Showing papers by "Carlo Blundo published in 2010"

A simple role mining algorithm

Abstract: Complex organizations need to establish access control policies in order to manage access to restricted resources. Role Based Access Control paradigm has been introduced in '90 years aiming at simplifying the management of centralized access control. The definition of a good set of roles in order to match the organizational requirements of a company is a problem partially solved by role mining techniques, which return automatically a set of roles compatible with the permissions assigned to users. Unfortunately, the problem of finding an optimal role set has been proved to be NP-hard; so heuristics have been introduced in order to approximate the optimal solution. In this work we propose a novel heuristic and compare its results showing its efficiency and effectiveness.

Predicate Encryption with Partial Public Keys

Abstract: Predicate encryption is a new powerful cryptographic primitive which allows for fine-grained access control for encrypted data: the owner of the secret key can release partial keys, called tokens, that can decrypt only a specific subset of ciphertexts. More specifically, in a predicate encryption scheme, ciphertexts and tokens have attributes and a token can decrypt a ciphertext if and only if a certain predicate of the two associated attributes holds.

Predicate Encryption with Partial Public Keys.

Abstract: Predicate encryption is a new powerful cryptographic primitive which allows for fine-grained access control for encrypted data: the owner of the secret key can release partial keys, called tokens, that can decrypt only a specific subset of ciphertexts. More specifically, in a predicate encryption scheme, ciphertexts and tokens have attributes and a token can decrypt a ciphertext if and only if a certain predicate of the two associated attributes holds. In this paper, ciphertext attributes are vectors ~x of fixed length ` over an alphabet Σ and token attributes, called patterns, are vectors ~y of the same length over the alphabet Σ? = Σ ∪ {?}. We consider the predicate Match(~x, ~y) introduced by [BW07] which is true if and only if ~x = 〈x1, . . . , x`〉 and ~y = 〈y1, . . . , y`〉 agree in all positions i for which yi 6= ?. Various security notions are relevant for predicate encryption schemes. First of all, one wants the ciphertexts to hide its attributes (this property is called semantic security). In addition, it makes sense also to consider the property of token security, a security notion in which the token is required not to reveal any information on the associated pattern. It is easy to see that predicate privacy is impossible to achieve in a public-key setting. In [SSW09], the authors considered the notion of a predicate encryption scheme in the symmetric-key setting and gave the first construction with token security. In this paper, we consider the notion of a partial public key encryption (as suggested in [SSW09]) in which a partial public key allows a user to generate only a subset of the ciphertexts. We give a construction which is semantically secure and in which a token does not reveal any information on the associated pattern except for the locations of the ?’s. The proofs of security of our construction are based

Increasing privacy threats in the cyberspace: the case of Italian e-passports

Abstract: The recent introduction of electronic passports (e-Passports) motivates the need of a thorough investigation on potential security and privacy issues. In this paper, we focus on the e-Passport implementation adopted in Italy. Leveraging previous attacks to e-Passports adopted in other countries, we analyze (in)security of Italian e-Passports and we investigate additional critical issues. Our work makes several contributions. 1. We show that in some concrete scenarios, Italian e-Passports are prone to eavesdropping attacks, where one can unnoticeably obtain private data stored in the e-Passport using RF communication, while the passport is stored in a bag/pocket. Moreover, we show how to trace e-Passports by successfully linking two or more communication transcripts related to the same e-Passport. 2. We propose a set of open-source tools that build successful attacks to the security of Italian e-Passports. Among them, we provide a simulator that produces attacks without requiring physical passports and RFID equipment. 3. We show that the random number generator included in the RFID chips produces bits that are noticeably far from the uniform distribution, thus potentially exposing Italian e-Passports to several other attacks.

Secure metering schemes

Abstract: The current trend on the Internet suggests that the majority of revenues of web sites come from the advertising potential of the World Wide Web. Advertising is arguably the type of commercial information exchange of the greatest economic importance in the real world. Indeed, advertising is what funds most other forms of information exchange, including radio stations, television stations, cable networks, magazines, and newspapers. According to the figures provided by the Internet Advertising Bureau [24] and Price Waterhouse Coopers [43], advertising revenue results for the first 9 months of 2004 totaled slightly over 7.0 billion dollars.