Integrity Proofs for RDF Graphs

Representing open datasets with the RDF model is becoming increasingly popular. An important aspect of this data model is that it can utilize the methods of computing cryptographic hashes to verify the integrity of RDF graphs. In this paper, we first develop a number of metrics to compare the state-of-the-art integrity proof methods and then present two new approaches to generate an integrity proof of RDF datasets: (i) semantic-based and (ii) structure-based. The semantic-based approach leverages timestamps (or other inherent notions of ordering) as an indexing key to construct a sorted Merkle tree variation, where timestamps are semantically extractable from the dataset. The structure-based approach utilizes the redundant structure of large RDF datasets to compress the dataset statements prior to generating a variation of a Merkle tree. We provide a theoretical analysis and an experimental evaluation of our two proposed methods. Compared to the Merkle and sorted Merkle tree, the semantic-based approach achieves faster querying performance for large datasets. The structure-based approach is well suited when RDF datasets contain large amounts of semantic redundancies. We also evaluate our methods' resistance to adversarial threats

Analysis and Improvement of an Authentication Scheme in Incremental Cryptography

International audienceIntroduced in cryptography by Bellare, Goldreich and Goldwasser in 1994, incrementality is an attractive feature that enables to update efficiently a cryptographic output like a ciphertext, a signature or an authentication tag after modifying the corresponding input. This property is very valuable in large scale systems where gigabytes of data are continuously processed (e.g. in cloud storage). Adding cryptographic operations on such systems can decrease dramatically their performance and incrementality is an interesting solution to have security at a reduced cost.We focus on the so-called XOR-scheme, the first incremental authentication construction proposed by Bellare, Goldreich and Goldwasser, and the only strongly incremental scheme (i.e. incremental regarding insert and delete update operations at any position in a document). Surprisingly, we found a simple attack on this construction that breaks the basic security claimed by the authors in 1994 with only one authentication query (not necessarily chosen). Our analysis gives different ways to fix the scheme; some of these patches are discussed in this paper and we provide a security proof for one of them

Symmetric-key Corruption Detection : When XOR-MACs Meet Combinatorial Group Testing

We study a class of MACs, which we call corruption detectable MAC, that is able to not only check the integrity of the whole message, but also detect a part of the message that is corrupted. It can be seen as an application of the classical Combinatorial Group Testing (CGT) to message authentication. However, previous work on this application has inherent limitation in communication. We present a novel approach to combine CGT and a class of linear MACs (XOR-MAC) that enables to break this limit. Our proposal, XOR-GTM, has a significantly smaller communication cost than any of the previous ones, keeping the same corruption detection capability. Our numerical examples for storage application show a reduction of communication by a factor of around 15 to 70 compared with previous schemes. XOR-GTM is parallelizable and is as efficient as standard MACs. We prove that XOR-GTM is provably secure under the standard pseudorandomness assumptions

Space-efficient, byte-wise incremental and perfectly private encryption schemes

The problem raised by incremental encryption is the overhead due to the larger storage space required by the provision of random blocks together with the ciphered versions of a given document. Besides, permitting variable-length modifications on the ciphertext leads to privacy preservation issues. In this paper we present incremental encryption schemes which are space-efficient, byte-wise incremental and which preserve perfect privacy in the sense that they hide the fact that an update operation has been performed on a ciphered document. For each scheme, the run time of updates performed turns out to be very efficient and we discuss the statistically adjustable trade-off between computational cost and storage space required by the produced ciphertexts

Incremental cryptography

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1997.Includes bibliographical references (leaves 147-148).by Yoav Yerushalmi.M.Eng

Building regulatory compliant storage systems

In the past decade, informational records have become entirely digital. These include financial statements, health care records, student records, private consumer information and other sensitive data. Because of the delicate nature of the data these records contain, Congress and the courts have begun to recognize the importance of properly storing and securing electronic records. Examples of legislation in-clude the Health Insurance Portability and Accountabilit

Designing and Improving Code-based Cryptosystems

In modern cryptography, the security of the most secure cryptographic primitives is based on hard problems coming from number theory such as the factorization and the discrete logarithm problem.However, being mainly based on the intractability of those problems seems to be risky. In 1994, Peter Shor showed how these two problems can be solved in polynomial time using a quantum computer. In contrast, crypttographic primitives based on problems from coding theory are believed to resistquantum computer based attacks and the best known attacks have exponential running time. Alongwith post-quantum security, code-based systems offer other advantages for present-day applicationsdue to their excellent algorithmic efficiency. Actually, they run faster than traditional cryptosystemslike RSA, since they only require very simple operations like shifts and XORs instead of expensivecomputations over big integers. However, although efficient, most code-based schemes suffer fromconsiderably large key sizes. Codes with algebraic structure such as quasi-cyclic and quasi-dyadiccodes, were proposed to overcome the key size issue, but it has been shown to be insecure against algebraic cryptanalysis. This thesis contributes to the research and development of code-based cryptosystems. In particular,we are interested in developing as well as improving three important primitives: stream ciphers andhash functions. We study the FSB hash function and the SYND stream cipher and find a way to con-siderably improve their efficiency, while maintaining the security reduction to the same NP-complete problems. Independently of these results, we address and solve the problem of selecting appropriate parametersets for the binary Goppa code-based McEliece cryptosystem. Based on the Lenstra-Verheul model,we also provide, for the first time, a framework allowing to choose optimal parameters that offer adesired security level in a given year

Incremental Cryptography and Application to Virus Protection

The goal of incremental cryptography is to design cryptographic algorithms with the property that having applied the algorithm to a document, it is possible to quickly update the result of the algorithm for a modified document, rather than having to re-compute it from scratch. In settings where cryptographic algorithms such as encryption or signatures are frequently applied to changing documents, dramatic efficiency improvements can be achieved. One such setting is the use of authentication tags for virus protection. We consider documents that can be modified by powerful (and realistic) document modification operations such as insertion and deletion of character-strings (or equivalently cut and paste of text). We provide efficient incremental signature and message authentication schemes supportin