837 research outputs found
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption
Disk encryption has become an important security measure for a multitude of
clients, including governments, corporations, activists, security-conscious
professionals, and privacy-conscious individuals. Unfortunately, recent
research has discovered an effective side channel attack against any disk
mounted by a running machine\cite{princetonattack}. This attack, known as the
cold boot attack, is effective against any mounted volume using
state-of-the-art disk encryption, is relatively simple to perform for an
attacker with even rudimentary technical knowledge and training, and is
applicable to exactly the scenario against which disk encryption is primarily
supposed to defend: an adversary with physical access. To our knowledge, no
effective software-based countermeasure to this attack supporting multiple
encryption keys has yet been articulated in the literature. Moreover, since no
proposed solution has been implemented in publicly available software, all
general-purpose machines using disk encryption remain vulnerable. We present
Loop-Amnesia, a kernel-based disk encryption mechanism implementing a novel
technique to eliminate vulnerability to the cold boot attack. We offer
theoretical justification of Loop-Amnesia's invulnerability to the attack,
verify that our implementation is not vulnerable in practice, and present
measurements showing our impact on I/O accesses to the encrypted disk is
limited to a slowdown of approximately 2x. Loop-Amnesia is written for x86-64,
but our technique is applicable to other register-based architectures. We base
our work on loop-AES, a state-of-the-art open source disk encryption package
for Linux.Comment: 13 pages, 4 figure
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Security is one of the most important concern to the information and data sharing for companies, banks, organizations and government facilities. RSA is a public cryptographic algorithm that is designed specifically for authentication and data encryption. One of the most powerful reasons makes RSA more secure is that the avoidance of key exchange in the encryption and decryption processes. Standard RSA algorithm depends on the key length only to protect systems. However, RSA key is broken from time to another due to the development of computers hardware such as high speed processors and advanced technology. RSA developers have increased a key length or size of a key periodically to maintain a high security and privacy to systems that are protected by the RSA. In this paper, a method has been designed and implemented to strengthen the RSA algorithm by using multiple public and private keys. Therefore, in this method the security of RSA not only depends on the key size, but also relies on the multiplicity of public and private keys
Privacy preserving distributed optimization using homomorphic encryption
This paper studies how a system operator and a set of agents securely execute
a distributed projected gradient-based algorithm. In particular, each
participant holds a set of problem coefficients and/or states whose values are
private to the data owner. The concerned problem raises two questions: how to
securely compute given functions; and which functions should be computed in the
first place. For the first question, by using the techniques of homomorphic
encryption, we propose novel algorithms which can achieve secure multiparty
computation with perfect correctness. For the second question, we identify a
class of functions which can be securely computed. The correctness and
computational efficiency of the proposed algorithms are verified by two case
studies of power systems, one on a demand response problem and the other on an
optimal power flow problem.Comment: 24 pages, 5 figures, journa
ID-based Ring Signature and Proxy Ring Signature Schemes from Bilinear Pairings
In 2001, Rivest et al. firstly introduced the concept of ring signatures. A
ring signature is a simplified group signature without any manager. It protects
the anonymity of a signer. The first scheme proposed by Rivest et al. was based
on RSA cryptosystem and certificate based public key setting. The first ring
signature scheme based on DLP was proposed by Abe, Ohkubo, and Suzuki. Their
scheme is also based on the general certificate-based public key setting too.
In 2002, Zhang and Kim proposed a new ID-based ring signature scheme using
pairings. Later Lin and Wu proposed a more efficient ID-based ring signature
scheme. Both these schemes have some inconsistency in computational aspect.
In this paper we propose a new ID-based ring signature scheme and a proxy
ring signature scheme. Both the schemes are more efficient than existing one.
These schemes also take care of the inconsistencies in above two schemes.Comment: Published with ePrint Archiv
- …