. A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first problem (a) have been developed. The second problem (b) seems to be much harder: It is the general belief that computation privacy for mobile code cannot be provided without tamper resistant hardware. Furthermore it is doubted that an agent can keep a secret (e.g., a secret key to generate digital signatures). There is an error in reasoning in the arguments supporting these beliefs which we are going to point out. In this paper we describe software-only approaches for providing computation privacy for mobile code in the important case that the mobile code fragment computes an algebraic circuit (a polynomial). We further describe an approach how a mobile agent can digitally sign his...

The Sanctuary project at UCSD is building a secure infrastructure for mobile agents, and examining

Is there such a thing anymore as a software system that doesn't need to be secure? Almost every softwarecontrolled system faces threats from potential adversaries, from Internet-aware client applications running on PCs, to complex telecommunications and power systems accessible over the Internet, to commodity software with copy protection mechanisms. Software engineers must be cognizant of these threats and engineer systems with credible defenses, while still delivering value to customers. In this paper, we present our perspectives on the research issues that arise in the interactions between software engineering and security.

Mobile code technology has become a driving force for recent advances in distributed systems. The concept of mobility of executable code raises major security problems. In this paper we deal with the protection of mobile code from possibly malicious hosts. We conceptualize on the specific cryptographic problems posed by mobile code. We are able to provide a solution for some of these problems: We present techniques how to achieve "non--interactive computing with encrypted programs" in certain cases and give a complete solution for this problem in important instances. We further present a way how an agent might securely perform a cryptographic primitive, digital signing, in an untrusted execution environment. Our results are based on the use of homomorphic encryption schemes and function composition techniques. ii 1 Introduction The security of the execution environment is a basic cornerstone of cryptographic systems: the parties which perform a cryptographic protocol require a tru...

Publish-subscribe is a communication paradigm that supports dynamic, many-to-many communications in a distributed environment. Content-based pub-sub systems are often implemented on a peer-to-peer infrastructure that enables information dissemination from information producers (publishers) to consumers (subscribers) through a subscription mechanism. In a wide-area pubsub network, the pub-sub service must handle information dissemination across distinct authoritative domains, heterogeneous platforms and a large, dynamic population of publishers and subscribers. Such an environment raises serious security concerns. In this paper, we investigate the security issues and requirements that arise in an internet-scale content-based pub-sub system. We distinguish among those requirements that can be

Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client inter-acts with one or more servers holding copies of a database z = zt,...,z, in order to compute f(z~t,...,z~,,,) , for some function f and indices i = it,...,i, ~ chosen by the client. Ideally, the client must learn nothing more about the database than f(zit,..., zi,,~), and the servers should learn nothing. Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communi-cation complexity that is at least linear in n, making them prohibitive for large databases even when f is relatively sim-ple and m is small. We present various approaches for con-structing sublinear-communication $PFE protocols, both for the general problem and for special cases of interest. Our so-lutions not only offer sublinear communication complexity, but are also practical in many scenarios. 1.

Software piracy is a major economic problem: it leads to revenue losses, it favors big software housesthat are less hurt by these losses and it prevents new software economy models where small enterprises can sell software on a per-usage basis. Proprietary algorithms are currently hard to protect, both at the technical as well as the legal level. In this paper we show how encrypted programs can be used to achieve protection of algorithms against disclosure. Moreover, using this approachwe describe a protocol that ensures -- under reasonable conditions -- that only licensed users are able to obtain the cleartext output of the program. This protocol also allows to charge clients on a per-usage basis. These results are applied to a special class of functions for which we obtain a secure and computationally feasible solution: the key point is to encrypt functions such that they remain executable. We further show how to robustly fingerprint the resulting programs. Our approach...

This paper presents an original approach to the problem of function hiding based on Error Correcting Codes and evaluates the security of this approach. The novelty of the technique consists in using Error Correcting Codes to hide functions instead of encrypting data vectors. This protocol mainly deals with the issue of secure evaluation of functions in potentially hostile environments. 1: Introduction With the advent of new computing paradigms like mobile code and ubiquitous computing, the privacy and integrity of software programs become a major concern beyond classical data security considerations. Running a program in a potentially hostile environment may lead to various security requirements, as follows: - a company might need to prevent the disclosure of certain sensitive algorithms implemented in its software products despite extensive code analysis and reverse engineering by potential intruders including its customers; - a mobile software agent acting on behalf of a person m...

: This position paper discusses the problem of evaluating a function on an untrusted host, while maintaining the confidentiality of the function. A new non-interactive protocol designed to evaluate a function on an untrusted host is presented. The protocol prevents the disclosure of the function under cryptographic assumptions. Keywords: Mobile code protection, privacy of computations, malicious hosts. 1 Introduction With the advent of new computing paradigms like mobile code and ubiquitous computing, the privacy and integrity of software programs become a major concern beyond classical data security considerations. Running a program in a potentially hostile environment may raise various security requirements, as follows: - a company might need to prevent the disclosure of certain sensitive algorithms implemented in its software products despite extensive code analysis and reverse engineering by potential intruders including its customers; - a mobile software agent acting on behalf...

We study the complexity of securely evaluating arithmetic circuits over finite rings. This question is motivated by natural secure computation tasks. Focusing mainly on the case of two-party protocols with security against malicious parties, our main goals are to: (1) only make black-box calls to the ring operations and standard cryptographic primitives, and (2) minimize the number of such black-box calls as well as the communication overhead. We present several solutions which differ in their efficiency, generality, and underlying intractability assumptions. These include: • An unconditionally secure protocol in the OT-hybrid model which makes a black-box use of an arbitrary ring R, but where the number of ring operations grows linearly with (an upper bound on) log |R|. • Computationally secure protocols in the OT-hybrid model which make a black-box use of an underlying ring, and in which the number of ring operations does not grow with the ring size. The protocols rely on variants of previous intractability assumptions related to linear codes. In the most efficient instance of these protocols, applied to a suitable class of fields, the (amortized) communication cost is a constant number of field elements per multiplication gate and the computational cost is dominated by O(log k) field operations per gate, where k is a security parameter. These results extend a previous approach of Naor and Pinkas for secure polynomial evaluation (SIAM J. Comput., 35(5), 2006). • A protocol for the rings Zm = Z/mZ which only makes a black-box use of a homomorphic encryption scheme. When m is prime, the (amortized) number of calls to the encryption scheme for each gate of the circuit is constant. All of our protocols are in fact UC-secure in the OT-hybrid model and can be generalized to multiparty computation with an arbitrary number of malicious parties.