Спеціальні цифрові носії інформації – теорія, технології, застосування

Стаття присвячена питанням реалізації криптографічних механізмів захисту в автоматизованих системах. Розглядається запропонована авторами теорія «спеціальних цифрових носіїв інформації», яка дозволяє практично повністю відокремити розвиток засобів обробки даних від засобів криптографічного захисту даних та створити універсальну програмну платформу для захисту будь- яких електронних документів. Наводяться переваги даного підходу перед існуючими, перспективи розвитку запропонованої теорії, аспекти її практичного застосування.Статья посвящена вопросам реализации криптографических механизмов защиты информации в автоматизированных системах. Рассматривается предложенная авторами теория «специальных цифровых носителей информации», которая позволяет практически полностью разделить средства обработки данных от средств их криптографической защиты и создать универсальную программную платформу для защиты любых электронных документов. Приводятся преимущества данного подхода перед существующими, перспективы развития предложенной теории, аспекты ее практического применения

When Encryption is Not Enough -- Effective Concealment of Communication Pattern, even Existence (BitGrey, BitLoop)

How much we say, to whom, and when, is inherently telling, even if the contents of our communication is unclear. In other words: encryption is not enough; neither to secure privacy, nor to maintain confidentiality. Years ago Adi Shamir already predicted that encryption will be bypassed. And it has. The modern dweller of cyber space is routinely violated via her data behavior. Also, often an adversary has the power to compel release of cryptographic keys over well-exposed communication. The front has shifted, and now technology must build cryptographic shields beyond content, and into pattern, even as to existence of communication. We present here tools, solutions, methods to that end. They are based on equivocation. If a message is received by many recipients, it hides the intended one. If a protocol calls for decoy messages, then it protects the identity of the sender of the contents-laden message. BitGrey is a protocol that creates a grey hole (of various shades) around the communicating community, so that very little information leaks out. In addition the BitLoop protocol constructs a fixed rate circulating bit flow, traversing through all members of a group. The looping bits appear random, and effectively hide the pattern, even the existence of communication within the group

Constant Size Secret Sharing: with General Thresholds, Towards Standard Assumptions, and Applications

We consider threshold Computational Secret Sharing Schemes, i.e., such that the secret can be recovered from any $t+1$ out of $n$ shares, and such that no computationally bounded adversary can distinguish between $t$ shares of a chosen secret and a uniform string. We say that such a scheme has Constant Size (CSSS) if, in the asymptotic regime of many shares of small size the security parameter, then the total size of shares reaches the minimum, which is the size of an erasures-correction encoding of the secret with same threshold. But all CSSS so far have only maximum threshold, i.e., $t=n-1$. They are known as All Or Nothing Transforms (AONT). On the other hand, for arbitrary thresholds $t<n-1$, the shortest scheme known so far is [Kra93, Crypto], which has instead twice larger size in the previous regime, due to a size overhead of $n$ times the security parameter. The other limitation of known CSSS is that they require a number of calls to idealized primitives which grows linearly with the size of the secret. Our first contribution is to show that the CSSS of [Des00, Crypto], which holds under the ideal cipher assumption, looses its privacy when instantiated with a plain pseudorandom permutation. Our main contribution is a scheme which: is the first CSSS for any threshold $t$, and furthermore, whose security holds, for the first time, under any plain pseudorandom function, with the only idealized assumption being in the key-derivation function. It is based on the possibly new observation that the scheme of [Des00] can be seen as an additive secret-sharing of an encryption key, using the ciphertext itself as a source of randomness. A variation of our construction enables to improve upon known schemes, that we denote as Encryption into Shares with Resilience against Key exposure (ESKE), having the property that all ciphertext blocks are needed to obtain any information, even when the key is leaked. We obtain the first ESKE with arbitrary threshold $t$ and constant size, furthermore in one pass of encryption. Also, for the first time, the only idealized assumption is in the key-derivation. Then, we demonstrate how to establish fast revocable storage on an untrusted server, from any black box ESKE. Instantiated with our ESKE, then encryption and decryption both require only $1$ pass of symmetric primitives under standard assumptions (except the key-derivation), compared to at least $2$ consecutive passes in [MS18, CT-RSA] and more in [Bac+16, CCS]. We finally bridge the gap between two conflicting specifications of AONT in the literature: one very similar to CSSS, which has indistinguishability, and one which has not

Dilution: A Novel Approach In Preserving Privacy

Protection of privacy is a very personal matter and therefore a sensitive issue. Often protection or prevention of exchange of information is crucial to preserve privacy. With information technology on the rise, exchange of information got boosted and preserving privacy turned to a very challenging issue. Commonly, privacy is often understood as non-disclosure of information. Modern media, particularly the Internet, and development of Web 2.0 within the Internet, pose new challenges to the intention of not disclosing certain information for quite a while already. Still, we observe that state of the art is classifying personal information into very few categories - often only two: visible to friends only and visible to everybody. This does not mirror physical life and the behavior in communication between two individuals. In this work we move away from privacy by secrecy towards privacy by dilution. Adding enough data to some information under consideration will make it hard to distinguish and hence reveal the information being protected. Dilution is applicable for any kind of data: while in case of plain text additional text can be inserted into the existing text, dilution of pictures and videos is adding additional files of the same type. Furthermore, we enable presentation of different partial identities to different requesters, e.g., a visitor of a web site. Beside a survey that allowed us to derive a basic model here, we elaborated our concepts into two directions. These can be distinguished by their transparency, i.e., the required user-interaction. We introduce active and passive dilution respectively. Means to efficiently monitor an online reputation, as well as assessments and use case studies regarding robustness, have been conducted. Conclusively, we will see that the dilution methodology is a promising approach pointing to a novel direction in privacy enhancing technologies. All tools and frameworks presented in this work and contributed by us have been implemented as fully working proof-of-concepts

On all-or-nothing transforms and password-authenticated key exchange protocols

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.Includes bibliographical references (p. 142-152).by Victor Boyko.Ph.D

The Security of Chaffing and Winnowing

This paper takes a closer look at Rivest&apos;s chaffing-and-winnowing paradigm for data privacy