Spelling suggestions: "subject:"provably"" "subject:"movable""
1 |
SoK: A Practical Cost Comparison Among Provable Data Possession SchemesBartlett, Alex Michael 01 May 2018 (has links)
Provable Data Possession (PDP) schemes provide users with the ability to efficiently audit and verify the integrity of data stored with potentially unreliable third-parties, such as cloud storage service providers. While dozens of PDP schemes have been developed, no PDP schemes have been practically implemented with an existing cloud service. This work attempts to provide a starting point for the integration of PDP schemes with cloud storage service providers by providing a cost analysis of PDP schemes. This cost analysis is performed by implementing and analyzing five PDP schemes representative of the dozens of various PDP approaches. This paper provides analysis of the overhead and performance of each of these schemes to generate a comparable cost for each scheme using real-world cloud pricing models. Results show that the total cost of each scheme is comparable for smaller file sizes, but for larger files this cost can vary across schemes by an order of magnitude. Ultimately, the difference in cost between the simple MAC-based PDP scheme and the most "efficient" PDP scheme is negligible. While the MAC-PDP scheme may not be the most efficient, no other scheme improving upon it's complexity can be implemented without the use of additional services or APIs leading to the conclusion that the simplest, storage only PDP scheme is the most practical to implement. Furthermore, the findings in this paper suggest that, in general, PDP schemes optimize on an inaccurate cost model and that future schemes should consider the existing economic realities of cloud services.
|
2 |
Novel Computational Protein Design Algorithms with Applications to Cystic Fibrosis and HIVRoberts, Kyle Eugene January 2014 (has links)
<p>Proteins are essential components of cells and are crucial for catalyzing reactions, signaling, recognition, motility, recycling, and structural stability. This diversity of function suggests that nature is only scratching the surface of protein functional space. Protein function is determined by structure, which in turn is determined predominantly by amino acid sequence. Protein design aims to explore protein sequence and conformational space to design novel proteins with new or improved function. The vast number of possible protein sequences makes exploring the space a challenging problem. </p><p>Computational structure-based protein design (CSPD) allows for the rational design of proteins. Because of the large search space, CSPD methods must balance search accuracy and modeling simplifications. We have developed algorithms that allow for the accurate and efficient search of protein conformational space. Specifically, we focus on algorithms that maintain provability, account for protein flexibility, and use ensemble-based rankings. We present several novel algorithms for incorporating improved flexibility into CSPD with continuous rotamers. We applied these algorithms to two biomedically important design problems. We designed peptide inhibitors of the cystic fibrosis agonist CAL that were able to restore function of the vital cystic fibrosis protein CFTR. We also designed improved HIV antibodies and nanobodies to combat HIV infections.</p> / Dissertation
|
3 |
On Pairing-Based Signature and Aggregate Signature SchemesKnapp, Edward January 2008 (has links)
In 2001, Boneh, Lynn, and Shacham presented a pairing-based signature scheme known as the BLS signature scheme.
In 2003, Boneh, Gentry, Lynn, and Shacham presented the first aggregate signature scheme called the BGLS aggregate signature scheme. The BGLS scheme allows for N users with N signatures to combine their signatures into a single signature. The size of the resulting signature is independent of N. The BGLS signature scheme enjoys roughly the same level of security as the BLS scheme.
In 2005, Waters presented a pairing-based signature scheme which does not assume the existence of random oracles. In 2007, Lu, Ostrovsky, Sahai, Shacham, and Waters presented the LOSSW aggregate signature scheme which does not assume the existence of random oracles.
The BLS, BGLS, Waters, and LOSSW authors each chose to work with a restricted class of pairings. In each scheme, it is clear that the scheme extend to arbitrary pairings. We present the schemes in their full generality, explore variations of the schemes, and discuss optimizations that can be made when using specific pairings.
Each of the schemes we discuss is secure assuming that the computational Diffie-Hellman (CDH) assumption holds. We improve on the security reduction for a variation of the BGLS signature scheme which allows for some restrictions of the BGLS signature scheme can be dropped and provides a stronger guarantee of security. We show that the BGLS scheme can be modified to reduce public-key size in presence of a certifying authority, when a certain type of pairing is used. We show that patient-free bit-compression can be applied to each of the scheme with a few modifications.
|
4 |
On Pairing-Based Signature and Aggregate Signature SchemesKnapp, Edward January 2008 (has links)
In 2001, Boneh, Lynn, and Shacham presented a pairing-based signature scheme known as the BLS signature scheme.
In 2003, Boneh, Gentry, Lynn, and Shacham presented the first aggregate signature scheme called the BGLS aggregate signature scheme. The BGLS scheme allows for N users with N signatures to combine their signatures into a single signature. The size of the resulting signature is independent of N. The BGLS signature scheme enjoys roughly the same level of security as the BLS scheme.
In 2005, Waters presented a pairing-based signature scheme which does not assume the existence of random oracles. In 2007, Lu, Ostrovsky, Sahai, Shacham, and Waters presented the LOSSW aggregate signature scheme which does not assume the existence of random oracles.
The BLS, BGLS, Waters, and LOSSW authors each chose to work with a restricted class of pairings. In each scheme, it is clear that the scheme extend to arbitrary pairings. We present the schemes in their full generality, explore variations of the schemes, and discuss optimizations that can be made when using specific pairings.
Each of the schemes we discuss is secure assuming that the computational Diffie-Hellman (CDH) assumption holds. We improve on the security reduction for a variation of the BGLS signature scheme which allows for some restrictions of the BGLS signature scheme can be dropped and provides a stronger guarantee of security. We show that the BGLS scheme can be modified to reduce public-key size in presence of a certifying authority, when a certain type of pairing is used. We show that patient-free bit-compression can be applied to each of the scheme with a few modifications.
|
5 |
Study of Provable Secure Cryptosystems and Signature SchemesRao, Fang-Yu 06 September 2005 (has links)
Providing a security proof is always an important issue in the process of designing a cryptographic scheme or protocol. We often show the security of a cryptosystem via ¡§problem reduction.¡¨ In this thesis, lots of emphasis was put on the review of techniques for proving the security of cryptosystems. These techniques consist of Random Oracle Model and Forking Lemma. We also introduced some well-known
cryptographic schemes which can be proved secure using these techniques. Then we offered a security proof of a blind signature scheme based on the one proposed by Fan. In the end, we made a comparison between our proof and the proof of another blind signature scheme provided by David Pointcheval and Jacques Stern. Some arguments and discussions about using the Random Oracle Model to prove
the security of a cryptosystem were also included.
|
6 |
On the security and efficiency of encryptionCash, Charles David 24 September 2009 (has links)
This thesis is concerned with the design and analysis of practical provably-secure encryption schemes. We give several results that include new schemes with attractive tradeoffs between efficiency and security and new techniques for analyzing existing schemes. Our results are divided into three chapters, which we summarize below.
The Twin Diffie-Hellman Problem. We describe techniques for analyzing encryption schemes based on the hardness of Diffie-Hellman-type problems. We apply our techniques to several specific cases of encryption, including identity-based encryption, to design a collection of encryption schemes that offer improved tradeoffs between efficiency and evidence for security over similar schemes. In addition to offering quantitative advantages over prior work in this area, our technique also simplifies security proofs for these types of encryption schemes.
Our main tool in this chapter is the notion of Twin Diffie-Hellman Problems, which provide an intermediate step for organizing security reductions and reveal very simple variants of known schemes with correspondingly simple, but non-obvious, analyses.
Non-Malleable Hash Functions. We consider security proofs for encryption that are carried out in the random oracle model, where one declares that a scheme's hash functions are ``off limits' for an attacker in order to make a proof go through. Such proofs leave some doubt as to the security of the scheme in practice, when attackers are free to exploit weaknesses in the hash functions. A particular concern is that a scheme may be insecure in practice no matter what very strong security properties its real hash functions satisfy.
We address this doubt for an encryption scheme of Bellare and Rogaway by showing that, using appropriately strong hash functions, this scheme's hash functions can be partially instantiated in a secure way.
|
7 |
Protection des Accélérateurs Matériels de Cryptographie SymétriqueGuilley, Sylvain 14 December 2012 (has links) (PDF)
Les contremesures de masquage et de dissimulation permettent de rendre plus compliquées les attaques sur les implémentations de chiffrement symétrique. Elles sont aussi toutes deux aisément implémentables (et ce de façon automatisable) dans des flots EDA (Electronic Design Automation) pour ASIC (Application Specific Integrated Circuit) ou FPGA (Field Programmable Gates Array), avec certes différents niveaux d'expertise requis selon la contremesure concernée. Le masquage assure une protection "dynamique" s'appuyant sur un mélange d'aléa en cours de calcul. Nous montrons comment optimiser l'usage de cet aléa grâce à un codage qui permet de compresser les fuites d'information (leakage squeezing). Les limites du masquage s'étudient grâce à des outils de statistique, en analysant des distributions de probabilités. L'outil maître pour évaluer les imperfections des logiques DPL (Dual-rail with Precharge Logic style) est l'analyse stochastique, qui tente de modéliser des fuites "statiques" combinant plusieurs bits. L'inconvénient du masquage est que les attaques sont structurelles à l'utilisation d'aléa : si une attaque réussit sur une partie de la clé (e.g. un octet), alors a priori tous les autres octets sont de façon consistante vulnérables à la même attaque. La situation est différente avec les DPL : en cas de problème d'implémentation, seuls les octets de clés impliqués dans les parties déséquilibrées sont compromis, et non toute la clé. Une façon encore moins coûteuse de protéger les implémentations cryptographiques contre les attaques physiques est la résilience. C'est un usage astucieux de primitives a priori non protégées qui permet d'assurer la protection des secrets. L'avantage des approches résilientes est leur simplicité de mise en oeuvre et (idéalement), leur prouvabilité. Le principal inconvénient est que les contraintes d'usage ne sont souvent pas compatibles avec les standards actuels. Ainsi, nous pensons que davantage de recherche dans ce domaine pourrait globalement être profitable à l'industrie de la sécurité de systèmes embarqués.
|
8 |
Provable security support for kerberos (and beyond)Kumar, Virendra 18 May 2012 (has links)
Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Like other standard protocols, Kerberos is no exception to security flaws and weaknesses, as has been demonstrated in several prior works. Provable security guarantees go a long way in restoring users' faith, thus making a protocol an even stronger candidate for standards. In this thesis, our goal was thus to provide provable security support for Kerberos and other practical protocols. Our contributions are three-fold:
We first look at the symmetric encryption schemes employed in the current version 5 of Kerberos. Several recent results have analyzed a significant part of Kerberos v.5 using formal-methods-based approaches, which are meaningful only if the underlying encryption schemes satisfy strong cryptographic notions of privacy and authenticity. However, to our knowledge these schemes were never analyzed and proven to satisfy such notions. This thesis aims to bridge this gap. Our provable security analyses confirm that some of the encryption scheme options in Kerberos v.5 already provide privacy and authenticity, and for the remaining we suggest slight modifications for the same.
We next turn our attention to the ways in which the keys and other random strings needed in cryptographic schemes employed by practical protocols are generated. Randomness needs to be carefully generated for the provable security guarantees to hold. We propose an efficient pseudorandom generator (PRG) based on hash functions. The security of our PRG relies on exponential collision-resistance and regularity of the underlying hash function. Our PRG can be used to generate various strings, like session keys, sequence numbers, confounders, etc., which are all suggested to be generated randomly in the Kerberos v.5 specification, but no algorithms are mentioned. Each of the above strings are required to satisfy different properties, all of which are trivially satisfied by the pseudorandom strings output by a PRG.
Finally, we look at the problem of revocation associated with two relatively new types of encryption schemes: identity-based encryption (IBE) and attribute-based encryption (ABE). While these encryption schemes are relatively less efficient compared to public-key encryption schemes, they have already been used (and are very likely to be used in future, as well) in many practical protocols due to their attractive features. Any setting, public-key, identity-based, or attribute-based, must provide a means to revoke users from the system. However, unlike public-key encryption, there has been little prior work on studying the revocation mechanisms in an IBE or ABE. We propose new primitives and their efficient and provably secure instantiations, focusing on the revocation problem.
We would like to note that even though all the results presented in this thesis are motivated mainly by provable security in practice, only the first bullet above has a direct impact on a practical and widely deployed protocol Kerberos. Our PRG is the most efficient construction among theoretical PRGs, but it may still not be efficient enough to be directly usable in practical protocols. And our results and techniques for revocation in IBE and ABE have found much wider applications in information security, such as mobile social networks, cloud-based secure health records, data outsourcing systems, vehicular ad-hoc networks, etc.
|
9 |
Secure Key Establishment for Mobile NetworksTin, Yiu Shing (Terry) January 2005 (has links)
Informal analysis of authenticated key establishment (ake) protocols was commonly accepted as the valid argument for their security in the past. Although it can provide some confidence in protocol correctness, experience has shown time and again that ake protocols are likely to contain flaws even after an informal analysis is completed. Therefore, it has become increasingly common to expect a formal analysis, and preferably a mathematical proof, of any published ake protocol in order to obtain increased confidence in its security. In this research we use an appropriate model for analysing ake protocols based on its features and properties. The model allows us to design ake protocols modularly and reuse existing protocol components. We provide a detailed description of its formalisation, operations and usage. This description also includes ways of extracting new protocol components from existing ake protocols. Following the description of the model, we propose a new unauthenticated key establishment protocol for two-party communications. By composing this protocol with authentication protocols, we can construct several new secure ake protocols. These new protocols are compared with existing protocols for their computational efficiency. The comparison shows that our new proven secure protocols are as efficient as the existing protocols with an informal security analysis. We then propose a three-party key establishment protocol which involves a trusted server and two users. We also propose a non-interactive authentication protocol and discuss it and a variant of it. These components are used to construct a secure three-party ake protocol that supports a privacy framework. This framework allows users to remain anonymous while conducting electronic transactions with an independent service provider. A new password-based authentication protocol is proposed to address the problem of authentication using passwords. This protocol carries a proof of security and satisfies a slightly relaxed definition of security. We demonstrate its application by composing it with existing key establishment protocols. To maximise its use, we modified a two-party key establishment protocol to become three-party server based. By using the server for authentication, two users within a common network domain can establish a secure session key. Only a small number of ake protocols are demonstrated in this thesis. There exist many more provably secure ake protocols that can be constructed using the protocol components presented by applying the approach of "mix and match". That is, each new component results in a number of new ake protocols depending on the number of existing components.
|
10 |
Formalisation de preuves de sécurité concrète / Formal Methods For Concrete Security ProofsDaubignard, Marion 12 January 2012 (has links)
Cette thèse se propose de remédier à l'absence de formalisme dédié aux preuves de sécurité concrète à travers 3 contributions. Nous présentons d'abord la logique CIL (Computational Indistinguishability Logic), qui permet de raisonner sur les systèmes cryptographiques. Elle contient un petit nombre de règles qui correspondent aux raisonnements souvent utilisés dans les preuves. Leur formalisation est basée sur des outils classiques comme les contextes ou les bisimulations. Deuxièmement, pour plus d'automatisation des preuves, nous avons conçu une logique de Hoare dédiée aux chiffrement asymétrique dans le modèle de l'oracle aléatoire. Elle est appliquée avec succès sur des exemples de schémas existants. Enfin, nous proposons un théorème générique de réduction pour la preuve d'indifférentiabilité d'un oracle aléatoire de fonctions de hachage cryptographiques. La preuve du théorème, formalisée en CIL, en démontre l'applicabilité. Les exemples de Keccak et Chop-Merkle-Damgard illustrent ce résultat. / In this thesis, we address the lack of formalisms to carry out concrete security proofs. Our contributions are threefold. First, we present a logic, named Computational Indistinguishability Logic (CIL), for reasoning about cryptographic systems. It consists in a small set of rules capturing reasoning principles common to many proofs. Their formalization relies on classic tools such as bisimulation relations and contexts. Second, and in order to increase proof automation, it presents a Hoare logic dedicated to asymmetric encryption schemes in the Random Oracle Model that yields an automated and sound verification method. It has been successfully applied to existing encryption schemes. Third, it presents a general reduction theorem for proving indifferentiability of iterative hash constructions from a random oracle. The theorem is proven in CIL demonstrating the usefulness of the logic and has been applied to constructions such as the SHA-3 candidate Keccak and the Chop-MD construction.
|
Page generated in 0.0489 seconds