Results 1  10
of
272
Secure Group Communications Using Key Graphs
, 1998
"... Many emerging applications (e.g., teleconference, realtime information services, pay per view, distributed interactive simulation, and collaborative work) are based upon a group communications model, i.e., they require packet delivery from one or more authorized senders to a very large number of au ..."
Abstract

Cited by 431 (16 self)
 Add to MetaCart
Many emerging applications (e.g., teleconference, realtime information services, pay per view, distributed interactive simulation, and collaborative work) are based upon a group communications model, i.e., they require packet delivery from one or more authorized senders to a very large number of authorized receivers. As a result, securing group communications (i.e., providing confidentiality, integrity, and authenticity of messages delivered between group members) will become a critical networking issue. In this paper, we present a novel solution to the scalability problem of group/multicast key management. We formalize the notion of a secure group as a triple (U; K;R) where U denotes a set of users, K a set of keys held by the users, and R a userkey relation. We then introduce key graphs to specify secure groups. For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave, and specify protocols for joining and leaving a...
PayWord and MicroMint: two simple micropayment schemes
 CryptoBytes
, 1996
"... 1 Introduction We present two simple micropayment schemes, "PayWord " and "MicroMint, " for making small purchases over the Internet. We were inspired to work on this problem by DEC's "Millicent " scheme[10]. Surveys of some electronic payment schemes can be found in Ha ..."
Abstract

Cited by 220 (5 self)
 Add to MetaCart
1 Introduction We present two simple micropayment schemes, "PayWord " and "MicroMint, " for making small purchases over the Internet. We were inspired to work on this problem by DEC's "Millicent " scheme[10]. Surveys of some electronic payment schemes can be found in HallamBaker [6], Schneier[16], and Wayner[18]. Our main goal is to minimize the number of publickey operations required per payment, using hash operations instead whenever possible. As a rough guide, hash functions are about 100 times faster than RSA signature verification, and about 10,000 times faster than RSA signature generation: on a typical workstation, one can sign two messages per second, verify 200 signatures per second, and compute 20,000 hash function values per second.
SIA: Secure Information Aggregation in Sensor Networks
, 2003
"... Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by realworld demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications se ..."
Abstract

Cited by 175 (11 self)
 Add to MetaCart
Sensor networks promise viable solutions to many monitoring problems. However, the practical deployment of sensor networks faces many challenges imposed by realworld demands. Sensor nodes often have limited computation and communication resources and battery power. Moreover, in many applications sensors are deployed in open environments, and hence are vulnerable to physical attacks, potentially compromising the sensor's cryptographic keys. One of the basic and indispensable functionalities of sensor networks is the ability to answer queries over the data acquired by the sensors. The resource constraints and security issues make designing mechanisms for information aggregation in large sensor networks particularly challenging.
How to Sign Digital Streams
, 1997
"... We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the enti ..."
Abstract

Cited by 148 (0 self)
 Add to MetaCart
We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise...
Digital Signatures for Flows and Multicasts
, 1998
"... We present chaining techniques for signing/verifying multiple packets using a single signing/verification operation. We then present flow signing and verification procedures based upon a tree chaining technique. Since a single signing/verification operation is amortized over many packets, these proc ..."
Abstract

Cited by 138 (2 self)
 Add to MetaCart
We present chaining techniques for signing/verifying multiple packets using a single signing/verification operation. We then present flow signing and verification procedures based upon a tree chaining technique. Since a single signing/verification operation is amortized over many packets, these procedures improve signing and verification rates by one to two orders of magnitude compared to the approach of signing/verifying packets individually. Our procedures do not depend upon reliable delivery of packets, provide delaybounded signing, and are thus suitable for delaysensitive flows and multicast applications. To further improve our procedures, we propose several extensions to the FeigeFiatShamir digital signature scheme to substantially speed up both the signing and verification operations, as well as to allow "adjustable and incremental" verification. The extended scheme, called eFFS, is compared to four other digital signature schemes (RSA, DSA, ElGamal, Rabin). We compare their ...
Checking the Correctness of Memories
 Algorithmica
, 1995
"... We extend the notion of program checking to include programs which alter their environment. In particular, we consider programs which store and retrieve data from memory. The model we consider allows the checker a small amount of reliable memory. The checker is presented with a sequence of reques ..."
Abstract

Cited by 97 (11 self)
 Add to MetaCart
We extend the notion of program checking to include programs which alter their environment. In particular, we consider programs which store and retrieve data from memory. The model we consider allows the checker a small amount of reliable memory. The checker is presented with a sequence of requests (online) to a data structure which must reside in a large but unreliable memory. We view the data structure as being controlled by an adversary. We want the checker to perform each operation in the input sequence using its reliable memory and the unreliable data structure so that any error in the operation of the structure will be detected by the checker with high probability. We present checkers for various data structures. We prove lower bounds of log n on the amount of reliable memory needed by these checkers where n is the size of the structure. The lower bounds are information theoretic and apply under various assumptions. We also show timespace tradeoffs for checking random access memories as a generalization of those for coherent functions. 1
COMPUTATIONALLY SOUND PROOFS
, 2000
"... This paper puts forward a new notion of a proof based on computational complexity and explores its implications for computation at large. Computationally sound proofs provide, in a novel and meaningful framework, answers to old and new questions in complexity theory. In particular, given a random o ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
This paper puts forward a new notion of a proof based on computational complexity and explores its implications for computation at large. Computationally sound proofs provide, in a novel and meaningful framework, answers to old and new questions in complexity theory. In particular, given a random oracle or a new complexity assumption, they enable us to 1. prove that verifying is easier than deciding for all theorems; 2. provide a quite effective way to prove membership in computationally hard languages (such as CoNPcomplete ones); and 3. show that every computation possesses a short certificate vouching its correctness. Finally, if a special type of computationally sound proof exists, we show that Blum’s notion of program checking can be meaningfully broadened so as to prove that NPcomplete languages are checkable.
Efficient Certificate Revocation
, 1996
"... We apply offline/online signatures to provide an alternative solution to the problem of certificate revocation. ..."
Abstract

Cited by 91 (1 self)
 Add to MetaCart
We apply offline/online signatures to provide an alternative solution to the problem of certificate revocation.
Sdap: : a secure hopbyhop data aggregation protocol for sensor networks
 in MobiHoc, 2006
"... Hopbyhop data aggregation is a very important technique for reducing the communication overhead and energy expenditure of sensor nodes during the process of data collection in a sensor network. However, because individual sensor readings are lost in the perhop aggregation process, compromised nod ..."
Abstract

Cited by 77 (6 self)
 Add to MetaCart
Hopbyhop data aggregation is a very important technique for reducing the communication overhead and energy expenditure of sensor nodes during the process of data collection in a sensor network. However, because individual sensor readings are lost in the perhop aggregation process, compromised nodes in the network may forge false values as the aggregation results of other nodes, tricking the base station into accepting spurious aggregation results. Here a fundamental challenge is how can the base station obtain a good approximation of the fusion result when a fraction of sensor nodes are compromised? To answer this challenge, we propose SDAP, a Secure Hopbyhop Data Aggregation Protocol for sensor networks. SDAP is a generalpurpose secure data aggregation protocol applicable to multiple aggregation functions. The design of SDAP is based on the principles of divideandconquer and commitandattest. First, SDAP uses a novel probabilistic grouping technique to dynamically partition the nodes in a tree topology into multiple logical groups (subtrees) of similar sizes. A commitmentbased hopbyhop aggregation is performed in each group to generate a group aggregate. The base station then identifies the suspicious groups based on the set of group aggregates. Finally, each group under suspect participates in an attestation process to prove the
Digital Payment Systems with Passive AnonymityRevoking Trustees
 COMPUTER SECURITY  ESORICS 96
, 1996
"... Anonymity of the participants is an important requirement for some applications in electronic commerce, in particular for payment systems. Because anonymity could be in conflict with law enforcement, for instance in cases of blackmailing or money laundering, it has been proposed to design system ..."
Abstract

Cited by 68 (5 self)
 Add to MetaCart
Anonymity of the participants is an important requirement for some applications in electronic commerce, in particular for payment systems. Because anonymity could be in conflict with law enforcement, for instance in cases of blackmailing or money laundering, it has been proposed to design systems in which a trustee or a set of trustees can selectively revoke the anonymity of the participants involved in suspicious transactions. From an operational point of view, it can be an important requirement that such trustees are neither involved in payment transactions nor in the opening of an account, but only in case of a justified suspicion. In this paper we propose the first efficient anonymous digital payment systems satisfying this requirement. The described basic protocol for anonymity revocation can be used in online or offline payment systems.