355 research outputs found
An efficient ID- based directed signature scheme from bilinear pairings
A directed signature scheme allows a designated verifier to directly verify a signature issued to him, and a third party to check the signature validity with the help of the signer or the designated verifier as well. Directed signatures are applicable where the signed message is sensitive to the signature receiver. Due to its merits, directed signature schemes are suitable for applications such as bill of tax and bill of health. In this paper, we proposed an efficient identity based directed signature scheme from bilinear pairings. Our scheme is efficient than the existing directed signature schemes. In the random oracle model, our scheme is unforgeable under the Computational Diffie-Hellman (CDH) assumption, and invisible under the Decisional Bilinear Diffie-Hellman (DBDH)
Towards Applying Cryptographic Security Models to Real-World Systems
The cryptographic methodology of formal security analysis usually works in three steps:
choosing a security model, describing a system and its intended security properties, and creating a formal proof of security.
For basic cryptographic primitives and simple protocols this is a well understood process and is performed regularly.
For more complex systems, as they are in use in real-world settings it is rarely applied, however.
In practice, this often leads to missing or incomplete descriptions of the security properties and requirements of such systems, which in turn can lead to insecure implementations and consequent security breaches.
One of the main reasons for the lack of application of formal models in practice is that they are particularly difficult to use and to adapt to new use cases.
With this work, we therefore aim to investigate how cryptographic security models can be used to argue about the security of real-world systems.
To this end, we perform case studies of three important types of real-world systems: data outsourcing, computer networks and electronic payment.
First, we give a unified framework to express and analyze the security of data outsourcing schemes.
Within this framework, we define three privacy objectives: \emph{data privacy}, \emph{query privacy}, and \emph{result privacy}.
We show that data privacy and query privacy are independent concepts, while result privacy is consequential to them.
We then extend our framework to allow the modeling of \emph{integrity} for the specific use case of file systems.
To validate our model, we show that existing security notions can be expressed within our framework and we prove the security of CryFS---a cryptographic cloud file system.
Second, we introduce a model, based on the Universal Composability (UC) framework, in which computer networks and their security properties can be described
We extend it to incorporate time, which cannot be expressed in the basic UC framework, and give formal tools to facilitate its application.
For validation, we use this model to argue about the security of architectures of multiple firewalls in the presence of an active adversary.
We show that a parallel composition of firewalls exhibits strictly better security properties than other variants.
Finally, we introduce a formal model for the security of electronic payment protocols within the UC framework.
Using this model, we prove a set of necessary requirements for secure electronic payment.
Based on these findings, we discuss the security of current payment protocols and find that most are insecure.
We then give a simple payment protocol inspired by chipTAN and photoTAN and prove its security within our model.
We conclude that cryptographic security models can indeed be used to describe the security of real-world systems.
They are, however, difficult to apply and always need to be adapted to the specific use case
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT
In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited
Identity-Based Directed Signature Scheme from Bilinear Pairings
In a directed signature scheme, a verifier can exclusively verify
the signatures designated to himself, and shares with the signer the
ability to prove correctness of the signature to a third party when
necessary. Directed signature schemes are suitable for applications
such as bill of tax and bill of health.
This paper studies directed signatures in the identity-based setting. We first present the syntax and security notion that includes unforgeability and invisibility, then propose a concrete identity-based directed signature scheme from bilinear pairings. We then prove our scheme existentially unforgeable under the computational Diffie-Hellman
assumption, and invisible under the decisional Bilinear Diffie-Hellman assumption, both in the random oracle model
Non-malleable codes for space-bounded tampering
Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic
- …