefore, the security parameters in the existing SASC protocols must be reconsidered.

AB - SASC (Server-Aided Secret Computation) protocols enable a client (a smart card) to borrow computing power from a server (e.g., an untrustworthy auxiliary device like an ATM) without revealing its secret information. In this paper, we propose a new active attack on server-aided secret computation protocols. We describe our attack by using Beguin and Quisquater's protocol. (We modify the protocol in order to immunize it against Nguyen and Stern's lattice reduction attack.) The proposed attack reduces the search space P to 1/p + pP, where 0 < p < 1. It is 2√ P for optimal p. Practically, it effectively threatens SASC protocols because an attacker can choose an appropriate value p according to the situation. Therefore, the security parameters in the existing SASC protocols must be reconsidered.

KW - Active attack

KW - SASC protocol

KW - Smart card

UR - https://www.scopus.com/pages/publications/79953900066

M3 - Article

AN - SCOPUS:79953900066

SN - 1816-353X

VL - 2

SP - 105

EP - 110

JO - International Journal of Network Security

JF - International Journal of Network Security

IS - 2

ER -

Active trial-and-error attack on SASC protocols

Abstract

Keywords

Other files and links

Fingerprint

Cite this