Combinatorial Bounds and Characterizations of Splitting Authentication Codes

We present several generalizations of results for splitting authentication codes by studying the aspect of multi-fold security. As the two primary results, we prove a combinatorial lower bound on the number of encoding rules and a combinatorial characterization of optimal splitting authentication codes that are multi-fold secure against spoofing attacks. The characterization is based on a new type of combinatorial designs, which we introduce and for which basic necessary conditions are given regarding their existence.Comment: 13 pages; to appear in "Cryptography and Communications

Constructing Optimal Authentication Codes with Perfect Multi-fold Secrecy

We establish a construction of optimal authentication codes achieving perfect multi-fold secrecy by means of combinatorial designs. This continues the author's work (ISIT 2009) and answers an open question posed therein. As an application, we present the first infinite class of optimal codes that provide two-fold security against spoofing attacks and at the same time perfect two- fold secrecy.Comment: 4 pages (double-column); to appear in Proc. 2010 International Zurich Seminar on Communications (IZS 2010, Zurich

Information Theoretic Authentication and Secrecy Codes in the Splitting Model

In the splitting model, information theoretic authentication codes allow non-deterministic encoding, that is, several messages can be used to communicate a particular plaintext. Certain applications require that the aspect of secrecy should hold simultaneously. Ogata-Kurosawa-Stinson-Saido (2004) have constructed optimal splitting authentication codes achieving perfect secrecy for the special case when the number of keys equals the number of messages. In this paper, we establish a construction method for optimal splitting authentication codes with perfect secrecy in the more general case when the number of keys may differ from the number of messages. To the best knowledge, this is the first result of this type.Comment: 4 pages (double-column); to appear in Proc. 2012 International Zurich Seminar on Communications (IZS 2012, Zurich

Authentication and Secrecy Codes for Equiprobable Source Probability Distributions

We give new combinatorial constructions for codes providing authentication and secrecy for equiprobable source probability distributions. In particular, we construct an infinite class of optimal authentication codes which are multiple-fold secure against spoofing and simultaneously achieve perfect secrecy. Several further new optimal codes satisfying these properties will also be constructed and presented in general tables. Almost all of these appear to be the first authentication codes with these properties.Comment: 5 pages (double-column); to appear in Proc. IEEE International Symposium on Information Theory (ISIT 2009, Seoul, South Korea

Perfect Secrecy Systems Immune to Spoofing Attacks

We present novel perfect secrecy systems that provide immunity to spoofing attacks under equiprobable source probability distributions. On the theoretical side, relying on an existence result for $t$-designs by Teirlinck, our construction method constructively generates systems that can reach an arbitrary high level of security. On the practical side, we obtain, via cyclic difference families, very efficient constructions of new optimal systems that are onefold secure against spoofing. Moreover, we construct, by means of $t$-designs for large values of $t$, the first near-optimal systems that are 5- and 6-fold secure as well as further systems with a feasible number of keys that are 7-fold secure against spoofing. We apply our results furthermore to a recently extended authentication model, where the opponent has access to a verification oracle. We obtain this way novel perfect secrecy systems with immunity to spoofing in the verification oracle model.Comment: 10 pages (double-column); to appear in "International Journal of Information Security

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99