16,526 research outputs found
Semantically Secure Anonymity: Foundations of Re-encryption
The notion of universal re-encryption is an established primitive
used in the design of many anonymity protocols. It allows anyone
to randomize a ciphertext without changing its size, without first
decrypting it, and without knowing who the receiver is (i.e., not
knowing the public key used to create it).
By design it prevents the randomized ciphertext from being
correlated with the original ciphertext.
We revisit and analyze the security
foundation of universal re-encryption and show a subtlety in it,
namely, that it does not require that the encryption function
achieve key anonymity. Recall that the encryption function is
different from the re-encryption function.
We demonstrate this subtlety by constructing a cryptosystem that satisfies the
established definition of a universal cryptosystem but that has an encryption
function that does not achieve key anonymity, thereby instantiating the gap in
the definition of security of universal re-encryption. We note that the
gap in the definition carries over to a set of applications
that rely on universal re-encryption, applications in the original
paper on universal re-encryption and also follow-on work.
This shows that the original definition needs to be corrected
and it shows that it had a knock-on
effect that negatively impacted security in later work.
We then introduce a new definition that includes
the properties that are needed for a re-encryption cryptosystem to achieve
key anonymity in both the encryption function and the re-encryption
function, building on Goldwasser and Micali\u27s semantic security and
the original key anonymity notion of Bellare, Boldyreva, Desai, and Pointcheval.
Omitting any of the properties in our definition leads to a problem.
We also introduce a new generalization of the Decision
Diffie-Hellman (DDH) random self-reduction and use it, in turn, to prove
that the original ElGamal-based universal cryptosystem of Golle et al
is secure under our revised security definition.
We apply our new DDH reduction
technique to give the first proof in the standard model that ElGamal-based
incomparable public keys achieve key anonymity under DDH.
We present a novel secure Forward-Anonymous Batch Mix
as a new application
Eavesdropping on GSM: state-of-affairs
In the almost 20 years since GSM was deployed several security problems have
been found, both in the protocols and in the - originally secret -
cryptography. However, practical exploits of these weaknesses are complicated
because of all the signal processing involved and have not been seen much
outside of their use by law enforcement agencies.
This could change due to recently developed open-source equipment and
software that can capture and digitize signals from the GSM frequencies. This
might make practical attacks against GSM much simpler to perform.
Indeed, several claims have recently appeared in the media on successfully
eavesdropping on GSM. When looking at these claims in depth the conclusion is
often that more is claimed than what they are actually capable of. However, it
is undeniable that these claims herald the possibilities to eavesdrop on GSM
using publicly available equipment.
This paper evaluates the claims and practical possibilities when it comes to
eavesdropping on GSM, using relatively cheap hardware and open source
initiatives which have generated many headlines over the past year. The basis
of the paper is extensive experiments with the USRP (Universal Software Radio
Peripheral) and software projects for this hardware.Comment: 5th Benelux Workshop on Information and System Security (WISSec
2010), November 201
- …