Catálogo de publicaciones - libros

In many sensor network applications, it is critical for the base station to know the delivery (or execution) status of its broadcast messages (or commands). One straightforward way to do so is to let every sensor node send an authenticated acknowledgement (ACK) to the BS directly. However this naive solution is highly communication inefficient and may result in severe ACK implosion near the BS. In this paper, we propose a communication efficient scheme to provide secure feedback service in sensor networks. In our basic scheme, we use ACK aggregation to reduce the ACK traffic. Meanwhile we store audit information for each aggregation operation so that the BS can use the audit information to locate errors in the network. We further improve the basic scheme by constructing a balanced aggregation tree to reduce localization delay and using Bloom filters to reduce storage requirement in each sensor for storing audit information. We analyze the performance of the proposed scheme and show it achieves good bandwidth gain over the naive approach.

Denial of Service (DoS) attacks are a virulent type of attack on the availability of networks’ intended services and resources. Defense against DoS attacks has been built into the cryptography protocols intended for authentication and establishment of communications. However the cryptography protocols have their own vulnerability to DoS. Consequently it is desirable to provide a methodology to evaluate the cryptography protocols’ resistance to DoS attacks. In this paper, we propose an economical model for the risk evaluation of Denial of Service vulnerabilities in cryptographical protocols. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the Value at Risk (VaR) for the cryptography protocols. The Value at Risk does the very job answering the question that how much computing resources are expected to lose with a given level of confidence. The proposed model can help the common users to have a better knowledge of the protocols they are using, and in the meantime help designers to examine their designs and get clues to improve them. We validate the applicability and effectiveness of our risk evaluation model by applying it to analyze two related protocols.

Systems running commodity software are easily compromised with malware, which may be used by attackers to extract personal information of the users of the systems. This paper presents Vault - a system that uses a trusted software component to prevent the exposure and abuse of sensitive user data in the presence of malware. Users input and store their sensitive data only in the trusted component, which is separated from the commodity system by a virtual machine monitor. We define a protocol framework for the interactions required between different system components in order to protect user secrets, even if the user is running a commodity operating system with arbitrary (and possibly malicious) software load, while introducing minimal changes to the user experience. Our design takes advantage of the isolation guarantees and safe I/O multiplexing of virtual machine technology to attain a high degree of security under a severe threat model.

We demonstrate that our approach is practical by implementing prototypes for two applications: (1) submission of long-term secrets, such as password and credit card data, to a web server, and (2) SSH user authentication using ssh-agent. In both cases we made minimal changes to existing software components.

Formal methods and reasoning techniques can be useful tools for the representation and analysis of security policies and access control procedures. This paper presents a logical approach to representing and evaluating role-based access control (RBAC) policies, using description logics and a proof method, called tableaux. We propose a new variation of the RBAC model with a classification mechanism for objects. The key feature supported is the ability to model object classes, and class hierarchies used to restrict the validity and to control the propagation of authorization rules. We also demonstrate how access control decisions are made by tableaux, considering role and class hierarchies.

Credentials are an indispensable means for service access control in electronic commerce. However, regular credentials such as X.509 certificates and SPKI/SDSI certificates do not address user privacy at all, while anonymous credentials that protect user privacy are complex and have compatibility problems with existing PKIs. In this paper we propose privacy-preserving credentials, a concept between regular credentials and anonymous credentials. The privacy-preserving credentials enjoy the advantageous features of both regular credentials and anonymous credentials, and strike a balance between user anonymity and system complexity. We achieve this by employing computer servers equipped with TPMs (Trusted Platform Modules). We present a detailed construction for ElGamal encryption credentials. We also present XML-based specification for the privacy-preserving credentials.

Document clustering is a powerful data mining technique to analyze the large amount of documents and structure large sets of text or hypertext documents. Many organizations or companies want to share their documents in a similar theme to get the joint benefits. However, it also brings the problem of sensitive information leakage without consideration of privacy. In this paper, we propose a cryptography-based framework to do the privacy-preserving document clustering among the users under the distributed environment: two parties, each having his private documents, want to collaboratively execute agglomerative document clustering without disclosing their private contents.

Bid opening in sealed-bid e-auction is efficient when a homomorphic encryption algorithm is employed to seal the bids and homomorphic bid opening is employed to open the bids. Such e-auction schemes are called homomorphic auctions. However, high efficiency of homomorphic auctions is based on an assumption: the bids are valid (e.g. within a special range). An undetected invalid bid can compromise correctness and fairness of the auction. Unfortunately, in most existing homomorphic auction schemes, proof and verification of validity of the bids is either ignored or too inefficient. Recently, a technique called batched bid validity check [25] is proposed to improve efficiency of proof and verification of bid validity in a special kind of homomorphic auction schemes: secret-sharing-based homomorphic auctions. However, secret-sharing-based homomorphic auction schemes [13, 15, 26, 24] are not a main stream in homomorphic auction schemes as they employ threshold secret sharing techniques to seal the bids. Main stream homomorphic auction schemes employ a homomorphic encryption algorithm with threshold distributed decryption to seal the bids as it is simpler and more efficient than secret sharing. In this paper, an ElGamal-encryption-based homomorphic encryption scheme is proposed. It employs a batched proof and verification of bid validity to achieve high efficiency in bid validity check. Its batch proof and verification technique is more advanced than that in [25], so it is simpler and more efficient than the homomorphic auction scheme in [25].

The elliptic curve cryptosystem(ECC) is increasingly being used in practice due to its shorter key sizes and efficient realizations. However, ECC is also known to be vulnerable to various side channel attacks, including power attacks and fault injection attacks. This paper proposes new countermeasures for ECC scalar multiplications against differential power attacks and fault attacks. The basic idea of proposed countermeasures lies in extending the definition field of an elliptic curve to its random extension ring and performing the required elliptic curve operations over the ring. Moreover, new methods perform a point validation check in a small subring of the extension ring to give an efficient fault attack countermeasure.

This paper presents two recoding methods for a radix- representation of a secret scalar which are resistant to SPA. These recoding methods are left-to-right so they can be interleaved with a left-to-right scalar multiplication, removing the need to store both a scalar and its recoding. Next, we show the ideas of left-to-right recoding for a radix- representation lead to simplified recoding methods for a binary representation. In general our proposed algorithms asymptotically require additional ( + 1)-digit and -bit of RAM in the case of width- radix- representation and a special case when  = 2, respectively, which is independent from the digit (bit) size of the scalar and considerably reduces the required space comparing with previous methods which require -digit (bit) of RAM additional memory to store the recoded scalar. Consequently, thanks to its left-to-right nature, the scalar multiplication based on it is by far more convenient with respect to memory consumption.

Recently Tate pairing and its variations are attracted in cryptography. Their operations consist of a main iteration loop and a final exponentiation. The final exponentiation is necessary for generating a unique value of the bilinear pairing in the extension fields. The speed of the main loop has become fast by the recent improvements, , the Duursma-Lee algorithm and pairing. In this paper we discuss how to enhance the speed of the final exponentiation of the pairing in the extension field . Indeed, we propose some efficient algorithms using the torus that can efficiently compute an inversion and a powering by 3 + 1. Consequently, the total processing cost of computing the pairing can be reduced by 16% for  = 97.