Catálogo de publicaciones - libros

A new multicast authentication scheme for real-time streaming applications was proposed [28] that is resistant to denial-of-service attacks with less resource usages (CPU and buffer) at receivers compared to previously proposed schemes. This scheme utilizes prediction hashing (PH) and one-way key chain (OKC) techniques based on erasure codes and distillation codes. Detailed protocol description is presented at the sender and receiver sides, and a worst-case resource (memory and CPU) requirement at the receiver-side is obtained with an assumption of security condition.

The range of devices that are capable of connecting to data networks has been on a rise in recent times. From the perspective of an administrator, controlling access to data networks, via these devices, usually includes the creation of separate login credentials. This leads to an administrative nightmare, from both the user and administrator’s point of view. This paper proposes a novel approach to this problem and offers a single-sign-on system, where the user’s authorisation is based on the login credentials of the user, and the profile of the device the user is using. An instance of this design is presented with SESAME, to demonstrate the usefulness of the design, and also practicality for implementation.

Certificateless public key cryptography (CLPKC) is a paradi-gm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). While certificateless signature is one of the most important security primitives in CLPKC, there are relatively few proposed schemes in the literature. In this paper, we manage to construct an efficient certificateless signature scheme based on the intractability of the computational Diffie-Hellman problem. By using a shorter public key, two pairing computations can be saved in the verification algorithm. Besides, no pairing computation is needed in the signing algorithm. The proposed scheme is existential unforgeable in the random oracle model. We also present an extended construction whose trust level is the same as that of a traditional signature scheme.

This paper first introduces the concept of universal designated verifier ring signature (UDVRS), which not only allows members of a group to sign messages on behalf of the group without revealing their identities, but also allows any holder of the signature (not necessary the signer) to designate the signature to any designated verifier. According to whether the designator has a registered public key, two kinds of UDVRS are proposed. In order to distinguish the two types of UDVRS, we call it UDVRS Proof (UDVRSP) if the designator has not a registered public key, and this protocol is interactive. We give the formal security definitions and notions of UDVRS and UDVRSP. Then, we propose a UDVRS and a UDVRSP scheme, with rigorous security proofs without random oracles.

In this paper, we give a new identity-based signcryption scheme based on pairings. It is secure against adaptive chosen ciphertext and identity attack in the random oracle with the Modified Bilinear Diffie-Hellman assumption [14]. It produces shorter ciphertext than any one of schemes [7],[14] for the same plaintext and adapts to the band-constrained scenario very well.

Key-insulated cryptosystem was proposed in order to minimize the damage of secret key exposure. In this paper, we propose a strong identity based (ID-based) key-insulated cryptosystem security model, including ID-based key-insulated encryption (IB-KIE) security model and ID-based key-insulated signature (IB-KIS) security model. Based on the security models, provably secure strong IB-KIE and IB-KIS schemes are constructed in order to decrease the damage of user’s secret key exposure. These schemes are secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Furthermore, the schemes remain secure (for all time periods) against an adversary who compromises only the physically-secure device. All the key-insulated encryption and signature schemes in this paper are provably secure in the random oracle model and support random-access key-updates.

A new hierarchical identity based (ID-based) cryptosystem is proposed, including hierarchical identity based encryption (HIBE) and signature (HIBS) schemes. The new HIBE scheme can be proved to be secure without relying on the random oracle model. Then, a new public key encryption (PKE) scheme is constructed based on the new HIBE. It is secure against adaptively chosen ciphertext attacks (IND-CCA) and has many attractive properties, such as efficient key generation, short private key, fast encryption, and etc. Performance of the new PKE scheme is better than all the previous PKE schemes converted from IBE, and is competitive with the best provably secure solutions to date. Furthermore, a new HIBS scheme is also constructed, which shares the same parameters with the new HIBE. The new HIBS scheme is more efficient than the previous HIBS.

Wireless sensor networks and Radio Frequency Identifiers are becoming mainstream applications of ubiquitous computing. They are slowly being integrated into our infrastructure and therefore must incorporate a certain level of security. However, both applications are severely resource constrained. Energy scavenger powered sensor nodes and current RFID tags provide only 20  W to 50  W of power to the digital component of their circuits. This makes complex cryptography a luxury. In this paper we present a novel ultra-low power SHA-1 design and an energy efficient ultra-low power AES design. Both consume less than 30  W of power and can therefore be used to provide the basic security services of encryption and authentication. Furthermore, we analyze their energy consumption based on the TinySec protocol and come to the somewhat surprising result, that SHA-1 based authentication and encryption is more energy efficient than using AES for payload sizes of 17 bytes or larger.

Lately, the ISO fixed on UHF Gen2 as one of the standard protocols for RFID, called ISO 18000-6 C, along with ISO 18000-6 A/B. It means that the RFID system should provide the multi-protocol support for tag identification and a proper protocol should be chosen depending on the situation. The tag anti-collision algorithm is one of the important research issues to be on top of the protocol’s performance. This paper introduces several anti-collision algorithms for tag identification in the literature and presents the performance comparison and evaluation of those algorithms based on the 96-bit EPC (Electronic Product Code). The performance results show that the collision tracking tree algorithm is found to have the highest performance than any other anti-collision algorithm, identifying 749 tags per second.

RFID reader networks often have to operate in frequency and time constrained regimes. One approach to the allocation of frequency and time to various readers in such regimes is to perturb the network slightly so as to ease the constraints. We investigate how to perform these perturbations in a manner that is profitable from time and frequency allocation point of view.