Processing encrypted signals A new frontier for Multimedia security
|
|
- Annis Matthews
- 7 years ago
- Views:
Transcription
1 Processing encrypted signals A new frontier for Multimedia security Mauro Barni University of Siena
2 Summary Motivations Secure watermarking Further (even more interesting) examples The dawn of a new discipline? An information-theoretic paradox Three (or four) paradigms DSC (again) Homomorphic signal processing Is interaction the solution? Conclusions
3 Motivations The advantages offered by the availability of tools that can process encrypted data is evident I will further support this necessity through a few examples starting from watermarking
4 Watermarking encrypted data A known problem with plain fingerprinting is that buyer s rights are not considered hence undermining the validity of the scheme B 2 B n B 1 A+w 1 A+w 1 A+w 1 Seller A buyer whose watermark is found in an unauthorized copy can not be inculpated since he/she can claim that the unauthorized copy was created and distributed by the seller
5 Watermarking encrypted data is a solution E K B [ w ] B EK B [ A] E [ w ] = E [ A w ] K B K B B B Aw = A wb = EK' [ EK [ A wb]] b B B The Then and buyer seller sends it encrypts adds it (mix) to the the buyer, watermark document encrypted who with can watermark decrypt his the ID public by to it the using with key encrypted his of private the public buyer document key
6 Zero knowledge watermarking A prover wants to prove that a watermark is present in a document without revealing the watermark itself Assume a simple correlation based detector is used ρ n? = xw i i i= 1 T i) calculate E[ρ] by knowing only E[w] (and E[x]) ii) compare ρ with the threshold T by knowing only E[ρ] Several solutions based on homomorphic encryption and Zero Knowledge protocols have been proposed.
7 Multiparty Computation (MC) In MC two participants computes the output of f(x 1,x 2 ). Each party knows one of the inputs, and does not want to reveal it to the other In our case 1 if ρ T f( ρ, T) = 0 otherwise T could also be made public This is a particular instance of the Millionaire s problem solved by Yao in 1982: A.C. Yao, Protocols for secure computations. In Proceedings of Twenty-third IEEE Symposium on Foundations of Computer Science, pages , Chicago, Illinois, November 1982.
8 Medical diagnosis in a trusted world Leackeage of sensitive information is possible. Privacy relies on ethichal behaviour of involved personnel
9 Medical diagnosis in an untrusted world Leackeage of sensitive information is prevented thus ensuring a higher level of privacy
10 Coding / transcoding encrypted signals If coding / transcoding is necessary the encryption key must be shared with the network node, undermining the security of the system If the node can code / transcode the multimedia content without first decrypting it, a the security of the system would increase singificantly
11 and many others Searching an encrypted database Encrypted data mining Exploting the knowledge of someone you don t trust Secure (privacy preserving) Artificial Intelligence tools
12 The dawn of a new discipline? There s enough social and industrial request to justify the birth of a new discipline: s.p.e.d. - signal processing in the encrypted domain From scattered studies to a thorough understanding of limits and trade-offs Formidable research challenges Theoretical feasibility of s.p.e.d. Computational feasibility
13 An information-theoretic paradox Given a source with an alphabet X, a cryptosystem of length n and rate R is a triple (K, E, D) composed by A key alphabet K from which keys are randomly selected An encoding function E: X n x K {1,2 2 nr } A decoding function D: {1,2 2 nr } x K X n The effectiveness of the cryptosystem is measured according to the following criteria Secrecy against eavesdropping Rate of the encrypted signal: R Length of the secret Key (size of K )
14 An information-theoretic paradox In 1949, Shannon gave a very elegant and precise definition of the security of a cryptosystem Let X be the plain message and B be the output of the encoder function The cryptosystem is perfectly secure if I [ XB ; ] = 0 A somewhat weaker notion of security due to Wyner requires that the above is valid asymptotically as n tends to infinity Is any s.p.e.d. operation possible at all in a perfectly secure cryptosystem?
15 The way out Luckily it is possible to get around the apparent information-theoretic paradox in several ways. Trying to summarize the approaches proposed so far we can identify three s.p.e.d. paradigms Distributed processing (DSC again) For a limited range of applications Partial / selective encryption Homomorphic encryption At the price of reduced security Interactive computation ZKP and multiparty computation At the price of increased complexity
16 The DSC paradigm (the lossless case) Bernoulli p = 0.1 X Bernoulli p = 0.5 K B Lossless Compression Decoding X K It is a typical example of source coding with side information at the decoder (D. Slepian, J. K. Wolfe, Noiseless coding of correlated information sources, IEEE Trans. Information Theory, vol. 19, pp , July 1973) The conditional entropy H(B K) is exactly equal to H(X), hence B can be coded at the same rate of a coder operating on the plain sequence It can be shown that nothing is lost from a security point of view (M. Johnson et al. On compressin encrypted data, IEEE trans. Information Theory, vol. 52, no. 10, Oct. 2003)
17 The DSC paradigm (the lossy case) Gaussian, σ 1 X Gaussian, σ 2 K Y Wyner-Ziv compression Decoding - X K It is a typical example of lossy source coding with side information at the decoder (A. Wyner, J. Ziv, The rate-distortion function for source coding with side information at the decoder, IEEE Trans. Information Theory, vol. 22, pp. 1-10, Jan. 1976) Even in this case it can be shown that nothing is lost from a security and a compression point of view (M. Johnson et al. On compressin encrypted data, IEEE trans. Information Theory, vol. 52, no. 10, Oct. 2003)
18 Secure transcoding of encrypted data A more classical approach is based on progressive encryption of scalable video The bistream is split into segments (layers). The basic layer allows a lowquality reconstruction of the video. Adding new layers improves the quality of the video L4 L3 L2 L1 Enhancement layers Basic layer Header Layers are encrypted sequentially through a cypher block chain. Block n is encrypted by relying on the data contained in block n-1. Transcoding of the encrypted data is possible by simply truncating the bit stream.
19 The homomorphic paradigm Perfect security is not reachable Key lenght equal to message length Computational security Breaking the cryptosystem is possible, but computationally unfeasible Many modern cryptosystem are structured enough to allow some operations to be performed directly in the encrypted domain.
20 The homomorphic paradigm Suppose we have a cryptosystem for which elementary operations in the plain domain are mapped into simple operations on the encrypted data, for instance E[ x+ y] = E[ x] + E[ y] or E[ x+ y] = E[ x] E[ y] Eax [ ] = aex [ ] or Eax [ ] = Ex [ ] a Then certain operations can be performed in the encrypted domain, e.g.: n n x E [ ρ] = E [ xw] = E [ xw] = E [ w] i PK PK i i PK i i PK i i= 1 i= 1 i= 1 Aren t we loosing security? It can be shown that preserving {+,-,/,*} is not possible without loosing security: the more operations are preserved the less security we have Luckily some popular (and secure) homomorphic cryptosystems exist: RSA, Paillier n
21 Probabilistic encryption In addition to the homomorphic property, randomness of the encryption scheme is needed for secure componentwise encryption Assume we want to componentwise encrypt a sequence of bits some sort of randomness is needed In a probabilistic encryption scheme the encrypted message depends on a secret key and a random parameter r c = E [ x, r] 1 pk 1 c = E [ x, r ] 2 pk 2 however decription does depend on r x= D [ c ] sk 1 x= D [ c ] sk 2
22 Probabilistic encryption Strange as it may seem, homomorphic probabilistic schemes exist The space of the encrypted signals must be much larger than that of the plaintext Expansion factor: huge in first schemes, improved recently The first probabilsitic ecnryption scheme was described in S. Goldwasser and S. Micali, Probabilistic Encryption JCSS Vol. 28 No 2, pp , The most popular one is due to Paillier, P. Pailler. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of Eurocrypt 99, Lecture Notes is Computer Science vol. 1592, pages Springer-Verlag, 1999.
23 Quadratic Residuosity Problem Given x (1 x n) decide if exists y such that: x = y 2 mod n it s hard as finding a factorization for n. If such an y exists x is said to be a quadratic residue modulo n One can define E pk : {0,1} [0,n] the function that maps 0 s in random square, 1 s in random non square. of course D sk : [0,n] [0,1] the function that decide if x is a square or not.
24 Example Alice s public key is (y,n). y is a random non-quadratic residue in [1,n] n composite integer: n = pq Alice s private key is (p,q) Note: if x is a QR and y is a NQR, xy is a NQR Encoding: Bob select a random x in [1,n] If m=0 c=x 2 mod n (c is a QR) Else c=yx 2 mod n (c is a NQR) Bob sends c to Alice Decoding: Alice decides if c is a QR or a NQR, (that is easy knowing the factorization of n)
25 Is interaction the key? s.p.e.d. possibilities greatly increase if we allow interaction between the untrusted party ZK proofs rely on this principle ALI BABA s cave A secret door that can be opened by a password. Peggy knows the password of the door, and wants to convince Victor that she knows it, but doesn't want Victor to know the password itself. cave entry right branch secret door
26 Is interaction the key? ALI BABA s cave Peggy goes into a random branch, which Victor doesn't know. Vic calls out a branch, where Peggy should come out. If Peggy knows the secret, she can come out the right way every time. If Peggy doesn't know the password, she has a 50% chance of initially going into the wrong branch, so Vic can call her bluff. left branch Cave entry secret door
27 Zero knowledge protocols Zero knowledge protocols belongs to the class of intercative proof systems challenge answer At the end of the proof, Vic will accept or reject, depending on whether or not Peggy successfully answered to Vic's challenges
28 Is interaction the key? Multi-party computation (MPC) is another way to exploit interaction to process encrypted data To give an idea of how it may work consider the Millionaire s problem Suppose that: RD has I millions (say 5), US has J (say 6) PK and SK = RD s RSA keys Wealth is an integer in [0,10]
29 The millionaire problem US takes a random number X (say 1234), computes C = E PK [X] and transmits to RD the value C - J (say 896) RD generates 10 numbers C -J + U (U = 1 10) and decrypts them with his SK RD computes Z U = Y u mod p, and adds 1 from the I+1- th position on. Then he sends the table to US U (C - J + U) decryption Y U E SK [896] E SK [896] E SK [896] E SK [896] 1311 Z U W U US computes X mod p = G and compares it with the J-th (6-th) position in the table. If W U (J) > G, then US is richer, otherwise US is NOT richer and tells the result to RD.
30 The millionaire problem remarks To avoid that US cheats some modifications must be made Many MC schemes assume semi-honest palyers A ZK protocol may be required to ensure that the players correctly apply the protocol The complexity grows with the required resolution It is an example of the classical trade-off between flexibility and complexity
31 MP computation Interestingly it has been shown that MPC can be applied to any function f(x 1,x 2 x n ) It only needs to show that a MPC protocol exists to securely compute the output of a universal logical port, e.g. the NAND port (O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In STOC, pages ACM, 198) The challenge is to develop efficient MPC protocols.
32 MP computation Efficient MPC protocols exist for the following functions Solution of the equation ( M + M ) x= b + b Mean and standard deviation of concatenated vectors (x y) Distance metrics x-y 2 Scalar product between vectors n xy i i i=1
33 Conclusions and Research challenges No doubts that s.p.e.d. is a very hot research topic Analyse the potentiality of the various s.p.e.d. paradigms What can and what can not be done Develop efficient s.p.e.d. tools Basic tools Protocols Application to real scenarios Efficient (and secure) application of cryptographic tools to realvalued signals Let perception play a role
34 Conclusions and Research challenges Investigate the trade-off between the various corners of the problem Flexibility vs security vs complexity Develop a general s.p.e.d. theory SPEED Project, VI FP, FET scheme ( ) Università degli Studi di Siena (UNISI) Delft University of Technology (TUD) Ruhr-Universitaet Bochum (RUB) Katholieke Universiteit Leuven (KUL) Università degli Studi di Firenze (UNIFI) Philips Electronics Nederland B.V. (Philips)
A comprehensive survey on various ETC techniques for secure Data transmission
A comprehensive survey on various ETC techniques for secure Data transmission Shaikh Nasreen 1, Prof. Suchita Wankhade 2 1, 2 Department of Computer Engineering 1, 2 Trinity College of Engineering and
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationFully homomorphic encryption equating to cloud security: An approach
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach
More informationAnalysis of Privacy-Preserving Element Reduction of Multiset
Analysis of Privacy-Preserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaC-RIM, Seoul
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationencoding compression encryption
encoding compression encryption ASCII utf-8 utf-16 zip mpeg jpeg AES RSA diffie-hellman Expressing characters... ASCII and Unicode, conventions of how characters are expressed in bits. ASCII (7 bits) -
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More informationCOMPARING ENCRYPTED DATA. Thijs Veugen
COMPARING ENCRYPTED DATA Thijs Veugen Multimedia Signal Processing Group, Delft University of Technology, The Netherlands, and TNO Information and Communication Technology, Delft, The Netherlands ABSTRACT
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationThe Role of Cryptography in Database Security
The Role of Cryptography in Database Security Ueli Maurer Department of Computer Science ETH Zurich CH-8092 Zurich, Switzerland maurer@inf.ethz.ch ABSTRACT In traditional database security research, the
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationSecurity and Privacy in Big Data, Blessing or Curse?
Security and Privacy in Big Data, Blessing or Curse? 2 nd National Cryptography Days 9-11 April 2015 Dr. Zeki Erkin Cyber Security Section Department of Intelligent Systems Delft University of Technology
More informationRSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003
RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.
More informationExperimental Analysis of Privacy-Preserving Statistics Computation
Experimental Analysis of Privacy-Preserving Statistics Computation Hiranmayee Subramaniam 1, Rebecca N. Wright 2, and Zhiqiang Yang 2 1 Stevens Institute of Technology graduate, hiran@polypaths.com. 2
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationFAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION
FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people
More informationA Probabilistic Quantum Key Transfer Protocol
A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01
More informationSecure Large-Scale Bingo
Secure Large-Scale Bingo Antoni Martínez-Ballesté, Francesc Sebé and Josep Domingo-Ferrer Universitat Rovira i Virgili, Dept. of Computer Engineering and Maths, Av. Països Catalans 26, E-43007 Tarragona,
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationDigital Object Identifier 10.1109/MSP.2012.2219653 Date of publication: 5 December 2012
[ R. (Inald) L. Lagendijk, Zekeriya Erkin, and auro Barni ] Encrypted Signal Processing for Privacy Protection [ Conveying the utility of homomorphic encryption and multiparty computation] In recent years,
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationAn Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication
The 12th Australasian Conference on Information Security and Privacy (ACISP 07). (2 4 july 2007, Townsville, Queensland, Australia) J. Pieprzyk Ed. Springer-Verlag, LNCS????, pages??????. An Application
More informationA COMPARATIVE STUDY OF SECURE SEARCH PROTOCOLS IN PAY- AS-YOU-GO CLOUDS
A COMPARATIVE STUDY OF SECURE SEARCH PROTOCOLS IN PAY- AS-YOU-GO CLOUDS V. Anand 1, Ahmed Abdul Moiz Qyser 2 1 Muffakham Jah College of Engineering and Technology, Hyderabad, India 2 Muffakham Jah College
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationDiffusion and Data compression for data security. A.J. Han Vinck University of Duisburg/Essen April 2013 Vinck@iem.uni-due.de
Diffusion and Data compression for data security A.J. Han Vinck University of Duisburg/Essen April 203 Vinck@iem.uni-due.de content Why diffusion is important? Why data compression is important? Unicity
More informationSecure Computation Martin Beck
Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties
More informationPrivacy-preserving Data Mining: current research and trends
Privacy-preserving Data Mining: current research and trends Stan Matwin School of Information Technology and Engineering University of Ottawa, Canada stan@site.uottawa.ca Few words about our research Universit[é
More informationTransform-domain Wyner-Ziv Codec for Video
Transform-domain Wyner-Ziv Codec for Video Anne Aaron, Shantanu Rane, Eric Setton, and Bernd Girod Information Systems Laboratory, Department of Electrical Engineering Stanford University 350 Serra Mall,
More informationSAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK
SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY
More informationPrivacy and Security in the Internet of Things: Theory and Practice. Bob Baxley; bob@bastille.io HitB; 28 May 2015
Privacy and Security in the Internet of Things: Theory and Practice Bob Baxley; bob@bastille.io HitB; 28 May 2015 Internet of Things (IoT) THE PROBLEM By 2020 50 BILLION DEVICES NO SECURITY! OSI Stack
More information2695 P a g e. IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India
Integrity Preservation and Privacy Protection for Digital Medical Images M.Krishna Rani Dr.S.Bhargavi IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India Abstract- In medical treatments, the integrity
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationOn Generating the Initial Key in the Bounded-Storage Model
On Generating the Initial Key in the Bounded-Storage Model Stefan Dziembowski Institute of Informatics, Warsaw University Banacha 2, PL-02-097 Warsaw, Poland, std@mimuw.edu.pl Ueli Maurer Department of
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationA Survey of Zero-Knowledge Proofs with Applications to Cryptography
A Survey of Zero-Knowledge Proofs with Applications to Cryptography Austin Mohr Southern Illinois University at Carbondale Carbondale, IL 62901 E-mail: austinmohr@gmail.com Abstract Zero-knowledge proofs
More informationCh.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis
Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography
More informationSUBLIMINALFREE AUTHENTICATION AND SIGNATURE
SUBLIMINALFREE AUTHENTICATION AND SIGNATURE (Extended Abstract) Yvo Desmedt Dept. EE & CS, Univ. of Wisconsin - Milwaukee P.O. Box 784, WI 53201 Milwaukee, U.S.A. ABSTRACT Simmons [17] introduced the notion
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationNon-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationAn Overview of Common Adversary Models
An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional
More informationA Fully Homomorphic Encryption Implementation on Cloud Computing
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 8 (2014), pp. 811-816 International Research Publications House http://www. irphouse.com A Fully Homomorphic
More informationPrivacy-Preserving Set Operations
Privacy-Preserving Set Operations Lea Kissner and Dawn Song Carnegie Mellon University Abstract In many important applications, a collection of mutually distrustful parties must perform private computation
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationComputing on Encrypted Data
Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key
More informationConditional Encrypted Mapping and Comparing Encrypted Numbers
Conditional Encrypted Mapping and Comparing Encrypted Numbers Ian F. Blake 1 and Vladimir Kolesnikov 2 1 Dept. ECE, University of Toronto, Canada, ifblake@comm.utoronto.ca 2 Dept. Comp. Sci., University
More informationMasao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.
A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various
More informationEvaluation of Classifiers: Practical Considerations for Security Applications
Evaluation of Classifiers: Practical Considerations for Security Applications Alvaro A. Cárdenas and John S. Baras Department of Electrical and Computer Engineering and The Institute for Systems Research
More informationEfficient General-Adversary Multi-Party Computation
Efficient General-Adversary Multi-Party Computation Martin Hirt, Daniel Tschudi ETH Zurich {hirt,tschudid}@inf.ethz.ch Abstract. Secure multi-party computation (MPC) allows a set P of n players to evaluate
More information956 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
956 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009 Biometric Systems: Privacy and Secrecy Aspects Tanya Ignatenko, Member, IEEE, and Frans M. J. Willems, Fellow,
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationHill s Cipher: Linear Algebra in Cryptography
Ryan Doyle Hill s Cipher: Linear Algebra in Cryptography Introduction: Since the beginning of written language, humans have wanted to share information secretly. The information could be orders from a
More informationA Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer. Yale University. S. Micali Massachusetts Institute of Technology
J, Cryptoiogy (1996) 9:191-195 Joumol of CRYPTOLOGY O 1996 International Association for Cryptologic Research A Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer Yale University
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationI. INTRODUCTION. of the biometric measurements is stored in the database
122 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL 6, NO 1, MARCH 2011 Privacy Security Trade-Offs in Biometric Security Systems Part I: Single Use Case Lifeng Lai, Member, IEEE, Siu-Wai
More informationDecision Making under Uncertainty
6.825 Techniques in Artificial Intelligence Decision Making under Uncertainty How to make one decision in the face of uncertainty Lecture 19 1 In the next two lectures, we ll look at the question of how
More informationSolutions to Problem Set 1
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose
More informationPrivacy-Preserving Social Network Analysis for Criminal Investigations
Privacy-Preserving Social Network Analysis for Criminal Investigations Florian Kerschbaum SAP Research Karlsruhe, Germany florian.kerschbaum@sap.com Andreas Schaad SAP Research Karlsruhe, Germany andreas.schaad@sap.com
More informationImproving the Robustness of Private Information Retrieval
Improving the Robustness of Private Information Retrieval Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo 200 University Ave. West Waterloo, ON, Canada N2L 3G1 iang@cs.uwaterloo.ca
More informationA secure email login system using virtual password
A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationReading.. IMAGE COMPRESSION- I IMAGE COMPRESSION. Image compression. Data Redundancy. Lossy vs Lossless Compression. Chapter 8.
Reading.. IMAGE COMPRESSION- I Week VIII Feb 25 Chapter 8 Sections 8.1, 8.2 8.3 (selected topics) 8.4 (Huffman, run-length, loss-less predictive) 8.5 (lossy predictive, transform coding basics) 8.6 Image
More informationAn Efficient Compression of Strongly Encrypted Images using Error Prediction, AES and Run Length Coding
An Efficient Compression of Strongly Encrypted Images using Error Prediction, AES and Run Length Coding Stebin Sunny 1, Chinju Jacob 2, Justin Jose T 3 1 Final Year M. Tech. (Cyber Security), KMP College
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones
Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg
More informationMassachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.
Massachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest Quiz 1 1. This quiz is intended to provide a fair measure of your understanding
More informationLinear Codes. Chapter 3. 3.1 Basics
Chapter 3 Linear Codes In order to define codes that we can encode and decode efficiently, we add more structure to the codespace. We shall be mainly interested in linear codes. A linear code of length
More informationCryptography and Game Theory: Designing Protocols for Exchanging Information
Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor Department of Computer Science and Applied Mathematics Weizmann Institute of Science, Rehovot 76100
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationCryptography: RSA and Factoring; Digital Signatures; Ssh
Cryptography: RSA and Factoring; Digital Signatures; Ssh Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin The Hardness of Breaking RSA
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationPrivate Inference Control For Aggregate Database Queries
Private Inference Control For Aggregate Database Queries Geetha Jagannathan geetha@cs.rutgers.edu Rebecca N. Wright Rebecca.Wright@rutgers.edu Department of Computer Science Rutgers, State University of
More informationSecret Ballot Elections in Computer Networks
Secret Ballot Elections in Computer Networks Hannu Nurmi Department of Political Science University of Turku SF-20500 Turku Finland Arto Salomaa Academy of Finland and Department of Mathematics University
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More information1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works.
MATH 13150: Freshman Seminar Unit 18 1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works. 1.1. Bob and Alice. Suppose that Alice wants to send a message to Bob over the internet
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto)
More informationSecure Physical-layer Key Generation Protocol and Key Encoding in Wireless Communications
IEEE Globecom Workshop on Heterogeneous, Multi-hop Wireless and Mobile Networks Secure Physical-layer ey Generation Protocol and ey Encoding in Wireless Communications Apirath Limmanee and Werner Henkel
More informationData Grid Privacy and Secure Storage Service in Cloud Computing
Data Grid Privacy and Secure Storage Service in Cloud Computing L.Revathi 1, S.Karthikeyan 2 1 Research Scholar, Department of Computer Applications, Dr. M.G.R. Educational and Research Institute University,
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationLecture 13 - Basic Number Theory.
Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted
More informationProfessor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,
Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California, Berkeley, CA 1 Summer School Objectives Exposure to current
More informationNotes on Factoring. MA 206 Kurt Bryan
The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor
More informationLecture 3: One-Way Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More information