Results 1  10
of
99
Persistent Authenticated Dictionaries and Their Applications
 In Proc. Information Security Conference (ISC 2001), volume 2200 of LNCS
, 2001
"... We introduce the notion of persistent authenticated dictionaries, that is, dictionaries where the user can make queries of the type "was element e in set S at time t?" and get authenticated answers. Applications include credential and certificate validation checking in the past (as in digi ..."
Abstract

Cited by 69 (19 self)
 Add to MetaCart
(Show Context)
We introduce the notion of persistent authenticated dictionaries, that is, dictionaries where the user can make queries of the type "was element e in set S at time t?" and get authenticated answers. Applications include credential and certificate validation checking in the past (as in digital signatures for electronic contracts), digital receipts, and electronic tickets. We present two data structures that can efficiently support an infrastructure for persistent authenticated dictionaries, and we compare their performance.
An Efficient Dynamic and Distributed Cryptographic Accumulator
 Tech. Rep., Johns Hopkins Information Security Institute
, 2002
"... We show how to use the RSA oneway accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source. Our accumulatorbased scheme for authenticated dicti ..."
Abstract

Cited by 51 (20 self)
 Add to MetaCart
We show how to use the RSA oneway accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source. Our accumulatorbased scheme for authenticated dictionaries supports efficient incremental updates of the underlying set by insertions and deletions of elements. Also, the user can optimally verify in constant time the authenticity of the answer provided by a directory with a simple and practical algorithm. This work has applications to certificate management in public key infrastructure and endtoend integrity of data collections published by third parties on the Internet.
Authenticated Data Structures for Graph and Geometric Searching
 IN CTRSA
, 2001
"... Following in the spirit of data structure and algorithm correctness checking, authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being maintained by a remote host. We present techniques for authenticatin ..."
Abstract

Cited by 49 (20 self)
 Add to MetaCart
(Show Context)
Following in the spirit of data structure and algorithm correctness checking, authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being maintained by a remote host. We present techniques for authenticating data structures that represent graphs and collection of geometric objects. We use a model where a data structure maintained by a trusted source is mirrored at distributed directories, with the directories answering queries made by users. When a user queries a directory, it receives a cryptographic proof in addition to the answer, where the proof contains statements signed by the source. The user verifies the proof trusting only the statements signed by the source. We show how to efficiently authenticate data structures for fundamental problems on networks, such as path and connectivity queries, and on geometric objects, such as intersection and containment queries.
On the Cost of Authenticated Data Structures
 In Proc. European Symp. on Algorithms, volume 2832 of LNCS
, 2003
"... Authenticated data structures provide a model for data authentication, where answers to queries contain extra information that can produce a cryptographic proof about the validity of the answers. In this paper, we study the authentication cost that is associated with this model when authenticatio ..."
Abstract

Cited by 45 (22 self)
 Add to MetaCart
(Show Context)
Authenticated data structures provide a model for data authentication, where answers to queries contain extra information that can produce a cryptographic proof about the validity of the answers. In this paper, we study the authentication cost that is associated with this model when authentication is performed through hierarchical cryptographic hashing. We introduce measures that precisely model the computational overhead that is introduced due to authentication.
Accountable Certificate Management Using Undeniable Attestations
 COMPUTER AND COMMUNICATIONS SECURITY
, 2000
"... This paper initiates a study of accountable certificate management methods, necessary to support longterm authenticity of digital documents. Our main contribution is a model for accountable certificate management, where clients receive attestations confirming inclusion/removal of their certificates ..."
Abstract

Cited by 45 (3 self)
 Add to MetaCart
This paper initiates a study of accountable certificate management methods, necessary to support longterm authenticity of digital documents. Our main contribution is a model for accountable certificate management, where clients receive attestations confirming inclusion/removal of their certificates from the database of valid certificates. We explain why accountability depends on the inability of the third parties to create contradictory attestations. After that we define an undeniable attester as a primitive that provides efficient attestation creation, publishing and verification, so that it is intractable to create contradictory attestations. We introduce authenticated search trees and build an efficient undeniable attester upon them. The proposed system is the first accountable longterm certificate management system. Moreover, authenticated search trees can be used in many securitycritical applications instead of the (sorted) hash trees to reduce trust in the authorities, without decrease in efficiency. Therefore, the undeniable attester promises looks like a very useful cryptographic primitive with a wide range of applications.
Efficient Authenticated Dictionaries with Skip Lists and Commutative Hashing
 TECH. REP., JOHNS HOPKINS INFORMATION SECURITY INSTITUTE
, 2001
"... We present an efficient and practical technique for dynamically maintaining an authenticated dictionary. The main building blocks of our scheme are the skip list data structure and cryptographic associative hash functions. Applications of our work include certificate revocation in public key infrast ..."
Abstract

Cited by 32 (11 self)
 Add to MetaCart
(Show Context)
We present an efficient and practical technique for dynamically maintaining an authenticated dictionary. The main building blocks of our scheme are the skip list data structure and cryptographic associative hash functions. Applications of our work include certificate revocation in public key infrastructure and the the publication of data collections on the Internet.
Eliminating Counterevidence with Applications to Accountable Certificate Management
 Journal of Computer Security
, 2002
"... This paper presents a method to increase the accountability of certificate management by making it intractable for the certification authority (CA) to create contradictory statements about the validity of a certificate. The core of the method is a new primitive, undeniable attester, that allows s ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
This paper presents a method to increase the accountability of certificate management by making it intractable for the certification authority (CA) to create contradictory statements about the validity of a certificate. The core of the method is a new primitive, undeniable attester, that allows someone to commit to some set S of bitstrings by publishing a short digest of S and to give attestations for any x that it is or is not a member of S. Such an attestation can be verified by obtaining in authenticated way the published digest and applying a verification algorithm to the triple of the bitstring, the attestation and the digest. The most important feature of this primitive is intractability of creating two contradictory proofs for the same candidate element x and digest. We give an efficient construction for undeniable attesters based on authenticated search trees. We show that the construction also applies to sets of more structured elements. We also show that undeniable attesters exist iff collisionresistant hash functions exist.
Efficient data structures for tamperevident logging
 In Proceedings of the 18th USENIX Security Symposium
, 2009
"... Many realworld applications wish to collect tamperevident logs for forensic purposes. This paper considers the case of an untrusted logger, serving a number of clients who wish to store their events in the log, and kept honest by a number of auditors who will challenge the logger to prove its corre ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
(Show Context)
Many realworld applications wish to collect tamperevident logs for forensic purposes. This paper considers the case of an untrusted logger, serving a number of clients who wish to store their events in the log, and kept honest by a number of auditors who will challenge the logger to prove its correct behavior. We propose semantics of tamperevident logs in terms of this auditing process. The logger must be able to prove that individual logged events are still present, and that the log, as seen now, is consistent with how it was seen in the past. To accomplish this efficiently, we describe a treebased data structure that can generate such proofs with logarithmic size and space, improving over previous linear constructions. Where a classic hash chain might require an 800 MB trace to prove that a randomly chosen event is in a log with 80 million events, our prototype returns a 3 KB proof with the same semantics. We also present a flexible mechanism for the log server to present authenticated and tamperevident search results for all events matching a predicate. This can allow largescale log servers to selectively delete old events, in an agreedupon fashion, while generating efficient proofs that no inappropriate events were deleted. We describe a prototype implementation and measure its performance on an 80 million event syslog trace at 1,750 events per second using a single CPU core. Performance improves to 10,500 events per second if cryptographic signatures are offloaded, corresponding to 1.1 TB of logging throughput per week. 1
Computational bounds on hierarchical data processing with applications to information security
 In Proc. Int. Colloquium on Automata, Languages and Programming (ICALP), volume 3580 of LNCS
, 2005
"... Motivated by the study of algorithmic problems in the domain of information security, in this paper, we study the complexity of a new class of computations over a collection of values associated with a set of n elements. We introduce hierarchical data processing (HDP) problems which involve the comp ..."
Abstract

Cited by 27 (16 self)
 Add to MetaCart
(Show Context)
Motivated by the study of algorithmic problems in the domain of information security, in this paper, we study the complexity of a new class of computations over a collection of values associated with a set of n elements. We introduce hierarchical data processing (HDP) problems which involve the computation of a collection of output values from an input set of n elements, where the entire computation is fully described by a directed acyclic graph (DAG). That is, individual computations are performed and intermediate values are processed according to the hierarchy induced by the DAG. We present an Ω(log n) lower bound on various computational cost measures for HDP problems. Essential in our study is an analogy that we draw between the complexities of any HDP problem of size n and searching by comparison in an order set of n elements, which shows an interesting connection between the two problems. In view of the logarithmic lower bounds, we also develop a new randomized DAG scheme for HDP problems that provides close to optimal performance and achieves cost measures with constant factors of the (logarithmic) leading asymptotic term that are close to optimal. Our lower bounds are general, apply to all HDP problems and, along with our new DAG construction, they provide an interesting –as well as useful in the area of algorithm analysis – theoretical framework. We apply our results to two information security problems, data authentication through cryptographic hashing and multicast key distribution using keygraphs and get a unified analysis and treatment for these problems. We show that both problems involve HDP and prove logarithmic lower bounds on their computational and communication costs. In particular, using our new DAG scheme, we present a new efficient authenticated dictionary with improved authentication overhead over previously known schemes. Moreover, through the relation between HDP and searching by comparison, we present a new skiplist version where the expected number of comparisons in a search is 1.25log 2 n + O(1). 1
Expander Graphs for Digital Stream Authentication and Robust Overlay Networks
 IN PROCEEDINGS OF THE 2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2002
"... We use expander graphs to provide efficient new constructions for two security applications: authentication of long digital streams over lossy networks and building scalable, robust overlay networks. Here is a summary of our contributions: (1) To authenticate long digital streams over lossy networks ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
We use expander graphs to provide efficient new constructions for two security applications: authentication of long digital streams over lossy networks and building scalable, robust overlay networks. Here is a summary of our contributions: (1) To authenticate long digital streams over lossy networks, we provide a construction with a provable lower bound on the ability to authenticate a packet  and that lower bound is independent of the size of the graph. To achieve this, we present an authentication expander graph with constant degree. (Previous work, such as [MS01], used authentication graphs but required graphs with degree linear in the number of vertices.) (2) To build efficient, robust, and scalable overlay networks, we provide a construction using undirected expander graphs with a provable lower bound on the ability of a broadcast message to successfully reach any receiver. This also gives us a new, more efficient solution to the decentralized certificate revocation problem [WLM00].