668 research outputs found
Finding Safety in Numbers with Secure Allegation Escrows
For fear of retribution, the victim of a crime may be willing to report it
only if other victims of the same perpetrator also step forward. Common
examples include 1) identifying oneself as the victim of sexual harassment,
especially by a person in a position of authority or 2) accusing an influential
politician, an authoritarian government, or ones own employer of corruption. To
handle such situations, legal literature has proposed the concept of an
allegation escrow: a neutral third-party that collects allegations anonymously,
matches them against each other, and de-anonymizes allegers only after
de-anonymity thresholds (in terms of number of co-allegers), pre-specified by
the allegers, are reached.
An allegation escrow can be realized as a single trusted third party;
however, this party must be trusted to keep the identity of the alleger and
content of the allegation private. To address this problem, this paper
introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group
of parties with independent interests and motives, acting jointly as an escrow
for collecting allegations from individuals, matching the allegations, and
de-anonymizing the allegations when designated thresholds are reached. By
design, SAEs provide a very strong property: No less than a majority of parties
constituting a SAE can de-anonymize or disclose the content of an allegation
without a sufficient number of matching allegations (even in collusion with any
number of other allegers). Once a sufficient number of matching allegations
exist, the join escrow discloses the allegation with the allegers' identities.
We describe how SAEs can be constructed using a novel authentication protocol
and a novel allegation matching and bucketing algorithm, provide formal proofs
of the security of our constructions, and evaluate a prototype implementation,
demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing
and proof. The protocol is unchange
Secret Communication over Broadcast Erasure Channels with State-feedback
We consider a 1-to- communication scenario, where a source transmits
private messages to receivers through a broadcast erasure channel, and the
receivers feed back strictly causally and publicly their channel states after
each transmission. We explore the achievable rate region when we require that
the message to each receiver remains secret - in the information theoretical
sense - from all the other receivers. We characterize the capacity of secure
communication in all the cases where the capacity of the 1-to- communication
scenario without the requirement of security is known. As a special case, we
characterize the secret-message capacity of a single receiver point-to-point
erasure channel with public state-feedback in the presence of a passive
eavesdropper.
We find that in all cases where we have an exact characterization, we can
achieve the capacity by using linear complexity two-phase schemes: in the first
phase we create appropriate secret keys, and in the second phase we use them to
encrypt each message. We find that the amount of key we need is smaller than
the size of the message, and equal to the amount of encrypted message the
potential eavesdroppers jointly collect. Moreover, we prove that a dishonest
receiver that provides deceptive feedback cannot diminish the rate experienced
by the honest receivers.
We also develop a converse proof which reflects the two-phase structure of
our achievability scheme. As a side result, our technique leads to a new outer
bound proof for the non-secure communication problem
Cross-layer key establishment protocols for wireless devices
There are some problems in existing key establishment protocols. To alleviate these problems, in our thesis, we designed a few cross-layer key establishment protocols by cooperatively using the characteristics of higher layers and physical layer. Additionally, the security and performance analyses show that our protocols perform better than others.<br /
KALwEN: a new practical and interoperable key management scheme for body sensor networks
Key management is the pillar of a security architecture. Body sensor networks (BSNs) pose several challenges–some inherited from wireless sensor networks (WSNs), some unique to themselves–that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports secure global broadcast, local broadcast, and local (neighbor-to-neighbor) unicast, while preserving past key secrecy and future key secrecy (FKS). The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case. With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike
Efficient Key Distribution Schemes for Large Scale Mobile Computing Applications
In emerging networks consisting of large-scale deployments of mobile devices, efficient security mechanisms are required to facilitate cryptographic authentication. While computation and bandwidth overheads are expensive for mobile devices, the cost of storage resources continue to fall at a rapid rate. We propose a simple novel key predistribution scheme, \textit{key subset and symmetric certificates} (KSSC) which can take good advantage of inexpensive storage resources, and has many compelling advantages over other approaches for facilitating ad hoc establishment of pairwise secrets in mobile computing environments. We argue that a combination of KSSC with a variant of an elegant KDS proposed by Leighton and Micali is an appealing choice for securing large scale deployments of mobile devices
Private Handshakes
Private handshaking allows pairs of users to determine which (secret) groups
they are both a member of. Group membership is kept secret to everybody else.
Private handshaking is a more private form of secret handshaking, because it
does not allow the group administrator to trace users. We extend the original
definition of a handshaking protocol to allow and test for membership of
multiple groups simultaneously. We present simple and efficient protocols for
both the single group and multiple group membership case.
Private handshaking is a useful tool for mutual authentication, demanded by
many pervasive applications (including RFID) for privacy. Our implementations
are efficient enough to support such usually resource constrained scenarios
Distributed Differentially Private Averaging with Improved Utility and Robustness to Malicious Parties
Learning from data owned by several parties, as in federated learning, raises
challenges regarding the privacy guarantees provided to participants and the
correctness of the computation in the presence of malicious parties. We tackle
these challenges in the context of distributed averaging, an essential building
block of distributed and federated learning. Our first contribution is a novel
distributed differentially private protocol which naturally scales with the
number of parties. The key idea underlying our protocol is to exchange
correlated Gaussian noise along the edges of a network graph, complemented by
independent noise added by each party. We analyze the differential privacy
guarantees of our protocol and the impact of the graph topology, showing that
we can match the accuracy of the trusted curator model even when each party
communicates with only a logarithmic number of other parties chosen at random.
This is in contrast with protocols in the local model of privacy (with lower
accuracy) or based on secure aggregation (where all pairs of users need to
exchange messages). Our second contribution is to enable users to prove the
correctness of their computations without compromising the efficiency and
privacy guarantees of the protocol. Our construction relies on standard
cryptographic primitives like commitment schemes and zero knowledge proofs.Comment: 39 page
UTILIZING THE MESSAGING LAYER SECURITY PROTOCOL IN A LOSSY COMMUNICATIONS AERIAL SWARM
Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Tactical employment of UAV swarms, however, will require secure communications. Unfortunately, efforts to date have not resulted in viable secure communications frameworks. Furthermore, the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. Recent research in secure group communications indicates that the Messaging Layer Security (MLS) protocol might provide an attractive option for these types of systems. This thesis documents the integration of MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system. The ARSENL implementation is intended as a proof-of-concept demonstration of the efficacy of MLS for secure swarm communications. Implementation test results are presented both for experiments conducted in a simulation environment and experiments with physical UAVs. These results indicate that MLS is suitable for a swarm, with the caveat that testing did not implement a delivery mechanism to ensure reliable packet delivery. For future work, mitigation of unreliable communications paths is required if a reliable MLS system is to be maintained.Civilian, CyberCorps: Scholarship for ServiceApproved for public release. Distribution is unlimited
- …