We discuss a technological means of protecting software from unauthorized duplication and use, which does not at the same time limit its sale or distribution on rely on a trusted authority.
我们讨论了一种保护软件免受未经授权的复制和使用的技术手段,同时不限制其依赖于可信权威的销售或分发。
{"title":"A Software Protection Scheme","authors":"G. Purdy, G. J. Simmons, James Studier","doi":"10.1109/SP.1982.10012","DOIUrl":"https://doi.org/10.1109/SP.1982.10012","url":null,"abstract":"We discuss a technological means of protecting software from unauthorized duplication and use, which does not at the same time limit its sale or distribution on rely on a trusted authority.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124898009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper solves an analog of the problem which gave rise to the theory of error control codes by methods, of miniscule computational complexity, taken from the theory of TIPS (also called key safeguarding schemes, threshold schemes, secret sharing, key sharing, and IPS). The problem solved herein is the following. Information is flowing through several parallel channels from a sending node S to a receiving node R. The possibility exists that one or more channels will be rendered inoperative, but it is deemed essential that all the information get through. Suppose that the organization responsible for the information flow wants to protect Itself against ths breakdown of some of the total number d of available channels. It thus wants to be able to use "coding" and "decoding" processes, which are quick to implement on cheap microprocessors, for blending all the information H due to leave S into a slurry which can be poured into the d channels in such a way that whatever comes out of any b channels at R is enough to reconstruct H completely. It wants more than a high speed implementation of this process on cheap hardware. It wants to send as few bits as possible. Suppose, for example, that it has 100 bits to send and that it requires assurance that they will all get through even if 3 channels fail. It cannot predict which 3 channels might fail and it knows, of course, that it cannot reconstruct the 100 bits to be sent from S unless 100 bits get through the channels which continue to function (total bit cost: 100 plus the number of bits sent on channels which fail). Each of the following solutions to its problem is therefore optimal from an information theoretic viewpoint: 1. A way to reconstruct H from l-bit transmissionson any 100 of 103 channels (involves 3 wasted bits); 2. A way to reconstruct H from 10-bit transmissions on any 10 of 13 channels (involves 30 wasted bits); 3. A way to reconstruct H from 25-bit transmissions on any 4 of 7 channels (involves 75 wasted bits); 4. A way to reconstruct H from 100-bit transmissions on any 1 of 4 (involves 300 wasted bits). Common sense is inclined to reject at least the first (too many channels used) and last (too many bits sent) of the "optimal" solutions above. This paper shows how to produce cheap high speed processes which come within a hair of being optimal (in the sense just described) solutions to the problem in question. It describes parameter settings in which the problem cannot be solved satisfactorilyby at leastsome approaches. It discusses ways to decide on which "optimal" solution to the problem is preferable. The idea behind the theory presented here was originally to provide insurance against lose of information due to long-term outage of several channels of communication. The insurance turned out to be cheap (involving only general-purpose processor and memory chips) and compatible with communications in the megabit per second range. But the process involved conferred an unlooked-for add
{"title":"Pooling, Splitting, and Restituting Information to Overcome Total Failure of Some Channels of Communication","authors":"C. Asmuth, G. Blakley","doi":"10.1109/SP.1982.10019","DOIUrl":"https://doi.org/10.1109/SP.1982.10019","url":null,"abstract":"This paper solves an analog of the problem which gave rise to the theory of error control codes by methods, of miniscule computational complexity, taken from the theory of TIPS (also called key safeguarding schemes, threshold schemes, secret sharing, key sharing, and IPS). The problem solved herein is the following. Information is flowing through several parallel channels from a sending node S to a receiving node R. The possibility exists that one or more channels will be rendered inoperative, but it is deemed essential that all the information get through. Suppose that the organization responsible for the information flow wants to protect Itself against ths breakdown of some of the total number d of available channels. It thus wants to be able to use \"coding\" and \"decoding\" processes, which are quick to implement on cheap microprocessors, for blending all the information H due to leave S into a slurry which can be poured into the d channels in such a way that whatever comes out of any b channels at R is enough to reconstruct H completely. It wants more than a high speed implementation of this process on cheap hardware. It wants to send as few bits as possible. Suppose, for example, that it has 100 bits to send and that it requires assurance that they will all get through even if 3 channels fail. It cannot predict which 3 channels might fail and it knows, of course, that it cannot reconstruct the 100 bits to be sent from S unless 100 bits get through the channels which continue to function (total bit cost: 100 plus the number of bits sent on channels which fail). Each of the following solutions to its problem is therefore optimal from an information theoretic viewpoint: 1. A way to reconstruct H from l-bit transmissionson any 100 of 103 channels (involves 3 wasted bits); 2. A way to reconstruct H from 10-bit transmissions on any 10 of 13 channels (involves 30 wasted bits); 3. A way to reconstruct H from 25-bit transmissions on any 4 of 7 channels (involves 75 wasted bits); 4. A way to reconstruct H from 100-bit transmissions on any 1 of 4 (involves 300 wasted bits). Common sense is inclined to reject at least the first (too many channels used) and last (too many bits sent) of the \"optimal\" solutions above. This paper shows how to produce cheap high speed processes which come within a hair of being optimal (in the sense just described) solutions to the problem in question. It describes parameter settings in which the problem cannot be solved satisfactorilyby at leastsome approaches. It discusses ways to decide on which \"optimal\" solution to the problem is preferable. The idea behind the theory presented here was originally to provide insurance against lose of information due to long-term outage of several channels of communication. The insurance turned out to be cheap (involving only general-purpose processor and memory chips) and compatible with communications in the megabit per second range. But the process involved conferred an unlooked-for add","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115890134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In symmetric cryptosystems that depend on a single (secret) key for both encryption and decryption, a cryptanalyst -- since the key is unknown to him -- must either work backward from the cipher or else from the cipher and some known pairs of plain-text messages and matching ciphers in attempting to recover the plaintext. In an asymmetric (two key) cryptosystem used in the public key, i.e., privacy channel, mode where the encryption key is publicly expcxsedso that anyone who wishes can encrypt messages that can mly be decrypted by the person having the (secret) decryption key, a cryptanalytic weakness may occur that has no counterpart in symmetric systems. If the entropy of the input messages is too small (roughly speaking if it is computationally feasible to search through the most likely messages) either because the total number of messages is small or because a small number of the messages occur with high probabilities, the cryptanalyst can pre-encrypt these messages to form a cipher file that can then be matched against observed ciphers to accomplish a simple substitution decryption. This forward search cryptanalytic weakness of a public key privacy channel is purely a function of the entropy of the plaintext messages and does not depend on the existence of any cryptanalytic weakness in the concealment of the secret decryption key from a knowledge of the public encryption key in the underlying public key algorithm.
{"title":"Forward Search as a Cryptanalytic Tool Against a Public Key","authors":"G. J. Simmons, D. Holdridge","doi":"10.1109/SP.1982.10011","DOIUrl":"https://doi.org/10.1109/SP.1982.10011","url":null,"abstract":"In symmetric cryptosystems that depend on a single (secret) key for both encryption and decryption, a cryptanalyst -- since the key is unknown to him -- must either work backward from the cipher or else from the cipher and some known pairs of plain-text messages and matching ciphers in attempting to recover the plaintext. In an asymmetric (two key) cryptosystem used in the public key, i.e., privacy channel, mode where the encryption key is publicly expcxsedso that anyone who wishes can encrypt messages that can mly be decrypted by the person having the (secret) decryption key, a cryptanalytic weakness may occur that has no counterpart in symmetric systems. If the entropy of the input messages is too small (roughly speaking if it is computationally feasible to search through the most likely messages) either because the total number of messages is small or because a small number of the messages occur with high probabilities, the cryptanalyst can pre-encrypt these messages to form a cipher file that can then be matched against observed ciphers to accomplish a simple substitution decryption. This forward search cryptanalytic weakness of a public key privacy channel is purely a function of the entropy of the plaintext messages and does not depend on the existence of any cryptanalytic weakness in the concealment of the secret decryption key from a knowledge of the public encryption key in the underlying public key algorithm.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116413035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Computer communication is now used in many endeavors in which security and privacy are important, both in government and in the private sector. To support the need for secure computer communication, Digital Technology Incorporated (DTI) has developed the Secure HUB** Executive (HUB), e verified secure operating system oriented toward supporting communications and other real-time applications. The Secure HUB Executive currently runs on Digital Equipment Corporation PDP-11 and VAX-11 hardware, but it is portable to a wide range of mini- and microcomputers.
{"title":"A Practical Executive for Secure Communications","authors":"G. Grossman","doi":"10.1109/SP.1982.10013","DOIUrl":"https://doi.org/10.1109/SP.1982.10013","url":null,"abstract":"Computer communication is now used in many endeavors in which security and privacy are important, both in government and in the private sector. To support the need for secure computer communication, Digital Technology Incorporated (DTI) has developed the Secure HUB** Executive (HUB), e verified secure operating system oriented toward supporting communications and other real-time applications. The Secure HUB Executive currently runs on Digital Equipment Corporation PDP-11 and VAX-11 hardware, but it is portable to a wide range of mini- and microcomputers.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121574602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article presents a two-stage encryption method for sharing access to a database where no single agency or device can ever encrypt or decrypt the data directly. Thus an attack by an opponent would have to succeed at two separate points. The main tool needed is a secure cryptosystem closed under composition: encrypting and re-encrypting using two successive keys is equivalent to a single encryption using some third key. An example cryptosystem satisfying this condition is exponentiation modulo a fixed prime.
{"title":"Shared Database Access using Composed Encryption Functions","authors":"N. R. Wagner","doi":"10.1109/SP.1982.10009","DOIUrl":"https://doi.org/10.1109/SP.1982.10009","url":null,"abstract":"This article presents a two-stage encryption method for sharing access to a database where no single agency or device can ever encrypt or decrypt the data directly. Thus an attack by an opponent would have to succeed at two separate points. The main tool needed is a secure cryptosystem closed under composition: encrypting and re-encrypting using two successive keys is equivalent to a single encryption using some third key. An example cryptosystem satisfying this condition is exponentiation modulo a fixed prime.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121602323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Dittrich, Karlheinz Hug, P. Kammerer, Dieter Lienert, Hans Mau, K. Wachsmuth
Present protection mechanisms in operating Systems are usually dedicated to provide reliability within the operating system. This paper presents a design that can be used to solve basic information protection problems by means of the operating system as well. It is based on a uniform system structuring unit, called a subsystem, and allows rather fine grain protection strategies to be reallzed. Further differences to other approaches lie in the notion of subject used and in the very detailed form privileges can be granted. The paper introduces the basic concepts, sketches on some implementation aspects and discusses the consequences of the approach. The ideas are currently implemented as part of the OSKAR operating system project.
{"title":"Protection in the OSKAR Opereting System: Goals, Concepts, Conseqeuences","authors":"K. Dittrich, Karlheinz Hug, P. Kammerer, Dieter Lienert, Hans Mau, K. Wachsmuth","doi":"10.1109/SP.1982.10005","DOIUrl":"https://doi.org/10.1109/SP.1982.10005","url":null,"abstract":"Present protection mechanisms in operating Systems are usually dedicated to provide reliability within the operating system. This paper presents a design that can be used to solve basic information protection problems by means of the operating system as well. It is based on a uniform system structuring unit, called a subsystem, and allows rather fine grain protection strategies to be reallzed. Further differences to other approaches lie in the notion of subject used and in the very detailed form privileges can be granted. The paper introduces the basic concepts, sketches on some implementation aspects and discusses the consequences of the approach. The ideas are currently implemented as part of the OSKAR operating system project.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"215 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121471029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Statistical databases aim to provide frequencies, averages, and other statistics about groups of persons (or organizations), while protecting the confidentiality of the individuals represented in the database. This objective is difficult to achieve, as users of statistical databases have a host of inference techniques at their disposal for retrieving information about identifiable persons (e.g., see [36,15,16,14,17,26, 31].) There are two broad categories of inference controls: controls that place restrictions on the set of allowable statistics, and controls that add noise to the data or to the released statistics. This paper focuses on restriction techniques.
{"title":"Memoryless Inference Controls for Statistical Databases","authors":"D. Denning, J. Schlörer, Elisabeth Wehrle","doi":"10.1109/SP.1982.10016","DOIUrl":"https://doi.org/10.1109/SP.1982.10016","url":null,"abstract":"Statistical databases aim to provide frequencies, averages, and other statistics about groups of persons (or organizations), while protecting the confidentiality of the individuals represented in the database. This objective is difficult to achieve, as users of statistical databases have a host of inference techniques at their disposal for retrieving information about identifiable persons (e.g., see [36,15,16,14,17,26, 31].) There are two broad categories of inference controls: controls that place restrictions on the set of allowable statistics, and controls that add noise to the data or to the released statistics. This paper focuses on restriction techniques.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116488356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A brief comparative analysis of existing true and arbitrated digital signatures is presented. A new scheme for obtaining signatures which is a hybrid of conventional and public-key cryptosystems - is then proposed and its properties discussed.
{"title":"Digital Signitures with Blindfolded Arbitrators Who Cannot Form Alliances","authors":"S. Akl","doi":"10.1109/SP.1982.10010","DOIUrl":"https://doi.org/10.1109/SP.1982.10010","url":null,"abstract":"A brief comparative analysis of existing true and arbitrated digital signatures is presented. A new scheme for obtaining signatures which is a hybrid of conventional and public-key cryptosystems - is then proposed and its properties discussed.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127881939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data protection in computer systems is a rather complex problem. Data has to be protected while it is in memory, during communication and while it is stored on mass storage devices. During computation the central processor executes instructions and operates on data that are in readable form. The problem of operating on encrypted data was first considered by Rivest et al [4]. However, notrivial privacy homomorphisms do not exist. Thus it seems that isolation of users is the only alternative if security and privacy is to be achieved. However, in practice isolation is difficult to enforce. Worse, when user to user communication is allowed, more serious loopholes develop. Even though the problems of protection in Operating Systems in general are difficult, one does not have to settle for no security. Encryption allows the protection of data even when good security measures are lacking in an Operating System. In fact it is possible to design operating systems with improved protection using encryption [3]. In this paper we shall consider the problems of encrypted relational datsbases and show that it is possible under some circumstances to perform relational operations without decrypting an entire record.
{"title":"Cryptographic Relational Algebra","authors":"G. Davida, Y. Yeh","doi":"10.1109/SP.1982.10008","DOIUrl":"https://doi.org/10.1109/SP.1982.10008","url":null,"abstract":"Data protection in computer systems is a rather complex problem. Data has to be protected while it is in memory, during communication and while it is stored on mass storage devices. During computation the central processor executes instructions and operates on data that are in readable form. The problem of operating on encrypted data was first considered by Rivest et al [4]. However, notrivial privacy homomorphisms do not exist. Thus it seems that isolation of users is the only alternative if security and privacy is to be achieved. However, in practice isolation is difficult to enforce. Worse, when user to user communication is allowed, more serious loopholes develop. Even though the problems of protection in Operating Systems in general are difficult, one does not have to settle for no security. Encryption allows the protection of data even when good security measures are lacking in an Operating System. In fact it is possible to design operating systems with improved protection using encryption [3]. In this paper we shall consider the problems of encrypted relational datsbases and show that it is possible under some circumstances to perform relational operations without decrypting an entire record.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"138 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125475755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
System Development Corporation (SDC) has developed an informal approach for establishing correspondence (or lack thereof) between the formal specifications of a system and lower levels of specification, including implementation code. Establishing correspondence means showing that one level meets the intent of a higher lever. This paper presents the motivation, technique, and current SDC experience with the method, contains an example of the hypothetical correlation analysis, and evaluates the limits and the usefulness of this approach. This paper results from recent applications of the method.
{"title":"Specification-to-Code Correlation","authors":"J. Solomon","doi":"10.1109/SP.1982.10006","DOIUrl":"https://doi.org/10.1109/SP.1982.10006","url":null,"abstract":"System Development Corporation (SDC) has developed an informal approach for establishing correspondence (or lack thereof) between the formal specifications of a system and lower levels of specification, including implementation code. Establishing correspondence means showing that one level meets the intent of a higher lever. This paper presents the motivation, technique, and current SDC experience with the method, contains an example of the hypothetical correlation analysis, and evaluates the limits and the usefulness of this approach. This paper results from recent applications of the method.","PeriodicalId":195978,"journal":{"name":"1982 IEEE Symposium on Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132980370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: