Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2012.0046
Xiaotian Wu, Wei Sun
Visual secret sharing (VSS) is a way to protect a secret image among a group of participants by using the notions of perfect ciphers and secret sharing. However, each share generated by conventional VSS is m times as big as the original secret image, where m is called pixel expansion. Random grid (RG) is an alternative approach to implement VSS without pixel expansion. However, reported RG-based VSS methods are threshold schemes. In this study, RG-based VSS for general access structures is presented. Secret image is encoded into n RGs while qualified sets can recover the secret visually and forbidden sets cannot. The proposed scheme is a generalisation of the threshold methods, where those reported RG-based schemes can be considered as the special cases of the proposed scheme. Experimental results are provided, demonstrating the effectiveness and advantages of the proposed scheme.
{"title":"Visual secret sharing for general access structures by random grids","authors":"Xiaotian Wu, Wei Sun","doi":"10.1049/iet-ifs.2012.0046","DOIUrl":"https://doi.org/10.1049/iet-ifs.2012.0046","url":null,"abstract":"Visual secret sharing (VSS) is a way to protect a secret image among a group of participants by using the notions of perfect ciphers and secret sharing. However, each share generated by conventional VSS is m times as big as the original secret image, where m is called pixel expansion. Random grid (RG) is an alternative approach to implement VSS without pixel expansion. However, reported RG-based VSS methods are threshold schemes. In this study, RG-based VSS for general access structures is presented. Secret image is encoded into n RGs while qualified sets can recover the secret visually and forbidden sets cannot. The proposed scheme is a generalisation of the threshold methods, where those reported RG-based schemes can be considered as the special cases of the proposed scheme. Experimental results are provided, demonstrating the effectiveness and advantages of the proposed scheme.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"74 1","pages":"299-309"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80631509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2011.0221
Martin Ågren, Martin Hell, T. Johansson
We consider hardware-oriented message authentication, more specifically universal hash functions. We propose a new type of constructions that appear promising. These constructions are based on the framework of universal hash functions, Toeplitz matrices and epsilon-biased sample spaces. Some new theoretical results in this area are derived. The new constructions come at the price of not being able to prove the exact substitution probability. The expected probability is examined both through theoretical methods as well as through simulation.
{"title":"On hardware-oriented message authentication","authors":"Martin Ågren, Martin Hell, T. Johansson","doi":"10.1049/iet-ifs.2011.0221","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0221","url":null,"abstract":"We consider hardware-oriented message authentication, more specifically universal hash functions. We propose a new type of constructions that appear promising. These constructions are based on the framework of universal hash functions, Toeplitz matrices and epsilon-biased sample spaces. Some new theoretical results in this area are derived. The new constructions come at the price of not being able to prove the exact substitution probability. The expected probability is examined both through theoretical methods as well as\u0000through simulation.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"4 1","pages":"329-336"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83401461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2011.0139
Haibo Tian
This study shows how to use signature schemes for deniable authentication. Deniable authentication means that a message receiver R, although receiving a message m from a sender S, cannot convince a third party that the sender S has sent R the message m. If signature schemes are secure against selective forgery, the authors can construct a full deniable authentication protocol. The protocol is presented in the extension framework of Raimondo et al. as a deniable message transmission authenticator.
{"title":"Deniable message transmission authenticator based on weak signature schemes","authors":"Haibo Tian","doi":"10.1049/iet-ifs.2011.0139","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0139","url":null,"abstract":"This study shows how to use signature schemes for deniable authentication. Deniable authentication means that a message receiver R, although receiving a message m from a sender S, cannot convince a third party that the sender S has sent R the message m. If signature schemes are secure against selective forgery, the authors can construct a full deniable authentication protocol. The protocol is presented in the extension framework of Raimondo et al. as a deniable message transmission authenticator.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"64 1","pages":"258-263"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87724295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/IET-IFS.2011.0347
Yung-Wei Kao, Xin Zhang, Ahren Studer, A. Perrig
Based on the advances in laptop technologies and the mobility characteristics, laptops have become a vital device used at various places. Usually, numerous sensitive files such as credit card numbers and Web cookies are stored on laptops for convenient usage. However, if a laptop is stolen, the data stored on it is easily leaked; which may cause serious consequences. Encrypting files by encryption keys is a general solution; however, if the decryption keys are also stored on laptops, the files can also be decrypted by adversaries easily. To solve this problem, this paper proposes the Mobile Encryption for Laptop data Protection (MELP) system. MELP includes the design of an online server and mobile phone, and encrypts each sensitive file by a file system encryption key, which is further sequentially encrypted twice by the phone's and server's encryption keys. The reason of adopting a mobile phone is that at least one simple confirmation of execution must be performed by a user, and the reason of adopting an online server is that if both user's laptop and mobile phone are stolen, users can still disable the online decryption process on the server.
{"title":"Mobile encryption for laptop data protection (MELP)","authors":"Yung-Wei Kao, Xin Zhang, Ahren Studer, A. Perrig","doi":"10.1049/IET-IFS.2011.0347","DOIUrl":"https://doi.org/10.1049/IET-IFS.2011.0347","url":null,"abstract":"Based on the advances in laptop technologies and the mobility characteristics, laptops have become a vital device used at various places. Usually, numerous sensitive files such as credit card numbers and Web cookies are stored on laptops for convenient usage. However, if a laptop is stolen, the data stored on it is easily leaked; which may cause serious consequences. Encrypting files by encryption keys is a general solution; however, if the decryption keys are also stored on laptops, the files can also be decrypted by adversaries easily. To solve this problem, this paper proposes the Mobile Encryption for Laptop data Protection (MELP) system. MELP includes the design of an online server and mobile phone, and encrypts each sensitive file by a file system encryption key, which is further sequentially encrypted twice by the phone's and server's encryption keys. The reason of adopting a mobile phone is that at least one simple confirmation of execution must be performed by a user, and the reason of adopting an online server is that if both user's laptop and mobile phone are stolen, users can still disable the online decryption process on the server.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"50 1","pages":"291-298"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75274794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2010.0230
Y. Yang, J. Gu, C. Lv, Qi Jiang, W. Ma
The authors describe three attacks against an efficient lightweight mutual authentication protocol recently proposed by Kulseng et al. These attacks are unique as they are closely related and must be performed in order, one after another. They break the untraceability, confidentiality and mutual authentication properties of the protocol, and show, for the first time, that breaking the privacy property may lead to attacks on the security properties of radio frequency identification (RFID) authentication protocols. Finally, we present a countermeasure to fix the flaws and make a brief security analysis of the improved protocol.
{"title":"Security analysis of Kulseng et al.'s mutual authentication protocol for RFID systems","authors":"Y. Yang, J. Gu, C. Lv, Qi Jiang, W. Ma","doi":"10.1049/iet-ifs.2010.0230","DOIUrl":"https://doi.org/10.1049/iet-ifs.2010.0230","url":null,"abstract":"The authors describe three attacks against an efficient lightweight mutual authentication protocol recently proposed by Kulseng et al. These attacks are unique as they are closely related and must be performed in order, one after another. They break the untraceability, confidentiality and mutual authentication properties of the protocol, and show, for the first time, that breaking the privacy property may lead to attacks on the security properties of radio frequency identification (RFID) authentication protocols. Finally, we present a countermeasure to fix the flaws and make a brief security analysis of the improved protocol.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"45 1","pages":"239-248"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85677907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-12-01DOI: 10.1049/iet-ifs.2011.0281
Huaqun Wang, Bo Qin
Mutual authentication is important in a mobile pay-TV system. Traditional authentication schemes make use of one-to-one delivery, that is, one authentication message per request is delivered from a head-end system to subscriber. This delivery occupies too much bandwidth and therefore is inefficient and costly. One-to-many authentication scheme for access control in mobile pay-TV systems was proposed by Sun et al. in 2009. In one-to-many authentication scheme, only one authentication message for multiple requests is broadcasted from the head-end system (HES) to subscribers. Sun et al. claimed that their scheme is secure and provides anonymous authentication for protecting user privacy. However, the authors demonstrate that their scheme has a critical weakness. An attacker without any secret information can not only successfully impersonate mobile set (MS) to cheat the HES but also impersonate HES to cheat MS. The authors result is important for security engineers who design and develop user authentication systems. Afterwards, the authors design a novel one-to-many authentication scheme from bilinear pairings. They give the formal security proof in the random oracle model. In addition, they present the performance analysis of our scheme. The analysis results showed that their novel authentication scheme has shorter transmission message and can be applied in the environment which has limited bandwidth. At the same time, their scheme is also the first secure one-to-many authentication scheme for access control in pay-TV systems.
{"title":"Improved one-to-many authentication scheme for access control in pay-TV systems","authors":"Huaqun Wang, Bo Qin","doi":"10.1049/iet-ifs.2011.0281","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0281","url":null,"abstract":"Mutual authentication is important in a mobile pay-TV system. Traditional authentication schemes make use of one-to-one delivery, that is, one authentication message per request is delivered from a head-end system to subscriber. This delivery occupies too much bandwidth and therefore is inefficient and costly. One-to-many authentication scheme for access control in mobile pay-TV systems was proposed by Sun et al. in 2009. In one-to-many authentication scheme, only one authentication message for multiple requests is broadcasted from the head-end system (HES) to subscribers. Sun et al. claimed that their scheme is secure and provides anonymous authentication for protecting user privacy. However, the authors demonstrate that their scheme has a critical weakness. An attacker without any secret information can not only successfully impersonate mobile set (MS) to cheat the HES but also impersonate HES to cheat MS. The authors result is important for security engineers who design and develop user authentication systems. Afterwards, the authors design a novel one-to-many authentication scheme from bilinear pairings. They give the formal security proof in the random oracle model. In addition, they present the performance analysis of our scheme. The analysis results showed that their novel authentication scheme has shorter transmission message and can be applied in the environment which has limited bandwidth. At the same time, their scheme is also the first secure one-to-many authentication scheme for access control in pay-TV systems.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"22 1","pages":"281-290"},"PeriodicalIF":0.0,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81129173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-09-01DOI: 10.1049/iet-ifs.2011.0154
Iksu Kim, M. Kim
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.
{"title":"Agent-based honeynet framework for protecting servers in campus networks","authors":"Iksu Kim, M. Kim","doi":"10.1049/iet-ifs.2011.0154","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0154","url":null,"abstract":"Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"22 1","pages":"202-211"},"PeriodicalIF":0.0,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78394778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-09-01DOI: 10.1049/iet-ifs.2011.0052
Zhijun Li, G. Gong
The HB-like entity authentication protocols for low-cost pervasive devices have attracted a great deal of attention because of their simplicity, computational efficiency and solid security foundation on a well-studied hard problem–learning parity with noise. By far, the most efficient protocol is HB#, which is provably resistant to the GRS attack under the conjecture that it is secure in the DET-model. However, in order to achieve 80-bit security, a typical HB# authentication key comprises over 1000 bits, which imposes considerable storage burdens on resource-constrained devices. In this study, the authors propose a new HB-like protocol: HB. The protocol makes use of a special type of circulant matrix, in contrast to the Toeplitz matrix in HB#, to significantly reduce storage consumption and overcome a subtle security proof inefficacy in HB#. In addition, the authors introduce a masking technique that substantially increases noise level from an adversary's standpoint, and thus improves protocol performance. The authors demonstrate that 613-bit authentication key suffices for 80-bit security in the HB protocol, which is quite competitive and more appealing for low-cost devices.
{"title":"HBC entity authentication for low-cost pervasive devices","authors":"Zhijun Li, G. Gong","doi":"10.1049/iet-ifs.2011.0052","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0052","url":null,"abstract":"The HB-like entity authentication protocols for low-cost pervasive devices have attracted a great deal of attention because of their simplicity, computational efficiency and solid security foundation on a well-studied hard problem–learning parity with noise. By far, the most efficient protocol is HB#, which is provably resistant to the GRS attack under the conjecture that it is secure in the DET-model. However, in order to achieve 80-bit security, a typical HB# authentication key comprises over 1000 bits, which imposes considerable storage burdens on resource-constrained devices. In this study, the authors propose a new HB-like protocol: HB. The protocol makes use of a special type of circulant matrix, in contrast to the Toeplitz matrix in HB#, to significantly reduce storage consumption and overcome a subtle security proof inefficacy in HB#. In addition, the authors introduce a masking technique that substantially increases noise level from an adversary's standpoint, and thus improves protocol performance. The authors demonstrate that 613-bit authentication key suffices for 80-bit security in the HB protocol, which is quite competitive and more appealing for low-cost devices.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"41 1","pages":"212-218"},"PeriodicalIF":0.0,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77262164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-09-01DOI: 10.1049/iet-ifs.2011.0190
Tai-Pao Chuang, C. Chiou, Shun-Shii Lin, Chiou-Yng Lee
Fault-tolerant design of a finite field multiplier is an efficient method for resisting fault-based cryptanalysis in Elliptic curve cryptosystems. A novel fault-tolerant bit-parallel Gaussian normal basis (GNB) multiplier with type-t over GF(2m), which can tolerate multiple module failures at one time, is presented. No hardware modification in the proposed GNB multiplier is required to achieve the fault-tolerant function. Hence, the proposed fault-tolerant GNB multiplier has low hardware cost. The reliability of the proposed fault-tolerant GNB multiplier with type-t increases as t increases. However, the behaviour of existing GNB multipliers with concurrent error correction (CEC) resembles triple modular redundancy (TRM) when t>3. In practice, most of suggested m's by NIST use GNB with type-t>3. The proposed fault-tolerant GNB multiplier is an N-modular redundancy (NMR) system with N=t. Thus, the proposed fault-tolerant GNB multiplier with type-t can tolerate at most t/2-1 failed modules simultaneously, while existing GNB multipliers with CEC only can tolerate one failed module. The proposed GNB multiplier requires less extra space and time complexities than similar multipliers. System reliability of the proposed fault-tolerant GNB multiplier is better than that of similar GNB multipliers.
{"title":"Fault-tolerant Gaussian normal basis multiplier over GF(2m)","authors":"Tai-Pao Chuang, C. Chiou, Shun-Shii Lin, Chiou-Yng Lee","doi":"10.1049/iet-ifs.2011.0190","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0190","url":null,"abstract":"Fault-tolerant design of a finite field multiplier is an efficient method for resisting fault-based cryptanalysis in Elliptic curve cryptosystems. A novel fault-tolerant bit-parallel Gaussian normal basis (GNB) multiplier with type-t over GF(2m), which can tolerate multiple module failures at one time, is presented. No hardware modification in the proposed GNB multiplier is required to achieve the fault-tolerant function. Hence, the proposed fault-tolerant GNB multiplier has low hardware cost. The reliability of the proposed fault-tolerant GNB multiplier with type-t increases as t increases. However, the behaviour of existing GNB multipliers with concurrent error correction (CEC) resembles triple modular redundancy (TRM) when t>3. In practice, most of suggested m's by NIST use GNB with type-t>3. The proposed fault-tolerant GNB multiplier is an N-modular redundancy (NMR) system with N=t. Thus, the proposed fault-tolerant GNB multiplier with type-t can tolerate at most t/2-1 failed modules simultaneously, while existing GNB multipliers with CEC only can tolerate one failed module. The proposed GNB multiplier requires less extra space and time complexities than similar multipliers. System reliability of the proposed fault-tolerant GNB multiplier is better than that of similar GNB multipliers.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"61 1","pages":"157-170"},"PeriodicalIF":0.0,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85594717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2012-09-01DOI: 10.1049/iet-ifs.2011.0232
P. Babaheidarian, Somayeh Salimi, M. Aref
A source model including four terminals is considered, where three simultaneously generating three types of keys are intended. Terminals 1, 2 and 3 wish to share a common key, the secret key, which should be kept secret from terminal 4 and simultaneously terminals 1 and 2 intend to share a private key with terminal 3, which should be kept secret from each other. Also, all the keys should be concealed from terminal 4 (the external wiretapper). The authors assume that all terminals including the external wiretapper have access to distinct correlated i.i.d. sources; there is also a noiseless public channel with unlimited capacity among the terminals. The authors have investigated the model on two scenarios of key sharing depending on the direction of the public channel. Rate regions of the keys are derived. It is shown that in some special cases the inner and outer bounds of the capacity regions coincide and the capacity regions are derived.
{"title":"Simultaneously generating multiple keys in a four-terminal network","authors":"P. Babaheidarian, Somayeh Salimi, M. Aref","doi":"10.1049/iet-ifs.2011.0232","DOIUrl":"https://doi.org/10.1049/iet-ifs.2011.0232","url":null,"abstract":"A source model including four terminals is considered, where three simultaneously generating three types of keys are intended. Terminals 1, 2 and 3 wish to share a common key, the secret key, which should be kept secret from terminal 4 and simultaneously terminals 1 and 2 intend to share a private key with terminal 3, which should be kept secret from each other. Also, all the keys should be concealed from terminal 4 (the external wiretapper). The authors assume that all terminals including the external wiretapper have access to distinct correlated i.i.d. sources; there is also a noiseless public channel with unlimited capacity among the terminals. The authors have investigated the model on two scenarios of key sharing depending on the direction of the public channel. Rate regions of the keys are derived. It is shown that in some special cases the inner and outer bounds of the capacity regions coincide and the capacity regions are derived.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"71 1","pages":"190-201"},"PeriodicalIF":0.0,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86248090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}