43,612 research outputs found
Oblivious Transfer based on Key Exchange
Key-exchange protocols have been overlooked as a possible means for
implementing oblivious transfer (OT). In this paper we present a protocol for
mutual exchange of secrets, 1-out-of-2 OT and coin flipping similar to
Diffie-Hellman protocol using the idea of obliviously exchanging encryption
keys. Since, Diffie-Hellman scheme is widely used, our protocol may provide a
useful alternative to the conventional methods for implementation of oblivious
transfer and a useful primitive in building larger cryptographic schemes.Comment: 10 page
Automatic analysis of distance bounding protocols
Distance bounding protocols are used by nodes in wireless networks to
calculate upper bounds on their distances to other nodes. However, dishonest
nodes in the network can turn the calculations both illegitimate and inaccurate
when they participate in protocol executions. It is important to analyze
protocols for the possibility of such violations. Past efforts to analyze
distance bounding protocols have only been manual. However, automated
approaches are important since they are quite likely to find flaws that manual
approaches cannot, as witnessed in literature for analysis pertaining to key
establishment protocols. In this paper, we use the constraint solver tool to
automatically analyze distance bounding protocols. We first formulate a new
trace property called Secure Distance Bounding (SDB) that protocol executions
must satisfy. We then classify the scenarios in which these protocols can
operate considering the (dis)honesty of nodes and location of the attacker in
the network. Finally, we extend the constraint solver so that it can be used to
test protocols for violations of SDB in these scenarios and illustrate our
technique on some published protocols.Comment: 22 pages, Appeared in Foundations of Computer Security, (Affiliated
workshop of LICS 2009, Los Angeles, CA)
Quantum Key Distribution (QKD) and Commodity Security Protocols: Introduction and Integration
We present an overview of quantum key distribution (QKD), a secure key
exchange method based on the quantum laws of physics rather than computational
complexity. We also provide an overview of the two most widely used commodity
security protocols, IPsec and TLS. Pursuing a key exchange model, we propose
how QKD could be integrated into these security applications. For such a QKD
integration we propose a support layer that provides a set of common QKD
services between the QKD protocol and the security applicationsComment: 12Page
On the Design of Cryptographic Primitives
The main objective of this work is twofold. On the one hand, it gives a brief
overview of the area of two-party cryptographic protocols. On the other hand,
it proposes new schemes and guidelines for improving the practice of robust
protocol design. In order to achieve such a double goal, a tour through the
descriptions of the two main cryptographic primitives is carried out. Within
this survey, some of the most representative algorithms based on the Theory of
Finite Fields are provided and new general schemes and specific algorithms
based on Graph Theory are proposed
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
- …