1,759 research outputs found
On Counteracting Byzantine Attacks in Network Coded Peer-to-Peer Networks
Random linear network coding can be used in peer-to-peer networks to increase
the efficiency of content distribution and distributed storage. However, these
systems are particularly susceptible to Byzantine attacks. We quantify the
impact of Byzantine attacks on the coded system by evaluating the probability
that a receiver node fails to correctly recover a file. We show that even for a
small probability of attack, the system fails with overwhelming probability. We
then propose a novel signature scheme that allows packet-level Byzantine
detection. This scheme allows one-hop containment of the contamination, and
saves bandwidth by allowing nodes to detect and drop the contaminated packets.
We compare the net cost of our signature scheme with various other Byzantine
schemes, and show that when the probability of Byzantine attacks is high, our
scheme is the most bandwidth efficient.Comment: 26 pages, 9 figures, Submitted to IEEE Journal on Selected Areas in
Communications (JSAC) "Mission Critical Networking
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Public cloud data auditing with practical key update and zero knowledge privacy
Data integrity is extremely important for cloud based storage services, where cloud users no longer have physical possession of their outsourced files. A number of data auditing mechanisms have been proposed to solve this problem. However, how to update a cloud user\u27s private auditing key (as well as the authenticators those keys are associated with) without the user\u27s re-possession of the data remains an open problem. In this paper, we propose a key-updating and authenticator-evolving mechanism with zero-knowledge privacy of the stored files for secure cloud data auditing, which incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. We instantiate our proposal with the state-of-the-art Shacham-Waters auditing scheme. When the cloud user needs to update his key, instead of downloading the entire file and re-generating all the authenticators, the user can just download and update the authenticators. This approach dramatically reduces the communication and computation cost while maintaining the desirable security. We formalize the security model of zero knowledge data privacy for auditing schemes in the key-updating context and prove the soundness and zero-knowledge privacy of the proposed construction. Finally, we analyze the complexity of communication, computation and storage costs of the improved protocol which demonstrates the practicality of the proposal
Novel Contract Signature based on Key Exchange
A contract signature is a particular form of digital multi-signature that only involves two signers. Contract signing plays a critical role in any business transaction, particularly in situations where the involved parties do not trust each other. One of the most significant concerns in exchange signatures is the fraudulent and unfair exchange, which occurs when one party gets the signature of another party without giving his own signature. In the view of these security concerns, this thesis presents a secure and fair contract signature scheme based on key exchange protocol. The security and protection of the proposed scheme is based on solving hard computational assumptions such as discrete logarithm problem (DLP). The proposed protocol is abuse-free. The proposed scheme targets to have lesser computational overhead and high-security features than existing scheme[1]. The proposed scheme has wide application in real life scenarios, such as in electronic cash system
Offline e-cash system
The e-cash scheme and the digital content transactions are the need of the hour. In the coming years, all these digital transactions will grow tremendously. So, a secure e-cash scheme is of utmost requirement. e-cash scheme, which is untraceable and maintains the security features, make it possible for the customers and the merchants to exchange the e-cash and the merchandise with privacy. So, there is a need to design an e-cash scheme with strong cryptosystem and algorithms in order to facilitate efficient digital transactions. There are two types of e-cash systems: Offine e-cash systems and online e-cash systems. Offine e-cash systems make it possible for the customer to pay the e-coin to the merchant without any involvement of bank. In online schemes, we require the involvement of the bank. The two most fundamental security features associated with offine scheme is the anonymity and the double spending detection. The proposed scheme maintains both the above features along with unforgeability. Besides, the E-coins have their expiration date so that the bank faces no hassles and can manage its database efficiently. This feature also ensures portability as the coins can be transferred to storage devices through the networks
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
- …