85,036 research outputs found
Functional signatures
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 41-42).In this thesis, we introduce the notion of functional signatures. In a functional signature scheme, in addition to a master signing key that can be used to sign any message, there are signing keys for a function f, which allow one to sign any message in the range of f. An immediate application of functional signature scheme is the delegation by a master authority to a third party of the ability to sign a restricted set of messages. We also show applications of functional signature in constructing succinct non-interactive arguments and delegation schemes. We give several constructions for this primitive, and describe the trade-offs between them in terms of the assumptions they require and the size of the signatures.by Ioana Ivan.S.M
Quantum Tokens for Digital Signatures
The fisherman caught a quantum fish. "Fisherman, please let me go", begged
the fish, "and I will grant you three wishes". The fisherman agreed. The fish
gave the fisherman a quantum computer, three quantum signing tokens and his
classical public key. The fish explained: "to sign your three wishes, use the
tokenized signature scheme on this quantum computer, then show your valid
signature to the king, who owes me a favor".
The fisherman used one of the signing tokens to sign the document "give me a
castle!" and rushed to the palace. The king executed the classical verification
algorithm using the fish's public key, and since it was valid, the king
complied.
The fisherman's wife wanted to sign ten wishes using their two remaining
signing tokens. The fisherman did not want to cheat, and secretly sailed to
meet the fish. "Fish, my wife wants to sign ten more wishes". But the fish was
not worried: "I have learned quantum cryptography following the previous story
(The Fisherman and His Wife by the brothers Grimm). The quantum tokens are
consumed during the signing. Your polynomial wife cannot even sign four wishes
using the three signing tokens I gave you".
"How does it work?" wondered the fisherman. "Have you heard of quantum money?
These are quantum states which can be easily verified but are hard to copy.
This tokenized quantum signature scheme extends Aaronson and Christiano's
quantum money scheme, which is why the signing tokens cannot be copied".
"Does your scheme have additional fancy properties?" the fisherman asked.
"Yes, the scheme has other security guarantees: revocability, testability and
everlasting security. Furthermore, if you're at sea and your quantum phone has
only classical reception, you can use this scheme to transfer the value of the
quantum money to shore", said the fish, and swam away.Comment: Added illustration of the abstract to the ancillary file
The Random Oracle Methodology, Revisited
We take a critical look at the relationship between the security of
cryptographic schemes in the Random Oracle Model, and the security of the
schemes that result from implementing the random oracle by so called
"cryptographic hash functions". The main result of this paper is a negative
one: There exist signature and encryption schemes that are secure in the Random
Oracle Model, but for which any implementation of the random oracle results in
insecure schemes.
In the process of devising the above schemes, we consider possible
definitions for the notion of a "good implementation" of a random oracle,
pointing out limitations and challenges.Comment: 31 page
How Smart is your Android Smartphone?
Smart phones are ubiquitous today. These phones generally have access to sensitive personal information and, consequently, they are a prime target for attackers. A virus or worm that spreads over the network to cell phone users could be particularly damaging. Due to a rising demand for secure mobile phones, manufacturers have increased their emphasis on mobile security. In this project, we address some security issues relevant to the current Android smartphone framework. Specifically, we demonstrate an exploit that targets the Android telephony service. In addition, as a defense against the loss of personal information, we provide a means to encrypt data stored on the external media card. While smartphones remain vulnerable to a variety of security threats, this encryption provides an additional level of security
Fair and optimistic quantum contract signing
We present a fair and optimistic quantum contract signing protocol between
two clients that requires no communication with the third trusted party during
the exchange phase. We discuss its fairness and show that it is possible to
design such a protocol for which the probability of a dishonest client to cheat
becomes negligible, and scales as N^{-1/2}, where N is the number of messages
exchanged between the clients. Our protocol is not based on the exchange of
signed messages: its fairness is based on the laws of quantum mechanics. Thus,
it is abuse-free, and the clients do not have to generate new keys for each
message during the Exchange phase. We discuss a real-life scenario when the
measurement errors and qubit state corruption due to noisy channels occur and
argue that for real, good enough measurement apparatus and transmission
channels, our protocol would still be fair. Our protocol could be implemented
by today's technology, as it requires in essence the same type of apparatus as
the one needed for BB84 cryptographic protocol. Finally, we briefly discuss two
alternative versions of the protocol, one that uses only two states (based on
B92 protocol) and the other that uses entangled pairs, and show that it is
possible to generalize our protocol to an arbitrary number of clients.Comment: 11 pages, 2 figure
TCG based approach for secure management of virtualized platforms: state-of-the-art
There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms
Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents
This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities
- …