969 resultados para security model
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partial-leakage-based security model for key exchange protocols. We propose a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the proposed model, by introducing a new concept: the leakage-resilient NAXOS trick. We identify a special property for public-key cryptosystems: pair generation indistinguishability, and show how to obtain the leakage-resilient NAXOS trick from a pair generation indistinguishable leakage-resilient public-key cryptosystem.
Resumo:
We construct two efficient Identity-Based Encryption (IBE) systems that admit selective-identity security reductions without random oracles in groups equipped with a bilinear map. Selective-identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in an adaptive-identity attack the adversary is allowed to choose this identity adaptively. Our first system—BB1—is based on the well studied decisional bilinear Diffie–Hellman assumption, and extends naturally to systems with hierarchical identities, or HIBE. Our second system—BB2—is based on a stronger assumption which we call the Bilinear Diffie–Hellman Inversion assumption and provides another approach to building IBE systems. Our first system, BB1, is very versatile and well suited for practical applications: the basic hierarchical construction can be efficiently secured against chosen-ciphertext attacks, and further extended to support efficient non-interactive threshold decryption, among others, all without using random oracles. Both systems, BB1 and BB2, can be modified generically to provide “full” IBE security (i.e., against adaptive-identity attacks), either using random oracles, or in the standard model at the expense of a non-polynomial but easy-to-compensate security reduction.
Resumo:
Network coding is a method for achieving channel capacity in networks. The key idea is to allow network routers to linearly mix packets as they traverse the network so that recipients receive linear combinations of packets. Network coded systems are vulnerable to pollution attacks where a single malicious node floods the network with bad packets and prevents the receiver from decoding correctly. Cryptographic defenses to these problems are based on homomorphic signatures and MACs. These proposals, however, cannot handle mixing of packets from multiple sources, which is needed to achieve the full benefits of network coding. In this paper we address integrity of multi-source mixing. We propose a security model for this setting and provide a generic construction.
Resumo:
Distributed-password public-key cryptography (DPwPKC) allows the members of a group of people, each one holding a small secret password only, to help a leader to perform the private operation, associated to a public-key cryptosystem. Abdalla et al. recently defined this tool [1], with a practical construction. Unfortunately, the latter applied to the ElGamal decryption only, and relied on the DDH assumption, excluding any recent pairing-based cryptosystems. In this paper, we extend their techniques to support, and exploit, pairing-based properties: we take advantage of pairing-friendly groups to obtain efficient (simulation-sound) zero-knowledge proofs, whose security relies on the Decisional Linear assumption. As a consequence, we provide efficient protocols, secure in the standard model, for ElGamal decryption as in [1], but also for Linear decryption, as well as extraction of several identity-based cryptosystems [6,4]. Furthermore, we strenghten their security model by suppressing the useless testPwd queries in the functionality.
Resumo:
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.
Resumo:
An accumulator based on bilinear pairings was proposed at CT-RSA'05. Here, it is first demonstrated that the security model proposed by Lan Nguyen does lead to a cryptographic accumulator that is not collision resistant. Secondly, it is shown that collision-resistance can be provided by updating the adversary model appropriately. Finally, an improvement on Nguyen's identity escrow scheme, with membership revocation based on the accumulator, by removing the trusted third party is proposed.
Resumo:
The primary motivation for signcryption was the gain in efficiency when both encryption and signing need to be performed. These two cryptographic operations may be done sequentially either by first encrypt and then sign (EtS) or alternatively, by first sign and then encrypt (StE). Further gains in efficiency can be achieved if encryption and signature are carried out in parallel (E&S). More importantly, however, is that these efficiency gains are complemented by gains in security, i.e., we may use relative weak encryption and signature schemes in order to obtain a “stronger” signcryption scheme. The reader is referred to Chaps. 2 and 3 for a discussion of the different “strengths” of security model (e.g., outsider vs. insider adversaries, two-user vs. multi-user setting).
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to provide security even when the adversary learns certain secret keys. In this work, we advance the modelling of AKE protocols by considering more granular, continuous leakage of long-term secrets of protocol participants: the adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated, with limits on the amount of leakage per query but no bounds on the total leakage. We present a security model supporting continuous leakage even when the adversary learns certain ephemeral secrets or session keys, and give a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the model; our protocol achieves continuous, after-the-fact leakage resilience with not much more cost than a previous protocol with only bounded, non-after-the-fact leakage.
Resumo:
A parallel authentication and public-key encryption is introduced and exemplified on joint encryption and signing which compares favorably with sequential Encrypt-then-Sign (ɛtS) or Sign-then-Encrypt (Stɛ) schemes as far as both efficiency and security are concerned. A security model for signcryption, and thus joint encryption and signing, has been recently defined which considers possible attacks and security goals. Such a scheme is considered secure if the encryption part guarantees indistinguishability and the signature part prevents existential forgeries, for outsider but also insider adversaries. We propose two schemes of parallel signcryption, which are efficient alternative to Commit-then-Sign-and- Encrypt (Ct&G3&S). They are both provably secure in the random oracle model. The first one, called generic parallel encrypt and sign, is secure if the encryption scheme is semantically secure against chosen-ciphertext attacks and the signature scheme prevents existential forgeries against random-message attacks. The second scheme, called optimal parallel encrypt. and sign, applies random oracles similar to the OAEP technique in order to achieve security using encryption and signature components with very weak security requirements — encryption is expected to be one-way under chosen-plaintext attacks while signature needs to be secure against universal forgeries under random-plaintext attack, that is actually the case for both the plain-RSA encryption and signature under the usual RSA assumption. Both proposals are generic in the sense that any suitable encryption and signature schemes (i.e. which simply achieve required security) can be used. Furthermore they allow both parallel encryption and signing, as well as parallel decryption and verification. Properties of parallel encrypt and sign schemes are considered and a new security standard for parallel signcryption is proposed.
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to capture the security of AKE protocols even when the adversary learns certain secret values. Increased granularity of security can be modelled by considering partial leakage of secrets in the manner of models for leakage-resilient cryptography, designed to capture side-channel attacks. In this work, we use the strongest known partial-leakage-based security model for key exchange protocols, namely continuous after-the-fact leakage eCK (CAFL-eCK) model. We resolve an open problem by constructing the first concrete two-pass leakage-resilient key exchange protocol that is secure in the CAFL-eCK model.
Resumo:
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family. When specialized to the RSA setting, the generic protocol yields the so-called KAS2 scheme that has recently been standardized by NIST. On the other hand, when specialized to the discrete log setting, we obtain a new protocol which we call DH2. An interesting feature of DH2 is that parties can use different groups (e.g., different elliptic curves). The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair. The security of KAS2 and DH2 is analyzed in an appropriate modification of the extended Canetti-Krawczyk security model.
Resumo:
A previdência social brasileira, apesar de constituir um dos modelos mais antigos e tradicionais de proteção social da América Latina, não muito distante dos modelos europeus quanto a sua gênese, passa por momentos difíceis. Em um contexto de rápido envelhecimento populacional, acelerada redução de natalidade e novas realidades de trabalho, nas quais a mão-de-obra assalariada perde seu espaço, o modelo tradicional de cobertura, nos moldes bismarckianos, carece de revisão, de forma a não somente adequar-se às novas premissas demográficas, mas permitir uma universalidade de cobertura efetiva. Para tanto, adota-se, como fundamento de um novo modelo, a justiça social em três dimensões necessidade, igualdade e mérito. A necessidade visa atender e assegurar a qualquer pessoa, dentro das necessidades sociais cobertas, um pagamento mínimo de forma a assegurar o mínimo existencial. A dimensão da igualdade, no viés material, visa preservar nível de bem-estar compatível, em alguma medida, com o usufruído durante a vida ativa. Já o mérito individual implica fornecer prestações mais elevadas aos que, conscientemente, reduziram o consumo presente, preservando parte de suas receitas para o futuro. As duas primeiras dimensões são, na proposta apresentada, organizadas pelo Estado, em pilares compulsórios e financiados, preponderantemente, por repartição simples. O modelo de financiamento adotado, no longo prazo, tem se mostrado mais seguro e isonômico frente a modelos capitalizados. As variantes demográficas podem ser adequadas mediante novos limites de idade para aposentadorias e, em especial, estímulo a natalidade, como novos serviços da previdência social, incluindo creches e pré-escolas. O terceiro pilar, fundado no mérito individual, é a previdência complementar, organizado de forma privada, autônoma e voluntária. Aqui, o financiamento sugerido é a capitalização, de forma a priorizar o rendimento e a eficiência, com as externalidades positivas para a economia e a sociedade, com risco assumido e aceitável em razão do papel subsidiário deste pilar protetivo. Os pilares estatais, no modelo proposto, serão financiados, exclusivamente, por impostos, pondo-se fim às contribuições sociais, que perdem a importância em um modelo universal de proteção. Troca-se a solidariedade do grupo pela solidariedade social e, como conseqüência, saem as contribuições e ingressam os impostos. Mesmo o segundo pilar, que visa prestações correlacionadas com os rendimentos em atividade, será financiado por adicional de imposto de renda. Sistema mais simples, eficaz, e com estímulo à formalização da receita por parte das pessoas. A gestão do modelo previdenciário, em todos os segmentos, contará com forte regulação estatal, mas com efetiva participação dos interessados, afastadas, dentro do possível, as ingerências políticas e formas de captura. A regulação previdenciária, desde adequadamente disciplinada e executada, permitirá que os pilares propostos funcionem em harmonia.
Resumo:
A segurança cidadã é apresentada nos dias de hoje como um novo modelo de segurança, forjado a partir da necessidade de aliar direito à segurança e proteção de direitos humanos. A expressão segurança cidadã habita planos de segurança nacionais e estratégias hemisféricas sobre segurança de forma bastante consensual, representando um avanço na atuação estatal frente às ameaças do campo da segurança pública, refletida em uma atuação humanizada. No desdobramento do conteúdo em ações, bem como na legitimação e propagação da terminologia e estratégias associadas a este modelo de segurança, a OEA se destaca como um importante espaço jurídico-político de caráter interamericano. O modelo de segurança cidadã é a conformação mais recente do conceito de segurança, que, entretanto, teve início na OEA - ainda anos 80 - por meio do desenvolvimento de documentos estratégicos de combate às drogas. Neste sentido, este trabalho quer entender, concretamente, em que medida esta novo modelo de segurança realmente oferece novas abordagens e/ou outras condições que representem uma ampliação na garantia de direitos humanos. Para tanto, considerasse relevante à análise dos mais relevantes documentos sobre segurança, nos quais é possível identificar conceitos-chave e estratégias de ação e como estes foram atualizados ao longo do tempo. Esta análise é feita a partir de uma perspectiva da criminologia crítica, que com seus conceitos e categorias equaciona aspectos da realidade político-criminal, bem como fatores socioeconômicos e da realidade carcerária da região, que usualmente não integram os modelos de segurança, embora tenham relação direta com uma mais ampla garantia de direitos humanos.
Resumo:
提出一个基于动态可信度的可调节安全模型MSMBDTD(modified security model based on dynamic trusted degree),它在可信计算的可信认证和度量的基础上,定义可信度判定规则,对系统运行过程中可信度的变化实施动态分析,在此基础上分别调节主体的访问权限,使可信度和访问范围保持一致,实现基于可信度的访问控制。文中对MSMBDTD进行了形式化描述,并分析和证明了模型的安全性。
Resumo:
对已有多级安全模型的可信主体支持进行回顾和分析,提出了DLS(离散标记序列)多级安全模型.该模型将可信主体的生命周期分解为一系列非可信状态,对每一个状态赋予一个敏感标记.可信主体的当前敏感标记等于当前非可信状态的敏感标记,非可信状态的切换由预定义的可信请求事件触发.从而可信主体的当前敏感标记可以根据其应用逻辑而动态调整.同时给出了模型保持系统安全性的安全状态和规则.与Bell模型等可信主体敏感标记范围模型相比,该模型在多级安全的策略范围内实现了可信主体的特权最小化.
