Catálogo de publicaciones - libros

The Security services within applications have received recent attention. It has been suggested that this may be the only way to increase overall information system assurance in an era where ICT governance and compliance have taken on new force and the use of commodity level ICT products for critical information systems continues. While it has been argued that an application can be no more secure than its underlying computer sub-systems, security at the application layer was always envisaged as playing a major role, e.g. in the “Open Systems Interconnection (OSI)” security model. At a time when “end-user” programming is being advocated, the needs and parameters of security education and training are rapidly changing, and increased threats from global Internet connection are rapidly rising, there is a need to reconsider security schemes at the application level. This paper examines current trends in application design, development, deployment and management and evaluates these against known system vulnerabilities and threats.

With the increased use of Internet and information technology all over the world, there is an increased amount of criminal activities that involve computing and digital data. These digital crimes (e-crimes) impose new challenges on prevention, detection, investigation, and prosecution of the corresponding offences. Computer forensics (also known as cyberforensics) is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This new area combines the knowledge of information technology, forensics science, and law and gives rise to a number of interesting and challenging problems related to computer security and cryptography that are yet to be solved. In this paper, we present and discuss some of these problems together with two successful cases of computer forensics technology developed in Hong Kong that enable the law enforcement departments to detect and investigate digital crimes more efficiently and effectively. We believe that computer forensics research is an important area in applying security and computer knowledge to build a better society.

This paper describes a linear analysis of Blowfish (a block cipher designed by B. Schneier in 1993), and Khufu (a cipher designed by R.C. Merkle in 1989). The nonlinear cipher components of these ciphers are key dependent, and thus, unknown to unauthorized entities. Nonetheless, we estimate the fraction of user keys that generate weak nonlinear components (namely, with large enough bias). As far as we are aware of this paper reports the first known-plaintext (and ciphertext-only) attacks on these ciphers.

SHACAL-2 is a 256-bit block cipher with up to 512 bits of key length based on the hash function SHA-2. It was recommended as one of the NESSIE projection selections. As far as the number of the attacked rounds is concerned, the best cryptanalytic result obtained on SHACAL-2 so far is the analysis of a related-key rectangle attack on the 42-round SHACAL-2 [13]. In this paper we present a related-key rectangle attack on 43-round out of the 64-round of SHACAL-2, which requires 2 chosen plaintexts and has time complexity of 2 43-round SHACAL-2 encryptions. In this paper we also identify and fix some flaws in previous attack on SHACAL-2.

Cryptographic substitution boxes (S-boxes) are an integral part of the Advanced Encryption Standard (AES). In this paper we conducted a simulation-based correlation power analysis (CPA) attack on AES imple- mentations with different S-box structures. It shows that the abilities of AES and S-boxes to secure against CPA attack are correlated, and an evaluation of the ability of S-boxes to thwart CPA is presented in a quantitative way. By further exploiting the properties of S-boxes, an approximate linear relation between abilities of S-boxes to resist CPA and glitch power ratios of total power consumed by S-boxes is proved.

A is a digital signature scheme in which, after generating a signer’s signature on a document, specific entities (called ) can modify the document for hiding partial information. A verifier can confirm the integrity of disclosed parts of the sanitized document from the signature. The sanitizable signature is quite useful in governmental or military offices, where there is a dilemma between disclosure requirements of documents and privacy or diplomatic secrets. In this paper, we construct an efficient and provably secure sanitizable signature scheme with aggregation from bilinear maps, based on a sanitizable signature proposed by Izu et al, by applying the general aggregate signature by Boneh et al. We also propose some efficiency improvements on the proposed scheme by reducing the number of hash values required as verifiers’ input.

Verifiably encrypted signature is a extended signature type and plays an important role in the constructing optimistic fair exchange. In the work, we propose a novel verifiably encrypted signature scheme without random oracles, and show that the security of the scheme is based on the difficulty of solving the Chosen-Target-Inverse-CDH with square problem. By comparing our scheme with Boneh scheme and S.Lu scheme, we show that our proposed scheme has the following advantages: (1) short signature size, only 320 bits; (2)low computation, only 2 pairing operations are needed in the phase of producing and verifying verifiably encrypted signature, respectively. (3)simplification-ability, the creation of verifiably encrypted signature is able to be completed in a logic step.

In this paper, we propose a new notion called (CBRS) that follows the idea of Certificate Based Encryption (CBE) presented by Gentry in EuroCrypt 2003. It preserves the advantages of CBE such as implicit certificate and no private key escrow. At the same time it inherits the properties of normal ring signature such as anonymity and spontaneity. We provide its security model and a concrete implementation. In addition, we also propose a variant of CBRS, called (CBLRS). It is similar to CBRS, except with linkability. That is, it allows the public to verify whether two given signatures are generated by the same signer, yet preserves the anonymity of this user. It can be seen as the Certificate Based version of normal linkable ring signature.

As many electronic items are exchanged over the Internet recently, the fair exchange problem becomes of a greater importance. When constructing fair exchange systems, verifiably encrypted signatures are usually used as a building block. Hence, we propose an efficient ID-based verifiably encrypted signature scheme based on Hess’s signature scheme because it is known as a concise and secure signature scheme in ID-PKC. Our scheme does not need registrations between users and a trusted third party called an adjudicator, does not need zero-knowledge proof, and uses an optimized adjudicator who participates in the protocol only when problem occurs. Together with a formal model, we analyze security and efficiency of our scheme and show that it is more suitable for communication requirements than previous schemes of same kind.

A structured multisignature scheme is an order-sensitive multisignature scheme that allows participating signers to sign the same messages in compliance with a specified signing order. In this paper, we find that three optimal structured multisignature schemes cannot keep sequentiality since they cannot prevent partial signers producing a valid partial multisignature in a signing order different from the specified one. Hence, verifies cannot identify the real signing order only by checking verification equations. We guess that it is impossible to design any optimal structured multisignature scheme.