Delaying mismatched field multiplications in pairing computations

Miller’s algorithm for computing pairings involves perform- ing multiplications between elements that belong to different finite fields. Namely, elements in the full extension field Fpk are multiplied by elements contained in proper subfields F pk/d , and by elements in the base field Fp . We show that significant speedups in pairing computations can be achieved by delaying these “mismatched” multiplications for an optimal number of iterations. Importantly, we show that our technique can be easily integrated into traditional pairing algorithms; implementers can exploit the computational savings herein by applying only minor changes to existing pairing code.

Attribute-based authenticated key exchange

We introduce the concept of attribute-based authenticated key exchange (AB-AKE) within the framework of ciphertext policy attribute-based systems. A notion of AKE-security for AB-AKE is presented based on the security models for group key exchange protocols and also taking into account the security requirements generally considered in the ciphertext policy attribute-based setting. We also extend the paradigm of hybrid encryption to the ciphertext policy attribute-based encryption schemes. A new primitive called encapsulation policy attribute-based key encapsulation mechanism (EP-AB-KEM) is introduced and a notion of chosen ciphertext security is de�ned for EP-AB-KEMs. We propose an EP-AB-KEM from an existing attribute-based encryption scheme and show that it achieves chosen ciphertext security in the generic group and random oracle models. We present a generic one-round AB-AKE protocol that satis�es our AKE-security notion. The protocol is generically constructed from any EP-AB-KEM that satis�es chosen ciphertext security. Instantiating the generic AB-AKE protocol with our EP-AB-KEM will result in a concrete one-round AB-AKE protocol also secure in the generic group and random oracle models.

Generic one round group key exchange in the standard model

Minimizing complexity of group key exchange (GKE) protocols is an important milestone towards their practical deployment. An interesting approach to achieve this goal is to simplify the design of GKE protocols by using generic building blocks. In this paper we investigate the possibility of founding GKE protocols based on a primitive called multi key encapsulation mechanism (mKEM) and describe advantages and limitations of this approach. In particular, we show how to design a one-round GKE protocol which satisfies the classical requirement of authenticated key exchange (AKE) security, yet without forward secrecy. As a result, we obtain the first one-round GKE protocol secure in the standard model. We also conduct our analysis using recent formal models that take into account both outsider and insider attacks as well as the notion of key compromise impersonation resilience (KCIR). In contrast to previous models we show how to model both outsider and insider KCIR within the definition of mutual authentication. Our analysis additionally implies that the insider security compiler by Katz and Shin from ACM CCS 2005 can be used to achieve more than what is shown in the original work, namely both outsider and insider KCIR.

Efficient certificateless KEM in the standard model

We give a direct construction of a certificateless key encapsulation mechanism (KEM) in the standard model that is more efficient than the generic constructions proposed before by Huang and Wong \cite{DBLP:conf/acisp/HuangW07}. We use a direct construction from Kiltz and Galindo's KEM scheme \cite{DBLP:conf/acisp/KiltzG06} to obtain a certificateless KEM in the standard model; our construction is roughly twice as efficient as the generic construction. We also address the security flaw discovered by Selvi et al. \cite{cryptoeprint:2009:462}.

Certificateless key agreement in the standard model

We show how to construct a certificateless key agreement protocol from the certificateless key encapsulation mechanism introduced by \cite{lippold-ICISC_2009} in ICISC 2009 using the \cite{DBLP:conf/acisp/BoydCNP08} protocol from ACISP 2008. We introduce the Canetti-Krawczyk (CK) model for certificateless cryptography, give security notions for Type I and Type II adversaries in the CK model, and highlight the differences to the existing e$^2$CK model discussed by \cite{DBLP:conf/pairing/LippoldBN09}. The resulting CK model is more relaxed thus giving more power to the adversary than the original CK model.

Delegation in predicate encryption supporting disjunctive queries

Predicate encryption has an advantage over traditional public-key or identity-based encryption, since predicate encryption systems provide more flexible control over access to encrypted data. We focus on delegation capabilities in predicate systems. More specifically, we investigate delegatable encryption systems supporting disjunctive predicate evaluations. We present formal security definitions of delegatable predicate encryption and provide the first delegatable predicate encryption scheme which supports disjunctive predicate evaluations in the public-key setting. We analyze the security of the proposed system and give a security proof. In addition, we present a delegatable predicate encryption in the symmetric-key setting and discuss the related security issues.

Assessment of the suitability of public mobile data networks for aircraft telemetry and control purposes

This paper provides a review of the state of the art relevant work on the use of public mobile data networks for aircraft telemetry and control proposes. Moreover, it describes the characterisation for airborne uses of the public mobile data communication systems known broadly as 3G. The motivation for this study was the explore how this mature public communication systems could be used for aviation purposes. An experimental system was fitted to a light aircraft to record communication latency, line speed, RF level, packet loss and cell tower identifier. Communications was established using internet protocols and connection was made to a local server. The aircraft was flown in both remote and populous areas at altitudes up to 8500 ft in a region located in South East Queensland, Australia. Results show that the average airborne RF levels are better than those on the ground by 21% and in the order of - 77dbm. Latencies were in the order of 500ms (1/2 the latency of Iridium), an average download speed of 0.48Mb/s, average uplink speed of 0.85Mb/s, a packet of information loss of 6.5%. The maximum communication range was also observed to be 70km from a single cell station. The paper also describes possible limitations and utility of using such communications architecture for both manned and unmanned aircraft systems.

Automating computational proofs for public-key-based key exchange

We present an approach to automating computationally sound proofs of key exchange protocols based on public-key encryption. We show that satisfying the property called occultness in the Dolev-Yao model guarantees the security of a related key exchange protocol in a simple computational model. Security in this simpler model has been shown to imply security in a Bellare {Rogaway-like model. Furthermore, the occultness in the Dolev-Yao model can be searched automatically by a mechanisable procedure. Thus automated proofs for key exchange protocols in the computational model can be achieved. We illustrate the method using the well-known Lowe-Needham-Schroeder protocol.

The development and validation of two complementary measures of drivers' hazard perception ability

Hazard perception in driving involves a number of different processes. This paper reports the development of two measures designed to separate these processes. A Hazard Perception Test was developed to measure how quickly drivers could anticipate hazards overall, incorporating detection, trajectory prediction, and hazard classification judgements. A Hazard Change Detection Task was developed to measure how quickly drivers can detect a hazard in a static image regardless of whether they consider it hazardous or not. For the Hazard Perception Test, young novices were slower than mid-age experienced drivers, consistent with differences in crash risk, and test performance correlated with scores in pre-existing Hazard Perception Tests. For drivers aged 65 and over, scores on the Hazard Perception Test declined with age and correlated with both contrast sensitivity and a Useful Field of View measure. For the Hazard Change Detection Task, novices responded quicker than the experienced drivers, contrary to crash risk trends, and test performance did not correlate with measures of overall hazard perception. However for drivers aged 65 and over, test performance declined with age and correlated with both hazard perception and Useful Field of View. Overall we concluded that there was support for the validity of the Hazard Perception Test for all ages but the Hazard Change Detection Task might only be appropriate for use with older drivers.