KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42% less bandwidth per email than RSA2048

An Identity-Based Group Signature with Membership Revocation in the Standard Model

Group signatures allow group members to sign an arbitrary number\ud of messages on behalf of the group without revealing their\ud identity. Under certain circumstances the group manager holding a\ud tracing key can reveal the identity of the signer from the\ud signature. Practical group signature schemes should support\ud membership revocation where the revoked member loses the\ud capability to sign a message on behalf of the group without\ud influencing the other non-revoked members. A model known as\ud \emph{verifier-local revocation} supports membership revocation.\ud In this model the trusted revocation authority sends revocation\ud messages to the verifiers and there is no need for the trusted\ud revocation authority to contact non-revoked members to update\ud their secret keys. Previous constructions of verifier-local\ud revocation group signature schemes either have a security proof in the\ud random oracle model or are non-identity based. A security proof\ud in the random oracle model is only a heuristic proof and\ud non-identity-based group signature suffer from standard Public Key\ud Infrastructure (PKI) problems, i.e. the group public key is not\ud derived from the group identity and therefore has to be certified.\ud \ud \ud In this work we construct the first verifier-local revocation group\ud signature scheme which is identity-based and which has a security proof in the standard model. In\ud particular, we give a formal security model for the proposed\ud scheme and prove that the scheme has the\ud property of selfless-anonymity under the decision Linear (DLIN)\ud assumption and it is fully-traceable under the\ud Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear\ud groups

Adaptive content mapping for internet navigation

The Internet as the biggest human library ever assembled keeps on growing. Although all kinds of information carriers (e.g. audio/video/hybrid file formats) are available, text based documents dominate. It is estimated that about 80% of all information worldwide stored electronically exists in (or can be converted into) text form. More and more, all kinds of documents are generated by means of a text processing system and are therefore available electronically. Nowadays, many printed journals are also published online and may even discontinue to appear in print form tomorrow. This development has many convincing advantages: the documents are both available faster (cf. prepress services) and cheaper, they can be searched more easily, the physical storage only needs a fraction of the space previously necessary and the medium will not age. For most people, fast and easy access is the most interesting feature of the new age; computer-aided search for specific documents or Web pages becomes the basic tool for information-oriented work. But this tool has problems. The current keyword based search machines available on the Internet are not really appropriate for such a task; either there are (way) too many documents matching the specified keywords are presented or none at all. The problem lies in the fact that it is often very difficult to choose appropriate terms describing the desired topic in the first place. This contribution discusses the current state-of-the-art techniques in content-based searching (along with common visualization/browsing approaches) and proposes a particular adaptive solution for intuitive Internet document navigation, which not only enables the user to provide full texts instead of manually selected keywords (if available), but also allows him/her to explore the whole database

Compact Routing on Internet-Like Graphs

The Thorup-Zwick (TZ) routing scheme is the first generic stretch-3 routing scheme delivering a nearly optimal local memory upper bound. Using both direct analysis and simulation, we calculate the stretch distribution of this routing scheme on random graphs with power-law node degree distributions, $P_k \sim k^{-\gamma}$. We find that the average stretch is very low and virtually independent of $\gamma$. In particular, for the Internet interdomain graph, $\gamma \sim 2.1$, the average stretch is around 1.1, with up to 70% of paths being shortest. As the network grows, the average stretch slowly decreases. The routing table is very small, too. It is well below its upper bounds, and its size is around 50 records for $10^4$-node networks. Furthermore, we find that both the average shortest path length (i.e. distance) $\bar{d}$ and width of the distance distribution $\sigma$ observed in the real Internet inter-AS graph have values that are very close to the minimums of the average stretch in the $\bar{d}$- and $\sigma$-directions. This leads us to the discovery of a unique critical quasi-stationary point of the average TZ stretch as a function of $\bar{d}$ and $\sigma$. The Internet distance distribution is located in a close neighborhood of this point. This observation suggests the analytical structure of the average stretch function may be an indirect indicator of some hidden optimization criteria influencing the Internet's interdomain topology evolution.Comment: 29 pages, 16 figure