Distributed Key Generation and Its Applications

Numerous cryptographic applications require a trusted authority to hold a secret. With a plethora of malicious attacks over the Internet, however, it is difficult to establish and maintain such an authority in online systems. Secret-sharing schemes attempt to solve this problem by distributing the required trust to hold and use the secret over multiple servers; however, they still require a trusted {\em dealer} to choose and share the secret, and have problems related to single points of failure and key escrow. A distributed key generation (DKG) scheme overcomes these hurdles by removing the requirement of a dealer in secret sharing. A (threshold) DKG scheme achieves this using a complete distribution of the trust among a number of servers such that any subset of servers of size greater than a given threshold can reveal or use the shared secret, while any smaller subset cannot. In this thesis, we make contributions to DKG in the computational security setting and describe three applications of it. We first define a constant-size commitment scheme for univariate polynomials over finite fields and use it to reduce the size of broadcasts required for DKG protocols in the synchronous communication model by a linear factor. Further, we observe that the existing (synchronous) DKG protocols do not provide a liveness guarantee over the Internet and design the first DKG protocol for use over the Internet. Observing the necessity of long-term stability, we then present proactive security and group modification protocols for our DKG system. We also demonstrate the practicality of our DKG protocol over the Internet by testing our implementation over PlanetLab. For the applications, we use our DKG protocol to define IND-ID-CCA secure distributed private-key generators (PKGs) for three important identity-based encryption (IBE) schemes: Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK-IBE, and Boneh and Boyen's BB1-IBE. These IBE schemes cover all three important IBE frameworks: full-domain-hash IBEs, exponent-inversion IBEs and commutative-blinding IBEs respectively, and our distributed PKG constructions can easily be modified for other IBE schemes in these frameworks. As the second application, we use our distributed PKG for BF-IBE to define an onion routing circuit construction mechanism in the identity-based setting, which solves the scalability problem in single-pass onion routing circuit construction without hampering forward secrecy. As the final application, we use our DKG implementation to design a threshold signature architecture for quorum-based distributed hash tables and use it to define two robust communication protocols in these peer-to-peer systems

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas

Long distance free-space quantum key distribution

In the age of information and globalisation, secure communication as well as the protection of sensitive data against unauthorised access are of utmost importance. Quantum cryptography currently provides the only way to exchange a cryptographic key between two parties in an unconditionally secure fashion. Owing to losses and noise of today's optical fibre and detector technology, at present quantum cryptography is limited to distances below a few 100 km. In principle, larger distances could be subdivided into shorter segments, but the required quantum repeaters are still beyond current technology. An alternative approach for bridging larger distances is a satellite-based system, that would enable secret key exchange between two arbitrary points on the globe using free-space optical communication. The aim of the presented experiment was to investigate the feasibility of satellite-based global quantum key distribution. In this context, a free-space quantum key distribution experiment over a real distance of 144 km was performed. The transmitter and the receiver were situated in 2500 m altitude on the Canary Islands of La Palma and Tenerife, respectively. The small and compact transmitter unit generated attenuated laser pulses, that were sent to the receiver via a 15-cm optical telescope. The receiver unit for polarisation analysis and detection of the sent pulses was integrated into an existing mirror telescope designed for classical optical satellite communications. To ensure the required stability and efficiency of the optical link in the presence of atmospheric turbulence, the two telescopes were equipped with a bi-directional automatic tracking system. Still, due to stray light and high optical attenuation, secure key exchange would not be possible using attenuated pulses in connection with the standard BB84 protocol. The photon number statistics of attenuated pulses follows a Poissonian distribution. Hence, by removing a photon from all pulses containing two or more photons, an eavesdropper could measure its polarisation without disturbing the polarisation state of the remaining pulse. In this way, he can gain information about the key without introducing detectable errors. To protect against such attacks, the presented experiment employed the recently developed method of using additional "decoy" states, i.e., the the intensity of the pulses created by the transmitter were varied in a random manner. By analysing the detection probabilities of the different pulses individually, a photon-number-splitting attack can be detected. Thanks to the decoy-state analysis, the secrecy of the resulting quantum key could be ensured despite the Poissonian nature of the emitted pulses. For a channel attenuation as high as 35 dB, a secret key rate of up to 250 bit/s was achieved. Our outdoor experiment was carried out under real atmospheric conditions and with a channel attenuation comparable to an optical link from ground to a satellite in low earth orbit. Hence, it definitely shows the feasibility of satellite-based quantum key distribution using a technologically comparatively simple system

Towards a Network-based Approach for Smartphone Security

Smartphones have become an important utility that affects many aspects of our daily life. Due to their large dissemination and the tasks that are performed with them, they have also become a valuable target for criminals. Their specific capabilities and the way they are used introduce new threats in terms of information security. The research field of smartphone security has gained a lot of momentum in the past eight years. Approaches that have been presented so far focus on investigating design flaws of smartphone operating systems as well as their potential misuse by an adversary. Countermeasures are often realized based upon extensions made to the operating system itself, following a host-based design approach. However, there is a lack of network-based mechanisms that allow a secure integration of smartphones into existing IT infrastructures. This topic is especially relevant for companies whose employees use smartphones for business tasks. This thesis presents a novel, network-based approach for smartphone security called CADS: Context-related Signature and Anomaly Detection for Smartphones. It allows to determine the security status of smartphones by analyzing three aspects: (1) their current configuration in terms of installed software and available hardware, (2) their behavior and (3) the context they are currently used in. Depending on the determined security status, enforcement actions can be defined in order to allow or to deny access to services provided by the respective IT infrastructure. The approach is based upon the distributed collection and central analysis of data about smartphones. In contrast to other approaches, it explicitly supports to leverage existing security services both for analysis and enforcement purposes. A proof of concept is implemented based upon the IF-MAP protocol for network security and the Google Android platform. An evaluation verifies (1) that the CADS approach is able to detect so-called sensor sniffing attacks and (2) that reactions can be triggered based on detection results to counter ongoing attacks. Furthermore, it is demonstrated that the functionality of an existing, host-based approach that relies on modifications of the Android smartphone platform can be mimicked by the CADS approach. The advantage of CADS is that it does not need any modifications of the Android platform itself

\u3ci\u3eKabul Times\u3c/i\u3e, April 1974

Kabul Times, April 1974 *This is a large file and may take a couple of minutes to download

The regulation of insider trading in corporate securities

PhDFirstly it is necessary to examine insider trading in corporate securities in it's social and economic context. Before any discussion of substantive regulation can meaningfully take place it 1s necessary to consider such questions as the incidence of insider trading and whether in fact it causes harm. In, particular the question of 'fairness' is considered, and the economic arguments sometimes raised in support of insider trading explored. Corporate disclosure is directly related to insider trading. The ability of corporate insiders to abuse their positions is obviously related to the effectiveness of company disclosure. Furthermore apart from the effect corporate disclosure has on the availability of information for investors, disclosure of insiders transactions may discourage abusive trading and assist in the enforcement of regulatory provisions. Disclosure may also be used as a sanction. The impact of expanded corporate disclosure policies and in particular the disclosure of price sensativa information to employees is considered. One or the main problems with anti-insider trading regulation is the satisfactory determination of a definition for insiders. This determination will set the scope of regulation. In drawing up this definition attention must be given to the problem of 'tippee trading' and the effect that such provisions might have on the securities industry. An extensive study of the present law relevant to insider trading, in Britain, Australasia and Canada is provided with particular reference. to the role of self regulatory authorities. Recent proposals for anti-insider trading legislation in the United Kingdom are analysed. At the heart of any discussion of insider trading must be the question of enforcement Civil enforcement is discussed in the context of derivative actions and class suits. The present structure of regulation is analysed and a now enforcement agency is suggested. The crucial availability of effective market surveillance-is discussed in the context of the experience of other countries