Information Security and Privacy

Information Security and Privacy
Preface
Table of Contents
A Few Thoughts on E-Commerce
Trust
Privacy
On the Economies of Piracy and Anti-piracy
New CBC-MAC Forgery Attacks
Introduction
Use of MACs
A Model for CBC-MACs
Types of CBC-MAC Scheme
Attacks on CBC-MACs
Acknowledgements
References
Simple MAC Forgeries
More Sophisticated Forgeries
Simple Cut and Paste Attack
Birthday Attack
Van Oorschot-Preneel Attack
Countermeasures
A New Forgery Attack
The Basic Attack
A Forgery Attack for the Serial Number Case
Combining Serial Numbers with Padding Method 3
Implications
Summary and Conclusions
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
Introduction
Description of the Proposed Scheme
Attacking the Scheme
Numerical Example
References
Improved Cryptanalysis of the Self-Shrinking Generator
Introduction
Description of the Cipher
The Shrinking Generator
The Self-Shrinking Generator
Previous Work on Cryptanalysis
Period and Linear Complexity
Attacks Using Short Keystream Sequences
Attack Using Long Keystream Sequences
The Backtracking Algorithm
Basic Idea: Attacking the Shrinking Generator
Applying the Idea to the Self-Shrinking Generator
Upper Bounding the Running Time
Well-Formed vs. Malformed Trees
Size of a Well-Formed Tree
Worst Case Considerations
Running Time of the Algorithm
Experimental Results
Results on the Number of Leaves
Results on the Number of Nodes
Design Recommendations
References
Attacks Based on Small Factors in Various Group Structures
Introduction
Contribution
Organisation of Paper
Background and Related Work
Attacks on Group Signature Schemes
Preventing Opening of Signatures
Collusion Attacks
Electronic Cash Schemes
Traor'e's Scheme
An Anomaly in Brands' Cash Scheme
Fair Off-Line Cash
Methods to Avoid Exposures
Conclusions and Summary
Acknowledgments
References
On Classifying Conference Key Distribution Protocols
Introduction
Overview of the Proposed Classification
Identity-Based Protocols and Attacks
Protocol 1
Attack on Protocol 1
Protocol 2
Attack on Protocol 2
Refining the Classification
Conclusions and Further Works
References
Pseudorandomness of MISTY-Type Transformations and the Block Cipher KASUMI
Introduction
Preliminaries
Definitions
Some Basic Lemmas
Pseudorandomness of the MISTY-Type Transformation
Pseudorandomness of KASUMI
Conclusion
References
New Public-Key Cryptosystem Using Divisor Class Groups
Introduction
Mathematical Background
Computational Aspects
The New Cryptosystem
Analog of ElGamal
Analog of the Diffie-Helman Key Exchange
Security Aspects
References
First Implementation of Cryptographic Protocols Based on Algebraic Number Fields
Introduction
Efficient Arithmetic for Algebraic Number Fields
Representation of the Objects
Basic Algorithms in Number Fields
Advanced Algorithms in Number Fields
Cryptographically Good Orders of Number Fields
Requirements for Good Orders
Constructing Good Orders
Computational Results
The Signature Scheme RDSA
Example
Implementation and Run Times
Conclusions and Open Questions
Requirements for Good Orders (Appendix)
Example.
Practical Key Recovery Schemes
Introduction
The Classification of Keys
Review of the Bell Labs Key Recovery Scheme
The Model of a Practical Key Recovery
The Proposed Key Recovery Scheme -- KRS-1
The Protocol of KRS-1
Security Analysis of the KRS-1 Protocol
The Key Recovery Scheme Based on RSA -- KRS-2
The Protocol of KRS-2
Security Analysis of the KRS-2 Protocol
Conclusions
Acknowledgments
References
Non-deterministic Processors
Background
Prior Work
Non Deterministic Processors
Random Issuing
Techniques for Increasing Non-determinism
Compiler Techniques
Experiments
Conclusion and Future Work
References
Personal Secure Booting
Introduction
Background: AEGIS Secure Bootstrap Process
Design
Design Goals
Design Overview
Smartcard Communication Protocol
Security Consideration
Model
Claims
Assumptions
Attacks
Implementation
GRUB Stage 1
GRUB Stage 2
{tt verify}
Smartcard-Side Code
Performance Evaluation
Discussion
Key Management
Future Direction
Conclusion
References
Evaluation of Tamper-Resistant Software Deviating from Structured Programming Rules
Introduction
Preliminaries
Notations and Definitions
Evaluation Using Parse Tree
Proposal of Obfuscation Methods
Structured Programming Rules
Idea of the Proposed Obfuscation Method
Obfuscation through Decomposition
Obfuscation through Composition
Decreasing Slow Down
New Evaluation Method
Experimental Results
The Grades of Tamper-Resistant Software
Relationship between the Grades and the Reading Time
Conclusions
References
A Strategy for MLS Workflow
Introduction
Outline of the Paper
Related Work
Workflow Distribution and Heterogeneity
An Architecture for Multilevel Secure Workflow Interoperability
Relaxed Transaction Models in Workflow Contexts
Transactional Workflows
The Functionality of Flexible Transactions in Workflow Systems
A Formal Model of Flexible Transactions
Scheduling of Flexible Transactions
A Formal Approach to Support Workflow Security
A Logic -- Based Semantics for Multilevel Secure Workflow
Multilevel Workflow Database
The Necessity for Semantics in Secure Workflow Databases
Inference Control Theorems of MLS Workflow Database
Conclusion
References
Condition-Driven Integration of Security Services
SKETHIC: Secure Kernel Extension against Trojan Horses with Information-Carrying Codes
Introduction
Previous Anti-Trojan Approaches
The Suggested Approach
Formal Description
Definition of the Problem
Definition of SKETHIC
Safety
Comparisons and Discussions
Summary and Future Works
References
Secure and Private Distribution of Online Video and Some Related Cryptographic Issues
Introduction
System Description
Content Protection
Privacy Protection
System Features and Discussions
Fast Symmetric Key Encryption Scheme
PKC with Fast Decryption
References
Appendix
Private Information Retrieval Based on the Subgroup Membership Problem
Private Information Retrieval
Subgroup Membership Problem
Subgroup Membership Assumption
Examples
Equivalent Problems
PIR Based on the Subgroup Membership Problem
Basic Idea
Scheme
Privacy
Communication Complexity
Small Example
References
A Practical English Auction with One-Time Registration
Introduction
Background
Related Works
Our Result
Related Work
Group Signature
Previous Scheme
Undesirable Properties of the Scheme
Our Protocol
Entities
Notations
Procedure
Fairness of Bidder
Outline of Non-repudiation Protocol
Bidding Procedure with Non-repudiation
Consideration
Features
No Framing
Performance
Easy Revocation
Conclusion
References
A User Authentication Scheme with Identity and Location Privacy
Introduction
Related Works
Organization of This Manuscript
Random Self-Reduciblity
The Proposed Scheme
Overview
Description of the Scheme
Example
Discussions
Security
Efficiency
Extension
Conclusion
References
An End-to-End Authentication Protocol in Wireless Application Protocol
Introduction
The Security Architecture for WAP and Its Shortcomings
The Security Architecture for WAP
The Shortcomings of Security Architecture for WAP
CRL-Agent & Assumptions
End-to-End Authentication Protocol in WAP
Notations
Initialization for E2ESP
E2ESP
Security Evaluation of E2ESP
Implementation Techniques of E2ESP & Conclusion
References
Error Detection and Authentication in Quantum Key Distribution
Introduction
Several Error Correction Methods
Neighborhood Collision Free Functions
Error Detection Using Locally Neighborhood Collision Free Functions
Method 1
Method 2
Method 3
Method Using Error Correcting Codes
Authentication
Experimental Results
References
An Axiomatic Basis for Reasoning about Trust in PKIs
Introduction
PKI Certificates
A State-Based Model for PKIs
The Trust Relation
A Logic for Trust Transferring in PKIs
The Syntax
The Proof System
Transfer of Trust
Trust Framework for a PKI
Trust Axioms
Trust Bases
Trusted Certificates
Certificate Verification
The Concept of Certificate Verification
Path Development and Validation
Conclusion
References
A Knowledge-Based Approach to Internet Authorizations
1 Introduction
2 A Logic-Based Policy Specification Language
3 Policy-Driven RBAC
4 Automated Role-Assignment Using Digital Certificates
5 A Knowledge-Based Approach to Internet Authorizations
6 Remote Policy Enforcement in Internet Authorizations
7 Conclusions
Acknowledgement
References
Appendix A – The Role Syntax
Appendix B – A Bank Example
Applications of Trusted Review to Information Security
Introduction
Hurdles: A Brief Survey of Existing Problems
Trusted Review: Concepts
Authentication Mechanism
Display
Signature Generation
Signature Validation
Assurance
Threat Model
Trusted Review: Applications
High Assurance Signatures
Certification Authority
Witnessing
Electronic Funds Transfer
Multilevel Security Information Downgrade
Conclusions
Acknowledgements
References
Network Security Modeling and Cyber Attack Simulation Methodology
1 Introduction
2 Background on Network Security Modeling and Simulation
3 Proposed Approach
3.1 Layer I: SES/MB Framework
3.2 Layer II: Component, Attacker, and Analyzer Model Design
3.3 Layer III: Network Security Simulation System
4 Case Study
5 Conclusions
Acknowledgements
References
Cryptographic Salt: A Countermeasure against Denial-of-Service Attacks
Introduction
Server Authentication and Random Numbers
SSL/TLS Protocol
Cookies Combined with the New Countermeasure
Conclusion
References
Enhanced Modes of Operation for the Encryption in High-Speed Networks and Their Impact on QoS
Introduction
ATM
SDH
Encryption
CBC-Mode
The CFB Mode
The OFB-Mode
The Statistical Self-Syndiscretionary {-}{}{}chrodiscretionary {-}{}{}nidiscretionary {-}{}{}zation
The ATM Counter Mode
Statistical Counter Mode
Impact of Security on Error Performance in SDH/SONET
Impact of Security on QoS in ATM
Impact of the CBC-Mode
Impact of the ATM Counter Mode
Impact of the Statistical Counter Mode
Conclusions and Outlook
References
Improving the Availability of Time-Stamping Services
Introduction
Time-Stamping: Objectives, Model, and Threats
Time-Stamping Systems: Overview
Absolute (Hash-and-Sign)Time Stamps
Auditable Relative Time-Stamping
Time Certificates
Usage Example: Time Stamps for Digital Signatures
Time-Stamping with Multiple Servers
Absolute Time-Stamping with Multiple Servers
Linking with Multiple Servers
Fault Tolerant Linking
Conclusions
Appendix A: Linking Scheme
References
Randomness Required for Linear Threshold Sharing Schemes Defined over Any Finite Abelian Group
Introduction
Definitions and Notation
Definition of a $t$ out of $n$ Group Independent Linear Threshold Sharing Scheme
Our Assumption on Group Independent Linear Threshold Sharing
The Basic Model
A Representation of $overline {s}$
Reduction to Smith-Normal Form
Some Necessary Conditions of a GILTS
Bounds on Randomness
Some Background in Randomness Requirement -- within Ramp Schemes
Bounds on Randomness in a GILTS
Some Observations Concerning All-Revealing Schemes when $cal K$ Has Exponent 2
Remarks
Conclusion
Appendix
References
Democratic Systems
Introduction
The Scenario
Requirements
The Model
Components of the System
Communication Channel
Threshold Scheme
Threshold Signature
Verifiable Transfer of Signature Shares
Implementation
Initialization
Opening a Session
Transfer of Signature Shares
Signing Motion Messages
Security Analysis
References
Efficient and Unconditionally Secure Verifiable Threshold Changeable Scheme
Introduction
Preliminaries
Threshold Scheme
Ramp Scheme
Threshold Changeable Scheme
Efficiency Measure
Verifiable Secret Sharing Scheme
Threshold Scheme with $unhbox voidb @x hbox {relax mathversion {bold}$N$}$-time Threshold Changeability
Construction of a Perfect Threshold Changeable Scheme with $unhbox voidb @x hbox {relax mathversion {bold}$N$}$-time Threshold Changeability
Example of the Functions ${h^{(k)}}$
Efficient VSS for $(t rightarrow unhbox voidb @x hbox {{bf t}}, n)$-ThresholdChangeable Scheme
Efficiency of the Proposed Scheme
Conclusion
References
Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates
Introduction
Secret Sharing Schemes
Parameters
Shamir's Secret Sharing Scheme
Verifiable Secret Sharing Scheme
Generating a Random Secret
Schnorr's Signature Scheme
A $(t,n)$ ThresholdSignature Scheme
Key Generation Protocol
Signature Issuing Protocol
Correctness
Robustness
Security
Notion of Security
View
Unforgeability
The Implicit Certificate Scheme
$(t,n)$ ThresholdScheme for Implicit Certificates
Key Generation Protocol
Certificate Issuing Protocol and Public Key Reconstruction
Correctness
Robustness
Security Analysis
Notion of Security
Unforgeability
Non-impersonating
Further Issues
Conclusion
References
How to Construct Fail-Stop Confirmer Signature Schemes
Introduction
Previous Works
Our Contributions
FSCS Model
A Generic Construction for FSCS Schemes
Properties of the Signature and Encryption Schemes
Security Problems in FSCS
Conclusion
References
Signature Schemes Based on 3rd Order Shift Registers
Introduction
Background and Previous Results
Our Contributions
Third Order Linear Feedback Shift Registers
Fast Computational Methods
Digital Signature Schemes
A Normal Digital Signature Scheme
A Signed Encryption Scheme
Security of Signature Schemes
Conclusion
References
Anonymous Statistical Survey of Attributes
Introduction
A Model of Anonymous Statistical Survey System of Attributes
Preliminaries
Signatures Based on Zero-Knowledge Proofs of Knowledge
Shuffle and Threshold Cryptosystem
Overview
An Anonymous Statistical Survey System of Attributes
Setup Protocol
Registration Protocol
Offering Protocol
Generating Protocol
Discussion
Conclusion
References
Secure Mobile Agent Using Strong Non-designated Proxy Signature
Introduction
Mobile Agent
Undetachable Signature Scheme
Proxy Signature
Our Contribution
Strong Non-designated Proxy Signature
Schnorr-Based SMA
RSA-Based SMA
Multi-proxy Mobile Agent
Multi-proxy Mobile Agent Scheme
Comparison with Multiple Signatures
Conclusion
References
Elliptic Curve Based Password Authenticated Key Exchange Protocols
Introduction
Password Authenticated Key Exchange
Diffie Hellman Encrypted Key Exchange
The DH-EKE Protocol
Variants of the DH-EKE Protocol
A Partition Attack against DH-EKE Family
Elliptic Curves and Twisted Elliptic Curves
Elliptic Curve Encrypted Key Exchange
Trivial Protocols Are Insecure against Partition Attacks
An Elliptic Curve Encrypted Key Exchange Secure against Partition Attacks
Security
An Unbalanced Variant for Smartcards
Some Comments on the DL Analog
Conclusion
References
Elliptic Curve Cryptography on a Palm OS Device
Arithmetic in $GF(2^m)$
Field Representation
Addition
Multiplication
Squaring
Modular Division
Timings
Elliptic Curve Basics
Arithmetic
Point Representation
Random Curves
Curve Parameters
Point Multiplication
Timings
Koblitz Curves
Curve Parameters
Point Multiplication
Timings
Conclusion
References
Reducing Certain Elliptic Curve Discrete Logarithms to Logarithms in a Finite Field
Introduction
Construction of Bilinear Pairing
The Reduction
References
Author Index