Secure public-key encryption from factorisation-related problems

Brown, Jaimee

January 2007

Public key encryption plays a vital role in securing sensitive data in practical applications. The security of many encryption schemes relies on mathematical problems related to the difficulty of factoring large integers. In particular, subgroup problems in composite order groups are a general class of problems widely used in the construction of secure public-key encryption schemes. This thesis studies public-key encryption schemes that are provably secure based on the difficulty of subgroup or other integer factorisation related problems in the standard model. Firstly, a number of new public-key encryption schemes are presented which are secure in the sense of indistinguishability against chosen-ciphertext attack in the standard model. These schemes are obtained by instantiating the two previous paradigms for chosen-ciphertext security by Cramer and Shoup, and Kurosawa and Desmedt, with three previously studied subgroup membership problems. The resulting schemes are very efficient, and are comparable if not superior in terms of efficiency when compared to previously presented instantiations. Secondly, a new approach is presented for constructing RSA-related public key encryption schemes secure in the sense of indistinguishability against chosenciphertext attack without random oracles. This new approach requires a new set of assumptions, called the Oracle RSA-type assumptions. The motivating observation is that RSA-based encryption schemes can be viewed as tag-based encryption schemes, and as a result can be used as a building block in a previous technique for obtaining chosen-ciphertext security. Two example encryption schemes are additionally presented, each of which is of comparable efficiency to other public key schemes of similar security. Finally, the notion of self-escrowed public-key infrastructures is revisited, and a security model is defined for self-escrowed encryption schemes. The security definitions proposed consider adversarial models which reflect an attacker's ability to recover private keys corresponding to public keys of the attacker's choice. General constructions for secure self-escrowed versions of ElGamal, RSA, Cramer-Shoup and Kurosawa-Desmedt encryption schemes are also presented, and efficient instantiations are provided. In particular, one instantiation solves the 'key doubling problem' observed in all previous self-escrowed encryption schemes. Also, for another instantiation a mechanism is described for distributing key recovery amongst a number of authorities.

public key encryption

subgroup membership problems

provable security

chosenciphertext security

Cramer-Shoup

RSA

self-escrowed encryption

key recovery

Email-based Telemedicine: Design and validation of a decision support model for service-delivery application

Liam Caffery

Unknown Date

There is a growing realisation from the Australian government that new models of health care will need to be developed to address the disparity of access, increasing demand and escalating cost of traditional means of delivering health care. There is growing evidence showing health care services can be delivered safely and efficiently by email. Despite this body of evidence the clinical utility of email is occurring at a much slower rate than in other business areas. Technological barriers and privacy risks are often cited as cause of the fragmented adoption and utilisation of email-based telemedicine. In addressing these impediments, the service-delivery application needs to be considered. The service-delivery applications used in email-based telemedicine can be divided into two distinct categories. The first is ordinary email applications — such as the commercial products used for personal communication — and the second is where the health care provider undertakes the development of an email application purpose-written to support their telemedicine service. This aim of this research was to develop a decision support model (DSM) to address the complex issues in choosing the service-delivery application most appropriate for an email service. Three areas which would influence a provider’s decision were identified — i) privacy and security ii) economics and ii) quality of service — and investigated. Most emails are sent in plain text across the Internet and pose a privacy risk. Encryption of the email message is used to mitigate the risk. Two means of encryption were investigated: public key infrastructure (PKI) used in conjunction with ordinary email and secure web-mail applications, which require the development of a purpose-written application. Decisive factors in choosing the most appropriate privacy-enhancing technology for an email-based service were identified by a number of means including: technical assessment of encryption models, literature review, survey of users of an email-based telemedicine service and analysis of client applications used in a telemedicine service. This investigation established that correspondent’s perception to privacy risk, email client application support of PKI, risk tolerance to human error and the technical skill are decisive factors in choosing privacy-enhancing technology. The survey respondents considered a privacy breach during email communication was either likely or very unlikely regardless of whether the communication was encrypted or not. Indicating correspondents are unlikely to comply with encryption especially if the technology is cumbersome. Although the population was of a limited demographic, there was a large proliferation (around 87%) of web-mail clients — for example, Hotmail and Gmail — amongst the users of email-based telemedicine services. Web-mail clients cannot be secured with PKI. Hence, assessment of client-email applications used by correspondents in telemedicine will influence the type of privacy-enhancing technology. Technical assessment of privacy-enhancing technology has identified human-error as a risk when using PKI. Secure web-mail obviates human-error. Therefore, tolerance to human-error risk will be decisive in choice of privacy-enhancing technology. PKI has received criticism for being user-unfriendly and requiring technical proficiency to use. This investigation has established the usability of secure web-mail is comparable to ordinary, unencrypted email. Indicating secure communication is feasible when services are not supported by technical expertise. The cost of providing an email-based service is influenced by the service-delivery application. To develop a purpose-written application will cost the heath care provider but staff may be able to work more efficiently because the resultant application contains telemedicine specific functionality that meet the exact requirements of the service. Staff resources to run an email-based telemedicine service using ordinary email were compared to staff resources to run the same service using a purpose-written application. The purpose-written application afforded a reduction of 3% in time for clinical staff. Ancillary staff savings were more pronounced with a 33% reduction in administrative staff time and a 21% reduction in supervisory staff time. A cost-minimisation analysis established at a workload of up to 5000 email consultations per annum it is more economical to the run the service with ordinary email. For higher workload volumes it is cheaper to run the service with a purpose-written application. The threshold of 5000 emails consultations is the point at which the higher initial development cost of a purpose- written application are offset by staff efficiencies. A sensitivity analysis established the most influential factor in the economic model was workload volume — development costs and variable costs had little influence on the threshold. Response time was established as a quality of service metric after investigation demonstrated increases in response time were strongly correlated with a decrease in utilisation rate. The response time to maximise the utilisation rate was 32h or less. Pre- and post- studies demonstrated a purpose-written application can reduce response times. Telemedicine specific functionality in a purpose-written application was also investigated. Conditions for a purpose-written application — for example, use of multi-disciplinary staff, a priority service model and continuum of care over multiple email exchanges — to be efficacious at reducing response times were established. The conditions identified in the privacy and security, economic and quality of service investigation were amalgamated into a DSM. The DSM was retrospectively tested by comparing the output of the model to a gold-standard of the actual service-delivery used by a number of subject organisations. When used to identify services that required a purpose-written application the DSM was 92% sensitive and 92% specific. The model was also tested prospectively and demonstrated 85% concordance from testers in the choosing the service-delivery application. Testing the DSM identified strengths for both ordinary email and purpose-written applications under different circumstances — indicating both are valid alternatives for email-based telemedicine. The individual requirements of a telemedicine service — for example, privacy requirements, participants, the workload volume, number of staff disciplines, mode of service — will dictate the choice of the most appropriate service-delivery application. Informed decision on when and why to use a service-delivery application has implications for the successful delivery of email-based telemedicine services because the choice of service-delivery application will affect: - The staff resources needed to run the service; - The capital cost of implementing a service; - The operating costs of running a service; - The response times to client emails which in turn, influences the utilisation of the service; - The privacy-enhancing technology which in turn, influences the usability and compliance to legislative and statutory requirements.

email

store-and-forward

telemedicine

telehealth

mental health

psychiatry

encryption

Public Key Infrastruture

Health Economics

cost-minimisation analysis

Trust-based routing in pure ad-hoc wireless networks

Pirzada, Asad Amir

January 2007

[Truncated abstract] An ad-hoc network of wireless nodes is a temporarily formed network, created, operated and managed by the nodes themselves. Due to its peculiar establishment and operational properties it is also often termed an infrastructure-less, self-organised, or spontaneous network. In order to extend the communication range of the nodes, beyond a single hop, specially configured routing protocols are used. The unique feature of these protocols is their ability to form routes in spite of a dynamic topology. For effective functioning of the network it is essential that the network nodes execute the routing protocols in a truthful manner regardless of their contemporary commitments and workload. In real life, this is more than often extremely difficult to realise, and so we often find malicious nodes also present in the same network. These nodes can either join externally or may originate internally by compromis- ing an existing benevolent node in the network. These malicious nodes can carry out an array of attacks against the routing protocols leading to route severing, unavailability of service or deception. A number of secure routing protocols, which make use of cryptographic algorithms to secure the routes, have recently been proposed. ... In order to sustain the improvised nature of ad-hoc networks, in this thesis, we have moved from the common mechanism of achieving trust via security to enforcing dependability through collaboration. We desist from the customary strategy of employing cryptography and instead use a trust model that is influ- enced by the human behavioural model. All nodes in the network independently execute this trust model and maintain their own assessment concerning other nodes in the network. Each node, based upon its individual experiences, rewards collabo- rating nodes for their benevolent behaviour and penalises malicious nodes for their malevolent conduct. To highlight the efficacy of this unique approach, we apply the trust model to three contemporary reactive routing protocols in a pure ad-hoc network. These trust reinforced routing protocols locate dependable routes in the network by observing the sincerity in participation of other nodes using a set of trust categories. The routes worked out in this way are neither protected in terms of security nor minimal in terms of hops. However, these routes traverse nodes, which have been identified as more trustworthy than others and for this reason are more dependable in extemporised circumstances. Through the help of extensive simulations, we have demonstrated that the usage of these protocols significantly improves the overall performance of the network even in the presence of a high percentage of malicious nodes. These protocols, being independent of a trust infrastructure, also enable rapid deployment and improved operation with dynamic adaptation to the current scenario. The prime advantage being gained is the ability to seamlessly integrate ad-hoc wireless networks belonging to dissimilar organisations.

Routing (Computer network management)

Ad hoc networks (Computer networks)

Trust security

Mobile

Rigorously analyzed algorithms for the discrete logarithm problem in quadratic number fields

Vollmer, Ulrich.

Unknown Date

Techn. University, Diss., 2004--Darmstadt.

Um modelo de infra-estrutura de chaves públicas para um correio eletrônico seguro / An infrastructure model of public keys for a secret email

Pedrini, Márcia

January 2004

Com o crescimento constante do uso do Correio Eletrônico, pela sua facilidade de uso e por sua rapidez na entrega da correspondência, cresce também a preocupação com a segurança no tráfego dos dados. Esta segurança é cada vez mais enfatizada, principalmente quando imagina-se a possibilidade de se ter as informações expostas a intrusos da Internet, que surgem com meios cada vez mais sofisticados para violar a privacidade e a segurança das informações. A certificação digital e a infra-estrutura de chaves públicas formam juntas a arquitetura de segurança mais utilizada para garantir os quatro quesitos básicos de segurança em correio eletrônico, que são: autenticação, integridade, não-repúdio, privacidade e datação. O Direto, desenvolvido pela PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, tem como objetivo principal atender a demanda de um software de comunicação de baixo custo, que interligue os diversos órgãos do estado. Por suas características, o sistema está suscetível a potenciais falhas de segurança. O Direto é baseado em software livre, o que diminui o custo do projeto e possibilita o seu uso por qualquer tipo de organização interessada, sem custo algum, com independência de plataforma e flexibilidade de aperfeiçoamento. O modelo proposto e o protótipo desenvolvido visam garantir a segurança das informações trafegadas pelo módulo de correio eletrônico do Direto, estendendo sua interface e incorporando os conceitos de certificados eletrônicos e infra-estrutura de chave pública, atendendo os quatro quesitos básicos de segurança. / With the growth of Eletronic Mail, caused by its ease of use and fast message deliver process, also grows the preocupation in security of transmitted data. This security is more and more emphasized, even more when there is a chance of having information exposed to intruders from the Internet that appears with ways more and more sophisticated for breaking the privacy and security of information. Digital Certification and public-key infrastructure are the current security standards used to ensure the five basic itens of electronic mail security: authenticity, integrity, privacy, non-repudiation and timestamping. Direto, developed by PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, was mainly designed with the purpouse of supporting the demands for a low cost communication software that could link the various state departments amoung themselves. Because of its characteristics, the system is susceptible to potential security failures. Direto is based on free software, thus reducing project costs and enabling it to be used by any kind of organization with no cost, with independence of platform and upgrade flexibility. The proposed model and developed prototype aim to guarantee the security of information transfered by the eletronic mail module of Direto, extending its interface and incorporating the concepts of electronic certification and public-key infrastructure. Thus implementing the five basic itens of security.

Seguranca : Computadores

Redes : Computadores

Seguranca : Redes : Computadores

Criptografia : Chave publica

Electronic certification

Public-key infrastructure

Direto

Information security

Um algoritmo de criptografia de chave pública semanticamente seguro baseado em curvas elípticas / A semantically secure public key algorithm based on elliptic curves

Araujo Neto, Afonso Comba de

January 2006

Esta dissertação apresenta o desenvolvimento de um novo algoritmo de criptografia de chave pública. Este algoritmo apresenta duas características que o tornam único, e que foram tomadas como guia para a sua concepção. A primeira característica é que ele é semanticamente seguro. Isto significa que nenhum adversário limitado polinomialmente consegue obter qualquer informação parcial sobre o conteúdo que foi cifrado, nem mesmo decidir se duas cifrações distintas correspondem ou não a um mesmo conteúdo. A segunda característica é que ele depende, para qualquer tamanho de texto claro, de uma única premissa de segurança: que o logaritmo no grupo formado pelos pontos de uma curva elíptica de ordem prima seja computacionalmente intratável. Isto é obtido garantindo-se que todas as diferentes partes do algoritmo sejam redutíveis a este problema. É apresentada também uma forma simples de estendê-lo a fim de que ele apresente segurança contra atacantes ativos, em especial, contra ataques de texto cifrado adaptativos. Para tanto, e a fim de manter a premissa de que a segurança do algoritmo seja unicamente dependente do logaritmo elíptico, é apresentada uma nova função de resumo criptográfico (hash) cuja segurança é baseada no mesmo problema. / This dissertation presents the development of a new public key algorithm. This algorithm has two key features, which were taken to be a goal from the start. The first feature is that it is semantically secure. That means that no polynomially bounded adversary can extract any partial information about the plaintext from the ciphertext, not even decide if two different ciphertexts correspond to the same plaintext. The second feature of the algorithm is that it depends on only one security assumption: that it is computationally unfeasible to calculate the logarithm on the group formed by the points of a prime order elliptic curve. That is achieved by ensuring that all parts of the algorithm are reducible to that problem. Also, it is presented a way to extend the algorithm so that it the resists attacks of an active adversary, in special, against an adaptive chosen-ciphertext attack. In order to do that, and attain to the assumption that only the assumption of the logarithm is necessary, it is introduced a new hash function with strength based of the same problem.

Criptografia

Seguranca : Computadores

Elliptic curves

Public-key cryptography

Semantic security

Complex multiplication

Um modelo de infra-estrutura de chaves públicas para um correio eletrônico seguro / An infrastructure model of public keys for a secret email

Pedrini, Márcia

January 2004

Com o crescimento constante do uso do Correio Eletrônico, pela sua facilidade de uso e por sua rapidez na entrega da correspondência, cresce também a preocupação com a segurança no tráfego dos dados. Esta segurança é cada vez mais enfatizada, principalmente quando imagina-se a possibilidade de se ter as informações expostas a intrusos da Internet, que surgem com meios cada vez mais sofisticados para violar a privacidade e a segurança das informações. A certificação digital e a infra-estrutura de chaves públicas formam juntas a arquitetura de segurança mais utilizada para garantir os quatro quesitos básicos de segurança em correio eletrônico, que são: autenticação, integridade, não-repúdio, privacidade e datação. O Direto, desenvolvido pela PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, tem como objetivo principal atender a demanda de um software de comunicação de baixo custo, que interligue os diversos órgãos do estado. Por suas características, o sistema está suscetível a potenciais falhas de segurança. O Direto é baseado em software livre, o que diminui o custo do projeto e possibilita o seu uso por qualquer tipo de organização interessada, sem custo algum, com independência de plataforma e flexibilidade de aperfeiçoamento. O modelo proposto e o protótipo desenvolvido visam garantir a segurança das informações trafegadas pelo módulo de correio eletrônico do Direto, estendendo sua interface e incorporando os conceitos de certificados eletrônicos e infra-estrutura de chave pública, atendendo os quatro quesitos básicos de segurança. / With the growth of Eletronic Mail, caused by its ease of use and fast message deliver process, also grows the preocupation in security of transmitted data. This security is more and more emphasized, even more when there is a chance of having information exposed to intruders from the Internet that appears with ways more and more sophisticated for breaking the privacy and security of information. Digital Certification and public-key infrastructure are the current security standards used to ensure the five basic itens of electronic mail security: authenticity, integrity, privacy, non-repudiation and timestamping. Direto, developed by PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, was mainly designed with the purpouse of supporting the demands for a low cost communication software that could link the various state departments amoung themselves. Because of its characteristics, the system is susceptible to potential security failures. Direto is based on free software, thus reducing project costs and enabling it to be used by any kind of organization with no cost, with independence of platform and upgrade flexibility. The proposed model and developed prototype aim to guarantee the security of information transfered by the eletronic mail module of Direto, extending its interface and incorporating the concepts of electronic certification and public-key infrastructure. Thus implementing the five basic itens of security.

Seguranca : Computadores

Redes : Computadores

Seguranca : Redes : Computadores

Criptografia : Chave publica

Electronic certification

Public-key infrastructure

Direto

Information security

Um algoritmo de criptografia de chave pública semanticamente seguro baseado em curvas elípticas / A semantically secure public key algorithm based on elliptic curves

Araujo Neto, Afonso Comba de

January 2006

Esta dissertação apresenta o desenvolvimento de um novo algoritmo de criptografia de chave pública. Este algoritmo apresenta duas características que o tornam único, e que foram tomadas como guia para a sua concepção. A primeira característica é que ele é semanticamente seguro. Isto significa que nenhum adversário limitado polinomialmente consegue obter qualquer informação parcial sobre o conteúdo que foi cifrado, nem mesmo decidir se duas cifrações distintas correspondem ou não a um mesmo conteúdo. A segunda característica é que ele depende, para qualquer tamanho de texto claro, de uma única premissa de segurança: que o logaritmo no grupo formado pelos pontos de uma curva elíptica de ordem prima seja computacionalmente intratável. Isto é obtido garantindo-se que todas as diferentes partes do algoritmo sejam redutíveis a este problema. É apresentada também uma forma simples de estendê-lo a fim de que ele apresente segurança contra atacantes ativos, em especial, contra ataques de texto cifrado adaptativos. Para tanto, e a fim de manter a premissa de que a segurança do algoritmo seja unicamente dependente do logaritmo elíptico, é apresentada uma nova função de resumo criptográfico (hash) cuja segurança é baseada no mesmo problema. / This dissertation presents the development of a new public key algorithm. This algorithm has two key features, which were taken to be a goal from the start. The first feature is that it is semantically secure. That means that no polynomially bounded adversary can extract any partial information about the plaintext from the ciphertext, not even decide if two different ciphertexts correspond to the same plaintext. The second feature of the algorithm is that it depends on only one security assumption: that it is computationally unfeasible to calculate the logarithm on the group formed by the points of a prime order elliptic curve. That is achieved by ensuring that all parts of the algorithm are reducible to that problem. Also, it is presented a way to extend the algorithm so that it the resists attacks of an active adversary, in special, against an adaptive chosen-ciphertext attack. In order to do that, and attain to the assumption that only the assumption of the logarithm is necessary, it is introduced a new hash function with strength based of the same problem.

Criptografia

Seguranca : Computadores

Elliptic curves

Public-key cryptography

Semantic security

Complex multiplication

Um modelo de infra-estrutura de chaves públicas para um correio eletrônico seguro / An infrastructure model of public keys for a secret email

Pedrini, Márcia

January 2004

Com o crescimento constante do uso do Correio Eletrônico, pela sua facilidade de uso e por sua rapidez na entrega da correspondência, cresce também a preocupação com a segurança no tráfego dos dados. Esta segurança é cada vez mais enfatizada, principalmente quando imagina-se a possibilidade de se ter as informações expostas a intrusos da Internet, que surgem com meios cada vez mais sofisticados para violar a privacidade e a segurança das informações. A certificação digital e a infra-estrutura de chaves públicas formam juntas a arquitetura de segurança mais utilizada para garantir os quatro quesitos básicos de segurança em correio eletrônico, que são: autenticação, integridade, não-repúdio, privacidade e datação. O Direto, desenvolvido pela PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, tem como objetivo principal atender a demanda de um software de comunicação de baixo custo, que interligue os diversos órgãos do estado. Por suas características, o sistema está suscetível a potenciais falhas de segurança. O Direto é baseado em software livre, o que diminui o custo do projeto e possibilita o seu uso por qualquer tipo de organização interessada, sem custo algum, com independência de plataforma e flexibilidade de aperfeiçoamento. O modelo proposto e o protótipo desenvolvido visam garantir a segurança das informações trafegadas pelo módulo de correio eletrônico do Direto, estendendo sua interface e incorporando os conceitos de certificados eletrônicos e infra-estrutura de chave pública, atendendo os quatro quesitos básicos de segurança. / With the growth of Eletronic Mail, caused by its ease of use and fast message deliver process, also grows the preocupation in security of transmitted data. This security is more and more emphasized, even more when there is a chance of having information exposed to intruders from the Internet that appears with ways more and more sophisticated for breaking the privacy and security of information. Digital Certification and public-key infrastructure are the current security standards used to ensure the five basic itens of electronic mail security: authenticity, integrity, privacy, non-repudiation and timestamping. Direto, developed by PROCERGS, Companhia de Processamento de Dados do Estado do Rio Grande do Sul, was mainly designed with the purpouse of supporting the demands for a low cost communication software that could link the various state departments amoung themselves. Because of its characteristics, the system is susceptible to potential security failures. Direto is based on free software, thus reducing project costs and enabling it to be used by any kind of organization with no cost, with independence of platform and upgrade flexibility. The proposed model and developed prototype aim to guarantee the security of information transfered by the eletronic mail module of Direto, extending its interface and incorporating the concepts of electronic certification and public-key infrastructure. Thus implementing the five basic itens of security.

Seguranca : Computadores

Redes : Computadores

Seguranca : Redes : Computadores

Criptografia : Chave publica

Electronic certification

Public-key infrastructure

Direto

Information security

Um algoritmo de criptografia de chave pública semanticamente seguro baseado em curvas elípticas / A semantically secure public key algorithm based on elliptic curves

Araujo Neto, Afonso Comba de

January 2006

Esta dissertação apresenta o desenvolvimento de um novo algoritmo de criptografia de chave pública. Este algoritmo apresenta duas características que o tornam único, e que foram tomadas como guia para a sua concepção. A primeira característica é que ele é semanticamente seguro. Isto significa que nenhum adversário limitado polinomialmente consegue obter qualquer informação parcial sobre o conteúdo que foi cifrado, nem mesmo decidir se duas cifrações distintas correspondem ou não a um mesmo conteúdo. A segunda característica é que ele depende, para qualquer tamanho de texto claro, de uma única premissa de segurança: que o logaritmo no grupo formado pelos pontos de uma curva elíptica de ordem prima seja computacionalmente intratável. Isto é obtido garantindo-se que todas as diferentes partes do algoritmo sejam redutíveis a este problema. É apresentada também uma forma simples de estendê-lo a fim de que ele apresente segurança contra atacantes ativos, em especial, contra ataques de texto cifrado adaptativos. Para tanto, e a fim de manter a premissa de que a segurança do algoritmo seja unicamente dependente do logaritmo elíptico, é apresentada uma nova função de resumo criptográfico (hash) cuja segurança é baseada no mesmo problema. / This dissertation presents the development of a new public key algorithm. This algorithm has two key features, which were taken to be a goal from the start. The first feature is that it is semantically secure. That means that no polynomially bounded adversary can extract any partial information about the plaintext from the ciphertext, not even decide if two different ciphertexts correspond to the same plaintext. The second feature of the algorithm is that it depends on only one security assumption: that it is computationally unfeasible to calculate the logarithm on the group formed by the points of a prime order elliptic curve. That is achieved by ensuring that all parts of the algorithm are reducible to that problem. Also, it is presented a way to extend the algorithm so that it the resists attacks of an active adversary, in special, against an adaptive chosen-ciphertext attack. In order to do that, and attain to the assumption that only the assumption of the logarithm is necessary, it is introduced a new hash function with strength based of the same problem.

Criptografia

Seguranca : Computadores

Elliptic curves

Public-key cryptography

Semantic security

Complex multiplication