Results 1  10
of
772
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks
 INTERNATIONAL CONFERENCE ON MOBILE COMPUTING AND NETWORKING
, 2000
"... This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identies misbehavi ..."
Abstract

Cited by 835 (4 self)
 Add to MetaCart
This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%.
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 439 (18 self)
 Add to MetaCart
(Show Context)
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
A Fuzzy Commitment Scheme
 ACM CCS'99
, 1999
"... We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: i ..."
Abstract

Cited by 244 (1 self)
 Add to MetaCart
(Show Context)
We combine wellknown techniques from the areas of errorcorrecting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: it is infeasible for an attacker to learn the committed value, and also for the committer to decommit a value in more than one way. In a conventional scheme, a commitment must be opened using a unique witness, which acts, essentially, as a decryption key. By contrast, our scheme is fuzzy in the sense that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of our fuzzy commitment scheme makes it useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme is tolerant of error, it is capable of protecting biometric data just as conventional cryptographic techniques, like hash functions, are used to protect alphanumeric passwords. This addresses a major outstanding problem in the theory of biometric authentication. We prove the security characteristics of our fuzzy commitment scheme relative to the properties of an underlying cryptographic hash function.
Informationtheoretic analysis of information hiding
 IEEE Transactions on Information Theory
, 2003
"... Abstract—An informationtheoretic analysis of information hiding is presented in this paper, forming the theoretical basis for design of informationhiding systems. Information hiding is an emerging research area which encompasses applications such as copyright protection for digital media, watermar ..."
Abstract

Cited by 237 (18 self)
 Add to MetaCart
(Show Context)
Abstract—An informationtheoretic analysis of information hiding is presented in this paper, forming the theoretical basis for design of informationhiding systems. Information hiding is an emerging research area which encompasses applications such as copyright protection for digital media, watermarking, fingerprinting, steganography, and data embedding. In these applications, information is hidden within a host data set and is to be reliably communicated to a receiver. The host data set is intentionally corrupted, but in a covert way, designed to be imperceptible to a casual analysis. Next, an attacker may seek to destroy this hidden information, and for this purpose, introduce additional distortion to the data set. Side information (in the form of cryptographic keys and/or information about the host signal) may be available to the information hider and to the decoder. We formalize these notions and evaluate the hiding capacity, which upperbounds the rates of reliable transmission and quantifies the fundamental tradeoff between three quantities: the achievable informationhiding rates and the allowed distortion levels for the information hider and the attacker. The hiding capacity is the value of a game between the information hider and the attacker. The optimal attack strategy is the solution of a particular ratedistortion problem, and the optimal hiding strategy is the solution to a channelcoding problem. The hiding capacity is derived by extending the Gel’fand–Pinsker theory of communication with side information at the encoder. The extensions include the presence of distortion constraints, side information at the decoder, and unknown communication channel. Explicit formulas for capacity are given in several cases, including Bernoulli and Gaussian problems, as well as the important special case of small distortions. In some cases, including the last two above, the hiding capacity is the same whether or not the decoder knows the host data set. It is shown that many existing informationhiding systems in the literature operate far below capacity. Index Terms—Channel capacity, cryptography, fingerprinting, game theory, information hiding, network information theory,
Key Agreement in Dynamic Peer Groups
 IEEE Transactions on Parallel and Distributed Systems
, 2000
"... As a result of the increased popularity of grouporiented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele and videoconferencing. Regardless of the application environment, security services are necessary to provi ..."
Abstract

Cited by 186 (20 self)
 Add to MetaCart
(Show Context)
As a result of the increased popularity of grouporiented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele and videoconferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This paper considers the problem of key agreementindynamic peer groups. (Key agreement, especially in a group setting, is the steeping stone for all other security services.) Dynamic peer groups require not only initial key agreement (IKA) but also auxiliary key agreement (AKA) operations such as member addition, member deletion and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers complete key agreement services. CLIQUES is based on multiparty extensions of the wellknown DiffieHellman key exchange method. The protocols are efficient and provably secure against passiveadversari...
Perceptual Watermarks for Digital Images and Video
, 2007
"... The growth of new imaging technologies has created a need for techniques that can be used for copyright protection of digital images. Copyright protection involves the authentication of image content and/or ownership and can be used to identify illegal copies of a (possibly forged) image. One approa ..."
Abstract

Cited by 161 (20 self)
 Add to MetaCart
The growth of new imaging technologies has created a need for techniques that can be used for copyright protection of digital images. Copyright protection involves the authentication of image content and/or ownership and can be used to identify illegal copies of a (possibly forged) image. One approach for copyright protection is to introduce an invisible signal known as a digital watermark in the image. In this paper, we describe digital image watermarking techniques, known as perceptually based watermarks, that are designed to exploit aspects of the human visual system. In the most general sense, any watermarking technique that attempts to incorporate an invisible mark into an image is perceptually based. However, in order to provide transparency (invisibility of the watermark) and robustness to attack, more sophisticated use of perceptual information in the watermarking process is required. Several techniques have been introduced that incorporate a simple visual model in the marking procedure. Such techniques usually take advantage of frequency selectivity and weighing to provide some perceptual criteria in the watermarking process. Even more elaborate visual models are used to develop schemes that not only take advantage of frequency
Efficient generation of shared RSA keys
 Advances in Cryptology  CRYPTO 97
, 1997
"... We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the ..."
Abstract

Cited by 132 (5 self)
 Add to MetaCart
We describe efficient techniques for a number of parties to jointly generate an RSA key. At the end of the protocol an RSA modulus N = pq is publicly known. None of the parties know the factorization of N. In addition a public encryption exponent is publicly known and each party holds a share of the private exponent that enables threshold decryption. Our protocols are efficient in computation and communication. All results are presented in the honest but curious settings (passive adversary).
Order Preserving Encryption for Numeric Data
, 2004
"... Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an orderpreserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypte ..."
Abstract

Cited by 125 (2 self)
 Add to MetaCart
(Show Context)
Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an orderpreserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypted data. Query results produced are sound (no false hits) and complete (no false drops). Our scheme handles updates gracefully and new values can be added without requiring changes in the encryption of other values. It allows standard database indexes to be built over encrypted tables and can easily be integrated with existing database systems. The proposed scheme has been designed to be deployed in application environments in which the intruder can get access to the encrypted database, but does not have prior domain information such as the distribution of values and cannot encrypt or decrypt arbitrary values of his choice. The encryption is robust against estimation of the true value in such environments.
iBundle: An Efficient Ascending Price Bundle Auction
 In ACM Conference on Electronic Commerce
, 1999
"... Standard auction mechanisms often break down in important ecommerce applications, where agents demand bundles of complementary resources, i.e. "I only want B if I also get A". This paper describes Bundle, an ascendingprice auction that is guaranteed to compute optimal bundle allocations ..."
Abstract

Cited by 114 (13 self)
 Add to MetaCart
(Show Context)
Standard auction mechanisms often break down in important ecommerce applications, where agents demand bundles of complementary resources, i.e. "I only want B if I also get A". This paper describes Bundle, an ascendingprice auction that is guaranteed to compute optimal bundle allocations with agents that follow a bestresponse bidding strategy. The auction prices bundles directly and allows agents to place additive or exclusiveor bids over collections of bundles. Empirical results confirm that Bundle generates efficient allocations for hard resource allocation problems. Furthermore, we show that Bundle generates solutions without complete revelation (or computation) of agent preferences. Keywords Iterative auction, agentmediated electronic commerce, resource allocation, bundling problem, price discrimination.