991 resultados para certificate-based signatures
Resumo:
Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving---a form of self-enforcement---and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer.
Resumo:
We consider the following problem: users in a dynamic group store their encrypted documents on an untrusted server, and wish to retrieve documents containing some keywords without any loss of data confidentiality. In this paper, we investigate common secure indices which can make multi-users in a dynamic group to obtain securely the encrypted documents shared among the group members without re-encrypting them. We give a formal definition of common secure index for conjunctive keyword-based retrieval over encrypted data (CSI-CKR), define the security requirement for CSI-CKR, and construct a CSI-CKR based on dynamic accumulators, Paillier’s cryptosystem and blind signatures. The security of proposed scheme is proved under strong RSA and co-DDH assumptions.
Resumo:
One-time proxy signatures are one-time signatures for which a primary signer can delegate his or her signing capability to a proxy signer. In this work we propose two one-time proxy signature schemes with different security properties. Unlike other existing one-time proxy signatures that are constructed from public key cryptography, our proposed schemes are based one-way functions without trapdoors and so they inherit the communication and computation efficiency from the traditional one-time signatures. Although from a verifier point of view, signatures generated by the proxy are indistinguishable from those created by the primary signer, a trusted authority can be equipped with an algorithm that allows the authority to settle disputes between the signers. In our constructions, we use a combination of one-time signatures, oblivious transfer protocols and certain combinatorial objects. We characterise these new combinatorial objects and present constructions for them.
Resumo:
This study demonstrates a novel method for testing the hypothesis that variations in primary and secondary particle number concentration (PNC) in urban air are related to residual fuel oil combustion at a coastal port lying 30 km upwind, by examining the correlation between PNC and airborne particle composition signatures chosen for their sensitivity to the elemental contaminants present in residual fuel oil. Residual fuel oil combustion indicators were chosen by comparing the sensitivity of a range of concentration ratios to airborne emissions originating from the port. The most responsive were combinations of vanadium and sulfur concentration ([S], [V]) expressed as ratios with respect to black carbon concentration ([BC]). These correlated significantly with ship activity at the port and with the fraction of time during which the wind blew from the port. The average [V] when the wind was predominantly from the port was 0.52 ng.m-3 (87%) higher than the average for all wind directions and 0.83 ng.m-3 (280%) higher than that for the lowest vanadium yielding wind direction considered to approximate the natural background. Shipping was found to be the main source of V impacting urban air quality in Brisbane. However, contrary to the stated hypothesis, increases in PNC related measures did not correlate with ship emission indicators or ship traffic. Hence at this site ship emissions were not found to be a major contributor to PNC compared to other fossil fuel combustion sources such as road traffic, airport and refinery emissions.
Resumo:
Motivated by privacy issues associated with dissemination of signed digital certificates, we define a new type of signature scheme called a ‘Universal Designated-Verifier Signature’ (UDVS). A UDVS scheme can function as a standard publicly-verifiable digital signature but has additional functionality which allows any holder of a signature (not necessarily the signer) to designate the signature to any desired designated-verifier (using the verifier’s public key). Given the designated-signature, the designated-verifier can verify that the message was signed by the signer, but is unable to convince anyone else of this fact. We propose an efficient deterministic UDVS scheme constructed using any bilinear group-pair. Our UDVS scheme functions as a standard Boneh-Lynn-Shacham (BLS) signature when no verifier-designation is performed, and is therefore compatible with the key-generation, signing and verifying algorithms of the BLS scheme. We prove that our UDVS scheme is secure in the sense of our unforgeability and privacy notions for UDVS schemes, under the Bilinear Diffie-Hellman (BDH) assumption for the underlying group-pair, in the random-oracle model. We also demonstrate a general constructive equivalence between a class of unforgeable and unconditionally-private UDVS schemes having unique signatures (which includes the deterministic UDVS schemes) and a class of ID-Based Encryption (IBE) schemes which contains the Boneh-Franklin IBE scheme but not the Cocks IBE scheme.
Resumo:
A combination of laser plasma ablation and strain control in CdO/ZnO heterostructures is used to produce and stabilize a metastable wurtzite CdO nanophase. According to the Raman selection rules, this nanophase is Raman-active whereas the thermodynamically preferred rocksalt phase is inactive. The wurtzite-specific and thickness/strain-dependent Raman fingerprints and phonon modes are identified and can be used for reliable and inexpensive nanophase detection. The wurtzite nanophase formation is also confirmed by x-ray diffractometry. The demonstrated ability of the metastable phase and phonon mode control in CdO/ZnO heterostructures is promising for the development of next-generation light emitting sources and exciton-based laser diodes.
Resumo:
This paper is about localising across extreme lighting and weather conditions. We depart from the traditional point-feature-based approach as matching under dramatic appearance changes is a brittle and hard thing. Point feature detectors are fixed and rigid procedures which pass over an image examining small, low-level structure such as corners or blobs. They apply the same criteria applied all images of all places. This paper takes a contrary view and asks what is possible if instead we learn a bespoke detector for every place. Our localisation task then turns into curating a large bank of spatially indexed detectors and we show that this yields vastly superior performance in terms of robustness in exchange for a reduced but tolerable metric precision. We present an unsupervised system that produces broad-region detectors for distinctive visual elements, called scene signatures, which can be associated across almost all appearance changes. We show, using 21km of data collected over a period of 3 months, that our system is capable of producing metric localisation estimates from night-to-day or summer-to-winter conditions.
Resumo:
Selumetinib (AZD6244, ARRY-142886) is a selective, non-ATP-competitive inhibitor of mitogen-activated protein/extracellular signal-regulated kinase kinase (MEK)-1/2. The range of antitumor activity seen preclinically and in patients highlights the importance of identifying determinants of response to this drug. In large tumor cell panels of diverse lineage, we show that MEK inhibitor response does not have an absolute correlation with mutational or phospho-protein markers of BRAF/MEK, RAS, or phosphoinositide 3-kinase (PI3K) activity. We aimed to enhance predictivity by measuring pathway output through coregulated gene networks displaying differential mRNA expression exclusive to resistant cell subsets and correlated to mutational or dynamic pathway activity. We discovered an 18-gene signature enabling measurement of MEK functional output independent of tumor genotype. Where the MEK pathway is activated but the cells remain resistant to selumetinib, we identified a 13-gene signature that implicates the existence of compensatory signaling from RAS effectors other than PI3K. The ability of these signatures to stratify samples according to functional activation of MEK and/or selumetinib sensitivity was shown in multiple independent melanoma, colon, breast, and lung tumor cell lines and in xenograft models. Furthermore, we were able to measure these signatures in fixed archival melanoma tumor samples using a single RT-qPCR-based test and found intergene correlations and associations with genetic markers of pathway activity to be preserved. These signatures offer useful tools for the study of MEK biology and clinical application of MEK inhibitors, and the novel approaches taken may benefit other targeted therapies.
Resumo:
At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).
Resumo:
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.
Resumo:
Many students enter business degrees without a defined career goal beyond working in the business world and adopt a scattergun approach to employability by accumulating certifications accessed through individual subjects. Yet, space and time limitations commonly prevent extended exposure to rewarding and interesting career subfields within main specialisations. This case study draws on student feedback collected over three years exploring students’ career interest following an elective human resource development subject in the final stage of a human resources major. Project-based curriculum provided students with scaffolded learning while undertaking key multiphase human resource development tasks. Subsequently, students reported human resource development career interest and intent, attributed to more realistic appreciation of human resource development’s activities, scope, and values. The paper makes an important contribution illustrating how curriculum design can transform instrumentalism into logically, emotionally, and intuitively based career engagement. Further, human resource development is a study and career area little mentioned in higher education or careers literature.
Resumo:
Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.
Resumo:
Digital signatures are often used by trusted authorities to make unique bindings between a subject and a digital object; for example, certificate authorities certify a public key belongs to a domain name, and time-stamping authorities certify that a certain piece of information existed at a certain time. Traditional digital signature schemes however impose no uniqueness conditions, so a trusted authority could make multiple certifications for the same subject but different objects, be it intentionally, by accident, or following a (legal or illegal) coercion. We propose the notion of a double-authentication-preventing signature, in which a value to be signed is split into two parts: a subject and a message. If a signer ever signs two different messages for the same subject, enough information is revealed to allow anyone to compute valid signatures on behalf of the signer. This double-signature forgeability property discourages signers from misbehaving—a form of self-enforcement—and would give binding authorities like CAs some cryptographic arguments to resist legal coercion. We give a generic construction using a new type of trapdoor functions with extractability properties, which we show can be instantiated using the group of sign-agnostic quadratic residues modulo a Blum integer; we show an additional application of these new extractable trapdoor functions to standard digital signatures.
Diurnal-scale signatures of monsoon rainfall over the Indian region from TRMM satellite observations
Resumo:
One of the most important modes of summer season precipitation variability over the Indian region, the diurnal cycle, is studied using the Tropical Rainfall Measuring Mission 3-hourly, 0.25 degrees x 0.25 degrees 3B42 rainfall product for nine years (1999-2007). Most previous studies have provided an analysis of a single year or a few years of satellite-or station-based rainfall data. Our study aims to systematically analyze the statistical characteristics of the diurnal-scale signature of rainfall over the Indian and surrounding regions. Using harmonic analysis, we extract the signal corresponding to diurnal and subdiurnal variability. Subsequently, the 3-hourly time period or the octet of rainfall peak for this filtered signal, referred to as the ``peak octet,'' is estimated, with care taken to eliminate spurious peaks arising out of Gibbs oscillations. Our analysis suggests that over the Bay of Bengal, there are three distinct modes of the peak octet of diurnal rainfall corresponding to 1130, 1430, and 1730 Indian standard time (IST), from the north central to south bay. This finding could be seen to be consistent with southward propagation of the diurnal rainfall pattern reported by earlier studies. Over the Arabian Sea, there is a spatially coherent pattern in the mode of the peak octet (1430 IST), in a region where it rains for more than 30% of the time. In the equatorial Indian Ocean, while most of the western part shows a late night/early morning peak, the eastern part does not show a spatially coherent pattern in the mode of the peak octet owing to the occurrence of a ual maxima (early morng and early/late afternoon). The imalayan foothills were found to have a mode of peak octet corresponding to 0230 IST, whereas over the Burmese mountains and the Western Ghats (west coast of India) the rainfall peaks during late afternoon/early evening (1430-1730 IST). This implies that the phase of the diurnal cycle over inland orography (e. g., Himalayas) is significantly different from coastal orography (e. g., Western Ghats). We also find that over the Gangetic plains, the peak octet is around 1430 IST, a few hours earlier compared to the typical early evening maxima over land.
Resumo:
The dissertation deals with remote narrowband measurements of the electromagnetic radiation emitted by lightning flashes. A lightning flash consists of a number of sub-processes. The return stroke, which transfers electrical charge from the thundercloud to to the ground, is electromagnetically an impulsive wideband process; that is, it emits radiation at most frequencies in the electromagnetic spectrum, but its duration is only some tens of microseconds. Before and after the return stroke, multiple sub-processes redistribute electrical charges within the thundercloud. These sub-processes can last for tens to hundreds of milliseconds, many orders of magnitude longer than the return stroke. Each sub-process causes radiation with specific time-domain characteristics, having maxima at different frequencies. Thus, if the radiation is measured at a single narrow frequency band, it is difficult to identify the sub-processes, and some sub-processes can be missed altogether. However, narrowband detectors are simple to design and miniaturize. In particular, near the High Frequency band (High Frequency, 3 MHz to 30 MHz), ordinary shortwave radios can, in principle, be used as detectors. This dissertation utilizes a prototype detector which is essentially a handheld AM radio receiver. Measurements were made in Scandinavia, and several independent data sources were used to identify lightning sub-processes, as well as the distance to each individual flash. It is shown that multiple sub-processes radiate strongly near the HF band. The return stroke usually radiates intensely, but it cannot be reliably identified from the time-domain signal alone. This means that a narrowband measurement is best used to characterize the energy of the radiation integrated over the whole flash, without attempting to identify individual processes. The dissertation analyzes the conditions under which this integrated energy can be used to estimate the distance to the flash. It is shown that flash-by-flash variations are large, but the integrated energy is very sensitive to changes in the distance, dropping as approximately the inverse cube root of the distance. Flashes can, in principle, be detected at distances of more than 100 km, but since the ground conductivity can vary, ranging accuracy drops dramatically at distances larger than 20 km. These limitations mean that individual flashes cannot be ranged accurately using a single narrowband detector, and the useful range is limited to 30 kilometers at the most. Nevertheless, simple statistical corrections are developed, which enable an accurate estimate of the distance to the closest edge of an active storm cell, as well as the approach speed. The results of the dissertation could therefore have practical applications in real-time short-range lightning detection and warning systems.
