Catálogo de publicaciones - libros

Authors extend the multi-parameter attacktree model to include inaccurate or estimated parameter values, which are modelled as probabilistic interval estimations. The paper develops mathematical tools to extend the computation rules of the attacktree model to work with interval estimations instead of point estimates. We present a sample computation routine and discuss how to interpret the analysis results and how to choose the optimal or an economically justified security level.

We adapt game theoretic methods for studying the security of two e-voting systems: the Estonian E-Voting System (EstEVS) and Secure Electronic Registration and Voting Experiment (SERVE) performed in the United States of America. While these two systems are quite similar from technical side, security experts have made totally different decisions about their security—EstEVS was indeed used in practical elections while SERVE was decided to be insecure. The aim of this work is to clarify if the minor technical differences between these two systems were indeed a sufficient reason to distinguish between their security. Our analysis is oriented to practical security against large-scale attacks. We define a model for the real-life environment in which voting takes place and analyze the behavior of adversaries. We show that in our model EstEVS is secure and SERVE is not. The reliability of the results is still questionable because of our limited knowledge about many of the parameters. It turns out though that our main results are quite robust with respect to the choice of parameters.

Current business situations require improved confidentiality and integrity for office documents. However, existing content management systems for office documents lack required security properties such as the *-property, or have problems such as label creep. In this paper we propose a meta-data format called sticky provenance and a fine-grained information flow control architecture using the sticky provenance. The sticky provenance contains the change history and the labels of an office document in a secure form, and it ensures the verifiability of the change history of the documents in distributed environments. The Provenance Manager, which is a key module of the architecture, reduces the label creep problem of the information flow control models with the sticky provenance. In other words, the sticky provenance and the Provenance Manager can introduce a practical fine-grained information flow control capability to office applications so that we can ensure both the confidentiality and the verifiability of office documents.

We propose an anonymous communication scheme using a multistage cryptographic anonymous proxy to make malicious users traceable. For the purpose of preventing illegal use of an anonymous channel, the proposed scheme can identify an illegal anonymous user or his accomplice who joins a conspiracy if a threshold number of third parties or more agrees on anonymity revocation. Expected applications of the proposed scheme include real-time web services over the Internet in which both user anonymity and preventing illegal use are desired such as anonymous bulletin board services, auctions, and peer-to-peer file exchange. Moreover, we implemented the proposed scheme to verify the degree of practicality. The implementation results include that the case for the received data of 100 KB from an HTTP request and a ten-stage relay for the anonymous proxy on an Intel Pentium 4 3.0 GHz PC took approximately 1 sec to receive, and the received data of 1 MB and a two-stage relay required 2 sec.

Anonymity is considered as a valuable property as far as everyday transactions in the Internet are concerned. Users care about their privacy and they seek for new ways to keep secret as much as of their personal information from third parties. Anonymizing systems exist nowadays that provide users with the technology, which is able to hide their origin when they use applications such as the World Wide Web or Instant Messaging. However, all these systems are vulnerable to a number of attacks and some of them may collapse under a low strength adversary. In this paper we explore anonymity from a different perspective. Instead of building a new anonymizing system, we try to overload an existing file sharing system, Gnutella, and use it for a different purpose. We develop a technique that transforms Gnutella as an Anonymizing System (GAS) for a single download from the World Wide Web.

The current privacy-preserving researches are based on the relational data model. However, the existing privacy data models based on the relational model exist some shortcomings. First, they are not enough for protection of composite privacy object. The current researches focus on the privacy data of individual and do not consider how to protect the relationship among several privacy objects. The relationship is also a type of privacy data of each individual. Second, the rapid increasing view make it is difficult for the privacy database administrator to manage the privacy database effectively. In this paper, a privacy data model based on deputy mechanism is proposed for solving those problems. The model can depict the generalization relationship among different privacy objects and provide a stronger hiding capability that IS-A relationship. Moreover, compared with object-oriented data model, the model pays more attention to the storage and usage of privacy data objects in the context of database. Finally, this paper illustrates how to implement the privacy model in the object deputy database management system.

Since the introduction of nominative signature (NS) in 1996, there have been a handful of schemes proposed and almost all of them have been found flawed. The only one which is secure requires multi-round of communications between the nominator and the nominee for signature generation. In this paper, we propose a novel construction which is efficient and requires only one-move communication for signature generation. We also show that the construction is secure under the strongest security model currently available and the reductionist proofs only rely on standard number-theoretic assumptions. As of independent interest, our construction illustrates an interesting use of ring signature.

Smart and tiny mobile phones are widely popularized and advanced mobile communication services are provided increasingly such that ubiquitous computing environments will come true soon. It is a pleasure for mobile users to work or get recreations in the mobile network environments. However, just as the cases in wireline networks, there are many security threats to mobile network systems and their impact on the security is more serious than that in wireline networks owing to the features of wireless transmissions and the ubiquity property in mobile network systems. The secret personal information, important data, or classified documents which mobile users carry may be stolen by malicious entities. In order to guarantee the quality of the advanced communication services, the security and privacy would be important issues when mobile users roam to the mobile networks. In this paper, an anonymous authentication scheme will be proposed to protect both the security of the mobile network system and the privacy of mobile users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also the identity of each user can be kept secret against anyone else, including the system. Although the system anonymously authenticates the users, it can still make correct bills to charge these anonymous users. Finally, our protocols also achieve the goal of fair privacy which allows the judge to be able to revoke the anonymity and trace the illegal users when they misused the anonymity property such as they committed crimes.

The hash function HAVAL is a well known Merkle-Damgård hash function such as MD4 and MD5. It has three variants, 3-, 4- and 5-pass HAVAL. On 3-pass HAVAL, the best known attack finds a collision pair with 2^7 computations of the compression function. To find k collision pairs, it requires 2^7 k computations. In this paper, we present a better collision attack on 3-pass HAVAL, which can find k collision pairs with only 2 k  + 33 computations. Further, our message differential is different from the previous ones. It is important to find collisions for different message differentials.

At Indocrypt 2005, Viet et al., [20] have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client’s password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-line dictionary attacks. For the threshold t  > 1, we propose a secure threshold anonymous PAKE (for short, TAP ) protocol with the number of clients n upper-bounded, such that $n \leq 2 \sqrt{N-1} -1$ , where N is a dictionary size of passwords. We also show that the TAP protocol provides semantic security of session keys in the random oracle model, with the reduction to the computational Diffie-Hellman problem, as well as anonymity against a passive server. For the threshold t  = 1, we propose an efficient anonymous PAKE protocol that significantly improves efficiency in terms of computation costs and communication bandwidth compared to the original (not threshold) anonymous PAKE protocol [20].