Abstract. We consider the problem of proving that a user has selected and correctly employed a truly random seed in the generation of her RSA key pair. This task is related to the problem of key validation, the process whereby a user proves to another party that her key pair has been generated securely. The aim of key validation is to pursuade the verifying party that the user has not intentionally weakened or reused her key or unintentionally made use of bad software. Previous approaches to this problem have been ad hoc, aiming to prove that a private key is secure against specific types of attacks, e.g., that an RSA modulus is resistant to elliptic-curve-based factoring attacks. This approach results in a rather unsatisfying laundry list of security tests for keys. We propose a new approach that we refer to as key generation with verifiable randomness (KEGVER). Our aim is to show in zero knowledge that a private key has been generated at random according to a prescribed process, and is therefore likely to benefit from the full strength of the underlying cryptosystem. Our proposal may be viewed as a kind of distributed key generation protocol involving the user and verifying party. Because the resulting private key is held solely by the user, however, we are able to propose a protocol much more practical than conventional distributed key generation. We focus here on a KEGVER protocol for RSA key generation. Key words: certificate authority, key generation, non-repudiation, publickey infrastructure, verifiable randomness, zero knowledge 1

WEDDS, the WITS Encrypted Data Delivery System, is a framework for supporting distributed mission operations by automatically transferring sensitive mission data in a secure and efficient manner to and from remote mission participants over the Internet. WEDDS was originally developed as part of WITS, the Web Interface for Telescience, and will be used in the 1998 Mars Polar Lander Mission to support distributed mission operations over the Internet for the first time in NASA history. WEDDS is written in Java, and is designed to provide secure distributed operations capabilities to any existing mission application with little modification, and in a manner that is nearly transparent to the existing application and its users.

Abstract. Incentive scheme for stimulating service provision in Mobile Ad hoc NETworks (MANET) has been under intensive investigation due to its significance to the operation of MANET. This paper applies distributed algorithmic mechanism design and utilizes Vickrey auction for service allocation in mobile ad hoc networks. We show that our method stimulates service provision and achieves desired system-wide service allocation in spite of each agent’s selfish behavior, while introducing challenges from the inherent shortcomings of Vickrey auction and characteristics of MANET. We discuss the challenges, the existing solutions for wireline networks and propose a system model for service allocation in MANET. 1

Abstract. Perfect forward secrecy, one of the possible security features provided by key establishment protocols, concerns dependency of a session key upon long-term secret keys (symmetric or asymmetric). The feature promises that even if a long-term private key is disclosed to any adversary, the session keys established in the protocol runs using the long-term key would not be compromised. The importance of this kind of belief may differ greatly among application environments, in terms of both communication types and different communicating entities. We describe two generic prototypes of protocols which bring forward secrecy to security protocols. We note that future generation mobile communication environment will be filled with diverse types of communication users and data. The security protocol in a prominent future mobile system, UMTS, was originally designed without any consideration of perfect forward secrecy. We consider modified protocols to provide this property. 1

This paper describes a key management scheme that is designed to work in low-power mobile ad hoc networks. The key management scheme is built around the concept of a neighborhood in which nodes dynamically establish link keys based on keying material they already possess. As nodes wander through the network, their neighborhood changes and the keys are updated to reflect this change in environment. Our protocol is designed to work in power constrained environments and only uses efficient symmetric cryptographic primitives.

We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm.

Abstract. Electronic payment systems for wireless devices need to take into account the limited computational and storage ability of such devices. Micropayment schemes seem well suited to this scenario since they are specifically designed for efficient operation. Most micropayment schemes require a digital signature and therefore users must support public key operations and, furthermore, a public key infrastructure must be available. Such schemes are not suitable for current wireless systems since public key technology is not supported. We examine the SVP micropayment scheme which overcomes this problem by using only symmetric key cryptography and relying on tamper resistance. Some limitations are observed in the SVP micropayment scheme and an enhanced scheme is proposed suitable for current generation wireless communications. 1

Abstract—In multi-hop cellular networks, the mobile nodes usually relay others ’ packets for enhancing the network performance and deployment. However, selfish nodes usually do not cooperate but make use of the cooperative nodes to relay their packets, which has a negative effect on the network fairness and performance. In this paper, we propose a fair and efficient incentive mechanism to stimulate the node cooperation. Our mechanism applies a fair charging policy by charging the source and destination nodes when both of them benefit from the communication. To implement this charging policy efficiently, hashing operations are used in the ACK packets to reduce the number of digital-signature operations. Moreover, reducing the overhead of the payment cheques is essential for the efficient implementation of the incentive mechanism due to the large number of payment transactions. Instead of generating a cheque per message, a small-size cheque can be generated per route, and a cheque submission scheme is proposed to reduce the number of submitted cheques and protect against collusion attacks. Extensive analysis and simulations demonstrate that our mechanism can secure the payment and significantly reduce the cheques ’ overhead, and the fair charging policy can be implemented almost computationally free by using hashing operations. Index Terms—Network-level security and protection, Wireless communication, Payment schemes, Hybrid systems.

Algebra, 6th edition, Addison-Wesley, 1998. [FR95] P. Fahn and M.J.B. Robshaw, Results from the RSA Factoring Challenge, Technical Report TR-501, version 1.3, RSA Laboratories, January 1995. [FS87] A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Advances in Cryptology -- Crypto '86, Springer-Verlag (1987), 186-194. [FY94] M. Franklin and M. Yung, Blind Weak Signature and its Applications: Putting Non-Cryptographic Secure Computation to Work, Advances in Cryptology -- Eurocrypt '94, Springer-Verlag (1994), 67-76. [Gan95] R. Ganesan. Yaksha, Augmenting Kerberos with public key cryptography, Proceedings of the 1995 Internet Society Symposium on Network and Distributed Systems Security, IEEE Press (1995), 132-143. [GC89] D. Gollman and W.G. Chambers, Clock-controlled shift registers: a review, IEEE Journal on Selected Areas in Communications (4) 7 (1989), 525-533. [Gib93] J.K. Gibson, Severely denting the Babidulin version o...

A preliminary security assessment of cryptographic primitives submitted to the NESSIE project is given in this deliverable.