Results 11  20
of
242
Treebased group key agreement
 ACM Transactions on Information and System Security
, 2004
"... Abstract. Secure and reliable group communication is an active area of research. Its popularity is caused by the growing importance of grouporiented and collaborative applications. The central research challenge is secure and efficient group key management. While centralized methods are often appro ..."
Abstract

Cited by 108 (5 self)
 Add to MetaCart
Abstract. Secure and reliable group communication is an active area of research. Its popularity is caused by the growing importance of grouporiented and collaborative applications. The central research challenge is secure and efficient group key management. While centralized methods are often appropriate for key distribution in large multicaststyle groups, many collaborative group settings require distributed key agreement techniques. This work investigates a novel group key agreement approach which blends socalled key trees with DiffieHellman key exchange. It yields a secure protocol suite (TGDH) that is both simple and faulttolerant. Moreover, the efficiency of TGDH appreciably surpasses that of prior art. 1
Squealing Euros: Privacy Protection in RFIDEnabled Banknotes
 Financial Cryptography ’03
, 2002
"... Thanks to their broad international acceptance and availability in high denominations, there is widespread concern that Euro banknotes may provide an attractive new currency for criminal transactions. ..."
Abstract

Cited by 107 (13 self)
 Add to MetaCart
Thanks to their broad international acceptance and availability in high denominations, there is widespread concern that Euro banknotes may provide an attractive new currency for criminal transactions.
Applications of Multilinear Forms to Cryptography
 Contemporary Mathematics
, 2002
"... We study the problem of finding efficiently computable nondegenerate multilinear maps from G 1 to G 2 , where G 1 and G 2 are groups of the same prime order, and where computing discrete logarithms in G 1 is hard. We present several applications to cryptography, explore directions for building such ..."
Abstract

Cited by 100 (12 self)
 Add to MetaCart
We study the problem of finding efficiently computable nondegenerate multilinear maps from G 1 to G 2 , where G 1 and G 2 are groups of the same prime order, and where computing discrete logarithms in G 1 is hard. We present several applications to cryptography, explore directions for building such maps, and give some reasons to believe that finding examples with n > 2 may be difficult.
Secure Conjunctive Keyword Search over Encrypted Data
 ACNS 04: 2nd International Conference on Applied Cryptography and Network Security
, 2004
"... We study the setting in which a user stores encrypted documents (e.g. emails) on an untrusted server. In order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents. ..."
Abstract

Cited by 97 (1 self)
 Add to MetaCart
We study the setting in which a user stores encrypted documents (e.g. emails) on an untrusted server. In order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents.
On Formal Models for Secure Key Exchange
, 1999
"... A new formal security model for session key exchange protocols in the public key setting is proposed, and several efficient protocols are analyzed in this model. The relationship between this new model and previously proposed models is explored, and several interesting, subtle distinctions between s ..."
Abstract

Cited by 89 (2 self)
 Add to MetaCart
(Show Context)
A new formal security model for session key exchange protocols in the public key setting is proposed, and several efficient protocols are analyzed in this model. The relationship between this new model and previously proposed models is explored, and several interesting, subtle distinctions between static and adaptive adversaries are explored. We also give a brief account of anonymous users.
Another Look at “Provable Security"
, 2004
"... We give an informal analysis and critique of several typical “provable security” results. In some cases there are intuitive but convincing arguments for rejecting the conclusions suggested by the formal terminology and “proofs,” whereas in other cases the formalism seems to be consistent with common ..."
Abstract

Cited by 73 (13 self)
 Add to MetaCart
(Show Context)
We give an informal analysis and critique of several typical “provable security” results. In some cases there are intuitive but convincing arguments for rejecting the conclusions suggested by the formal terminology and “proofs,” whereas in other cases the formalism seems to be consistent with common sense. We discuss the reasons why the search for mathematically convincing theoretical evidence to support the security of publickey systems has been an important theme of researchers. But we argue that the theoremproof paradigm of theoretical mathematics is often of limited relevance here and frequently leads to papers that are confusing and misleading. Because our paper is aimed at the general mathematical public, it is selfcontained and as jargonfree as possible.
Using Hash Functions as a Hedge against Chosen Ciphertext Attack
, 2000
"... The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to bas ..."
Abstract

Cited by 73 (7 self)
 Add to MetaCart
The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional DiffieHellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to base a security proof on a weaker assumption, such as the Computational DiffieHellman assumption. Indeed, this cryptosystem in its most basic form is in fact insecure if the Decisional DiffieHellman assumption is false. In this paper we present a practical hybrid scheme that is just as efficient as the scheme of of Cramer and Shoup; we prove that the scheme is secure if the Decisional DiffieHellman assumption is true; we give strong evidence that the scheme is secure if the weaker, Computational DiffieHellman assumption is true by providing a proof of security in the random oracle model.
Privacyenhancing kanonymization of customer data
 in Proceedings of the 24rd ACM SIGACTSIGMODSIGART Symposium on Principles of Database Systems (PODS
, 2005
"... In order to protect individuals ’ privacy, the technique of kanonymization has been proposed to deassociate sensitive attributes from the corresponding identifiers. In this paper, we provide privacyenhancing methods for creating kanonymous tables in a distributed scenario. Specifically, we cons ..."
Abstract

Cited by 70 (2 self)
 Add to MetaCart
(Show Context)
In order to protect individuals ’ privacy, the technique of kanonymization has been proposed to deassociate sensitive attributes from the corresponding identifiers. In this paper, we provide privacyenhancing methods for creating kanonymous tables in a distributed scenario. Specifically, we consider a setting in which there is a set of customers, each of whom has a row of a table, and a miner, who wants to mine the entire table. Our objective is to design protocols that allow the miner to obtain a kanonymous table representing the customer data, in such a way that does not reveal any extra information that can be used to link sensitive attributes to corresponding identifiers, and without requiring a central authority who has access to all the original data. We give two different formulations of this problem, with provably private solutions. Our solutions enhance the privacy of kanonymization in the distributed scenario by maintaining endtoend privacy from the original customer data to the final kanonymous results. 1.
Efficient Trace and Revoke Schemes
 Financial Cryptography  FC 2000
, 2000
"... Our goal is to design encryption schemes for mass distribution of data in which it is possible to (1) deter users from leaking their personal keys, (2) trace which users leaked keys to construct an illegal decryption device, and (3) revoke these keys as to render the device dysfunctional. We start b ..."
Abstract

Cited by 65 (1 self)
 Add to MetaCart
Our goal is to design encryption schemes for mass distribution of data in which it is possible to (1) deter users from leaking their personal keys, (2) trace which users leaked keys to construct an illegal decryption device, and (3) revoke these keys as to render the device dysfunctional. We start by designing an efficient revocation scheme, based on secret sharing. It can remove up to t parties and is secure against coalitions of up to t users. The performance of this scheme is more efficient than that of previous schemes with the same properties. We then show how to enhance the revocation scheme with traitor tracing and self enforcement properties. More precisely, how to construct schemes such that (1) Each user's personal key contains some sensitive information of that user (e.g., the user's credit card number), in order to make users would be reluctant to disclose their keys. (2) An illegal decryption device discloses the identity of users that contributed keys to construct the device. And, (3) it is possible to revoke the keys of corrupt users. For the last point it is important to be able to do so without publicly disclosing the sensitive information.