Results 1  10
of
32
On the Security of Public Key Protocols
, 1983
"... Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an impr ..."
Abstract

Cited by 1053 (0 self)
 Add to MetaCart
Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an improperly designed protocol could be vulnerable to an active saboteur, one who may impersonate another user or alter the message being transmitted. Several models are formulated in which the security of protocols can be discussed precisely. Algorithms and characterizations that can be used to determine protocol security in these models are given.
Functional Encryption: Definitions and Challenges
"... We initiate the formal study of functional encryption by giving precise definitions of the concept and its security. Roughly speaking, functional encryption supports restricted secret keys that enable a key holder to learn a specific function of encrypted data, but learn nothing else about the data. ..."
Abstract

Cited by 37 (9 self)
 Add to MetaCart
We initiate the formal study of functional encryption by giving precise definitions of the concept and its security. Roughly speaking, functional encryption supports restricted secret keys that enable a key holder to learn a specific function of encrypted data, but learn nothing else about the data. For example, given an encrypted program the secret key may enable the key holder to learn the output of the program on a specific input without learning anything else about the program. We show that defining security for functional encryption is nontrivial. First, we show that a natural gamebased definition is inadequate for some functionalities. We then present a natural simulationbased definition and show that it (provably) cannot be satisfied in the standard model, but can be satisfied in the random oracle model. We show how to map many existing concepts to our formalization of functional encryption and conclude with several interesting open problems in this young area.
Encryption and secure computer networks
 ACM Computing Surveys
, 1979
"... There is increasing growth in the number of computer networks in use and in the kinds of distributed computing applications available on these networks This increase, together with concern about privacy, security, and integrity of information exchange, has created considerable interest in the use of ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
There is increasing growth in the number of computer networks in use and in the kinds of distributed computing applications available on these networks This increase, together with concern about privacy, security, and integrity of information exchange, has created considerable interest in the use of encryptlon to protect information in the networks
NonDiscretionary Access Control For Decentralized Computing Systems
, 1977
"... This thesis examines the issues relating to nondiscretionary access controls for decentralized computing systems. Decentralization changes the basic character of a computing system from a set of processes referencing a data base to a set of processes sending and receiving messages. Because messages ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
This thesis examines the issues relating to nondiscretionary access controls for decentralized computing systems. Decentralization changes the basic character of a computing system from a set of processes referencing a data base to a set of processes sending and receiving messages. Because messages must be acknowledged, operations that were readonly in a centralized system become readwrite operations. As a result, the lattice model of nondiscretionary access control, which mediates operations based on read versus readwrite considerations, does not allow direct transfer of algorithms from centralized systems to decentralized systems. This thesis develops new mechanisms that comply with the lattice model and provide the necessary functions for effective decentralized computation. Secure
Efficient Key Establishment for GroupBased Wireless Sensor Deployments
 in ACM WiSe’05
, 2005
"... Establishing pairwise keys for each pair of neighboring sensors is the first concern in securing communication in sensor networks. This task is challenging because resources are limited. Several random key predistribution schemes have been proposed, but they are appropriate only when sensors are uni ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
Establishing pairwise keys for each pair of neighboring sensors is the first concern in securing communication in sensor networks. This task is challenging because resources are limited. Several random key predistribution schemes have been proposed, but they are appropriate only when sensors are uniformly distributed with high density. These schemes also suffer from a dramatic degradation of security when the number of compromised sensors exceeds a threshold. In this paper, we present a groupbased key predistribution scheme, GKE, which enables any pair of neighboring sensors to establish a unique pairwise key, regardless of sensor density or distribution. Since pairwise keys are unique, security in GKE degrades gracefully as the number of compromised nodes increases. In addition, GKE is very efficient since it requires only localized communication to establish pairwise keys, thus significantly reducing the communication overhead. Our security analysis and performance evaluation illustrate the superiority of GKE in terms of resilience, connectivity, communication overhead and memory requirement. Categories and Subject Descriptors C.2 [ComputerCommunication Networks]: secuirty and protection;
Solving a distributed CSP with cryptographic multiparty computations, without revealing constraints and without involving trusted servers
"... Everybody has its own constraint satisfaction problem, private concerns that owners prefer to keep as secret as possible. Resources may be shared and cause the need for cooperation. Here we consider the case where privacy is an overwhelming requirement and we assume that a majority of the participa ..."
Abstract

Cited by 19 (13 self)
 Add to MetaCart
Everybody has its own constraint satisfaction problem, private concerns that owners prefer to keep as secret as possible. Resources may be shared and cause the need for cooperation. Here we consider the case where privacy is an overwhelming requirement and we assume that a majority of the participants are incorruptible. Namely, given n participants, at least an n/2 unknown subset of them are trustworthy and not corrupted or controlled by attackers. This is a common assumption in cryptographic multiparty computations where techniques exploiting such assumptions are known as threshold schemes. This work shows how a random solution of the described problem can be offered with a secure protocol that does not reveal anything except the existence of the solution and tells each participant the valuations corresponding to its subproblem. The technique is based on the properties of the recent Paillier cryptosystem and needs no external arbiter.
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.
Securing Electronic Commerce: Reducing the SSL Overhead
 IEEE Network
, 2000
"... The last couple of years have seen a growing momentum towards using the Internet for conducting business. Web based electronic commerce applications are one of the fastest growing segments of the Internet today. A key enabler for ecommerce applications is the ability to setup secure private channel ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
The last couple of years have seen a growing momentum towards using the Internet for conducting business. Web based electronic commerce applications are one of the fastest growing segments of the Internet today. A key enabler for ecommerce applications is the ability to setup secure private channels over a public network. The Secure Sockets Layer (SSL) protocol provides this capability and it is the most widely used security protocol in the Internet. In this article, we take a close look at the working principles behind SSL with an eye on performance. We benchmark two of the popular web servers that are in wide use in a number of large ecommerce sites. Our results show that the overheads due to SSL can make web servers slower by a couple of orders of magnitude. We investigate the reason for this deficiency by instrumenting the SSL protocol stack with a detailed profiling of the protocol processing components. In light of our observations, we outline architectural guidelines fo...
Arithmetic circuit for the first solution of distributed CSPs with cryptographic multiparty computations
 In IAT
, 2003
"... A large class of problems like meeting scheduling, negotiation, or different types of coordination, can be formulated in terms of agents, variables, and constraints (i.e. predicates) on those variables. Distributed Constraint Satisfaction (DisCSP) is a framework addressing such general problems, nam ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
A large class of problems like meeting scheduling, negotiation, or different types of coordination, can be formulated in terms of agents, variables, and constraints (i.e. predicates) on those variables. Distributed Constraint Satisfaction (DisCSP) is a framework addressing such general problems, namely defined in terms of a set of agents, variables, and constraints that the different agents enforce. General algorithms for DisCSPs yield a basic solution for each of those problems. Each participant has its own constraint satisfaction problem, private concerns that should remain as secret as possible. Resources may be shared and cause the need for cooperation. Here we consider the case where privacy is an overwhelming requirement and we assume that any majority of the participants are incorruptible. Namely, given n participants, at least an n/2 unknown subset of them are trustworthy and not corrupted by attackers. This is a common assumption in cryptographic multipartycomputations, known as a threshold scheme. This work shows how a solution of a general DisCSP can be found securely by the owners of the problem without appealing to any trusted servers. The constraints are shared with Shamir’s secret sharing scheme, transforming the DisCSP into a shared constraint satisfaction problem. An algorithm for such problems is developed. 1
Cipher Based on Quasigroup String Transformations in Z ,” arXiv: cs.CR/0403043, 2004. Authorized licensed use limited to: Oklahoma State University
 at 13:53 from IEEE Xplore. Restrictions apply. AND KAK: MULTILEVEL INDEXED QUASIGROUP ENCRYPTION FOR DATA AND SPEECH 281
"... Abstract. In this paper we design a stream cipher that uses the algebraic structure of the multiplicative group ZZ ∗ p (where p is a big prime number used in ElGamal algorithm), by defining a quasigroup of order p − 1 and by doing quasigroup string transformations. The cryptographical strength of th ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. In this paper we design a stream cipher that uses the algebraic structure of the multiplicative group ZZ ∗ p (where p is a big prime number used in ElGamal algorithm), by defining a quasigroup of order p − 1 and by doing quasigroup string transformations. The cryptographical strength of the proposed stream cipher is based on the fact that breaking it would be at least as hard as solving systems of multivariate polynomial equations modulo big prime number p which is NPhard problem and there are no known fast randomized or deterministic algorithms for solving it. Unlikely the speed of known ciphers that work in ZZ ∗ p for big prime numbers p, the speed of this stream cipher both in encryption and decryption phase is comparable with the fastest symmetrickey stream ciphers.