Efficient File Sharing in Electronic Health Records
|
|
- Liliana Banks
- 8 years ago
- Views:
Transcription
1 Efficient File Sharing in Electronic Health Records Clémentine Gritti, Willy Susilo and Thomas Plantard University of Wollongong, Australia 27/02/2015 1/20
2 Outline for Section 1 1 Introduction 2 Solution 3 Construction 4 Security /20
3 Scenario DOCTORS C=Enc(EHR) LICENSE HOSPITAL Dec(C,LICENSE) =EHR GOVERNMENT 3/20
4 Entities and Roles 1 Hospital forwarding important information (EHR) to Doctors Hospital = Broadcaster Forwarding = Broadcasting 2 Government and other legislators granting the license for Doctors Legislators = Certifiers License = Certificate 3 Doctors working in that Hospital Doctors = Users 4/20
5 Previous Results Multi-Receiver Certificate-Based Encryption (MR-CBE) However not suitable results: size of public parameters and ciphertexts linear in the number of users n + only 1 certifier + selective CPA security in ROM C.-I. Fan, P.-J. Tsai, J.-J. Huang and W.-T. Chen, Anonymous Multi-receiver Certificate-Based Encryption. In CyberC C. Sur, C. D. Jung and K.-H. Rhee, Multi-receiver Certificate-Based Encryption and Application to Public Key Broadcast Encryption. In BLISS /20
6 Outline for Section 2 1 Introduction 2 Solution 3 Construction 4 Security /20
7 Broadcast Encryption (BE) Group of users Broadcaster PK and SK C=Enc(PK,K,S ) S S Dec(PK,C,S S,SK)=K if user belongs to S 7/20
8 Certificate-Based Encryption (CBE) Certifier User Certif=Cert(PK,PK,t,SK) C t(pk PK tsk) C=Enc(PK,PK,t,M) PK tm) PK,SK PK,SK Dec(PK,t,C,Certif,SK )=M C tif 8/20
9 Suitable Results BE: constant size for secret key and ciphertext + selective CPA security in SM CBE: constant size for certificate and ciphertext + adaptive CCA security in ROM D. Boneh, C. Gentry, and B. Waters, Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In CRYPTO C. Gentry, Certificate-Based Encryption and the Certificate Revocation Problem. In EUROCRYPT /20
10 Simple Combination BE: communication between 1 sender and n receivers CBE: communication between 1 sender and 1 receiver However not so appropriate results: simple combination BE + CBE gives size for ciphertext linear in number of users and number of certifiers 10/20
11 Efficient Combination File Sharing in Electronic Health Records (FSEHR) Constant size for secret key, certificate and ciphertext Selective CCA security in ROM Size for public parameters linear in number of users and number of certifiers 11/20
12 Outline for Section 3 1 Introduction 2 Solution 3 Construction 4 Security 2/20
13 Our Scheme - Setup On input security parameter λ, total number n of users and total number k of certifiers Run (p, G, G T, e) GroupGen(λ, n, k) For i = 1,, n, n + 2,, 2n, for g R G, α R Z p and γ R Z p, compute g i = g (αi) and v = g γ Hash functions H 1 : G {0, 1} G, H 2 : G G G and H 3 : G T G G G G {0, 1} λ For i {1,, n}, compute user i s secret key d i = g γ i (= v(αi) ) For j {1,, k}, for σ j R Z p, compute certifier j s public key w j = g σ j and secret key d cj = σ j Set public parameters P K = (p, G, G T, g, g 1,, g n, g n+2,, g 2n, v, w 1,, w k, H 1, H 2, H 3 ) 13/20
14 Our Scheme - Certif On input public parameters P K, certifier j s secret key d cj, user i and time period l represented as a string in {0, 1} For r i,j,l R Z p, compute user i s certificate e i,j,l e i,j,l,1 = g σj i H 1 (w j, l) σj r i,j,l = w (αi ) j H 1 (w j, l) σj r i,j,l e i,j,l,2 = g σj r i,j,l = w r i,j,l j 14/20
15 Our Scheme - Encrypt On input public parameters P K, set S u {1,, n} of users, set S c {1,, k} of certifiers and time period l For t R Z p, compute session key K = e(g n+1, g) t and ciphertext C C 1 = g t C 2 = j S c H 1 (w j, l) t C 3 = (v j S c w j i S u g n+1 i ) t C 4 = H 2 (C 1, C 3 ) t C 5 = H 3 (K, C 1, C 2, C 3, C 4 ) 5/20
16 Our Scheme - Decrypt On input public parameters P K, set S u {1,, n} of users, set S c {1,, k} of certifiers, time period l, user i S u with its secret key d i and its certificates e i,j,l for j S c and l, and ciphertext C Check whether e(c 1, H 2 (C 1, C 3 ))? = e(g, C 4 ) e(g i,c 3 ) e( j Sc e i,j,l,2,c 2 ) Compute K = e(d i j Sc e i,j,l,1 i Su\{i} g n+1 i +i,c 1) = e(g n+1, g) t Compute C 5 = H 3(K, C 1, C 2, C 3, C 4 ) If C 5 = C 5, then return K; otherwise return 6/20
17 Outline for Section 4 1 Introduction 2 Solution 3 Construction 4 Security 7/20
18 Assumption Definition (Decisional n-bilinear Diffie-Hellman Exponent assumption) For any t-time adversary B that is given (g, h, g a, g a2,, g an, g an+2,, g a2n ) G 2n+1, and a candidate to the Decisional n-bdhe problem that is either e(g, h) an+1 G T or a random value T, cannot distinguish the two cases with advantage greater than ε: AdvBDHE B,n = P r[b(g, h, g a, g a2,, g an, g an+2,, g a2n, e(g, h) an+1 ) = 1] P r[b(g, h, g a, g a2,, g an, g an+2,, g a2n, T ) = 1] ε. 8/20
19 Security Proofs Theorem (Selective CCA Security) The File Sharing scheme in Electronic Health Records FSEHR achieves Selective CCA Security under the Decisional n-bdhe assumption, in the random oracle model. Theorem (Collusion Resistance) The File Sharing scheme in Electronic Health Records FSEHR is fully secure against any number of colluders, in the random oracle model. 9/20
20 Thank you for your attention Any Questions? 20/20
Efficient File Sharing in Electronic Health Records
Efficient File Sharing in Electronic Health Records Clémentine Gritti, Willy Susilo, Thomas Plantard Centre for Computer and Information Security Research School of Computer Science and Software Engineering
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationMulti-Channel Broadcast Encryption
Multi-Channel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationPrivacy in Encrypted Content Distribution Using Private Broadcast Encryption
Privacy in Encrypted Content Distribution Using Private Broadcast Encryption Adam Barth 1, Dan Boneh 1, and Brent Waters 2 1 Stanford University, Stanford, CA 94305 {abarth, dabo}@cs.stanford.edu 2 SRI
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationOn the Difficulty of Software Key Escrow
On the Difficulty of Software Key Escrow Lars R. Knudsen and Torben P. Pedersen Katholieke Universiteit Leuven, Belgium, email: knudsen@esat.kuleuven.ac.be Cryptomathic, Denmark, email: tpp@cryptomathic.aau.dk
More informationEnforcing Role-Based Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationEfficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55-568 (04) Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counter-parts of the message authentication schemes in the public
More informationDAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems
1 DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems Kan Yang Student Member IEEE Xiaohua Jia Fellow IEEE Kui Ren Senior Member IEEE Bo Zhang Student Member IEEE and Ruitao
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationChosen-Ciphertext Security from Identity-Based Encryption
Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes
More informationSecure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve
Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy
More informationCategorical Heuristic for Attribute Based Encryption in the Cloud Server
Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationCERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY Vijayakrishnan Pasupathinathan, Josef Pieprzyk ACAC, Department of Computing, Macquarie University, Sydney, Australia krishnan@ics.mq.edu.au, josef@ics.mq.edu.au
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationComments on "public integrity auditing for dynamic data sharing with multi-user modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationMESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC
MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationFunctional Encryption for Public-Attribute Inner Products: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation
Functional Encryption for Public-Attribute Inner Products: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation Nuttapong Attrapadung 1 and Benoît Libert 2 1 Research Center
More informationIdentity-based Encryption with Efficient Revocation
A preliminary version of this paper appears in Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, ACM Press, 2008. This is the full version. Identity-based Encryption
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key
More informationIdentity-Based Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationUniversal Padding Schemes for RSA
Universal Padding Schemes for RSA Jean-Sébastien Coron, Marc Joye, David Naccache, and Pascal Paillier Gemplus Card International, France {jean-sebastien.coron, marc.joye, david.naccache, pascal.paillier}@gemplus.com
More informationCryptography for the Cloud
Cryptography for the Cloud ENS - CNRS - INRIA Cyber-Sécurité - SPECIF CNAM, Paris, France - November 7th, 2014 The Cloud Introduction 2 Access from Anywhere Introduction 3 Available for Everything One
More informationMulti-Recipient Encryption Schemes: Efficient Constructions and their Security
This is the full version of the paper with same title that appeared in IEEE Transactions on Information Theory, Volume 53, Number 11, 2007. It extends the previously published versions Ku, BBS. Multi-Recipient
More informationAn Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationDefinitions for Predicate Encryption
Definitions for Predicate Encryption Giuseppe Persiano Dipartimento di Informatica, Università di Salerno, Italy giuper@dia.unisa.it Thursday 12 th April, 2012 Cryptographic Proofs 1 Content Results on
More informationOn the Security of the Tor Authentication Protocol
On the Security of the Tor Authentication Protocol Ian Goldberg David R. Cheriton School of Computer Science, University of Waterloo, 00 University Ave W, Waterloo, ON NL 3G1 iang@cs.uwaterloo.ca Abstract.
More informationAnalysis of Privacy-Preserving Element Reduction of Multiset
Analysis of Privacy-Preserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaC-RIM, Seoul
More informationDemocratic Group Signatures on Example of Joint Ventures
Democratic Group Signatures on Example of Joint Ventures Mark Manulis Horst-Görtz Institute Ruhr-University of Bochum D-44801, Germany EMail: mark.manulis@rub.de Abstract. In the presence of economic globalization
More informationLecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationKeyword Search over Shared Cloud Data without Secure Channel or Authority
Keyword Search over Shared Cloud Data without Secure Channel or Authority Yilun Wu, Jinshu Su, and Baochun Li College of Computer, National University of Defense Technology, Changsha, Hunan, China Department
More informationIdentity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming
More informationNon-Interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions
Non-Interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions Benoît Libert 1 and Moti Yung 2 1 Université catholique de Louvain, ICTEAM Institute (Belgium)
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationAuthentication and Encryption: How to order them? Motivation
Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in
More informationAnonymity and Time in Public-Key Encryption
Anonymity and Time in Public-Key Encryption Elizabeth Anne Quaglia Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Mathematics
More informationChosen-Ciphertext Security from Identity-Based Encryption
Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCA-secure public-key encryption schemes
More informationSeparations in Circular Security for Arbitrary Length Key Cycles. Venkata Koppula! Kim Ramchen! Brent Waters
Separations in Circular Security for Arbitrary Length Key Cycles Venkata Koppula! Kim Ramchen! Brent Waters Circular Security Circular Security Circular Security Choose pk, sk! Encrypt using pk! Circular
More informationSELS: A Secure E-mail List Service *
SELS: A Secure E-mail List Service * Himanshu Khurana NCSA Work done with Adam Slagell and Rafael Bonilla * To appear in the Security Track of the ACM Symposium of Applied Computing (SAC), March 2005.
More informationEnsuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results
Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results Dario Catalano Dario Fiore Luca Nizzardo University of Catania Italy IMDEA Software Institute Madrid, Spain
More informationEFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE
EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India E-Mail: reshmamaryabraham@gmail.com
More informationHow To Create A Cryptosystem With A Tree Access Structure
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters Abstract As more sensitive data is shared and stored by third-party sites
More informationAttributed-based Access Control for Multi-Authority Systems in Cloud Storage
2012 32nd IEEE International Conference on Distributed Computing Systems Attributed-based Access Control for Multi-Authority Systems in Cloud Storage Kan Yang Department of Computer Science City University
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationEfficient Unlinkable Secret Handshakes for Anonymous Communications
보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique
More informationCryptoVerif Tutorial
CryptoVerif Tutorial Bruno Blanchet INRIA Paris-Rocquencourt bruno.blanchet@inria.fr November 2014 Bruno Blanchet (INRIA) CryptoVerif Tutorial November 2014 1 / 14 Exercise 1: preliminary definition SUF-CMA
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationSchnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania
Schnorr Signcryption Combining public key encryption with Schnorr digital signature Laura Savu, University of Bucharest, Romania IT Security for the Next Generation European Cup, Prague 17-19 February,
More informationA Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem
A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem Jintai Ding, Xiang Xie, Xiaodong Lin University of Cincinnati Chinese Academy of Sciences Rutgers University Abstract.
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationSecure Deduplication of Encrypted Data without Additional Independent Servers
Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas
More informationSecure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud
1 Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud Kan Yang Associate Member IEEE Xiaohua Jia Fellow IEEE Kui Ren Senior Member IEEE Abstract Due to the high volume
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationDigital Signatures: A Panoramic View. Palash Sarkar
Digital Signatures: A Panoramic View Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in International Conference on Electrical Engineering, Computing
More informationChapter 11. Asymmetric Encryption. 11.1 Asymmetric encryption schemes
Chapter 11 Asymmetric Encryption The setting of public-key cryptography is also called the asymmetric setting due to the asymmetry in key information held by the parties. Namely one party has a secret
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More information1 Construction of CCA-secure encryption
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of -secure encryption We now show how the MAC can be applied to obtain a -secure encryption scheme.
More informationVerifiably Encrypted Signatures with Short Keys based on the Decisional Linear Problem and Obfuscation for Encrypted VES
Verifiably Encrypted Signatures with Short Keys based on the Decisional Linear Problem and Obfuscation for Encrypted VES Ryo Nishimaki and Keita Xagawa NTT Secure Platform Laboratories, 3-9-11 Midori-cho,
More informationEnhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation
Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2
More information1 Domain Extension for MACs
CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).
More informationCorrecting Privacy Violations in Blind-Carbon-Copy (BCC) Encrypted Email
Correcting Privacy Violations in Blind-Carbon-Copy (BCC) Encrypted Email Adam Barth abarth@cs.stanford.edu Dan Boneh dabo@cs.stanford.edu Abstract We show that many widely deployed email encryption systems
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationWildcarded Identity-Based Encryption
Wildcarded Identity-Based Encryption Michel Abdalla 1, James Birkett 2, Dario Catalano 3, Alexander W. Dent 4, John Malone-Lee 5, Gregory Neven 6,7, Jacob C. N. Schuldt 8, and Nigel P. Smart 9 1 Ecole
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David Wu Joint work with Ankur Taly, Asim Shankar, and Dan Boneh The Internet of Things (IoT) Lots of smart devices, but only useful if
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationAn Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption
Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 1 An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment
More informationPrivacy, Security and Cloud
Privacy, Security and Cloud Giuseppe Di Luna July 2, 2012 Giuseppe Di Luna 2012 1 July 2, 2012 Giuseppe Di Luna 2012 2 July 2, 2012 Giuseppe Di Luna 2012 3 Security Concerns: Data leakage Data handling
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationCryptography and Network Security: Summary
Cryptography and Network Security: Summary Timo Karvi 12.2013 Timo Karvi () Cryptography and Network Security: Summary 12.2013 1 / 17 Summary of the Requirements for the exam The advices are valid for
More informationMultiuser Message Authentication, Application to Verifiable Secret Sharing and Key Management Schemes
Computer Science and Information Technology 1(2): 97-104, 2013 DOI: 10.13189/csit.2013.010204 http://www.hrpub.org Multiuser Message Authentication, Application to Verifiable Secret Sharing and Key Management
More informationVerifiable Outsourced Computations Outsourcing Computations to Untrusted Servers
Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation
More informationSearchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions
An extended abstract of this paper appears in Victor Shoup, editor, Advances in Cryptology CRYPTO 2005, Volume 3621 of Lecture Notes in Computer Science, pages 205 222, Santa Barbara, California, August
More informationDecentralized Access Control Schemes for Data Storage on Cloud
Computer Science and Engineering 2016, 6(1): 1-6 DOI: 10.5923/j.computer.20160601.01 Decentralized Access Control Schemes for Data Storage on Cloud Shraddha V. Mokle *, Nuzhat F. Shaikh Department of Computer
More informationBoosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data
Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it
More informationDealing Cards in Poker Games
1 Dealing Cards in Poker Games Philippe Golle Palo Alto Research Center pgolle@parc.com Abstract This paper proposes a new protocol for shuffling and dealing cards, that is designed specifically for games
More informationα α λ α = = λ λ α ψ = = α α α λ λ ψ α = + β = > θ θ β > β β θ θ θ β θ β γ θ β = γ θ > β > γ θ β γ = θ β = θ β = θ β = β θ = β β θ = = = β β θ = + α α α α α = = λ λ λ λ λ λ λ = λ λ α α α α λ ψ + α =
More informationProvable-Security Analysis of Authenticated Encryption in Kerberos
Provable-Security Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 30332-0765
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationAttribute-Based Broadcast Encryption Scheme Made Efficient
Attribute-Based Broadcast Encryption Scheme Made Efficient David Lubicz Thomas Sirvent D. Lubicz, T. Sirvent (Celar - Irmar) Efficient Attribute-Based Encryption AfricaCrypt 2008, June 13 th 1 / 23 Outline
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationA Generic Framework for Three-Factor Authentication
A Generic Framework for Three-Factor Authentication Jiangshan Yu 1 Guilin Wang 2 Yi Mu 2 Wei Gao 3 1 School of Computer Science University of Birmingham, UK 2 School of Computer Science and Software Engineering
More informationHow to Encrypt in the Mobile Cloud. Yuliang Zheng ( 鄭 玉 良 ) UNC Charlotte yzheng@uncc.edu
How to Encrypt in the Mobile Cloud Yuliang Zheng ( 鄭 玉 良 ) UNC Charlotte yzheng@uncc.edu Smartphones meet the cloud (Match made in the heaven) Smartphones Small storage Stolen/lost Models change yearly
More informationData Sharing on Untrusted Storage with Attribute-Based Encryption
Data Sharing on Untrusted Storage with Attribute-Based Encryption by Shucheng Yu A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements
More informationA Proposal for an ISO Standard for Public Key Encryption (version 2.1)
A Proposal for an ISO Standard for Public Key Encryption (version 2.1) Victor Shoup IBM Zurich Research Lab, Säumerstr. 4, 8803 Rüschlikon, Switzerland sho@zurich.ibm.com December 20, 2001 Abstract This
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationAn Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
More informationSimplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings
Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More information