101 research outputs found
Another Look at Provable Security . II
We discuss the question of how to interpret reduction arguments
in cryptography. We give some examples to show the subtlety
and difficulty of this question
Chasing diagrams in cryptography
Cryptography is a theory of secret functions. Category theory is a general
theory of functions. Cryptography has reached a stage where its structures
often take several pages to define, and its formulas sometimes run from page to
page. Category theory has some complicated definitions as well, but one of its
specialties is taming the flood of structure. Cryptography seems to be in need
of high level methods, whereas category theory always needs concrete
applications. So why is there no categorical cryptography? One reason may be
that the foundations of modern cryptography are built from probabilistic
polynomial-time Turing machines, and category theory does not have a good
handle on such things. On the other hand, such foundational problems might be
the very reason why cryptographic constructions often resemble low level
machine programming. I present some preliminary explorations towards
categorical cryptography. It turns out that some of the main security concepts
are easily characterized through the categorical technique of *diagram
chasing*, which was first used Lambek's seminal `Lecture Notes on Rings and
Modules'.Comment: 17 pages, 4 figures; to appear in: 'Categories in Logic, Language and
Physics. Festschrift on the occasion of Jim Lambek's 90th birthday', Claudia
Casadio, Bob Coecke, Michael Moortgat, and Philip Scott (editors); this
version: fixed typos found by kind reader
Community-Based Security for the Internet of Things
With more and more devices becoming connectable to the internet, the number
of services but also a lot of threats increases dramatically. Security is often
a secondary matter behind functionality and comfort, but the problem has
already been recognized. Still, with many IoT devices being deployed already,
security will come step-by-step and through updates, patches and new versions
of apps and IoT software. While these updates can be safely retrieved from app
stores, the problems kick in via jailbroken devices and with the variety of
untrusted sources arising on the internet. Since hacking is typically a
community effort? these days, security could be a community goal too. The
challenges are manifold, and one reason for weak or absent security on IoT
devices is their weak computational power. In this chapter, we discuss a
community based security mechanism in which devices mutually aid each other in
secure software management. We discuss game-theoretic methods of community
formation and light-weight cryptographic means to accomplish authentic software
deployment inside the IoT device community
CROO: A universal infrastructure and protocol to detect identity fraud
Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction’s purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTP-keyed MACs) correspond to claimed hashed transaction details. Hashing transaction details increases user privacy. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users’ devices resilient to off-line PIN-guessing attacks. CROO’s credentials can be formatted as existing user credentials (e.g. credit cards or driver’s licenses)
Efficient identity-based key encapsulation to multiple parties
We introduce the concept of identity based key encapsulation
to multiple parties (mID-KEM), and define a security model for it. This
concept is the identity based analogue of public key KEM to multiple
parties. We also analyse possible mID-KEM constructions, and propose
an efficient scheme based on bilinear pairings. We prove our scheme secure
in the random oracle model under the Gap Bilinear Diffie-Hellman
assumption.Fundação para a Ciência e a Tecnologia - SFRH/BPD/20528/2004
A simple generalization of El-Gamal cryptosystem to non-abelian groups
In this paper we study the MOR cryptosystem. We use the group of
unitriangular matrices over a finite field as the non-abelian group in the MOR
cryptosystem. We show that a cryptosystem similar to the El-Gamal cryptosystem
over finite fields can be built using the proposed groups and a set of
automorphisms of these groups. We also show that the security of this proposed
MOR cryptosystem is equivalent to the El-Gamal cryptosystem over finite fields
Моделі безпеки для протоколів узгодження ключів, що засновані на властивості нерозрізненості
Розглядаються моделі безпеки для протоколів узгодження ключів на базі нерозрізненості. Проводяться порівняння існуючих моделей, визначаються недоліки моделей та даються рекомендації щодо використання.The indistinguishability-basedsecurity models of key agreement protocols revewed. In this report we review and make a comparison of existing security models, ching the flaws and a recommendation offers
- …