4,621 research outputs found
Relating two standard notions of secrecy
Two styles of definitions are usually considered to express that a security
protocol preserves the confidentiality of a data s. Reachability-based secrecy
means that s should never be disclosed while equivalence-based secrecy states
that two executions of a protocol with distinct instances for s should be
indistinguishable to an attacker. Although the second formulation ensures a
higher level of security and is closer to cryptographic notions of secrecy,
decidability results and automatic tools have mainly focused on the first
definition so far.
This paper initiates a systematic investigation of the situations where
syntactic secrecy entails strong secrecy. We show that in the passive case,
reachability-based secrecy actually implies equivalence-based secrecy for
digital signatures, symmetric and asymmetric encryption provided that the
primitives are probabilistic. For active adversaries, we provide sufficient
(and rather tight) conditions on the protocol for this implication to hold.Comment: 29 pages, published in LMC
New Insights on cryptographic hierarchical access control: models, schemes and analysis
2014 - 2015Nowadays the current network-centric world has given rise to several
security concerns regarding the access control management, which en-
sures that only authorized users are given access to certain resources
or tasks. In particular, according to their respective roles and respon-
sibilities, users are typically organized into hierarchies composed of
several disjoint classes (security classes). A hierarchy is characterized
by the fact that some users may have more access rights than others,
according to a top-down inclusion paradigm following speci c hier-
archical dependencies. A user with access rights for a given class is
granted access to objects stored in that class, as well as to all the de-
scendant ones in the hierarchy. The problem of key management for
such hierarchies consists in assigning a key to each class of the hierar-
chy, so that the keys for descendant classes can be e ciently obtained
from users belonging to classes at a higher level in the hierarchy.
In this thesis we analyze the security of hierarchical key assignment
schemes according to di erent notions: security with respect to key
indistinguishability and against key recovery [4], as well as the two
recently proposed notions of security with respect to strong key in-
distinguishability and against strong key recovery [42]. More precisely,
we rst explore the relations between all security notions and, in par-
ticular, we prove that security with respect to strong key indistin-
guishability is not stronger than the one with respect to key indistin-
guishability. Afterwards, we propose a general construction yielding
a hierarchical key assignment scheme that ensures security against
strong key recovery, given any hierarchical key assignment scheme
which guarantees security against key recovery.
Moreover, we de ne the concept of hierarchical key assignment
schemes supporting dynamic updates, formalizing the relative secu-
rity model. In particular, we provide the notions of security with
respect to key indistinguishability and key recovery, by taking into ac-
count the dynamic changes to the hierarchy. Furthermore, we show
how to construct a hierarchical key assignment scheme supporting dy-
namic updates, by using as a building block a symmetric encryption
scheme. The proposed construction is provably secure with respect to
key indistinguishability, provides e cient key derivation and updat-
ing procedures, while requiring each user to store only a single private
key.
Finally, we propose a novel model that generalizes the conventional
hierarchical access control paradigm, by extending it to certain addi-
tional sets of quali ed users. Afterwards, we propose two construc-
tions for hierarchical key assignment schemes in this new model, which
are provably secure with respect to key indistinguishability. In par-
ticular, the former construction relies on both symmetric encryption
and perfect secret sharing, whereas, the latter is based on public-key
threshold broadcast encryption. [edited by author]XIV n.s
Recommended from our members
Privacy-preserving scheme for mobile ad hoc networks.
This paper proposes a decentralized trust establishment protocol for mobile ad hoc networks (MANETs), where nodes establish security associations. In order to achieve privacy and security, we use homomorphic encryption and polynomial intersection so as to find the intersection of two sets. The first set represents a list of recommenders of the initiator and the second set is a list of trusted recommenders of the responder. The intersection of the sets represents a list of nodes that recommend the first node and their recommendations are trusted by the second node. In our experimental results we show that our scheme is effective even if there are 30 trusted nodes
Unforgeable Quantum Encryption
We study the problem of encrypting and authenticating quantum data in the
presence of adversaries making adaptive chosen plaintext and chosen ciphertext
queries. Classically, security games use string copying and comparison to
detect adversarial cheating in such scenarios. Quantumly, this approach would
violate no-cloning. We develop new techniques to overcome this problem: we use
entanglement to detect cheating, and rely on recent results for characterizing
quantum encryption schemes. We give definitions for (i.) ciphertext
unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext
attack, and (iii.) authenticated encryption. The restriction of each definition
to the classical setting is at least as strong as the corresponding classical
notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All
of our new notions also imply QIND-CPA privacy. Combining one-time
authentication and classical pseudorandomness, we construct schemes for each of
these new quantum security notions, and provide several separation examples.
Along the way, we also give a new definition of one-time quantum authentication
which, unlike all previous approaches, authenticates ciphertexts rather than
plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed,
some proofs related to QIND-CCA2 clarifie
- …