74 research outputs found
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
We provide formal definitions and efficient secure techniques for
- turning noisy information into keys usable for any cryptographic
application, and, in particular,
- reliably and securely authenticating biometric data.
Our techniques apply not just to biometric information, but to any keying
material that, unlike traditional cryptographic keys, is (1) not reproducible
precisely and (2) not distributed uniformly. We propose two primitives: a
"fuzzy extractor" reliably extracts nearly uniform randomness R from its input;
the extraction is error-tolerant in the sense that R will be the same even if
the input changes, as long as it remains reasonably close to the original.
Thus, R can be used as a key in a cryptographic application. A "secure sketch"
produces public information about its input w that does not reveal w, and yet
allows exact recovery of w given another value that is close to w. Thus, it can
be used to reliably reproduce error-prone biometric inputs without incurring
the security risk inherent in storing them.
We define the primitives to be both formally secure and versatile,
generalizing much prior work. In addition, we provide nearly optimal
constructions of both primitives for various measures of ``closeness'' of input
data, such as Hamming distance, edit distance, and set difference.Comment: 47 pp., 3 figures. Prelim. version in Eurocrypt 2004, Springer LNCS
3027, pp. 523-540. Differences from version 3: minor edits for grammar,
clarity, and typo
Prioritized data synchronization with applications
We are interested on the problem of synchronizing data on two distinct devices
with differed priorities using minimum communication. A variety of distributed sys-
tems require communication efficient and prioritized synchronization, for example,
where the bandwidth is limited or certain information is more time sensitive than
others. Our particular approach, P-CPI, involving the interactive synchronization of
prioritized data, is efficient both in communication and computation. This protocol
sports some desirable features, including (i) communication and computational com-
plexity primarily tied to the number of di erences between the hosts rather than the
amount of the data overall and (ii) a memoryless fast restart after interruption. We
provide a novel analysis of this protocol, with proved high-probability performance
bound and fast-restart in logarithmic time. We also provide an empirical model
for predicting the probability of complete synchronization as a function of time and
symmetric differences.
We then consider two applications of our core algorithm. The first is a string
reconciliation protocol, for which we propose a novel algorithm with online time com-
plexity that is linear in the size of the string. Our experimental results show that
our string reconciliation protocol can potentially outperform existing synchroniza-
tion tools such like rsync in some cases. We also look into the benefit brought by
our algorithm to delay-tolerant networks(DTNs). We propose an optimized DTN
routing protocol with P-CPI implemented as middleware. As a proof of concept, we
demonstrate improved delivery rate, reduced metadata and reduced average delay
Scalable string reconciliation by recursive content-dependent shingling
We consider the problem of reconciling similar strings in a distributed system. Specifically, we are interested in performing this reconciliation in an efficient manner, minimizing the communication cost. Our problem applies to several types of large-scale distributed networks, file synchronization utilities, and any system that manages the consistency of string encoded ordered data. We present the novel Recursive Content-Dependent Shingling (RCDS) protocol that can handle large strings and has the communication complexity that scales with the edit distance between the reconciling strings. Also, we provide analysis, experimental results, and comparisons to existing synchronization software such as the Rsync utility with an implementation of our protocol.2019-12-03T00:00:00
Reconciling Graphs and Sets of Sets
We explore a generalization of set reconciliation, where the goal is to
reconcile sets of sets. Alice and Bob each have a parent set consisting of
child sets, each containing at most elements from a universe of size .
They want to reconcile their sets of sets in a scenario where the total number
of differences between all of their child sets (under the minimum difference
matching between their child sets) is . We give several algorithms for this
problem, and discuss applications to reconciliation problems on graphs,
databases, and collections of documents. We specifically focus on graph
reconciliation, providing protocols based on set of sets reconciliation for
random graphs from and for forests of rooted trees
Maintaining secrecy when information leakage is unavoidable
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 109-115).(cont.) We apply the framework to get new results, creating (a) encryption schemes with very short keys, and (b) hash functions that leak no information about their input, yet-paradoxically-allow testing if a candidate vector is close to the input. One of the technical contributions of this research is to provide new, cryptographic uses of mathematical tools from complexity theory known as randomness extractors.Sharing and maintaining long, random keys is one of the central problems in cryptography. This thesis provides about ensuring the security of a cryptographic key when partial information about it has been, or must be, leaked to an adversary. We consider two basic approaches: 1. Extracting a new, shorter, secret key from one that has been partially compromised. Specifically, we study the use of noisy data, such as biometrics and personal information, as cryptographic keys. Such data can vary drastically from one measurement to the next. We would like to store enough information to handle these variations, without having to rely on any secure storage-in particular, without storing the key itself in the clear. We solve the problem by casting it in terms of key extraction. We give a precise definition of what "security" should mean in this setting, and design practical, general solutions with rigorous analyses. Prior to this work, no solutions were known with satisfactory provable security guarantees. 2. Ensuring that whatever is revealed is not actually useful. This is most relevant when the key itself is sensitive-for example when it is based on a person's iris scan or Social Security Number. This second approach requires the user to have some control over exactly what information is revealed, but this is often the case: for example, if the user must reveal enough information to allow another user to correct errors in a corrupted key. How can the user ensure that whatever information the adversary learns is not useful to her? We answer by developing a theoretical framework for separating leaked information from useful information. Our definition strengthens the notion of entropic security, considered before in a few different contexts.by Adam Davison Smith.Ph.D
- …