Abstract: Developers use cryptographic APIs in Android with the intent of securing data such as passwords and personal information on mobile devices. In this paper, we ask whether developers use the cryptographic APIs in a fashion that provides typical cryptographic notions of security, e.g., IND-CPA security. We develop program analysis techniques to automatically check programs on the Google Play marketplace, and find that 10.327 out of 11,748 applications that use cryptographic APIs -- 88% overall -- make at least one mistake. These numbers show that applications do not use cryptographic APIs in a fashion that maximizes overall security. We then suggest specific remediations based on our analysis towards improving overall cryptographic security in Android applications.

Abstract: Order-preserving encryption - an encryption scheme where the sort order of ciphertexts matches the sort order of the corresponding plaintexts - allows databases and other applications to process queries involving order over encrypted data efficiently. The ideal security guarantee for order-preserving encryption put forth in the literature is for the ciphertexts to reveal no information about the plaintexts besides order. Even though more than a dozen schemes were proposed, all these schemes leak more information than order. This paper presents the first order-preserving scheme that achieves ideal security. Our main technique is mutable ciphertexts, meaning that over time, the ciphertexts for a small number of plaintext values change, and we prove that mutable ciphertexts are needed for ideal security. Our resulting protocol is interactive, with a small number of interactions. We implemented our scheme and evaluated it on microbenchmarks and in the context of an encrypted MySQL database application. We show that in addition to providing ideal security, our scheme achieves 1 - 2 orders of magnitude higher performance than the state-of-the-art order-preserving encryption scheme, which is less secure than our scheme.

Abstract: The Internet of Things (IoT) enables a wide range of application scenarios with potentially critical actuating and sensing tasks, eg, in the e-health domain For communication at the application layer, resource-constrained devices are expected to employ the constrained application protocol (CoAP) that is currently being standardized at the Internet Engineering Task Force To protect the transmission of sensitive information, secure CoAP mandates the use of datagram transport layer security (DTLS) as the underlying security protocol for authenticated and confidential communication DTLS, however, was originally designed for comparably powerful devices that are interconnected via reliable, high-bandwidth links In this paper, we present Lithe-an integration of DTLS and CoAP for the IoT With Lithe, we additionally propose a novel DTLS header compression scheme that aims to significantly reduce the energy consumption by leveraging the 6LoWPAN standard Most importantly, our proposed DTLS header compression scheme does not compromise the end-to-end security properties provided by DTLS Simultaneously, it considerably reduces the number of transmitted bytes while maintaining DTLS standard compliance We evaluate our approach based on a DTLS implementation for the Contiki operating system Our evaluation results show significant gains in terms of packet size, energy consumption, processing time, and network-wide response times when compressed DTLS is enabled

Abstract: With the recent adoption and diffusion of the data sharing paradigm in distributed systems such as online social networks or cloud computing, there have been increasing demands and concerns for distributed data security. One of the most challenging issues in data sharing systems is the enforcement of access policies and the support of policies updates. Ciphertext policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution to this issue. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. However, the advantage comes with a major drawback which is known as a key escrow problem. The key generation center could decrypt any messages addressed to specific users by generating their private keys. This is not suitable for data sharing scenarios where the data owner would like to make their private data only accessible to designated users. In addition, applying CP-ABE in the data sharing system introduces another challenge with regard to the user revocation since the access policies are defined only over the attribute universe. Therefore, in this study, we propose a novel CP-ABE scheme for a data sharing system by exploiting the characteristic of the system architecture. The proposed scheme features the following achievements: 1) the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the key generation center and the data-storing center, and 2) fine-grained user revocation per each attribute could be done by proxy encryption which takes advantage of the selective attribute group key distribution on top of the ABE. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the data distributed in the data sharing system.

Abstract: The security and privacy preservation issues are prerequisites for vehicular ad hoc networks. Recently, secure and privacy enhancing communication schemes (SPECS) was proposed and focused on intervehicle communications. SPECS provided a software-based solution to satisfy the privacy requirement and gave lower message overhead and higher successful rate than previous solutions in the message verification phase. SPECS also presented the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles. Unfortunately, we find out that SPECS is vulnerable to impersonation attack. SPECS has a flow such that a malicious vehicle can force arbitrary vehicles to broadcast fake messages to other vehicles or even a malicious vehicle in the group can counterfeit another group member to send fake messages securely among themselves. In this paper, we provide a secure scheme that can achieve the security and privacy requirements, and overcome the weaknesses of SPECS. Moreover, we show the efficiency merits of our scheme through performance evaluations in terms of verification delay and transmission overhead.

Abstract: In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.

Abstract: We present Heart-to-Heart (H2H), a system to authenticate external medical device controllers and programmers to Implantable Medical Devices (IMDs). IMDs, which include pacemakers and cardiac defibrillators, are therapeutic medical devices partially or wholly embedded in the human body. They often have built-in radio communication to facilitate non-invasive reprogramming and data readout. Many IMDs, though, lack well designed authentication protocols, exposing patients to over-the-air attack and physical harm.H2H makes use of ECG (heartbeat data) as an authentication mechanism, ensuring access only by a medical instrument in physical contact with an IMD-bearing patient. Based on statistical analysis of real-world data, we propose and analyze new techniques for extracting time-varying randomness from ECG signals for use in H2H. We introduce a novel cryptographic device pairing protocol that uses this randomness to protect against attacks by active adversaries, while meeting the practical challenges of lightweight implementation and noise tolerance in ECG readings. Finally, we describe an end-to-end implementation in an ARM-Cortex M-3 microcontroller that demonstrates the practicality of H2H in current IMD hardware.Previous schemes have had goals much like those of H2H, but with serious limitations making them unfit for deployment---such as naively designed cryptographic pairing protocols (some of them recently broken). In addition to its novel analysis and use of ECG entropy, H2H is the first physiologically-based IMD device pairing protocol with a rigorous adversarial model and protocol analysis.

Abstract: We propose to establish a secure communication channel among devices based on similar audio patterns. Features from ambient audio are used to generate a shared cryptographic key between devices without exchanging information about the ambient audio itself or the features utilized for the key generation process. We explore a common audio-fingerprinting approach and account for the noise in the derived fingerprints by employing error correcting codes. This fuzzy-cryptography scheme enables the adaptation of a specific value for the tolerated noise among fingerprints based on environmental conditions by altering the parameters of the error correction and the length of the audio samples utilized. In this paper, we experimentally verify the feasibility of the protocol in four different realistic settings and a laboratory experiment. The case studies include an office setting, a scenario where an attacker is capable of reproducing parts of the audio context, a setting near a traffic loaded road, and a crowded canteen environment. We apply statistical tests to show that the entropy of fingerprints based on ambient audio is high. The proposed scheme constitutes a totally unobtrusive but cryptographically strong security mechanism based on contextual information.

Abstract: TLS is possibly the most used protocol for secure communications, with a 18-year history of flaws and fixes, ranging from its protocol logic to its cryptographic design, and from the Internet standard to its diverse implementations. We develop a verified reference implementation of TLS 1.2. Our code fully supports its wire formats, ciphersuites, sessions and connections, re-handshakes and resumptions, alerts and errors, and data fragmentation, as prescribed in the RFCs; it interoperates with mainstream web browsers and servers. At the same time, our code is carefully structured to enable its modular, automated verification, from its main API down to computational assumptions on its cryptographic algorithms. Our implementation is written in F# and specified in F7. We present security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake. We describe their verification using the F7 typechecker. To this end, we equip each cryptographic primitive and construction of TLS with a new typed interface that captures its security properties, and we gradually replace concrete implementations with ideal functionalities. We finally typecheck the protocol state machine, and obtain precise security theorems for TLS, as it is implemented and deployed. We also revisit classic attacks and report a few new ones.

Abstract: In recent years, PUF-based schemes have not only been suggested for the basic security tasks of tamper sensitive key storage or system identification, but also for more complex cryptographic protocols like oblivious transfer (OT), bit commitment (BC), or key exchange (KE). In these works, so-called "Strong PUFs" are regarded as a new, fundamental cryptographic primitive of their own, comparable to the bounded storage model, quantum cryptography, or noisebased cryptography. This paper continues this line of research, investigating the correct adversarial attack model and the actual security of such protocols. In its first part, we define and compare different attack models. They reach from a clean, first setting termed the "stand-alone, good PUF model" to stronger scenarios like the "bad PUF model" and the "PUF re-use model". We argue why these attack models are realistic, and that existing protocols would be faced with them if used in practice. In the second part, we execute exemplary security analyses of existing schemes in the new attack models. The evaluated protocols include recent schemes from Brzuska et al. published at Crypto 2011 [1] and from Ostrovsky et al. [18]. While a number of protocols are certainly secure in their own, original attack models, the security of none of the considered protocols for OT, BC, or KE is maintained in all of the new, realistic scenarios. One consequence of our work is that the design of advanced cryptographic PUF protocols needs to be strongly reconsidered. Furthermore, it suggests that Strong PUFs require additional hardware properties in order to be broadly usable in such protocols: Firstly, they should ideally be "erasable", meaning that single PUF-responses can be erased without affecting other responses. If the area efficient implementation of this feature turns out to be difficult, new forms of Controlled PUFs [8] (such as Logically Erasable and Logically Reconfigurable PUFs [13]) may suffice in certain applications. Secondly, PUFs should be "certifiable", meaning that one can verify that the PUF has been produced faithfully and has not been manipulated in any way afterwards. The combined implementation of these features represents a pressing and challenging problem, which we pose to the PUF hardware community in this work.

Abstract: Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense in depth against active attacks. SecureArray's novel signal processing techniques leverage multi-antenna access point (AP) to profile the directions at which a client's signals arrive, using this angle-of-arrival (AoA) information to construct highly sensitive signatures that with very high probability uniquely identify each client. Upon overhearing a suspicious transmission, the client and AP initiate an AoA signature-based challenge-response protocol to confirm and mitigate the threat. We also discuss how SecureArray can mitigate direct denial-of-service attacks on the latest 802.11 wireless security protocol. We have implemented SecureArray with an eight-antenna WARP hardware radio acting as the AP. Our experimental results show that in a busy office environment, SecureArray is orders of magnitude more accurate than current techniques, mitigating 100% of WiFi spoofing attack attempts while at the same time triggering false alarms on just 0.6% of legitimate traffic. Detection rate remains high when the attacker is located only five centimeters away from the legitimate client, for AP with fewer numbers of antennas and when client is mobile.

Abstract: This document specifies the foundational U-Prove cryptographic protocols. It allows developers to create interoperable implementations of U-Prove protocol participants. It has been released under the Open Specification Promise (http://www.microsoft.com/openspecifications/en/us/programs/osp/default.aspx)

Abstract: This article presents a tutorial overview of the application of techniques of secure two-party computation (also known as secure function evaluation) to biometric identification. These techniques enable to compute biometric identification algorithms while maintaining the privacy of the biometric data. This overview considers the main tools of secure two-party computations such as homomorphic encryption, garbled circuits (GCs), and oblivious transfers (OTs) and intends to give clues on the best practices to secure a biometric identification protocol. It also presents recent trends in privacy-preserving biometric identification that aim at making it usable in real-life applications.

Abstract: After giving general context on the verification of security protocols, we focus on the automatic symbolic protocol verifier ProVerif. This verifier can prove secrecy, authentication, and observational equivalence properties of security protocols, for an unbounded number of sessions of the protocol. It supports a wide range of cryptographic primitives defined by rewrite rules or by equations. The tool takes as input a description of the protocol to verify in a process calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol into an abstract representation of the protocol by Horn clauses, and determines whether the desired security properties hold by resolution on these clauses.

Abstract: Ideally, security protocol implementations should be formally verified before they are deployed. However, this is not true in practice. Numerous high-profile vulnerabilities have been found in web authentication protocol implementations, especially in single-sign on (SSO) protocols implementations recently. Much of the prior work on authentication protocol verification has focused on theoretical foundations and building scalable verification tools for checking manually-crafted specifications [17, 18, 44]. In this paper, we address a complementary problem of automatically extracting specifications from implementations. We propose AUTHSCAN, an end-to-end platform to automatically recover authentication protocol specifications from their implementations. AUTHSCAN finds a total of 7 security vulnerabilities using off-the-shelf verification tools in specifications it recovers, which include SSO protocol implementations and custom web authentication logic of web sites with millions of users.

Abstract: Secure multiparty computation enables a set of users to evaluate certain functionalities on their respective inputs while keeping these inputs encrypted throughout the computation. In many applications, however, outsourcing these computations to an untrusted server is desirable, so that the server can perform the computation on behalf of the users. Unfortunately, existing solutions are either inefficient, rely heavily on user interaction, or require the inputs to be encrypted under the same public key - drawbacks making the employment in practice very limited. We propose a novel technique based on additively homomorphic encryption that avoids all these drawbacks. This method is efficient, requires no user interaction whatsoever (except for data upload and download), and allows evaluating any dynamically chosen function on inputs encrypted under different public keys. Our solution assumes the existence of two non-colluding but untrusted servers that jointly perform the computation by means of a cryptographic protocol. This protocol is proven to be secure in the semi-honest model. By developing application-tailored variants of our approach, we demonstrate its versatility and apply it in two real-world scenarios from different domains, privacy-preserving face recognition and private smart metering. We also give a proof-of-concept implementation to highlight its feasibility.

Abstract: Existing work on "rational cryptographic protocols" treats each party (or coalition of parties) running the protocol as a selfish agent trying to maximize its utility. In this work we propose a fundamentally different approach that is better suited to modeling a protocol under attack from an external entity. Specifically, we consider a two-party game between an protocol designer and an external attacker. The goal of the attacker is to break security properties such as correctness or privacy, possibly by corrupting protocol participants; the goal of the protocol designer is to prevent the attacker from succeeding. We lay the theoretical groundwork for a study of cryptographic protocol design in this setting by providing a methodology for defining the problem within the traditional simulation paradigm. Our framework provides ways of reasoning about important cryptographic concepts (e.g., adaptive corruptions or attacks on communication resources) not handled by previous game-theoretic treatments of cryptography. We also prove composition theorems that-for the first time-provide a sound way to design rational protocols assuming "ideal communication resources" (such as broadcast or authenticated channels) and then instantiate these resources using standard cryptographic tools. Finally, we investigate the problem of secure function evaluation in our framework, where the attacker has to pay for each party it corrupts. Our results demonstrate how knowledge of the attacker's incentives can be used to circumvent known impossibility results in this setting.

Abstract: We describe an encrypted communication principle that can form a perfectly secure link between two parties without electronically saving either of their keys. Instead, cryptographic key bits are kept safe within the unique mesoscopic randomness of two volumetric scattering materials. We demonstrate how a shared set of patterned optical probes can generate 10 gigabits of statistically verified randomness between a pair of unique 2 cubic millimeter scattering objects. This shared randomness is used to facilitate information-theoretically secure communication following a modified one-time pad protocol. Benefits of volumetric physical storage over electronic memory include the inability to probe, duplicate or selectively reset any random bits without fundamentally altering the entire key space. Beyond the demonstrated communication scheme, our ability to securely couple the randomness contained within two unique physical objects may help strengthen the hardware for a large class of cryptographic protocols, which is currently a critically weak link in the security pipeline of our increasingly mobile communication culture.

Abstract: In this article, we present a security protocol for advanced metering infrastructure in smart grid. We consider various security vulnerabilities of deploying AMI, and explore the issues related to confidentiality for user privacy and behavior as well as message authentication for meter reading and control messages. After surveying the existing security solutions in this area, we propose a new protocol, Integrated Authentication and Confidentiality (IAC), to provide efficient secure AMI communications in smart grid. With the help of IAC, an AMI system can provide trust services, data privacy, and integrity by mutual authentications whenever a new smart meter initiates and joins the smart grid AMI network. Data integrity and confidentiality are fulfilled through message authentication and encryption services, using the corresponding keys established in mutual authentications. Simulation and analytical results show that the proposed IAC protocol has better performance in terms of end-to-end delay and packet loss than a basic security scheme. Additionally, it can also facilitate efficient secure data collection and control message delivery between smart meters and a local collector for AMI communications in a smart grid.

Abstract: EasyCrypt is a tool-assisted framework for reasoning about probabilistic computations in the presence of adversarial code, whose main application has been the verification of security properties of cryptographic constructions in the computational model. We report on a significantly enhanced version of EasyCrypt that accommodates a richer, user-extensible language of probabilistic expressions and, more fundamentally, supports reasoning about approximate forms of program equivalence. This enhanced framework allows us to express a broader range of security properties, that notably include approximate and computational differential privacy. We illustrate the use of the framework by verifying two protocols: a two-party protocol for computing the Hamming distance between bit-vectors, yielding two-sided privacy guarantees; and a novel, efficient, and privacy-friendly distributed protocol to aggregate smart meter readings into statistics and bills.

Abstract: Trusted Platform Modules (TPM) are multipurpose hardware chips, which provide support for various cryptographic functions. Flexibility, scalability and high performance are critical features for a TPM. In this paper, we present the new method for implementing digital signatures that has been included in TPM version 2.0. The core part of this method is a single TPM signature primitive, which can be called by different software programmes, in order to implement signature schemes and cryptographic protocols with different security and privacy features. We prove security of the TPM signature primitive under the static Diffie-Hellman assumption and the random oracle model. We demonstrate how to call this TPM signature primitive to implement anonymous signatures (Direct Anonymous Attestation), pseudonym systems (U-Prove), and conventional signatures (the Schnorr signature). To the best of our knowledge, this is the first signature primitive implemented in a limited hardware environment capable of supporting various signature schemes without adding additional hardware complexity compared to a hardware implementation of a conventional signature scheme.

Abstract: This paper is motivated by the observation that existing security models for direct anonymous attestation (DAA) have problems to the extent that insecure protocols may be deemed secure when analysed under these models. This is particularly disturbing as DAA is one of the few complex cryptographic protocols resulting from recent theoretical advances actually deployed in real life. Moreover, standardization bodies are currently looking into designing the next generation of such protocols. Our first contribution is to identify issues in existing models for DAA and explain how these errors allow for proving security of insecure protocols. These issues are exhibited in all deployed and proposed DAA protocols (although they can often be easily fixed). Our second contribution is a new security model for a class of "pre-DAA scheme", that is, DAA schemes where the computation on the user side takes place entirely on the trusted platform. Our model captures more accurately than any previous model the security properties demanded from DAA by the trusted computing group (TCG), the group that maintains the DAA standard. Extending the model from pre-DAA to full DAA is only a matter of refining the trust models on the parties involved. Finally, we present a generic construction of a DAA protocol from new building blocks tailored for anonymous attestation. Some of them are new variations on established ideas and may be of independent interest. We give instantiations for these building blocks that yield a DAA scheme more efficient than the one currently deployed, and as efficient as the one about to be standardized by the TCG which has no valid security proof.

Abstract: We present an anonymous authentication and verification scheme for the IEEE Wireless Access in Vehicular Communications (WAVE)-based vehicular ad hoc networks (VANETs). Our contribution includes vehicular message authentication and an efficient prioritized verification strategy for periodic road safety messages. A variation of elliptic curve digital signature algorithm (ECDSA) is used in combination with the identity-based (ID-based) signature, where current position information on a vehicle is utilized as the ID of the corresponding vehicle. This waives the need for a third-party public key certificate for message authentication in VANETs. A high-density road traffic condition poses a challenge for authentication of vehicular messages since the required verification time is often much longer than the average interarrival time. To mitigate the issue, messages of each traffic class are verified following the VANET's medium access control (MAC) layer priorities and the application relevance of individual safety messages. Performance analysis and simulation results have shown that our approach is secure, privacy preserving, scalable, and resource efficient.

Abstract: This study proposes a three-factor control protocol for universal serial bus (USB) on an elliptic curve cryptosystem (ECC). USB is a universal interface used in an enormous number of devices. It has become the most popular interface standard for computer connections. However, since USB provides high transmission speed and is very convenient to carry, many workplace and commercial establishments have prohibited their employees from using USB devices. This precaution is an important way to prevent confidential data leaks via USB devices, as USB connections lack security management. Therefore the authors use a three-factor control protocol to ensure the security of USB connections. The proposed authentication protocol combines biometric, password and smart card to provide high security on the USB mutual authentication. To provide secure and efficient transmission between the user and the USB server, the proposed protocol adopts ECC to encrypt data. Compared to other encryption methods, the proposed protocol uses much smaller key sizes. As a further benefit, this protocol reduces the smart card computational cost and provides an efficient transmission for USB devices. This new scheme improves the security, efficiency and usability of the authentication process. More studies on USB are needed.

Abstract: A wide-area measurement system (WAMS) is a system that provides a time-synchronized view of electrical conditions over a large geographical area, thereby enhancing the situational awareness of the energy management system of a power grid. With this enhanced situational awareness, utilities would be able to react promptly to contingencies, and prevent large-scale blackouts. To secure WAMS communications, we propose WAMS key management (WAKE), a comprehensive key management scheme targeting a concrete set of security objectives derived from NIST's security impact level ratings. For security objectives involving unicast, WAKE employs industry- standard security protocols. For security objectives involving multicast, we show the scheme standardized by the IEC is inadequate, and identify multicast authentication as a requirement. We investigate two recent multicast authentication schemes designed for power grid communications: TV-HORS and tunable signing and verification (TSV), which supposedly improves on TV-HORS. We show that TSV is vulnerable, and propose a patched version of TSV called TSV+. Systematic comparison of TV-HORS and TSV+ shows that TV-HORS provides significantly more efficient signing and verification for the same security level at the expense of signature size. Consequently, TV-HORS is chosen as part of WAKE for multicast authentication.

Abstract: Key management in wireless sensor networks faces several unique challenges. The scale, resource limitations, and new threats such as node capture suggest the use of in-network key generation. However, the cost of such schemes is often high because their security is based on computational complexity. Recently, several research contributions justified experimentally that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during device movement, a bit string is derived known only to the two involved entities. Yet, movement is not the only option to generate randomness: the channel response strongly depends on the signal frequency as well. In this work, we introduce a key generation protocol based on the frequency-selectivity of multipath fading channels. The practical advantage of this approach is that it does not require device movement during key establishment. Thus the frequent case of a sensor network with static nodes is supported. We show the protocol's applicability by implementing it on MICAz motes, and evaluating its robustness and security through experiments and analysis. The error correction property of the protocol mitigates the effects of measurement errors and temporal effects, giving rise to an agreement rate of over 97 %.

Abstract: Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, selfblindable credentials, and group signatures vary largely in the features they offer and in how these features are realized. Some features such as revocation or de-anonymization even require the combination of several cryptographic protocols. These differences and the complexity of the cryptographic protocols hinder the deployment of these mechanisms for practical applications and also make it almost impossible to switch the underlying cryptographic algorithms once the application has been designed. In this paper, we aim to overcome this issue and simplify both the design and deployment of privacy-friendly authentication mechanisms. We define and unify the concepts and features of privacy-preserving attribute-based credentials (Privacy-ABCs) and provide a language framework in XML schema. Our language framework enables application developers to use Privacy-ABCs with all their features without having to consider the specifics of the underlying cryptographic algorithms—similar to as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.

Abstract: Smart grid has many advantages compared with the traditional power grid, and will soon become new infrastructure for power generation, delivery, and management. However, beside those positive promising, security for smart gird has been emerging as an important issue, since the smart grid will be a combination of many kinds of systems and security protocols that cover the whole system are still not complete. In this paper, we focus on replay attacks, which could be one of the most popular security attacks in smart grid systems. In particular, we propose a new detection scheme for replay attacks based on a solution originally developed for a control system.