386 research outputs found
Receiver and Sender Deniable Functional Encryption
Deniable encryption, first introduced by Canetti et al. (CRYPTO 1997), allows equivocation of encrypted communication.
In this work we generalize its study to functional encryption (FE).
Our results are summarized as follows:
We first put forward and motivate the concept of receiver deniable FE, for which we consider two models. In the first model, as previously considered by O'Neill et al. (CRYPTO 2011) in the case of identity-based encryption, a receiver gets assistance from the master authority to generate a fake secret key. In the second model, there are ``normal'' and ``deniable'' secret keys, and a receiver in possession of a deniable secret key can produce a fake but authentic-looking normal key on its own.
In the first model, we show a compiler from any FE scheme for the general circuit functionality to a FE scheme having receiver deniability.
In addition we show an efficient receiver deniable FE scheme for Boolean Formulae from bilinear maps. In the second (multi-distributional) model, we present a specific FE scheme for the general circuit functionality having receiver deniability. To our knowledge, a scheme in the multi-distributional model was not previously known even for the special case of identity-based encryption.
Finally, we construct the first sender (non-multi-distributional) deniable FE scheme
Deterministic, Stash-Free Write-Only ORAM
Write-Only Oblivious RAM (WoORAM) protocols provide privacy by encrypting the
contents of data and also hiding the pattern of write operations over that
data. WoORAMs provide better privacy than plain encryption and better
performance than more general ORAM schemes (which hide both writing and reading
access patterns), and the write-oblivious setting has been applied to important
applications of cloud storage synchronization and encrypted hidden volumes. In
this paper, we introduce an entirely new technique for Write-Only ORAM, called
DetWoORAM. Unlike previous solutions, DetWoORAM uses a deterministic,
sequential writing pattern without the need for any "stashing" of blocks in
local state when writes fail. Our protocol, while conceptually simple, provides
substantial improvement over prior solutions, both asymptotically and
experimentally. In particular, under typical settings the DetWoORAM writes only
2 blocks (sequentially) to backend memory for each block written to the device,
which is optimal. We have implemented our solution using the BUSE (block device
in user-space) module and tested DetWoORAM against both an encryption only
baseline of dm-crypt and prior, randomized WoORAM solutions, measuring only a
3x-14x slowdown compared to an encryption-only baseline and around 6x-19x
speedup compared to prior work
Subverting Deniability
Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message.
DPKE\u27s threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as the ability to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). An ASA replaces a trusted algorithm with a subverted version that undermines security from the point of view of the adversary while remaining undetected by users. ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender\u27s only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these.
In this work, we show that subversion attacks against deniable encryption schemes present an attractive opportunity for an adversary. We note that whilst the notion is widely accepted, there are as yet no practical deniable PKE schemes; we demonstrate the feasibility of ASAs targeting deniable encryption using a representative scheme as a proof of concept. We also provide a formal model and discuss how to mitigate ASAs targeting deniable PKE schemes. Our results strengthen the security model for deniable encryption and highlight the necessity of considering subversion in the design of practical schemes
DENIABLE ATTRIBUTE BASED ENCRYPTION SYSTEM IN AN AUDIT-FREE CLOUD STORAGE
We consider the communitarian information distributing issue for anonym punch evenly apportioned information at different information suppliers. We consider another kind of "insider assault" by conniving information suppliers who may utilize their own information records (a subset of the general information) notwithstanding the outer foundation information to gather the information records contributed by other information suppliers. The paper tends to this new danger and makes a few commitments. To start with, we present the thought of m-security, which ensures that the anonymized information fulfills a given protection requirement against any gathering of up to m intriguing information suppliers. Second, we present heuristic calculations abusing the proportionality bunch monotonicity of protection imperatives and versatile requesting methods for effectively checking m-security given a bunch of records. At long last, we present an information supplier mindful anonymization calculation with versatile m-protection checking systems to guarantee high utility and m-security of anonymized information with effectiveness
OPTIMAL POWER CONTROL AND RELIABLE COMMUNICATION FOR MOBILE NETWORK THROUGH EFFICIENT ROUTING PROTOCOL
We consider the communitarian information distributing issue for anonym punch evenly apportioned information at different information suppliers. We consider another kind of "insider assault" by conniving information suppliers who may utilize their own information records (a subset of the general information) notwithstanding the outer foundation information to gather the information records contributed by other information suppliers. The paper tends to this new danger and makes a few commitments. To start with, we present the thought of m-security, which ensures that the anonymized information fulfills a given protection requirement against any gathering of up to m intriguing information suppliers. Second, we present heuristic calculations abusing the proportionality bunch monotonicity of protection imperatives and versatile requesting methods for effectively checking m-security given a bunch of records. At long last, we present an information supplier mindful anonymization calculation with versatile m-protection checking systems to guarantee high utility and m-security of anonymized information with effectiveness
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Email breaches are commonplace, and they expose a wealth of personal,
business, and political data that may have devastating consequences. The
current email system allows any attacker who gains access to your email to
prove the authenticity of the stolen messages to third parties -- a property
arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This
exacerbates the problem of email breaches by greatly increasing the potential
for attackers to damage the users' reputation, blackmail them, or sell the
stolen information to third parties.
In this paper, we introduce "non-attributable email", which guarantees that a
wide class of adversaries are unable to convince any third party of the
authenticity of stolen emails. We formally define non-attributability, and
present two practical system proposals -- KeyForge and TimeForge -- that
provably achieve non-attributability while maintaining the important protection
against spam and spoofing that is currently provided by DKIM. Moreover, we
implement KeyForge and demonstrate that that scheme is practical, achieving
competitive verification and signing speed while also requiring 42% less
bandwidth per email than RSA2048
Use of Cryptography in Malware Obfuscation
Malware authors often use cryptographic tools such as XOR encryption and
block ciphers like AES to obfuscate part of the malware to evade detection. Use
of cryptography may give the impression that these obfuscation techniques have
some provable guarantees of success. In this paper, we take a closer look at
the use of cryptographic tools to obfuscate malware. We first find that most
techniques are easy to defeat (in principle), since the decryption algorithm
and the key is shipped within the program. In order to clearly define an
obfuscation technique's potential to evade detection we propose a principled
definition of malware obfuscation, and then categorize instances of malware
obfuscation that use cryptographic tools into those which evade detection and
those which are detectable. We find that schemes that are hard to de-obfuscate
necessarily rely on a construct based on environmental keying. We also show
that cryptographic notions of obfuscation, e.g., indistinghuishability and
virtual black box obfuscation, may not guarantee evasion detection under our
model. However, they can be used in conjunction with environmental keying to
produce hard to de-obfuscate versions of programs
- …