Sanitizable signatures with strong transparency in the standard model

Sanitizable signatures provide several security features which are useful in many scenarios including military and medical applications. Sanitizable signatures allow a semi-trusted party to update some part of the digitally signed document without interacting with the original signer. Such schemes, where the verifer cannot identify whether the message has been sanitized, are said to possess strong transparency. In this paper, we have described the first efficient and provably secure sanitizable signature scheme having strong transparency under the standard model

Redactable Signatures for Signed CDA Documents

[[abstract]]The Clinical Document Architecture, introduced by Health Level Seven, is a XML-based standard intending to specify the encoding, structure, and semantics of clinical documents for exchange. Since the clinical document is in XML form, its authenticity and integrity could be guaranteed by the use of the XML signature published by W3C. While a clinical document wants to conceal some personal or private information, the document needs to be redacted. It makes the signed signature of the original clinical document not be verified. The redactable signature is thus proposed to enable verification for the redacted document. Only a little research does the implementation of the redactable signature, and there still not exists an appropriate scheme for the clinical document. This paper will investigate the existing web-technologies and find a compact and applicable model to implement a suitable redactable signature for the clinical document viewer.[[notice]]補正完畢[[incitationindex]]SC

Efficient Transparent Redactable Signatures with a Single Signature Invocation

A redactable signature scheme is one that allows the original signature to be used, usually along with some additional data, to verify certain carefully` specified changes to the original document that was signed, namely the removal or redaction of subdocuments. For redactable signatures, the term transparency has been used to describe a scheme that hides the number and locations of redacted subdocuments. We present here two efficient transparent redactable signature schemes, which are the first such schemes in the literature that are based solely on tools of symmetric cryptography, along with a single application of an ordinary digital signature. As with several previous schemes for redactable signatures, we sign a sequence of randomized commitments that depend on the contents of the subdocuments of the document to be signed. In order to hide their number and location, we randomize their order, and mix them with a sequence of dummy nodes that are indistinguishable from commitment values. Our first scheme uses a data structure of size quadratic in the number of subdocuments, encoding all the precedence relations between pairs of subdocuments. By embedding these precedence relations in a smaller family of graphs, our second scheme is more efficient, with expected cost linear in the number of subdocuments in the document to be signed. We introduce a quantified version of the transparency property, precisely describing the uncertainty about the number of redacted subdocuments that is guaranteed by the two schemes. We prove that our schemes are secure, i.e. unforgeable, private, and transparent, based on the security of collision-free hash functions, pseudorandom generators, and digital signature schemes. While providing such strong security, our scheme is also efficient, in terms of both computation and communication

Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D

Rethinking Privacy for Extended Sanitizable Signatures and a Black-Box Construction of Strongly Private Schemes

Sanitizable signatures, introduced by Ateniese et al. at ESORICS\u2705, allow to issue a signature on a message where certain predefined message blocks may later be changed (sanitized) by some dedicated party (the sanitizer) without invalidating the original signature. With sanitizable signatures, replacements for modifiable (admissible) message blocks can be chosen arbitrarily by the sanitizer. However, in various scenarios this makes sanitizers too powerful. To reduce the sanitizers power, Klonowski and Lauks at ICISC\u2706 proposed (among others) an extension that enables the signer to limit the allowed modifications per admissible block to a well defined set each. At CT-RSA\u2710 Canard and Jambert then extended the formal model of Brzuska et al. from PKC\u2709 to additionally include the aforementioned and other extensions. We, however, observe that the privacy guarantees of their model do not capture privacy in the sense of the original definition of sanitizable signatures. That is, if a scheme is private in this model it is not guaranteed that the sets of allowed modifications remain concealed. To this end, we review a stronger notion of privacy, i.e., (strong) unlinkability (defined by Brzuska et al. at EuroPKI\u2713), in this context. While unlinkability fixes this problem, no efficient unlinkable scheme supporting the aforementioned extensions exists and it seems to be hard to construct such schemes. As a remedy, in this paper, we propose a notion stronger than privacy, but weaker than unlinkability, which captures privacy in the original sense. Moreover, it allows to easily construct efficient schemes satisfying our notion from secure existing schemes in a black-box fashion

Policy-Based Redactable Signatures

In this work we make progress towards solving an open problem posed by Bilzhause et. al, to give constructions of redactable signature schemes that allow the signer to limit the possible redactions performed by a third party. A separate, but related notion, called controlled disclosure allows a redactor to limit future redactions. We look at two types of data, sets and linear data (data organized as a sequence). In the case of sets, we limit redactions using a policy modeled by a monotone circuit or any circuit depending on the size of the universe the set is drawn from. In the case of linear data, we give a linear construction from vector commitments that limits redactions using a policy modeled as a monotone circuit. Our constructions have the attractive feature that they are built using only blackbox techniques

Routing and Security in Mobile Ad Hoc Networks

A Mobile Ad hoc Network (MANET) consists of a set of nodes which can form a network among themselves. MANETs have applications in areas such as military, disaster rescue operations, monitoring animal habitats, etc. where establishing fixed communication infrastructure is not feasible. Routing protocols designed for MANETs can be broadly classified as position-based (geographic), topology-based and hybrid. Geographic routing uses location information of nodes to route messages. Topology-based routing uses network state information for route discovery and maintenance. Hybrid routing protocols use features in both position-based and topology-based approaches. Position-based routing protocols route packets towards the destination using greedy forwarding (i.e., an intermediate node forwards packets to a neighbor that is closer to the destination than itself). If a node has no neighbor that is closer to the destination than itself, greedy forwarding fails. In this case, we say there is void. Different position-based routing protocols use different methods for dealing with voids. Topology-based routing protocols can be classified into on-demand (reactive) routing protocols and proactive routing protocols. Generally, on-demand routing protocols establish routes when needed by flooding route requests throughout the entire network, which is not a scalable approach. Reactive routing protocols try to maintain routes between every pair of nodes by periodically exchanging messages with each other which is not a scalable approach also. This thesis addresses some of these issues and makes the following contribution. First, we present a position-based routing protocol called Greedy Routing Protocol with Backtracking (GRB) which uses a simple backtracking technique to route around voids, unlike existing position-based routing protocols which construct planarized graph of the local network to route around voids. We compare the performance of our protocol with the well known Greedy Perimeter Stateless Routing (GPSR) protocol and the Ad-Hoc On-demand Distance Vector (AODV) routing protocol as well as the Dynamic Source Routing (DSR) protocol. Performance evaluation shows that our protocol has less control overhead than those of DSR, AODV, and GPSR. Performance evaluation also shows that our protocol has a higher packet-delivery ratio, lower end-to-end delay, and less hop count, on average, compared to AODV, DSR and GPSR. We then present an on-demand routing protocol called ``Hybrid On-demand Greedy Routing Protocol with Backtracking for Mobile Ad-Hoc Networks which uses greedy approach for route discovery. This prevents flooding route requests, unlike the existing on-demand routing protocols. This approach also helps in finding routes that have lower hop counts than AODV and DSR. Our performance evaluation confirms that our protocol performs better than AODV and DSR, on average, with respect to hop count, packet-delivery ratio and control overhead. In MANETs, all nodes need to cooperate to establish routes. Establishing secure and valid routes in the presence of adversaries is a challenge in MANETs. Some of the well-known source routing protocols presented in the literature (e.g., Ariadne and endairA) which claim to establish secure routes are susceptible to hidden channel attacks. We address this issue and present a secure routing protocol called SAriadne, based on sanitizable signatures. We show that our protocol detects and prevents hidden channel attacks

Codifying Information Assurance Controls for Department of Defense (DoD) Supervisory Control and Data Acquisition (SCADA) Systems (U)

Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing eight Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into the DoD IA control framework. Spearman’s Rho ranking results (ρ = .972414) indicate a high preference for encryption, and system and information integrity as key IA Controls to mitigate cyber risk. Equally interesting was the strong agreement among raters on ranking certification and accreditation dead last as an effective IA control. The respondents strongly favored including four new IA controls of the eight considered

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Accountable Trapdoor Sanitizable Signatures

Abstract. Sanitizable signature (SS) allows a signer to partly delegate signing rights to a predeter-mined party, called sanitizer, who can later modify certain designated parts of a message originally signed by the signer and generate a new signature on the sanitized message without interacting with the signer. One of the important security requirements of sanitizable signatures is accountability, which allows the signer to prove, in case of dispute, to a third party that a message was modified by the sanitizer. Trapdoor sanitizable signature (TSS) enables a signer of a message to delegate the power of sanitization to any parties at anytime but at the expense of losing the accountability property. In this paper, we introduce the notion of accountable trapdoor sanitizable signature (ATSS) which lies between SS and TSS. As a building block for constructing ATSS, we also introduce the notion of accountable chameleon hash (ACH), which is an extension of chameleon hash (CH) and might be of independent interest. We propose a concrete construction of ACH and show how to use it to construct an ATSS scheme