Abstract
By exploiting the inherent randomness used by certain digital signature protocols, subliminal channels can subvert these protocols without degrading their security. Due to their nature, these channels cannot be easily detected by an outside observer. Therefore, they pose a severe challenge for protocol designers. More precisely, designers consider certain assumptions implicitly, but in reality these assumptions turn out to be false or cannot be enforced or verified. In this paper we exemplify exactly such a situation by presenting several subliminal channels with a small capacity in Zhang et al. and Dong et al.’s subliminal-free signature protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In [6] a fail-stop channel is described, but it can be easily detected due to the protocol being implemented in devices with limited computational power.
- 2.
- 3.
References
Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: ACM-CCS 2015, pp. 364–375. ACM (2015)
Bohli, J.-M., González Vasco, M.I., Steinwandt, R.: A subliminal-free variant of ECDSA. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 375–387. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74124-4_25
Choi, J.Y., Golle, P., Jakobsson, M.: Tamper-evident digital signature protecting certification authorities against malware. In: DASC 2006, pp. 37–44. IEEE (2006)
Desmedt, Y.: Simmons’ protocol is not free of subliminal channels. In: Ninth IEEE Computer Security Foundations Workshop, pp. 170–175. IEEE (1996)
Dong, Q., Xiao, G.: A subliminal-free variant of ECDSA using interactive protocol. In: ICEEE 2010, pp. 1–3. IEEE (2010)
Hanzlik, L., Kluczniak, K., Kutyłowski, M.: Controlled randomness – a defense against backdoors in cryptographic devices. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 215–232. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_11
Horster, P., Michels, M., Petersen, H.: Subliminal Channels in Digital Logarithm Based Signature Schemes and How to Avoid Them. Technical Report TR-94-13 (1994)
Lampson, B.W.: A Note on the Confinement Problem. Commun. ACM 16(10), 613–615 (1973)
Paverd, A.J., Martin, A., Brown, I.: Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries. Technical report (2014)
Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34–64. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_2
Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Generic semantic security against a kleptographic adversary. In: ACM-CCS 2017, pp. 907–922. ACM (2017)
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: CRYPTO 1983, pp. 51–67. Plenum Press, New York (1983)
Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39757-4_25
Simmons, G.J.: An introductions to the mathematics of trust in security protocols. In: CSFW 1993, pp. 121–127. IEEE (1993)
Simmons, G.J.: Subliminal communication is easy using the DSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 218–232. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_18
Simmons, G.J.: Cryptanalysis and protocol failures. Commun. ACM 37(11), 56–65 (1994)
Simmons, G.J.: Subliminal channels; past and present. Eur. Trans. Telecommun. 5(4), 459–474 (1994)
Simmons, G.J.: Results concerning the bandwidth of subliminal channels. IEEE J. Sel. Areas Commun. 16(4), 463–473 (1998)
Teşeleanu, G.: Subliminal hash channels. In: Gueye, C.T., Persichetti, E., Cayrel, P.-L., Buchmann, J. (eds.) A2C 2019. CCIS, vol. 1133, pp. 149–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36237-9_9
Chuan-Kun, W.: Hash channels. Comput. Secur. 24(8), 653–661 (2005)
Zhang, Y., Li, H., Li, X., Zhu, H.: Provably secure and subliminal-free variant of schnorr signature. In: Mustofa, K., Neuhold, E.J., Tjoa, A.M., Weippl, E., You, I. (eds.) ICT-EurAsia 2013. LNCS, vol. 7804, pp. 383–391. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36818-9_42
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Teşeleanu, G. (2021). Communicating Through Subliminal-Free Signatures. In: Tuveri, N., Michalas, A., Brumley, B.B. (eds) Secure IT Systems. NordSec 2021. Lecture Notes in Computer Science(), vol 13115. Springer, Cham. https://doi.org/10.1007/978-3-030-91625-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-91625-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91624-4
Online ISBN: 978-3-030-91625-1
eBook Packages: Computer ScienceComputer Science (R0)