Showing papers on "40-bit encryption published in 2008"

Predicate encryption supporting disjunctions, polynomial equations, and inner products

Abstract: Predicate encryption is a new paradigm generalizing, among other things, identity-based encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decrypt a ciphertext associated with attribute I if and only if f(I) = 1. Constructions of such schemes are currently known for relatively few classes of predicates. We construct such a scheme for predicates corresponding to the evaluation of inner products over ZN (for some large integer N). This, in turn, enables constructions in which predicates correspond to the evaluation of disjunctions, polynomials, CNF/DNF formulae, or threshold predicates (among others). Besides serving as a significant step forward in the theory of predicate encryption, our results lead to a number of applications that are interesting in their own right.

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

Abstract: An authenticated encryption scheme is a symmetric encryption scheme whose goal is to provide both privacy and integrity. We consider two possible notions of authenticity for such schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them, when coupled with IND-CPA (indistinguishability under chosen-plaintext attack), to the standard notions of privacy IND-CCA and NM-CPA (indistinguishability under chosen-ciphertext attack and nonmalleability under chosen-plaintext attack) by presenting implications and separations between all notions considered. We then analyze the security of authenticated encryption schemes designed by “generic composition,” meaning making black-box use of a given symmetric encryption scheme and a given MAC. Three composition methods are considered, namely Encrypt-and-MAC, MAC-then-encrypt, and Encrypt-then-MAC. For each of these and for each notion of security, we indicate whether or not the resulting scheme meets the notion in question assuming that the given symmetric encryption scheme is secure against chosen-plaintext attack and the given MAC is unforgeable under chosen-message attack. We provide proofs for the cases where the answer is “yes” and counter-examples for the cases where the answer is “no.”

Circular-Secure Encryption from Decision Diffie-Hellman

Abstract: We describe a public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use. In particular, it remains secure under a "key cycle" usage, where we have a cycle of public/secret key-pairs (pk i ,sk i ) for i= 1,...,n, and we encrypt each sk i under ${\rm pk}_{(i \bmod n)+1}$. Such usage scenarios sometimes arise in key-management systems and in the context of anonymous credential systems. Also, security against key cycles plays a role when relating "axiomatic security" of protocols that use encryption to the "computational security" of concrete instantiations of these protocols. The existence of encryption systems that are secure in the presence of key cycles was wide open until now: on the one hand we had no constructions that provably meet this notion of security (except by relying on the random-oracle heuristic); on the other hand we had no examples of secure encryption systems that become demonstrably insecure in the presence of key-cycles of length greater than one. Here we construct an encryption system that is circular-secure against chosen-plaintext attacks under the Decision Diffie-Hellman assumption (without relying on random oracles). Our proof of security holds even if the adversary obtains an encryption clique, that is, encryptions of sk i under pk j for all 1 ≤ i,j≤ n. We also construct a circular counterexample: a one-way secure encryption scheme that breaks completely if an encryption cycle (of any size) is published.

Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption

Abstract: A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.

Generalized Identity Based and Broadcast Encryption Schemes

Abstract: We provide a general framework for constructing identity-based and broadcast encryption systems. In particular, we construct a general encryption system called spatial encryption from which many systems with a variety of properties follow. The ciphertext size in all these systems is independent of the number of users involved and is just three group elements. Private key size grows with the complexity of the system. One application of these results gives the first broadcast HIBE system with short ciphertexts. Broadcast HIBE solves a natural problem having to do with identity-based encrypted email.

On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles

Abstract: The study of deterministic public-key encryption was initiated by Bellare et al. (CRYPTO '07), who provided the "strongest possible" notion of security for this primitive (called PRIV) and constructions in the random oracle (RO) model. We focus on constructing efficient deterministic encryption schemes withoutrandom oracles. To do so, we propose a slightly weaker notion of security, saying that no partial information about encrypted messages should be leaked as long as each message is a-priori hard-to-guess given the others(while PRIV did not have the latter restriction). Nevertheless, we argue that this version seems adequate for many practical applications. We show equivalence of this definition to single-message and indistinguishability-based ones, which are easier to work with. Then we give general constructions of both chosen-plaintext (CPA) and chosen-ciphertext-attack (CCA) secure deterministic encryption schemes, as well as efficient instantiations of them under standard number-theoretic assumptions. Our constructions build on the recently-introduced framework of Peikert and Waters (STOC '08) for constructing CCA-secure probabilisticencryption schemes, extending it to the deterministic-encryption setting as well.

Multimedia Content Encryption: Techniques and Applications

Abstract: How to Design a Secure Multimedia Encryption Scheme The widespread use of image, audio, and video data makes media content protection increasingly necessary and urgent. For maximum safety, it is no longer sufficient to merely control access rights. In order to fully protect multimedia data from piracy or unauthorized use, it must be secured through encryption prior to its transmission or distribution. Multimedia Content Encryption: Techniques and Applications presents the latest research results in this dynamic field. Examines the Latest Encryption Techniques The book begins with the history of multimedia encryption and then examines general performance requirements of encryption and fundamental encrypting techniques. It discusses common techniques of complete, partial, and compression-combined encryption; as well as the more specialized forms, including perception, scalable, and commutative encryption. In addition, the author reviews watermarking and joint fingerprint embedding and decryption. Later chapters discuss typical attacks on multimedia encryption, as well as the principles for designing secure algorithms and various applications. An exploration of open issues, up-and-coming topics, and areas for further research rounds out the coverage. Shiguo Lian is the author or co-author of more than fifty peer-reviewed journal and conference articles covering topics of network security and multimedia content protection, including cryptography, secure P2P content sharing, digital rights management (DRM), encryption, watermarking, digital fingerprinting, and authentication. By following the techniques outlined in this book, users will be better able to protect the integrity of their multimedia data and develop greater confidence that their data will not be misappropriated.

Performance Evaluation of Symmetric Encryption Algorithms

Abstract: Internet and networks applications are growing very fast, so the needs to protect such applications are increased. Encryption algorithms play a main role in information security systems. On the other side, those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. This paper provides evaluation of six of the most common encryption algorithms namely: AES (Rijndael), DES, 3DES, RC2, Blowfish, and RC6. A comparison has been conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types ,battery power consumption, different key size and finally encryption/decryption speed. Simulation results are given to demonstrate the effectiveness of each algorithm. .

Image Encryption Using Block-Based Transformation Algorithm

Abstract: Encryption is used to securely transmit data in open networks. Each type of data has its own features, therefore different techniques should be used to protect conf idential image data from unauthorized access. Most of the available encryption algorithms are mainly used for textual data and may not be suitable for multimedia data such as images. In this paper, we introduce a block-based transformation algorithm based on the combination of image transformation and a well known encryption and decryption algorithm called Blowfish. The original image was divided into blocks, which were rearranged into a transformed image using a transformation algorithm presented here, and then the transformed image was encrypted using the Blowfish algorithm. The results showed that the correlation between image elements was sig nificantly decreased by using the proposed technique. The results also show that increasing the number of blocks by using smaller block sizes resulted in a lower correlation and hig her entropy.

Overview on selective encryption of image and video: challenges and perspectives

Abstract: In traditional image and video content protection schemes, called fully layered, the whole content is first compressed. Then, the compressed bitstream is entirely encrypted using a standard cipher (DES, AES, IDEA, etc.). The specific characteristics of this kind of data (high-transmission rate with limited bandwidth) make standard encryption algorithms inadequate. Another limitation of fully layered systems consists of altering the whole bitstream syntax which may disable some codec functionalities. Selective encryption is a new trend in image and video content protection. It consists of encrypting only a subset of the data. The aim of selective encryption is to reduce the amount of data to encrypt while preserving a sufficient level of security. This computation saving is very desirable especially in constrained communications (real-time networking, high-definition delivery, and mobile communications with limited computational power devices). In addition, selective encryption allows preserving some codec functionalities such as scalability. This tutorial is intended to give an overview on selective encryption algorithms. The theoretical background of selective encryption, potential applications, challenges, and perspectives is presented.

Cryptanalysis of Some Multimedia Encryption Schemes

Abstract: Encryption is one of the fundamental technologies that is used in digital rights management. Unlike ordinary computer applications, multimedia applications generate large amounts of data that has to be processed in real time. So, a number of encryption schemes for multimedia applications have been proposed in recent years. We analyze the following proposed methods for multimedia encryption: key-based multiple Huffman tables (MHT), arithmetic coding with key-based interval splitting (KSAC), and randomized arithmetic coding (RAC). Our analysis shows that MHT and KSAC are vulnerable to low complexity known- and/or chosen-plaintext attacks. Although we do not provide any attacks on RAC, we point out some disadvantages of RAC over the classical compress-then-encrypt approach.

On the security of a new image encryption scheme based on chaotic map lattices

Abstract: This paper reports a detailed cryptanalysis of a recently proposed encryption scheme based on the logistic map [A. Pisarchik et al., Chaos 16, 033118 (2006)]. Some problems are emphasized concerning the key space definition and the implementation of the cryptosystem using floating-point operations. It is also shown how it is possible to reduce considerably the key space through a ciphertext-only attack. Moreover, a timing attack allows for the estimation of part of the key due to the existent relationship between this part of the key and the encryption/decryption time. As a result, the main features of the cryptosystem do not satisfy the demands of secure communications. Some hints are offered to improve the cryptosystem under study according to those requirements.

Hidden-Vector Encryption with Groups of Prime Order

Abstract: Predicate encryption schemes are encryption schemes in which each ciphertext Ct is associated with a binary attribute vector and keys Kare associated with predicates. A key Kcan decrypt a ciphertext if and only if the attribute vector of the ciphertext satisfies the predicate of the key. Predicate encryption schemes can be used to implement fine-grained access control on encrypted data and to perform search on encrypted data. Hidden vector encryption schemes [Boneh and Waters --- TCC 2007] are encryption schemes in which each ciphertext is associated with a binary vector and each key Kis associated with binary vector with "don't care" entries (denoted with i¾?). Key Kcan decrypt ciphertext if and only if and agree for all ifor which $y_i e \star$. Hidden vector encryption schemes are an important type of predicate encryption schemes as they can be used to construct more sophisticated predicate encryption schemes (supporting for example range and subset queries). We give a construction for hidden-vector encryption from standard complexity assumptions on bilinear groups of prime order. Previous constructions were in bilinear groups of composite orderand thus resulted in less efficient schemes. Our construction is both payload-hiding and attribute-hiding meaning that also the privacy of the attribute vector, besides privacy of the cleartext, is guaranteed.

A survey of certificateless encryption schemes and security models

Abstract: This paper surveys the literature on certificateless encryption schemes. In particular, we examine the large number of security models that have been proposed to prove the security of certificateless encryption schemes and propose a new nomenclature for these models. This allows us to “rank” the notions of security for a certificateless encryption scheme against an outside attacker and a passive key generation centre, and we suggest which of these notions should be regarded as the “correct” model for a secure certificateless encryption scheme. We also examine the security models that aim to provide security against an actively malicious key generation centre and against an outside attacker who attempts to deceive a legitimate sender into using an incorrect public key (with the intention to deny the legitimate receiver that ability to decrypt the ciphertext). We note that the existing malicious key generation centre model fails to capture realistic attacks that a malicious key generation centre might make and propose a new model. Lastly, we survey the existing certificateless encryption schemes and compare their security proofs. We show that few schemes provide the “correct” notion of security without appealing to the random oracle model. The few schemes that do provide sufficient security guarantees are comparatively inefficient. Hence, we conclude that more research is needed before certificateless encryption schemes can be thought to be a practical technology.

CCA2 secure IBE: standard model efficiency through authenticated symmetric encryption

Abstract: We propose two constructions of chosen-ciphertext secure identity-based encryption (IBE) schemes. Our schemes have a security proof in the standard model, yet they offer performance competitive with all known random-oracle based schemes. The efficiency improvement is obtained by combining modifications of the IBE schemes by Waters [38] and Gentry [21] with authenticated symmetric encryption.

Tag-KEM/DEM: A New Framework for Hybrid Encryption

Abstract: This paper presents a novel framework for the generic construction of hybrid encryption schemes which produces more efficient schemes than the ones known before. A previous framework introduced by Shoup combines a key encapsulation mechanism (KEM) and a data encryption mechanism (DEM). While it is sufficient to require both components to be secure against chosen ciphertext attacks (CCA-secure), Kurosawa and Desmedt showed a particular example of KEM that is not CCA-secure but can be securely combined with a specific type of CCA-secure DEM to obtain a more efficient, CCA-secure hybrid encryption scheme. There are also many other efficient hybrid encryption schemes in the literature that do not fit into Shoup’s framework. These facts serve as motivation to seek another framework. The framework we propose yields more efficient hybrid scheme, and in addition provides insightful explanation about existing schemes that do not fit into the previous framework. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a threshold hybrid one without considerable overhead, which may not be possible in the previous approach.

Cryptographic key management for stored data

Abstract: A method is provided for performing application transparent key management in a storage library associated with an encrypting removable storage device. Encryption and decryption is performed by a key manager and the removable storage device, and is transparent to the application. Data is encrypted using keys that are managed by the storage key manager. An administrative interface allows an administrator to specify and manage encryption keys. A key identifier is associated with each key, and the key identifier is written to the tape along with the encrypted data. When reading encrypted data, the removable storage device reads the key identifier from the tape and requests the corresponding encryption key from the key manager. The removable storage device then provides the decrypted data to the application. The encryption key may be exported from the key manager or library in an encrypted XML format. Encrypted tapes can therefore be decrypted in different libraries by exporting the keys from one library to another.

An Image Encryption Approach Using a Combination of Permutation Technique Followed by Encryption

Abstract: Summary Data encryption is widely used to ensure security in open networks such as the internet. Each type of data has its own features, therefore, different techniques should be used to protect confidential image data from unauthorized access. Most of the available encryption algorithms are used for text data, however, due to large data size and real time constrains, algorithms that are good for textual data may not be suitable for multimedia data. In most of the natural images the values of the neighboring pixels are strongly correlated. This means that the value of any given pixel can be reasonably predicted from the values of its neighbors. In this paper, we introduce a new permutation technique based on the combination of image permutation and a well known encryption algorithm called RijnDael. The original image was divided into 4 pixels × 4 pixels blocks, which were rearranged into a permuted image using a permutation process presented here, and then the generated image was encrypted using the RijnDael algorithm. The results showed that the correlation between image elements was significantly decreased by using the combination technique and higher entropy was achieved.

Corralling Virtual Machines With Encryption Keys

Abstract: A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.

Identity-Based Online/Offline Encryption

Abstract: We consider a scenario of identity-based encryption (IBE) where the encryption device (such as a smartcard) has low power. To improve the computation efficiency, it is desirable that part of computation can be done prior to knowing the message and the recipient (its identity or public key). The real encryption can be conducted efficiently once the message and the recipient's identity become available. We borrow the notion of online/offline signatures introduced by Even, Goldreich and Micali in 1990 and call this kind of encryption identity-based online/offline encryption(IBOOE), in the sense that the pre-computation is referred to as offline phaseand the real encryption is considered as online phase. We found that this new notion is not trivial, since all previously proposed IBE schemes cannot be separated into online and offline phases so that the online phase is very efficient. However, we also found that with a proper transformation, some existing identity-based encryption schemes can be converted into IBOOE schemes with or without random oracles. We look into two schemes in our study: Boneh-Boyen IBE (Eurocrypt 2004), and Gentry IBE (Eurocrypt 2006).

Lattice-based homomorphic encryption of vector spaces

Abstract: In this paper we introduce a new probabilistic lattice-based bounded homomorphic encryption scheme. For this scheme the sum of two encrypted messages is the encryption of the sum of two messages and the scheme is able to preserve a vector spave structure of the message. The size of the public key is rather large ap 3 Mb but the encryption and the decryption operations are very fast (of the same speed order than NTRU). The homomorphic operation, i.e. the addition of ciphertexts is dramatically fast compared to homomorphic schemes based on group theory like Paillier or El Gamal.

Encryption management in an information handling system

Abstract: A method of enforcing an encryption policy in an information handling system for receiving a request for access to data, automatically identifying from a plurality of encryption policies a particular encryption policy associated with the requested data, selecting an available encryption implementation module capable of enforcing the identified encryption policy, and initiating an encryption or decryption of the requested data using the selected encryption implementation module.

Towards key-dependent message security in the standard model

Abstract: Standard security notions for encryption schemes do not guarantee any security if the encrypted messages depend on the secret key. Yet it is exactly the stronger notion of security in the presence of key-dependent messages (KDM security) that is required in a number of applications: most prominently, KDM security plays an important role in analyzing cryptographic multi-party protocols in a formal calculus. But although often assumed, the mere existence of KDM secure schemes is an open problem. The only previously known construction was proven secure in the random oracle model. We present symmetric encryption schemes that are KDM secure in the standard model (i.e., without random oracles). The price we pay is that we achieve only a relaxed (but still useful) notion of key-dependent message security. Our work answers (at least partially) an open problem posed by Black, Rogaway, and Shrimpton. More concretely, our contributions are as follows: 1. We present a (stateless) symmetric encryption scheme that is information-theoretically secure in face of a bounded number and length of encryptions for which the messages depend in an arbitrary way on the secret key. 2. We present a stateful symmetric encryption scheme that is computationally secure in face of an arbitrary number of encryptions for which the messages depend only on the respective current secret state/key of the scheme. The underlying computational assumption is minimal: we assume the existence of one-way functions. 3. We give evidence that the only previously known KDM secure encryption scheme cannot be proven secure in the standard model (i.e., without random oracles).

Introducing secure modes of operation for optical encryption.

Abstract: We analyze optical encryption systems using the techniques of conventional cryptography. All conventional block encryption algorithms are vulnerable to attack, and often they employ secure modes of operation as one way to increase security. We introduce the concept of conventional secure modes to optical encryption and analyze the results in the context of known conventional and optical attacks. We consider only the optical system "double random phase encoding," which forms the basis for a large number of optical encryption, watermarking, and multiplexing systems. We consider all attacks proposed to date in one particular scenario. We analyze only the mathematical algorithms themselves and do not consider the additional security that arises from employing these algorithms in physical optical systems.

Privacy Protected Surveillance Using Secure Visual Object Coding

Abstract: This paper presents the Secure Shape and Texture SPIHT (SecST-SPIHT) scheme for secure coding of arbitrarily shaped visual objects. The scheme can be employed in a privacy protected surveillance system, whereby visual objects are encrypted so that the content is only available to authorized personnel with the correct decryption key. The secure visual object coder employs shape and texture set partitioning in hierarchical trees (ST-SPIHT) along with a novel selective encryption scheme for efficient, secure storage and transmission of visual object shape and textures. The encryption is performed in the compressed domain and does not affect the rate-distortion performance of the coder. A separate parameter for each encrypted object controls the strength of the encryption versus required processing overhead. Security analyses are provided, demonstrating the confidentiality of both the encrypted and unencrypted portions of the secured output bit-stream, effectively securing the entire object shape and texture content. Experimental results showed that no object details are revealed to attackers who do not possess the correct decryption key. Using typical parameter values and output bit-rates, the SecST-SPIHT coder is shown to require encryption on less than 5% of the output bit-stream, a significant reduction in computational overhead compared to “whole content” encryption schemes.

Provably Secure Timed-Release Public Key Encryption

Abstract: A timed-release cryptosystem allows a sender to encrypt a message so that only the intended recipient can read it only after a specified time. We formalize the concept of a secure timed-release public-key cryptosystem and show that, if a third party is relied upon to guarantee decryption after the specified date, this concept is equivalent to identity-based encryption; this explains the observation that all known constructions use identity-based encryption to achieve timed-release security. We then give several provably-secure constructions of timed-release encryption: a generic scheme based on any identity-based encryption scheme, and two more efficient schemes based on the existence of cryptographically admissible bilinear mappings. The first of these is essentially as efficient as the Boneh-Franklin Identity-Based encryption scheme, and is provably secure and authenticated in the random oracle model; the final scheme is not authenticated but is provably secure in the standard model (i.e., without random oracles).

System and method for managing authentication cookie encryption keys

Abstract: There is provided a system and method for managing authentication cookie encryption keys. The system comprises a computing device including a memory with authentication data having a key identifier and encrypted data with a session identifier. The key identifier references a key having a validity period, the key capable of decrypting the authentication data. A processor of the computing device can respond to user requests for information by retrieving the authentication data and transmitting it to a server. The server can then authenticate the user by verifying the encrypted session identifier using the referenced key. There is also provided a method by which a key server can manage encryption keys. The key server receives an encryption key having a validity period, receives a validity request, confirms or rejects the validity of the encryption key, and automatically invalidates the encryption key upon expiration of the validity period.

Chaos-Based Medical Image Encryption Using Symmetric Cryptography

Abstract: In this paper, we propose an encryption scheme for the medical image encryption based on combination of scrambling and confusion. Chaotic cat map is used for the scrambling the addresses of the medical image pixels. In order to provide security for the scheme, a modified form of Simplified version of Advance Encryption Standard (S-AES) is introduced and applied. The modification is that we make use of chaos for S-box design and replace it with that of S-AES. The so called Chaotic S-AES has all cryptographic characteristics and requirements of S-AES. Hence, the main contribution of this work is that we make use of chaos in both image diffusion and confusion parts. In order to check the performance of the method, experimental implementation has been done. It worth be noting that the resistance of the scheme against differential and linear cryptanalysis is at least as of S-AES.