Results 1 - 10
of
37
SCRIBE: A large-scale and decentralized application-level multicast infrastructure
- IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS (JSAC
, 2002
"... This paper presents Scribe, a scalable application-level multicast infrastructure. Scribe supports large numbers of groups, with a potentially large number of members per group. Scribe is built on top of Pastry, a generic peer-to-peer object location and routing substrate overlayed on the Internet, ..."
Abstract
-
Cited by 658 (29 self)
- Add to MetaCart
(Show Context)
This paper presents Scribe, a scalable application-level multicast infrastructure. Scribe supports large numbers of groups, with a potentially large number of members per group. Scribe is built on top of Pastry, a generic peer-to-peer object location and routing substrate overlayed on the Internet, and leverages Pastry's reliability, self-organization, and locality properties. Pastry is used to create and manage groups and to build efficient multicast trees for the dissemination of messages to each group. Scribe provides best-effort reliability guarantees, but we outline how an application can extend Scribe to provide stronger reliability. Simulation results, based on a realistic network topology model, show that Scribe scales across a wide range of groups and group sizes. Also, it balances the load on the nodes while achieving acceptable delay and link stress when compared to IP multicast.
A statistical test suite for random and pseudorandom number generators for cryptographic applications
, 2001
"... (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of ..."
Abstract
-
Cited by 195 (0 self)
- Add to MetaCart
(Show Context)
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-22 revision 1
Password Hardening Based on Keystroke Dynamics
- International Journal of Information Security
, 1999
"... Abstract. We present a novel approach to improving the security of passwords. In our approach, the legitimate user’s typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user’s password to generate a hardened password that is convincingly more secure ..."
Abstract
-
Cited by 145 (8 self)
- Add to MetaCart
Abstract. We present a novel approach to improving the security of passwords. In our approach, the legitimate user’s typing patterns (e.g., durations of keystrokes and latencies between keystrokes) are combined with the user’s password to generate a hardened password that is convincingly more secure than conventional passwords alone. In addition, our scheme automatically adapts to gradual changes in a user’s typing patterns while maintaining the same hardened password across multiple logins, for use in file encryption or other applications requiring a long-term secret key. Using empirical data and a prototype implementation of our scheme, we give evidence that our approach is viable in practice, in terms of ease of use, improved security, and performance.
Merkle-Damg˚ard Revisited: How to Construct a Hash Function
- Advances in Cryptology, Crypto 2005
"... The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a blockcipher. In this paper, we introduce a new security notion for hash-functions, stronger than col ..."
Abstract
-
Cited by 96 (8 self)
- Add to MetaCart
(Show Context)
The most common way of constructing a hash function (e.g., SHA-1) is to iterate a compression function on the input message. The compression function is usually designed from scratch or made out of a blockcipher. In this paper, we introduce a new security notion for hash-functions, stronger than collisionresistance. Under this notion, the arbitrary length hash function H must behave as a random oracle when the fixed-length building block is viewed as a random oracle or an ideal block-cipher. The key property is that if a particular construction meets this definition, then any cryptosystem proven secure assuming H is a random oracle remains secure if one plugs in this construction (still assuming that the underlying fixedlength primitive is ideal). In this paper, we show that the current design principle behind hash functions such as SHA-1 and MD5 — the (strengthened) Merkle-Damg˚ard transformation — does not satisfy this security notion. We provide several constructions that provably satisfy this notion; those new constructions introduce minimal changes to the plain Merkle-Damg˚ard construction and are easily implementable in practice.
Strengthening Zero-Knowledge Protocols using Signatures
- IN PROCEEDINGS OF EUROCRYPT ’03, LNCS SERIES
, 2003
"... Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, unbounded simulation soundness, non-malleability, and universal composability. In this paper, ..."
Abstract
-
Cited by 36 (8 self)
- Add to MetaCart
Recently there has been an interest in zero-knowledge protocols with stronger properties, such as concurrency, unbounded simulation soundness, non-malleability, and universal composability. In this paper,
Two-party generation of DSA signatures
- In Advances in Cryptology — CRYPTO 2001
, 2001
"... Abstract. We describe a means of sharing the DSA signature function, so that two parties can e±ciently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certain in-stantiation that allows a proof of security for concurrent execution in the random oracle ..."
Abstract
-
Cited by 26 (7 self)
- Add to MetaCart
Abstract. We describe a means of sharing the DSA signature function, so that two parties can e±ciently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certain in-stantiation that allows a proof of security for concurrent execution in the random oracle model, and that is very practical. We also brie°y outline a variation that requires more rounds of communication, but that allows a proof of security for sequential execution without random oracles. 1
Cryptographic Primitives for Information Authentication -- State of the Art
, 1998
"... This paper describes the state of the art for cryptographic primitives that are used for protecting the authenticity of information: cryptographic hash functions and digital signature schemes; the first class can be divided into Manipulation Detection Codes (MDCs, also known as one-way and collision ..."
Abstract
-
Cited by 20 (2 self)
- Add to MetaCart
This paper describes the state of the art for cryptographic primitives that are used for protecting the authenticity of information: cryptographic hash functions and digital signature schemes; the first class can be divided into Manipulation Detection Codes (MDCs, also known as one-way and collision resistant hash functions) and Message Authentica-tion Codes (or MACs). The theoretical background is sketched, but most attention is paid to overview the large number of practical constructions for hash functions and to the recent developments in their cryptanalysis. It is also explained to what extent the security of these primitives can be reduced in a provable way to realistic assumptions.
Detecting Hit Shaving in Click-Through Payment Schemes
- In Proceedings of the 3rd USENIX Workshop on Electronic Commerce
, 1998
"... Aweb user #clicks through" one web site, the referrer, to another web site, the target, if the user follows a hypertext link to the target's site contained in a web page served from the referrer's site. Numerous click-through payment programs have been established on the web, by which ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
(Show Context)
Aweb user #clicks through" one web site, the referrer, to another web site, the target, if the user follows a hypertext link to the target's site contained in a web page served from the referrer's site. Numerous click-through payment programs have been established on the web, by which #the webmaster of# a target site pays a referrer site for each click through that referrer to the target. However, typically the referrer has no abilitytoverify that it is paid for every click-through to the target for whichit is responsible. Thus, targets can undetectably omit to pay referrers for some number of click-throughs, a practice called hit shaving. In this paper, we explore simple and immediately useful approaches to enable referrers to monitor the number of click-throughs for which they should be paid. 1 Introduction Though the emergence of full-scale electronic commerce on the World-Wide-Web is proceeding slowly, the web has been quickly and aggressively realized as an e#ective advertising...
Linear cryptanalysis of substitution-permutation networks
, 2003
"... The subject of this thesis is linear cryptanalysis of substitution-permutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the s-boxes are selected independently and uni-formly from the set of al ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
(Show Context)
The subject of this thesis is linear cryptanalysis of substitution-permutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the s-boxes are selected independently and uni-formly from the set of all bijective n × n s-boxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this ex-pression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with ran-domly selected s-boxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds.
Two-Party Generation of DSA Signatures (Extended Abstract)
- Advance in Cryptology – EUROCRYPT 2001
, 2001
"... Philip MacKenzie and Michael K. Reiter Bell Labs, Lucent Technologies, Murray Hill, NJ, USA Abstract. We describe a means of sharing the DSA signature function, so that two parties can e#ciently generate a DSA signature with respect to a given public key but neither can alone. We focus on a cert ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Philip MacKenzie and Michael K. Reiter Bell Labs, Lucent Technologies, Murray Hill, NJ, USA Abstract. We describe a means of sharing the DSA signature function, so that two parties can e#ciently generate a DSA signature with respect to a given public key but neither can alone. We focus on a certain instantiation that allows a proof of security for concurrent execution in the random oracle model, and that is very practical. We also briefly outline a variation that requires more rounds of communication, but that allows a proof of security for sequential execution without random oracles.
