Constructing Optimal Authentication Codes with Perfect Multi-fold Secrecy

We establish a construction of optimal authentication codes achieving perfect multi-fold secrecy by means of combinatorial designs. This continues the author's work (ISIT 2009) and answers an open question posed therein. As an application, we present the first infinite class of optimal codes that provide two-fold security against spoofing attacks and at the same time perfect two- fold secrecy.Comment: 4 pages (double-column); to appear in Proc. 2010 International Zurich Seminar on Communications (IZS 2010, Zurich

Information Theoretic Authentication and Secrecy Codes in the Splitting Model

In the splitting model, information theoretic authentication codes allow non-deterministic encoding, that is, several messages can be used to communicate a particular plaintext. Certain applications require that the aspect of secrecy should hold simultaneously. Ogata-Kurosawa-Stinson-Saido (2004) have constructed optimal splitting authentication codes achieving perfect secrecy for the special case when the number of keys equals the number of messages. In this paper, we establish a construction method for optimal splitting authentication codes with perfect secrecy in the more general case when the number of keys may differ from the number of messages. To the best knowledge, this is the first result of this type.Comment: 4 pages (double-column); to appear in Proc. 2012 International Zurich Seminar on Communications (IZS 2012, Zurich

On an almost-universal hash function family with applications to authentication and secrecy codes

Universal hashing, discovered by Carter and Wegman in 1979, has many important applications in computer science. MMH$^*$, which was shown to be $\Delta$-universal by Halevi and Krawczyk in 1997, is a well-known universal hash function family. We introduce a variant of MMH$^*$, that we call GRDH, where we use an arbitrary integer $n>1$ instead of prime $p$ and let the keys $\mathbf{x}=\langle x_1, \ldots, x_k \rangle \in \mathbb{Z}_n^k$ satisfy the conditions $\gcd(x_i,n)=t_i$ ($1\leq i\leq k$), where $t_1,\ldots,t_k$ are given positive divisors of $n$. Then via connecting the universal hashing problem to the number of solutions of restricted linear congruences, we prove that the family GRDH is an $\varepsilon$-almost-$\Delta$-universal family of hash functions for some $\varepsilon<1$ if and only if $n$ is odd and $\gcd(x_i,n)=t_i=1$ $(1\leq i\leq k)$. Furthermore, if these conditions are satisfied then GRDH is $\frac{1}{p-1}$-almost-$\Delta$-universal, where $p$ is the smallest prime divisor of $n$. Finally, as an application of our results, we propose an authentication code with secrecy scheme which strongly generalizes the scheme studied by Alomair et al. [{\it J. Math. Cryptol.} {\bf 4} (2010), 121--148], and [{\it J.UCS} {\bf 15} (2009), 2937--2956].Comment: International Journal of Foundations of Computer Science, to appea

Combinatorial Bounds and Characterizations of Splitting Authentication Codes

We present several generalizations of results for splitting authentication codes by studying the aspect of multi-fold security. As the two primary results, we prove a combinatorial lower bound on the number of encoding rules and a combinatorial characterization of optimal splitting authentication codes that are multi-fold secure against spoofing attacks. The characterization is based on a new type of combinatorial designs, which we introduce and for which basic necessary conditions are given regarding their existence.Comment: 13 pages; to appear in "Cryptography and Communications

Cast-as-Intended Mechanism with Return Codes Based on PETs

We propose a method providing cast-as-intended verifiability for remote electronic voting. The method is based on plaintext equivalence tests (PETs), used to match the cast ballots against the pre-generated encrypted code tables. Our solution provides an attractive balance of security and functional properties. It is based on well-known cryptographic building blocks and relies on standard cryptographic assumptions, which allows for relatively simple security analysis. Our scheme is designed with a built-in fine-grained distributed trust mechanism based on threshold decryption. It, finally, imposes only very little additional computational burden on the voting platform, which is especially important when voters use devices of restricted computational power such as mobile phones. At the same time, the computational cost on the server side is very reasonable and scales well with the increasing ballot size

A Survey of Physical Layer Security Techniques for 5G Wireless Networks and Challenges Ahead

Physical layer security which safeguards data confidentiality based on the information-theoretic approaches has received significant research interest recently. The key idea behind physical layer security is to utilize the intrinsic randomness of the transmission channel to guarantee the security in physical layer. The evolution towards 5G wireless communications poses new challenges for physical layer security research. This paper provides a latest survey of the physical layer security research on various promising 5G technologies, including physical layer security coding, massive multiple-input multiple-output, millimeter wave communications, heterogeneous networks, non-orthogonal multiple access, full duplex technology, etc. Technical challenges which remain unresolved at the time of writing are summarized and the future trends of physical layer security in 5G and beyond are discussed.Comment: To appear in IEEE Journal on Selected Areas in Communication

Message Authentication Code over a Wiretap Channel

Message Authentication Code (MAC) is a keyed function $f_K$ such that when Alice, who shares the secret $K$ with Bob, sends $f_K(M)$ to the latter, Bob will be assured of the integrity and authenticity of $M$. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability $2^{-\frac{H(K)}{\ell+1}}$ after authenticating $\ell$ messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) $W_1$ and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC $W_2$ and with Bob through a noiseless channel. In this setting, we study the framework that sends $M$ over the noiseless channel and the traditional MAC $f_K(M)$ over channel $(W_1, W_2)$. We regard the noisy channel as an expensive resource and define the authentication rate $\rho_{auth}$ as the ratio of message length to the number $n$ of channel $W_1$ uses. The security of this framework depends on the channel coding scheme for $f_K(M)$. A natural coding scheme is to use the secrecy capacity achieving code of Csisz\'{a}r and K\"{o}rner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher $\rho_{auth}.$ Our crucial point for this is that in the secrecy capacity setting, Bob needs to recover $f_K(M)$ while in our coding scheme this is not necessary. How to detect the attack without recovering $f_K(M)$ is the main contribution of this work. We achieve this through random coding techniques.Comment: Formulation of model is change

Information-theoretic Physical Layer Security for Satellite Channels

Shannon introduced the classic model of a cryptosystem in 1949, where Eve has access to an identical copy of the cyphertext that Alice sends to Bob. Shannon defined perfect secrecy to be the case when the mutual information between the plaintext and the cyphertext is zero. Perfect secrecy is motivated by error-free transmission and requires that Bob and Alice share a secret key. Wyner in 1975 and later I.~Csisz\'ar and J.~K\"orner in 1978 modified the Shannon model assuming that the channels are noisy and proved that secrecy can be achieved without sharing a secret key. This model is called wiretap channel model and secrecy capacity is known when Eve's channel is noisier than Bob's channel. In this paper we review the concept of wiretap coding from the satellite channel viewpoint. We also review subsequently introduced stronger secrecy levels which can be numerically quantified and are keyless unconditionally secure under certain assumptions. We introduce the general construction of wiretap coding and analyse its applicability for a typical satellite channel. From our analysis we discuss the potential of keyless information theoretic physical layer security for satellite channels based on wiretap coding. We also identify system design implications for enabling simultaneous operation with additional information theoretic security protocols