scispace - formally typeset
Search or ask a question

Showing papers in "arXiv: Cryptography and Security in 2003"


Posted Content
TL;DR: The Globus Toolkit version 2 (GT2) as discussed by the authors was developed to support the Open Grid Services Architecture, an initiative that recasting Grid concepts within a service oriented framework based on Web services.
Abstract: Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit. First, we review the Globus Toolkit version 2 (GT2) approach; then, we describe new approaches developed to support the Globus Toolkit version 3 (GT3) implementation of the Open Grid Services Architecture, an initiative that is recasting Grid concepts within a service oriented framework based on Web services. GT3's security implementation uses Web services security mechanisms for credential exchange and other purposes, and introduces a tight least-privilege model that avoids the need for any privileged network service.

507 citations


Posted Content
TL;DR: This work introduces and solves the problem of characterising the optimal rate at which a discrete memoryless channel can be used to for bit commitment, and provides a lower bound on the channel’s capacity for implementing coin tossing.
Abstract: In extension of the bit commitment task and following work initiated by Crepeau and Kilian, we introduce and solve the problem of characterising the optimal rate at which a discrete memoryless channel can be used for bit commitment. It turns out that the answer is very intuitive: it is the maximum equivocation of the channel (after removing trivial redundancy), even when unlimited noiseless bidirectional side communication is allowed. By a well-known reduction, this result provides a lower bound on the channel's capacity for implementing coin tossing, which we conjecture to be an equality. The method of proving this relates the problem to Wyner's wire--tap channel in an amusing way. We also discuss extensions to quantum channels.

63 citations


Posted Content
Oded Regev1
TL;DR: A new public key cryptosystem whose security guarantee is considerably stronger than previous results is provided, and a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem is proposed.
Abstract: We introduce the use of Fourier analysis on lattices as an integral part of a lattice based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions which are based on the worst-case hardness of the unique shortest vector problem. The main result is a new public key cryptosystem whose security guarantee is considerably stronger than previous results ($O(n^{1.5})$ instead of $O(n^7)$). This provides the first alternative to Ajtai and Dwork's original 1996 cryptosystem. Our second result is a family of collision resistant hash functions which, apart from improving the security in terms of the unique shortest vector problem, is also the first example of an analysis which is not based on Ajtai's iterative step. Surprisingly, both results are derived from one theorem which presents two indistinguishable distributions on the segment $[0,1)$. It seems that this theorem can have further applications and as an example we mention how it can be used to solve an open problem related to quantum computation.

40 citations


Posted Content
TL;DR: A new homomorphic public-key cryptosystem over arbitrary nonidentity finite group based on the difficulty of the membershipproblem for groups of integer matrices is proposed.
Abstract: We propose a new homomorphic public-key cryptosystem over arbitrary nonidentity finite group based on the difficulty of the membership problem for groups of integer matrices. Besides, a homomorphic cryptosystem is designed for the first time over finite commutative rings.

35 citations


Posted Content
TL;DR: In this article, the authors provide a family of translations from strand spaces to multi-agent systems parameterized by the choice of agents in the strand space, revealing a lack of expressiveness in strand spaces that can be characterized by their translation.
Abstract: Strand spaces are a popular framework for the analysis of security protocols. Strand spaces have some similarities to a formalism used successfully to model protocols for distributed systems, namely multi-agent systems. We explore the exact relationship between these two frameworks here. It turns out that a key difference is the handling of agents, which are unspecified in strand spaces and explicit in multi-agent systems. We provide a family of translations from strand spaces to multi-agent systems parameterized by the choice of agents in the strand space. We also show that not every multi-agent system of interest can be expressed as a strand space. This reveals a lack of expressiveness in the strand-space framework that can be characterized by our translation. To highlight this lack of expressiveness, we show one simple way in which strand spaces can be extended to model more systems.

32 citations


Posted Content
TL;DR: This work has developed and tested a prototype VO-Role management system using the Community Authorization Service (CAS) from the Globus project, and reports on the configuration details for the CAS database and the Globu Gatekeeper.
Abstract: LHC-era HENP experiments will generate unprecidented volumes of data and require commensurately large compute resources. These resources are larger than can be marshalled at any one site within the community. Production reconstruction, analysis, and simulation will need to take maximum advantage of these distributed computing and storage resources using the new capabilities offered by the Grid computing paradigm. Since large-scale, coordinated Grid computing involves user access across many Regional Centers and national and funding boundaries, one of the most crucial aspects of Grid computing is that of user authentication and authorization. While projects such as the DOE Grids CA have gone a long way to solving the problem of distributed authentication, the authorization problem is still largely open. We have developed and tested a prototype VO-Role management system using the Community Authorization Service (CAS) from the Globus project. CAS allows for a flexible definition of resources. In this protoype we define a role as a resource within the CAS database and assign individuals in the VO access to that resource to indicate their ability to assert the role. The access of an individual to this VO-Role resource is then an annotation of the user's CAS proxy certificate. This annotation is then used by the local resource managers to authorize access to local compute and storage resources at a granularity which is base on neither VOs nor individuals. We report here on the configuration details for the CAS database and the Globus Gatekeeper and on how this general approch could be formalized and extended to meet the clear needs of LHC experiments using the Grid.

24 citations


Posted Content
TL;DR: It is shown that a maintainer cannot ``invent'' and authenticate data elements for the AASL after he has committed to the structure, and he cannot equivocate by being able to prove conflicting facts about a particular position of the data sequence.
Abstract: In this work we describe, design and analyze the security of a tamper-evident, append-only data structure for maintaining secure data sequences in a loosely coupled distributed system where individual system components may be mutually distrustful. The resulting data structure, called an Authenticated Append-Only Skip List (AASL), allows its maintainers to produce one-way digests of the entire data sequence, which they can publish to others as a commitment on the contents and order of the sequence. The maintainer can produce efficiently succinct proofs that authenticate a particular datum in a particular position of the data sequence against a published digest. AASLs are secure against tampering even by malicious data structure maintainers. First, we show that a maintainer cannot ``invent'' and authenticate data elements for the AASL after he has committed to the structure. Second, he cannot equivocate by being able to prove conflicting facts about a particular position of the data sequence. This is the case even when the data sequence grows with time and its maintainer publishes successive commitments at times of his own choosing. AASLs can be invaluable in reasoning about the integrity of system logs maintained by untrusted components of a loosely-coupled distributed system.

17 citations


Posted Content
TL;DR: A {k,n}-threshold scheme based on two-dimensional memory cellular automata is proposed to share images in a secret way so that only qualified subsets of k or more shares can recover the secret image, but any k-1 or fewer of them gain no information about the original image.
Abstract: A {k,n}-threshold scheme based on two-dimensional memory cellular automata is proposed to share images in a secret way. This method allows to encode an image into n shared images so that only qualified subsets of k or more shares can recover the secret image, but any k-1 or fewer of them gain no information about the original image. The main characteristics of this new scheme are: each shared image has the same size that the original one, and the recovered image is exactly the same than the secret image; i.e., there is no loss of resolution.

15 citations


Posted Content
TL;DR: In this article, a means of applying DFA to AES that exploits AES internal structure is presented, which can break an AES128 key with ten faulty messages within a few minutes.
Abstract: DFA is no new attack. It was first used by Biham and Shamir who took unfair advantage of DES Feistel structure to carry it out. This structure is not present in AES. Nevertheless, is DFA able to attack AES another way? This article aims at setting out a means of applying DFA to AES that exploits AES internal structure. We can break an AES128 key with ten faulty messages within a few minutes.

12 citations


Posted Content
TL;DR: In this paper, the authors transform the trapdoor problem of HFE into a linear algebra problem and show that it can be solved by a linear combination of linear algebra and linear algebra.
Abstract: I transform the trapdoor problem of HFE into a linear algebra problem.

10 citations


Posted Content
TL;DR: The paper presents a group authentication protocol based on splitting the private keys of the Naccache-Stern public-key cryptosystem in such a way that the Boolean expression defining the authenticable groups is implicit in the split.
Abstract: A group authentication protocol authenticates pre-defined groups of individuals such that: - No individual is identified - No knowledge of which groups can be successfully authenticated is known to the verifier - No sensitive data is exposed The paper presents a group authentication protocol based on splitting the private keys of the Naccache-Stern public-key cryptosystem in such a way that the Boolean expression defining the authenticable groups is implicit in the split.

Posted Content
TL;DR: The need of virtual organizations to enforce their own polices in addition to those of the resource owners, with regards to both resource consumption and job management, is addressed.
Abstract: In this paper we describe our work on enabling fine-grained authorization for resource usage and management. We address the need of virtual organizations to enforce their own polices in addition to those of the resource owners, in regard to both resource consumption and job management. To implement this design, we propose changes and extensions to the Globus Toolkit's version 2 resource management mechanism. We describe the prototype and the policy language that we designed to express fine-grained policies, and we present an analysis of our solution.

Posted Content
TL;DR: In this paper, the authors describe a work-in-progress for enabling fine-grain authorization of resource management in virtual organizations, addressing the needs of virtual organizations to enforce their own policies in addition to those of the resource owners.
Abstract: In this document we describe our work-in-progress for enabling fine-grain authorization of resource management. In particular, we address the needs of Virtual Organizations (VOs) to enforce their own policies in addition to those of the resource owners.

Posted Content
TL;DR: The distribution for this implementation of memory Bound Functions, in which the average effort required to generate a proof of effort is set by parameters E and l to E * l, is shown and an improved implementation is suggested.
Abstract: Memory Bound Functions have been proposed for fighting spam, resisting Sybil attacks and other purposes. A particular implementation of such functions has been proposed in which the average effort required to generate a proof of effort is set by parameters E and l to E * l. The distribution of effort required to generate an individual proof about this average is fairly broad. When particular uses of these functions are envisaged, the choice of E and l, and the system design surrounding the generation and verification of proofs of effort, need to take the breadth of the distribution into account. We show the distribution for this implementation, discuss the system design issues in the context of two proposed applications, and suggest an improved implementation.

Posted Content
TL;DR: In this paper, the first homomorphic cryptosystems were designed for the first time over any finite group, based on Barrington's construction, and for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.
Abstract: In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.

Posted Content
TL;DR: This work describes a collection of techniques whereby audiovisual or other recordings of significant events can be made in a way that hinders falsification, pre-dating, or post-dating by interested parties, even by the makers and operators of the recording equipment.
Abstract: We describe a collection of techniques whereby audiovisual or other recordings of significant events can be made in a way that hinders falsification, pre-dating, or post-dating by interested parties, even by the makers and operators of the recording equipment. A central feature of these techniques is the interplay between private information, which by its nature is untrustworthy and susceptible to suppression or manipulation by interested parties, and public information, which is too widely known to be manipulated by anyone. While authenticated recordings may be infeasible to falsify, they can be abused in other ways, such as being used for blackmail or harassment; but susceptibility to these abuses can be reduced by encryption and secret sharing.

Posted Content
Zhide Chen1, Hong Zhu1
TL;DR: In this article, a quantum m-out-of-n oblivious transfer (QOT) scheme based on the transmission of polarized light was proposed, which is robust to general attacks.
Abstract: In the m-out-of-n oblivious transfer (OT) model, one party Alice sends n bits to another party Bob, Bob can get only m bits from the n bits. However, Alice cannot know which m bits Bob received. Y.Mu[MJV02]} and Naor[Naor01] presented classical m-out-of-n oblivious transfer based on discrete logarithm. As the work of Shor [Shor94], the discrete logarithm can be solved in polynomial time by quantum computers, so such OTs are unsafe to the quantum computer. In this paper, we construct a quantum m-out-of-n OT (QOT) scheme based on the transmission of polarized light and show that the scheme is robust to general attacks, i.e. the QOT scheme satisfies statistical correctness and statistical privacy.

Posted Content
TL;DR: This paper proposes conditions for "graph to number" conversion methods and shows how graph properties can be used to extend capabilities of secret sharing schemes, without weakening their properties.
Abstract: In the paper we discuss how to share the secrets, that are graphs. So, far secret sharing schemes were designed to work with numbers. As the first step, we propose conditions for "graph to number" conversion methods. Hence, the existing schemes can be used, without weakening their properties. Next, we show how graph properties can be used to extend capabilities of secret sharing schemes. This leads to proposal of using such properties for number based secret sharing.

Posted Content
TL;DR: In this article, a probabilistic attack on public key cryptosystems based on the word/conjugacy problems for finitely presented groups of the type proposed recently by Anshel, Anshel and Goldfeld is described.
Abstract: In this note, we describe a probabilistic attack on public key cryptosystems based on the word/conjugacy problems for finitely presented groups of the type proposed recently by Anshel, Anshel and Goldfeld. In such a scheme, one makes use of the property that in the given group the word problem has a polynomial time solution, while the conjugacy problem has no known polynomial solution. An example is the braid group from topology in which the word problem is solvable in polynomial time while the only known solutions to the conjugacy problem are exponential. The attack in this paper is based on having a canonical representative of each string relative to which a length function may be computed. Hence the term length attack. Such canonical representatives are known to exist for the braid group.

Journal ArticleDOI
TL;DR: In this article, the authors developed a uniform formal notion for the two goals of confidentiality and authentication, which are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level.
Abstract: Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol, we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.

Posted Content
TL;DR: In this article, the Byzantine Generals Problem is used to uncover traitors in secure networks and the Byzantine Agreement is described by Linial to prevent the traitors from breaking the agreement.
Abstract: Secure networks rely upon players to maintain security and reliability. However not every player can be assumed to have total loyalty and one must use methods to uncover traitors in such networks. We use the original concept of the Byzantine Generals Problem by Lamport, and the more formal Byzantine Agreement describe by Linial, to nd traitors in secure networks. By applying general fault-tolerance methods to develop a more formal design of secure networks we are able to uncover traitors amongst a group of players. We also propose methods to integrate this system with insecure channels. This new resiliency can be applied to broadcast and peer-to-peer secure communication systems where agents may be traitors or become unreliable due to faults.

Posted Content
TL;DR: A secret sharing scheme (SSS) for the graph coloring is proposed and applied to the public-key cryptosystem called "Polly Cracker", where the graph structure is a public key, while proper 3-colouring of the graph is a private key.
Abstract: At the beginning some results from the field of graph theory are presented. Next we show how to share a secret that is proper n-coloring of the graph, with the known structure. The graph is described and converted to the form, where colors assigned to vertices form the number with entries from Zn. A secret sharing scheme (SSS) for the graph coloring is proposed. The proposed method is applied to the public-key cryptosystem called "Polly Cracker". In this case the graph structure is a public key, while proper 3-colouring of the graph is a private key. We show how to share the private key. Sharing particular n-coloring (color-to-vertex assignment) for the known-structure graph is presented next.

Posted Content
TL;DR: In this paper, the authors present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. But these techniques are limited to a single channel.
Abstract: Each time that an intrusion detection system raises an alert it must make some attempt to communicate the information to an operator. This communication channel can easily become the target of a denial of service attack because, like all communication channels, it has a _xed capacity. If this channel can become overwhelmed with bogus data, an attacker can quickly achieve complete neutralisation of intrusion detection capability. Although these types of attack are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive.

Posted Content
TL;DR: In this article, the authors introduce a general framework for reasoning about secrecy and privacy requirements in multi-agent systems, where one agent maintains secrecy with respect to another if the second agent cannot rule out any possibilities for the behavior or state of the first agent.
Abstract: We introduce a general framework for reasoning about secrecy and privacy requirements in multiagent systems. Our definitions extend earlier definitions of secrecy and nondeducibility given by Shannon and Sutherland. Roughly speaking, one agent maintains secrecy with respect to another if the second agent cannot rule out any possibilities for the behavior or state of the first agent. We show that the framework can handle probability and nondeterminism in a clean way, is useful for reasoning about asynchronous systems as well as synchronous systems, and suggests generalizations of secrecy that may be useful for dealing with issues such as resource-bounded reasoning. We also show that a number of well-known attempts to characterize the absence of information flow are special cases of our definitions of secrecy.

Posted Content
TL;DR: Derived from geometric properties of the Euler functions, theEuler function rays, a new ansatz to attack RSA cryptosystems is presented and a resulting, albeit inefficient, algorithm is given.
Abstract: The basic properties of RSA cryptosystems and some classical attacks on them are described Derived from geometric properties of the Euler functions, the Euler function rays, a new ansatz to attack RSA cryptosystems is presented A resulting, albeit inefficient, algorithm is given It essentially consists of a loop with starting value determined by the Euler function ray and with step width given by a function $\omega_e(n)$ being a multiple of the order $\mathrm{ord}_n(e)$, where $e$ denotes the public key exponent and $n$ the RSA modulus For $n=pq$ and an estimate $r<\sqrt{pq}$ for the smaller prime factor $p$, the running time is given by $T(e,n,r) = O((r-p)\ln e \ln n \ln r)$

Posted Content
TL;DR: This paper focuses on the use of XML and XML Signature for the representation of e-docs in AIDA, a secure document management system named AIDA that was designed to consider security an important requirement and to enable digital signing and easy management of e
Abstract: Initially developed and considered for providing authentication and integrity functions, digital signatures are studied nowadays in relation to electronic documents (edocs) so that they can be considered equivalent to handwritten signatures applied on paper documents. Nevertheless, a standardized format to be used specifically for e-doc representation was not yet specified. Each document management system is free to choose whatever e-doc format is suitable for its requirements (e.g. ASCII, Word, PDF, binary). So far, some solutions for document management systems were found but none of them was designed to consider security an important requirement and to enable digital signing and easy management of e-docs. A possible solution to this problem is our secure document management system named AIDA. This paper focuses on the use of XML and XML Signature for the representation of e-docs in AIDA.

Posted Content
TL;DR: This paper broadens the information given in some well known surveys, by including more details on block-cipher based hash functions and security of different hash schemes.
Abstract: In this paper, we present a general review of hash functions in a cryptographic sense We give special emphasis on some particular topics such as cipher block chaining message authentication code (CBC MAC) and its variants This paper also broadens the information given in some well known surveys, by including more details on block-cipher based hash functions and security of different hash schemes

Posted Content
TL;DR: The NESSIE project was a three year long project and has been divided into two phases as mentioned in this paper, the first was finished in June 2001r and the second phase of the evaluation process was accepted in 2003.
Abstract: Alghoritms: HIEROCRYPT-3, CAMELLIA and ANUBIS, GRAND CRU, NOEKEON, NUSH, Q, RC6, SAFER++128, SC2000, SHACAL were requested for the submission of block ciphers (high level block cipher) to NESSIE (New European Schemes for Signatures, Integrity, and Encryption) project. The main purpose of this project was to put forward a portfolio of strong cryptographic primitives of various types. The NESSIE project was a three year long project and has been divided into two phases. The first was finished in June 2001r. CAMELLIA, RC6, SAFER++128 and SHACAL were accepted for the second phase of the evaluation process. HIEROCRYPT-3 had key schedule problems, and there were attacks for up to 3,5 rounds out of 6, at least hardware implementations of this cipher were extremely slow [12]. HIEROCRYPT-3 was not selected to Phase II. CAMELLIA was selected as an algorithm suggested for future standard. In the paper we present the hardware implementations these two algorithms with 128-bit blocks and 128-bit keys, using ALTERA devices and their comparisons.

Journal ArticleDOI
TL;DR: In this paper, an efficient family of linear feedback shift registers (LFSR's) with maximal period was proposed. But this family is word-oriented and is not suitable for implementation in software, thus provides a solution to a recent challenge posed in FSE '94.
Abstract: We introduce and analyze an efficient family of linear feedback shift registers (LFSR's) with maximal period. This family is word-oriented and is suitable for implementation in software, thus provides a solution to a recent challenge posed in FSE '94. The classical theory of LFSR's is extended to provide efficient algorithms for generation of irreducible and primitive LFSR's of this new type.

Posted Content
TL;DR: A critical comparison of two secret sharing schemes based on Latin Squares and RSA is presented, which will be examined in terms of their positive and negative aspects of their secuirty.
Abstract: In recent years there has been a great deal of work done on secret sharing scehemes. Secret Sharing Schemes allow for the division of keys so that an authorised set of users may access information. In this paper we wish to present a critical comparison of two of these schemes based on Latin Squares, [Cooper et., al.] and RSA [Shoup]. These two protocols will be examined in terms of their positive and negative aspects of their secuirty.