Source author record

Shaoquan Jiang

Shaoquan Jiang appears in the imported research catalog. Authorship, coauthor and topic links are available while profile ownership is still unclaimed.

ResearcherUnclaimed source record

Cryptography and Security Information Theory math.IT

Catalog footprint

What is connected

3works

3topics

2close collaborators

Actions

Connect this record

Open graph Browse works

Inspect adjacent papers, topics, institutions and collaborators without losing the researcher page.

Building this map preview

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2015arXiv

Message Authentication Code over a Wiretap Channel

Message Authentication Code (MAC) is a keyed function $f_K$ such that when Alice, who shares the secret $K$ with Bob, sends $f_K(M)$ to the latter, Bob will be assured of the integrity and authenticity of $M$. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability $2^{-\frac{H(K)}{\ell+1}}$ after authenticating $\ell$ messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) $W_1$ and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC $W_2$ and with Bob through a noiseless channel. In this setting, we study the framework that sends $M$ over the noiseless channel and the traditional MAC $f_K(M)$ over channel $(W_1, W_2)$. We regard the noisy channel as an expensive resource and define the authentication rate $ρ_{auth}$ as the ratio of message length to the number $n$ of channel $W_1$ uses. The security of this framework depends on the channel coding scheme for $f_K(M)$. A natural coding scheme is to use the secrecy capacity achieving code of Csiszár and Körner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher $ρ_{auth}.$ Our crucial point for this is that in the secrecy capacity setting, Bob needs to recover $f_K(M)$ while in our coding scheme this is not necessary. How to detect the attack without recovering $f_K(M)$ is the main contribution of this work. We achieve this through random coding techniques.

preprint2014arXiv

On the Optimality of Keyless Authentication in a Noisy Model

We further study the keyless authentication problem in a noisy model in our previous work, where no secret setup is available for sender Alice and receiver Bob while there is DMC $W_1$ from Alice to Bob and a two-way noiseless but insecure channel between them. We propose a construction such that the message length over DMC $W_1$ does not depend on the size of the source space. If the source space is ${\cal S}$ and the number of channel $W_1$ uses is $n$, then our protocol only has a round complexity of $\log^*|{\cal S}|-\log^*n+4.$ In addition, we show that the round complexity of any secure protocol in our model is lower bounded by $\log^*|{\cal S}|-\log^* n-5$. We also obtain a lower bound on the success probability when the message size on DMC $W_1$ is given. Finally, we derive the capacity for a non-interactive authentication protocol under general DMCs, which extends the result under BSCs in our previous work.

preprint2010arXiv

Persistent Asymmetric Password-Based Key Exchange

Asymmetric password based key exchange is a key exchange protocol where a client and a server share a low entropic password while the server additionally owns a high entropic secret for a public key. There are simple solutions for this (e.g. Halevi and Krawczyk (ACM TISSEC 1999) and its improvement by Boyarsky (CCS 1999)). In this paper, we consider a new threat to this type of protocol: if a server's high entropic secret gets compromised (e.g., due to cryptanalysis, virus attack or a poor management), the adversary might {\em quickly} break lots of passwords and cause uncountable damage. In this case, one should not expect the protocol to be secure against an off-line dictionary attack since, otherwise, the protocol is in fact a secure password-only key exchange where the server also only has a password (by making the server high entropic secret public). Of course a password-only key exchange does not suffer from this threat as the server does not have a high entropic secret at all. However, known password-only key exchange are not very efficient (note: we only consider protocols without random oracles). This motivates us to study efficient and secure asymmetric password key exchange that avoids the new threat. In this paper, we first provide a formal model for the new threat, where essentially we require that the active adversary can break $\ell$ passwords in $α\ell |{\cal D}|$ steps (for $α<1/2$) only with a probability negligibly close to $\exp(-β\ell)$ for some $β>0$. Then, we construct a framework of asymmetric password based key exchange. We prove that our protocol is secure in the usual sense. We also show that it prevents the new threat. To do this, we introduce a new technique by abstracting a probabilistic experiment from the main proof and providing a neat analysis of it.