51,772 research outputs found
Code-based Identification and Signature Schemes
In an age of explosive growth of digital communications and electronic data storage, cryptography plays an integral role in our society. Some examples of daily use of cryptography are software updates, e-banking, electronic commerce, ATM cards, etc. The security of most currently used cryptosystems relies on the hardness of the factorization and discrete logarithm problems. However, in 1994 Peter Shor discovered polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. Therefore, it is of extreme importance to develop cryptosystems that remain secure even when the adversary has access to a quantum computer; such systems are called post-quantum cryptosystems. One promising candidate is based on codes; in this thesis we focus more specifically on code-based identification and signature schemes.
Public key identification schemes are typically applied in cryptography to reach the goal of entity authentication. Their applications include authentication and access control services such as remote login, credit card purchases and many others. One of the most well-known systems of this kind is the zero-knowledge identification scheme introduced in Crypto 1993 by Stern. It is very fast compared to schemes based on number-theoretic problems since it involves only simple and efficiently executable operations. However, its main drawbacks are the high communication complexity and the large public key size, that makes it impractical for many applications.
Our first contribution addresses these drawbacks by taking a step towards reducing communication complexity and public key size simultaneously. To this end, we propose a novel zero-knowledge five-pass identification scheme which improves on Stern's scheme. It reduces the communication complexity by a factor of 25 % compared to Stern's one. Moreover, we obtain a public key of size of 4 KB, whereas Stern's scheme requires 15 KB for the same level of security. To the best of our knowledge, there is no code-based identification scheme with better performance than our proposal using random codes. Our second contribution consists of extending one of the most important paradigms in cryptography, namely the one by Fiat and Shamir. In doing so, we enlarge the class of identification schemes to which the Fiat-Shamir transform can be applied. Additionally, we put forward a generic methodology for proving the security of signature schemes derived from this class of identification schemes. We exemplify our extended paradigm and derive a provably secure signature scheme based on our proposed five-pass identification scheme. In order to contribute to the development of post-quantum schemes with additional features, we present an improved code-based threshold ring signature scheme using our two previous results. Our proposal has a shorter signature length and a smaller public-key size compared to Aguilar et al.'s scheme, which is the reference in this area
Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers
In order to counter forgeries of tickets for public transport or mass events,
a method to validate them, using printed unique random pattern markers was
developed. These markers themselves are unforgeable by their physically random
distribution. To assure their authenticity, however, they have to be
cryptographically protected and equipped with an environment for successful
validation, combining physical and cyber security protection. This paper
describes an architecture for cryptographically protecting these markers, which
are stored in Aztec codes on physical tickets, in order to assure that only an
authorized printer can generate a valid Aztec code of such a pattern, thus
providing forge protection in combination with the randomness and uniqueness of
the pattern. Nevertheless, the choice of the signature algorithm is heavily
constrained by the sizes of the pattern, ticket provider data, metadata and the
signature confronted by the data volume the code hold. Therefore, this paper
also defines an example for a signature layout for the proposed architecture.
This allows for a lightweight ticket validation system that is both physically
and cryptographically secured to form a smart solution for mass access
verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
On Constructing Persistent Identifiers with Persistent Resolution Targets
Persistent Identifiers (PID) are the foundation referencing digital assets in
scientific publications, books, and digital repositories. In its realization,
PIDs contain metadata and resolving targets in form of URLs that point to data
sets located on the network. In contrast to PIDs, the target URLs are typically
changing over time; thus, PIDs need continuous maintenance -- an effort that is
increasing tremendously with the advancement of e-Science and the advent of the
Internet-of-Things (IoT). Nowadays, billions of sensors and data sets are
subject of PID assignment. This paper presents a new approach of embedding
location independent targets into PIDs that allows the creation of
maintenance-free PIDs using content-centric network technology and overlay
networks. For proving the validity of the presented approach, the Handle PID
System is used in conjunction with Magnet Link access information encoding,
state-of-the-art decentralized data distribution with BitTorrent, and Named
Data Networking (NDN) as location-independent data access technology for
networks. Contrasting existing approaches, no green-field implementation of PID
or major modifications of the Handle System is required to enable
location-independent data dissemination with maintenance-free PIDs.Comment: Published IEEE paper of the FedCSIS 2016 (SoFAST-WS'16) conference,
11.-14. September 2016, Gdansk, Poland. Also available online:
http://ieeexplore.ieee.org/document/7733372
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
- …