On Counteracting Byzantine Attacks in Network Coded Peer-to-Peer Networks

Random linear network coding can be used in peer-to-peer networks to increase the efficiency of content distribution and distributed storage. However, these systems are particularly susceptible to Byzantine attacks. We quantify the impact of Byzantine attacks on the coded system by evaluating the probability that a receiver node fails to correctly recover a file. We show that even for a small probability of attack, the system fails with overwhelming probability. We then propose a novel signature scheme that allows packet-level Byzantine detection. This scheme allows one-hop containment of the contamination, and saves bandwidth by allowing nodes to detect and drop the contaminated packets. We compare the net cost of our signature scheme with various other Byzantine schemes, and show that when the probability of Byzantine attacks is high, our scheme is the most bandwidth efficient.Comment: 26 pages, 9 figures, Submitted to IEEE Journal on Selected Areas in Communications (JSAC) "Mission Critical Networking

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Public cloud data auditing with practical key update and zero knowledge privacy

Data integrity is extremely important for cloud based storage services, where cloud users no longer have physical possession of their outsourced files. A number of data auditing mechanisms have been proposed to solve this problem. However, how to update a cloud user\u27s private auditing key (as well as the authenticators those keys are associated with) without the user\u27s re-possession of the data remains an open problem. In this paper, we propose a key-updating and authenticator-evolving mechanism with zero-knowledge privacy of the stored files for secure cloud data auditing, which incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. We instantiate our proposal with the state-of-the-art Shacham-Waters auditing scheme. When the cloud user needs to update his key, instead of downloading the entire file and re-generating all the authenticators, the user can just download and update the authenticators. This approach dramatically reduces the communication and computation cost while maintaining the desirable security. We formalize the security model of zero knowledge data privacy for auditing schemes in the key-updating context and prove the soundness and zero-knowledge privacy of the proposed construction. Finally, we analyze the complexity of communication, computation and storage costs of the improved protocol which demonstrates the practicality of the proposal

Novel Contract Signature based on Key Exchange

A contract signature is a particular form of digital multi-signature that only involves two signers. Contract signing plays a critical role in any business transaction, particularly in situations where the involved parties do not trust each other. One of the most significant concerns in exchange signatures is the fraudulent and unfair exchange, which occurs when one party gets the signature of another party without giving his own signature. In the view of these security concerns, this thesis presents a secure and fair contract signature scheme based on key exchange protocol. The security and protection of the proposed scheme is based on solving hard computational assumptions such as discrete logarithm problem (DLP). The proposed protocol is abuse-free. The proposed scheme targets to have lesser computational overhead and high-security features than existing scheme[1]. The proposed scheme has wide application in real life scenarios, such as in electronic cash system

Offline e-cash system

The e-cash scheme and the digital content transactions are the need of the hour. In the coming years, all these digital transactions will grow tremendously. So, a secure e-cash scheme is of utmost requirement. e-cash scheme, which is untraceable and maintains the security features, make it possible for the customers and the merchants to exchange the e-cash and the merchandise with privacy. So, there is a need to design an e-cash scheme with strong cryptosystem and algorithms in order to facilitate efficient digital transactions. There are two types of e-cash systems: Offine e-cash systems and online e-cash systems. Offine e-cash systems make it possible for the customer to pay the e-coin to the merchant without any involvement of bank. In online schemes, we require the involvement of the bank. The two most fundamental security features associated with offine scheme is the anonymity and the double spending detection. The proposed scheme maintains both the above features along with unforgeability. Besides, the E-coins have their expiration date so that the bank faces no hassles and can manage its database efficiently. This feature also ensures portability as the coins can be transferred to storage devices through the networks

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8