166 research outputs found
EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES
The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are:
1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem.
2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes.
3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols.
4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems.
All special forms digital signaturesâaggregate, multi-, and blind signaturesâproposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead
Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks
DisertaÄnĂ prĂĄce se zabĂœvĂĄ kryptografickĂœmi protokoly poskytujĂcĂ ochranu soukromĂ, kterĂ© jsou urÄeny pro zabezpeÄenĂ komunikaÄnĂch a informaÄnĂch systĂ©mĆŻ tvoĆĂcĂch heterogennĂ sĂtÄ. PrĂĄce se zamÄĆuje pĆedevĆĄĂm na moĆŸnosti vyuĆŸitĂ nekonvenÄnĂch kryptografickĂœch prostĆedkĆŻ, kterĂ© poskytujĂ rozĆĄĂĆenĂ© bezpeÄnostnĂ poĆŸadavky, jako je napĆĂklad ochrana soukromĂ uĆŸivatelĆŻ komunikaÄnĂho systĂ©mu. V prĂĄci je stanovena vĂœpoÄetnĂ nĂĄroÄnost kryptografickĂœch a matematickĂœch primitiv na rĆŻznĂœch zaĆĂzenĂch, kterĂ© se podĂlĂ na zabezpeÄenĂ heterogennĂ sĂtÄ. HlavnĂ cĂle prĂĄce se zamÄĆujĂ na nĂĄvrh pokroÄilĂœch kryptografickĂœch protokolĆŻ poskytujĂcĂch ochranu soukromĂ. V prĂĄci jsou navrĆŸeny celkovÄ tĆi protokoly, kterĂ© vyuĆŸĂvajĂ skupinovĂœch podpisĆŻ zaloĆŸenĂœch na bilineĂĄrnĂm pĂĄrovĂĄnĂ pro zajiĆĄtÄnĂ ochrany soukromĂ uĆŸivatelĆŻ. Tyto navrĆŸenĂ© protokoly zajiĆĄĆ„ujĂ ochranu soukromĂ a nepopiratelnost po celou dobu datovĂ© komunikace spolu s autentizacĂ a integritou pĆenĂĄĆĄenĂœch zprĂĄv. Pro navĂœĆĄenĂ vĂœkonnosti navrĆŸenĂœch protokolĆŻ je vyuĆŸito optimalizaÄnĂch technik, napĆ. dĂĄvkovĂ©ho ovÄĆovĂĄnĂ, tak aby protokoly byly praktickĂ© i pro heterogennĂ sĂtÄ.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.
Cryptographic Schemes based on Elliptic Curve Pairings
This thesis introduces the concept of certificateless public key
cryptography (CLPKC). Elliptic curve pairings are then used to
make concrete CL-PKC schemes and are also used to make other
efficient key agreement protocols.
CL-PKC can be viewed as a model for the use of public key cryptography
that is intermediate between traditional certificated PKC and ID-PKC.
This is because, in contrast to traditional public key cryptographic
systems, CL-PKC does not require the use of certificates to guarantee
the authenticity of public keys. It does rely on the use of a trusted
authority (TA) who is in possession of a master key. In this
respect, CL-PKC is similar to identity-based public key
cryptography (ID-PKC). On the other hand, CL-PKC does not suffer
from the key escrow property that is inherent in ID-PKC.
Applications for the new infrastructure are discussed.
We exemplify how CL-PKC schemes can be constructed by constructing
several certificateless public key encryption schemes and
modifying other existing ID based schemes. The lack of
certificates and the desire to prove the schemes secure in the
presence of an adversary who has access to the master key or has
the ability to replace public keys, requires the careful
development of new security models. We prove that some of our
schemes are secure, provided that the Bilinear Diffie-Hellman
Problem is hard.
We then examine Jouxâs protocol, which is a one round, tripartite
key agreement protocol that is more bandwidth-efficient than any
previous three-party key agreement protocol, however, Jouxâs protocol
is insecure, suffering from a simple man-in-the-middle attack. We
show how to make Jouxâs protocol secure, presenting several tripartite,
authenticated key agreement protocols that still require only one round
of communication. The security properties of the new protocols are
studied. Applications for the protocols are also discussed
Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)
In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future
Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption
âData outsourcing becomes an essential paradigm for an organization to reduce operation costs on supporting and managing its IT infrastructure. When sensitive data are outsourced to a remote server, the data generally need to be encrypted before outsourcing. To preserve the confidentiality of the data, any computations performed by the server should only be on the encrypted data. In other words, the encrypted data should not be decrypted during any stage of the computation. This kind of task is commonly termed as query processing over encrypted data (QPED).
One natural solution to solve the QPED problem is to utilize fully homomorphic encryption. However, fully homomorphic encryption is yet to be practical. The second solution is to adopt multi-server setting. However, the existing work is not efficient. Their implementations adopt costly primitives, such as secure comparison, binary decomposition among others, which reduce the efficiency of the whole protocols. Therefore, the improvement of these primitives results in high efficiency of the protocols. To have a well-defined scope, the following types of computations are considered: secure comparison (CMP), secure binary decomposition (SBD) and proxy re-encryption (PRE). We adopt the secret sharing scheme and paillier public key encryption as building blocks, and all computations can be done on the encrypted data by utilizing multiple servers. We analyze the security and the complexity of our proposed protocols, and their efficiencies are evaluated by comparing with the existing solutions.â--Abstract, page iii
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS
In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows:
1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder.
2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agentâs capabilities.
3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information.
4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures.
Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption
Contributions to the security and privacy of electronic ticketing systems
Un bitllet electrĂČnic Ă©s un contracte en format digital entre dues parts, l'usuari i el proveĂŻdor de serveis, on hi queda reflectit l'acord entre ambdĂłs per tal que l'usuari rebi el servei que desitja per part del proveĂŻdor. Els bitllets sĂłn emprats en diferents tipus de serveis, com esdeveniments lĂșdics o esportius, i especialment en l'Ă mbit del transport. En aquest cas permet reduir costos donat l'alt volum d'usuaris, a mĂ©s de facilitar la identificaciĂł del flux de viatges. Aquesta informaciĂł permet preveure i planificar els sistemes de transport de forma mĂ©s dinĂ mica.
La seguretat dels bitllets electrĂČnics Ă©s clau perquĂš es despleguin a l'entorn real, com tambĂ© ho Ă©s la privadesa dels seus usuaris. La privadesa inclou tant l'anonimitat dels usuaris, Ă©s a dir, una acciĂł no s'ha de poder atribuir fĂ cilment a un determinat usuari, com tambĂ© la no enllaçabilitat dels diferents moviments d'un determinat usuari.
En aquesta tesi proposem protocols de bitllets electrĂČnics que mantinguin les propietats dels bitllets en paper juntament amb els avantatges dels bitllets digitals. Primerament fem un estat de l'art amb les propostes relacionades, analitzant-ne els requisits de seguretat que compleixen. Presentem un protocol de bitllets electrĂČnics que incorpora els nous requisits de seguretat d'exculpabilitat i reutilitzaciĂł, diferents dels que haviem analitzat, tot complint tambĂ© la privadesa pels usuaris. Posteriorment, presentem una proposta de bitllets electrĂČnics adaptada als sistemes de pagament depenent de l'Ășs, bĂ sicament enfocat al transport, que incorpora tant l'anonimat pels usuaris, com tambĂ© la enllaçabilitat a curt termini, Ă©s a dir, complint la no enllaçabilitat dels diferents moviments del mateix usuari, perĂČ permetent la enllaçabilitat de les accions relacionades amb el mateix trajecte (p.ex. entrada i sortida). Finalment, mitjançant una evoluciĂł de la mateixa tĂšcnica criptogrĂ fica utilitzada en el sistema de pagament per Ășs, millorant-ne el temps de verificaciĂł per a mĂșltiples bitllets alhora (verificaciĂł en ``batch''), presentem una proposta que pot ser Ăștil per a varis sistemes de verificaciĂł massiva de missatges, posant com a cas d'Ășs l'aplicaciĂł a sistemes de xarxes vehiculars.An electronic ticket is a digital contract between two parties, that is, the user and the service provider. An agreement between them is established in order that the user can receive the desired service. These tickets are used in different types of services, such as sports or entertainment events, especially in the field of transport. In the case of transport, costs can be reduced due to the high volume of users, and the identification of the travel flow is facilitated. This information allows the forecast and planification of transport systems more dynamically.
The security of electronic tickets is very important to be deployed in the real scenarios, as well as the privacy for their users. Privacy includes both the anonymity of users, which implies that an action cannot be easily attributed to a particular user, and also the unlinkability of the different movements of that user.
This thesis presents protocols which keep the same security requirements of paper tickets while offering the advantages of digital tickets. Firstly, we perform a state of the art with the related proposals, by analysing the security requirements considered. We then present an electronic ticketing system that includes the security requirements of exculpability and reusability, thus guaranteeing the privacy for users. We later present a proposal of electronic ticketing systems adapted to use-dependant payment systems, especially focused on transport, which includes both the anonymity of users and the short-term linkability of their movements. The related actions of a journey of a determined user can be linkable between them (i.e. entrance and exit of the system) but not with other movements that the user performs. Finally, as an extension of the previous use-dependant payment system solution, we introduce the case of mass-verification systems, where many messages have to be verified in short time, and we present a proposal as a vehicular network use case that guarantees privacy for users with short-term linkability and can verify these messages efficiently
- âŠ