Pub Date : 2009-08-01DOI: 10.1504/IJACT.2009.028026
M. Wolf, A. Osterhues, Christian Stüble
Superdistribution and other peer-to-peer (P2P) distribution schemes like sharing or rental offer a flexible and user-friendly way to distribute digital content. However, the parties involved have different interests (e.g. user privacy vs. license enforcement) that should be reflected in the underlying security architecture. We identify characteristic P2P scenarios and demonstrate how these can be realised by applying a few basic licensing operations. We then present a security architecture to realise these basic license operations (1) in a generalised fashion and (2) employing the ARM TrustZone technology, which will be used in many future mobile platforms. Further, we extend existing superdistribution schemes for offline application, allowing a mobile peer to access superdistributed content without the need to first contact the actual licenser.
{"title":"Secure offline superdistribution for mobile platforms","authors":"M. Wolf, A. Osterhues, Christian Stüble","doi":"10.1504/IJACT.2009.028026","DOIUrl":"https://doi.org/10.1504/IJACT.2009.028026","url":null,"abstract":"Superdistribution and other peer-to-peer (P2P) distribution schemes like sharing or rental offer a flexible and user-friendly way to distribute digital content. However, the parties involved have different interests (e.g. user privacy vs. license enforcement) that should be reflected in the underlying security architecture. We identify characteristic P2P scenarios and demonstrate how these can be realised by applying a few basic licensing operations. We then present a security architecture to realise these basic license operations (1) in a generalised fashion and (2) employing the ARM TrustZone technology, which will be used in many future mobile platforms. Further, we extend existing superdistribution schemes for offline application, allowing a mobile peer to access superdistributed content without the need to first contact the actual licenser.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127208727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-08-01DOI: 10.1504/IJACT.2009.028028
S. Gajek, M. Manulis, Jörg Schwenk
The standard solution for mutual authentication between human users and servers on the internet is to execute a transport layer security (TLS) handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user's browser. However, poor ability of human users to validate X.509 certificates allows for various forms of (social) impersonation attacks. In this paper, we introduce human perceptible authentication (HPA) as a concept for the secure user-aware authentication of servers via recognisable authenticators such as images, video or audio sequences. We formally specify HPA within a security model for browser-based mutual authentication; for this, we extend the traditional Bellare-Rogaway model to deal with human users as inherent protocol participants. Using HPA and the classical TLS handshake, we furthermore design two efficient provably secure password- and cookie-authentication protocols.
{"title":"User-aware provably secure protocols for browser-based mutual authentication","authors":"S. Gajek, M. Manulis, Jörg Schwenk","doi":"10.1504/IJACT.2009.028028","DOIUrl":"https://doi.org/10.1504/IJACT.2009.028028","url":null,"abstract":"The standard solution for mutual authentication between human users and servers on the internet is to execute a transport layer security (TLS) handshake during which the server authenticates using a X.509 certificate followed by the authentication of the user either with own password or with some cookie stored within the user's browser. However, poor ability of human users to validate X.509 certificates allows for various forms of (social) impersonation attacks. In this paper, we introduce human perceptible authentication (HPA) as a concept for the secure user-aware authentication of servers via recognisable authenticators such as images, video or audio sequences. We formally specify HPA within a security model for browser-based mutual authentication; for this, we extend the traditional Bellare-Rogaway model to deal with human users as inherent protocol participants. Using HPA and the classical TLS handshake, we furthermore design two efficient provably secure password- and cookie-authentication protocols.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129394247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-08-01DOI: 10.1504/IJACT.2009.028031
I. Damgård, M. Geisler, Mikkel Krøigaard
In this paper, we describe a correction to the cryptosystem proposed in Damgard et al. from Int. J. Applied Cryptography, Vol. 1, No. 1. Although, the correction is small and does not affect the performance of the protocols from Damgard et al., it is necessary, as the cryptosystem is not secure without it.
{"title":"A correction to 'efficient and secure comparison for on-line auctions'","authors":"I. Damgård, M. Geisler, Mikkel Krøigaard","doi":"10.1504/IJACT.2009.028031","DOIUrl":"https://doi.org/10.1504/IJACT.2009.028031","url":null,"abstract":"In this paper, we describe a correction to the cryptosystem proposed in Damgard et al. from Int. J. Applied Cryptography, Vol. 1, No. 1. Although, the correction is small and does not affect the performance of the protocols from Damgard et al., it is necessary, as the cryptosystem is not secure without it.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131381013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-08-01DOI: 10.1504/IJACT.2009.028029
Yanjiang Yang, F. Bao, Xuhua Ding, R. Deng
Searchable encryption schemes allow users to perform keyword-based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multiuser setting. Our results include a set of security notions for multiuser searchable encryption as well as a construction which is provably secure under the newly introduced security notions. We also discuss how to improve query efficiency.
{"title":"Multiuser private queries over encrypted databases","authors":"Yanjiang Yang, F. Bao, Xuhua Ding, R. Deng","doi":"10.1504/IJACT.2009.028029","DOIUrl":"https://doi.org/10.1504/IJACT.2009.028029","url":null,"abstract":"Searchable encryption schemes allow users to perform keyword-based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multiuser setting. Our results include a set of security notions for multiuser searchable encryption as well as a construction which is provably secure under the newly introduced security notions. We also discuss how to improve query efficiency.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130925776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-05-16DOI: 10.1504/IJACT.2012.048080
D. Dachman-Soled, T. Malkin, Mariana Raykova, M. Yung
Computing Set Intersection privately and efficiently between two mutually mistrusting parties is an important basic procedure in the area of private data mining. Assuring robustness, namely, coping with potentially arbitrarily misbehaving (i.e., malicious) parties, while retaining protocol efficiency (rather than employing costly generic techniques) is an open problem. In this work the first solution to this problem is presented.
{"title":"Efficient robust private set intersection","authors":"D. Dachman-Soled, T. Malkin, Mariana Raykova, M. Yung","doi":"10.1504/IJACT.2012.048080","DOIUrl":"https://doi.org/10.1504/IJACT.2012.048080","url":null,"abstract":"Computing Set Intersection privately and efficiently between two mutually mistrusting parties is an important basic procedure in the area of private data mining. Assuring robustness, namely, coping with potentially arbitrarily misbehaving (i.e., malicious) parties, while retaining protocol efficiency (rather than employing costly generic techniques) is an open problem. In this work the first solution to this problem is presented.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"51 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120861073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-02-01DOI: 10.1504/IJACT.2009.023463
Risto M. Hakala, K. Nyberg
In this article, we present a linear distinguishing attack on the stream cipher Shannon. Our distinguisher can distinguish the output keystream of Shannon from about 2107 keystream words while using an array of 232 counters. The distinguisher makes use of a multidimensional linear transformation instead of a 1D transformation, which is traditionally used in linear distinguishing attacks. This gives a clear improvement to the keystream requirement: we need approximately 25 times less keystream than when a 1D transformation is used. In addition, we give evidence of the correctness of the distinguisher by applying it to a smaller version of Shannon.
{"title":"A multidimensional linear distinguishing attack on the Shannon cipher","authors":"Risto M. Hakala, K. Nyberg","doi":"10.1504/IJACT.2009.023463","DOIUrl":"https://doi.org/10.1504/IJACT.2009.023463","url":null,"abstract":"In this article, we present a linear distinguishing attack on the stream cipher Shannon. Our distinguisher can distinguish the output keystream of Shannon from about 2107 keystream words while using an array of 232 counters. The distinguisher makes use of a multidimensional linear transformation instead of a 1D transformation, which is traditionally used in linear distinguishing attacks. This gives a clear improvement to the keystream requirement: we need approximately 25 times less keystream than when a 1D transformation is used. In addition, we give evidence of the correctness of the distinguisher by applying it to a smaller version of Shannon.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131415586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-02-01DOI: 10.1504/IJACT.2009.023464
Jiayuan Sui, Douglas R Stinson
This article presents a critical analysis of the Advanced Access Content System drive-host authentication scheme. A few weaknesses are identified which could lead to various attacks on the scheme. In particular, we observe that the scheme is susceptible to unknown key-share and man-in-the-middle attacks. Modifications (based on the ISO and the SIGMA protocols) of the scheme are suggested in order to provide better security. A proof of security of the modified scheme based on the ISO protocol is also presented. The modified schemes achieve better efficiency than the original scheme.
{"title":"A critical analysis and improvement of advanced access content system drive-host authentication","authors":"Jiayuan Sui, Douglas R Stinson","doi":"10.1504/IJACT.2009.023464","DOIUrl":"https://doi.org/10.1504/IJACT.2009.023464","url":null,"abstract":"This article presents a critical analysis of the Advanced Access Content System drive-host authentication scheme. A few weaknesses are identified which could lead to various attacks on the scheme. In particular, we observe that the scheme is susceptible to unknown key-share and man-in-the-middle attacks. Modifications (based on the ISO and the SIGMA protocols) of the scheme are suggested in order to provide better security. A proof of security of the modified scheme based on the ISO protocol is also presented. The modified schemes achieve better efficiency than the original scheme.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121488653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-02-01DOI: 10.1504/IJACT.2009.023471
Qingsong Ye, Huaxiong Wang, J. Pieprzyk, Xian-Mo Zhang
We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals information about the intersection cardinality. More specifically, it discloses its lower bound. By using the Lagrange interpolation, we provide a protocol for the honest-but-curious case without revealing any additional information. Finally, we describe a protocol that is secure against malicious adversaries. In this protocol, a verification test is applied to detect misbehaving participants. Both protocols require O(1) rounds of communication. Our protocols are more efficient than the previous protocols in terms of communication and computation overhead. Unlike previous protocols whose security relies on computational assumptions, our protocols provide information theoretic security. To our knowledge, our protocols are the first ones that have been designed without a generic secure function evaluation. More important, they are the most efficient protocols for private disjointness tests in the malicious adversary case.
{"title":"Unconditionally secure disjointness tests for private datasets","authors":"Qingsong Ye, Huaxiong Wang, J. Pieprzyk, Xian-Mo Zhang","doi":"10.1504/IJACT.2009.023471","DOIUrl":"https://doi.org/10.1504/IJACT.2009.023471","url":null,"abstract":"We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals information about the intersection cardinality. More specifically, it discloses its lower bound. By using the Lagrange interpolation, we provide a protocol for the honest-but-curious case without revealing any additional information. Finally, we describe a protocol that is secure against malicious adversaries. In this protocol, a verification test is applied to detect misbehaving participants. Both protocols require O(1) rounds of communication. Our protocols are more efficient than the previous protocols in terms of communication and computation overhead. Unlike previous protocols whose security relies on computational assumptions, our protocols provide information theoretic security. To our knowledge, our protocols are the first ones that have been designed without a generic secure function evaluation. More important, they are the most efficient protocols for private disjointness tests in the malicious adversary case.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124192750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-02-01DOI: 10.1504/IJACT.2009.023466
C. Boyd, Y. Cliff, J. G. Nieto, K. Paterson
We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how Key-Encapsulation Mechanisms (KEMs) can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the Random Oracle Model.
{"title":"One-round key exchange in the standard model","authors":"C. Boyd, Y. Cliff, J. G. Nieto, K. Paterson","doi":"10.1504/IJACT.2009.023466","DOIUrl":"https://doi.org/10.1504/IJACT.2009.023466","url":null,"abstract":"We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how Key-Encapsulation Mechanisms (KEMs) can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the Random Oracle Model.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115811416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-11-01DOI: 10.1504/IJACT.2008.021083
E. Bresson, M. Manulis
In Group Key Exchange (GKE) protocols, users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate security requirements and designing secure GKE protocols appears an interesting yet challenging task – the aim of our article. We start by investigating the current setting of strong corruptions and derive some refinements like opening attacks that allow to reveal ephemeral secrets of users without their long-lived keys. This allows to consider even stronger attacks against honest, but 'opened' users. Further, we define strong security goals for GKE protocols in the presence of such powerful adversaries and propose a 3-round GKE protocol, named TDH1, which remains immune to their attacks under standard cryptographic assumptions. Our security definitions allow adversaries to register users and specify their long-lived keys, thus, in particular capture attacks of malicious insiders for the appropriate security goals such as Mutual Authentication, key confirmation, contributiveness, key control and key-replication resilience.
{"title":"Securing group key exchange against strong corruptions and key registration attacks","authors":"E. Bresson, M. Manulis","doi":"10.1504/IJACT.2008.021083","DOIUrl":"https://doi.org/10.1504/IJACT.2008.021083","url":null,"abstract":"In Group Key Exchange (GKE) protocols, users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate security requirements and designing secure GKE protocols appears an interesting yet challenging task – the aim of our article. We start by investigating the current setting of strong corruptions and derive some refinements like opening attacks that allow to reveal ephemeral secrets of users without their long-lived keys. This allows to consider even stronger attacks against honest, but 'opened' users. Further, we define strong security goals for GKE protocols in the presence of such powerful adversaries and propose a 3-round GKE protocol, named TDH1, which remains immune to their attacks under standard cryptographic assumptions. Our security definitions allow adversaries to register users and specify their long-lived keys, thus, in particular capture attacks of malicious insiders for the appropriate security goals such as Mutual Authentication, key confirmation, contributiveness, key control and key-replication resilience.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114578801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: