Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010.

Published byMartha Goodwin Modified over 9 years ago

Similar presentations

Presentation on theme: "CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010."— Presentation transcript:

1 CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010

2 Given a centre and a set of users, denoted U of n size,  the centre wants to broadcast a message, denoted M,  to a dynamically changing privileged subset of U, denoted T,  without allowing non-members of T, denoted S=U\T, to learn M  One-to-many secure communication with the common key The goals of the paper are  to provide efficient solutions in both measures,  transmission length; and  storage at the user’s end  and to guarantee some levels of security,  k-resiliency resilient to any S of size k; and  (k, p)-random-resiliency resilient with probability at least 1-p to a randomly chosen S of size k 2

3 3

4 The basic k-resilient scheme  No assumptions  For every set,, define a key K B and give K B to every user  The common key to T is the exclusive or of all K B for all  Since every coalition S (|S|≤k) do not have K S, they cannot compute the common key of any T such that  Theorem 1. This k-resilient scheme has each user to store keys and the centre not to broadcast any message in order to generate a common key to the privileged class. The basic 1-resilient scheme requires each agent to keep n+1 keys 4

5 Assume that the keys are generated by a pseudo-random generator (PRG), The key distribution is achieved by a balanced binary tree 1.Label each node in the tree as the right while the root is the common seed and each of n users associate with the leaves 2.For every user x, remove all the nodes on the path from the leaf x to s 3.Give all the labels of the remaining subtrees as the keys to x  Clearly, two users can obtain the keys of all leaves by colluding: not 2-resilient  Theorem 2. A PRG enables an 1-resilient scheme that requires each user to store keys without any broadcasting from the centre. seed Left(f(s))Right(f(s))... leaves associated with n users 5

6 Assume that a specific number theoretic scheme, cryptographically equivalent to the RSA scheme, exists 1.The centre chooses  a hard-to-factor composite N=P∙Q where P and Q are primes  a secret element, of high index, and  relative primes p i and p j for all 2.It gives user i the key,, letting all users know every (i, p i ) tuples 3.Each user can compute the common key of T,, by evaluating  By colluding with another to obtain g, some user can compute g T : not 2-resilient  Theorem 3. Under the assumption of the hardness of root extraction modulo a composite, an 1-resilient scheme requires each user to store 1 key without any broadcasting from the centre. 6

7 Although the basic scheme is k-resilient, it makes each user consume O(n k ) memory The other two described before are just 1-resilient 7

8 A family of perfect hash functions {f i },,  such that,  mapping any size ≤k subset of U to the range {1, …, m}, and  using an independent 1-resilient scheme R(i, j) for every and  while letting every user receive the keys associated with schemes R(i, f i (x)) for all The centre generates the common keys as follows 1.Generates random strings M 1, …, M l such that 2.Broadcast for all and M i to the privileged subset using R(i, j) 3.Have every user get M by the exclusive or of all the messages M 1, …, M l they learned  Claim 4. This scheme is k-resilient.  Any colluding set of at most k users cannot obtain at least one of the shares 8

9 Efficiency in measures, saying that w is the number of keys required in a 1-resilient scheme  Memory consumption at the user’s end: l∙w  Transmission length: l∙m Theorem 5. There exists a k-resilient scheme with keys for each user and broadcasting messages from the centre. Moreover, it can be efficiently constructed with arbitrarily high probability by increasing k, l and m appropriately.  With m=2k 2 and l=klogn, implies Corollary 6. For any and, there exists a (k, p)- random-resilient scheme with keys for each user and broadcasting messages from the centre by setting m=k 2 and l=log(1/p). This scheme can be also improved efficiently by increasing k, p, m and l. 9

10 The required gadgets  A family of perfect hash functions {f i }, for  A collection of sets of schemes R(i, j) where j=f i (x) for user x for all and  associated with strings M 1, …, M l such that  A set of 1-resilient schemes R(i, j, r) for each R(i, j) for  associated with strings M 1 (i, j), …, M ll (i, j) such that l∙ll∙w keys for each user and l∙m∙ll transmission length  Claim 7. This scheme is k-resilient.  Theorem 8. There exists a k-resilient scheme with keys and broadcasting messages from the centre. Moreover, it can be efficiently constructed with high probability.  Similarly secured with as before by setting l=2klogn, m=k/logk and ll=logk+1 10

11  Corollary 9. For any and, there exists a (k, p)- random-resilient scheme with keys for each user and broadcasting messages from the centre. Moreover, it can be efficiently constructed with high probability. 11

12 12

13 13 If some cryptographical assumption is available and levels are applied to a scheme, the keys per user to be stored can be efficiently reduced to a polynomial in the sizes of k and n There is a trade-off between the number of keys and the number of messages, under the k-resilient schemes 1-resilientk-resilient schemeBasicPRGRSAone levelmulti-level keys/usernlogn1klogn ∙w klogklogn ∙w messages000k 3 lognk 2 logn

14 The paper itself contains several fault notations  On page 483,  in line 39, keys  On page 486,  in lines 6 and 7, l times...  The keys are associated with each function  in line 32, O(k 2 logn/log(k 2 logn) ∙ w)  in line 33, O(k 4 logn/log(k 2 logn))  (The prime number theorem) The number of primes ≤x is asymptotic to x/logx  On page 490,  in line 4, O(k 2 logn)  l∙m∙ll = (klogn)(k/logk)(logk)  in line 8, O(klog(1/p)) 14

Download ppt "CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010."

Similar presentations

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Advanced Databases: Lecture 2 Query Optimization (I) 1 Query Optimization (introduction to query processing) Advanced Databases By Dr. Akhtar Ali.

Advanced Databases: Lecture 2 Query Optimization (I) 1 Query Optimization (introduction to query processing) Advanced Databases By Dr. Akhtar Ali.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.

Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.
2015-6-3Windows Scheduling Problems for Broadcast System 1 Amotz Bar-Noy, and Richard E. Ladner Presented by Qiaosheng Shi.

Windows Scheduling Problems for Broadcast System 1 Amotz Bar-Noy, and Richard E. Ladner Presented by Qiaosheng Shi.
1 Complexity of Network Synchronization Raeda Naamnieh.

1 Complexity of Network Synchronization Raeda Naamnieh.
Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.

Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
11.Hash Tables Hsu, Lih-Hsing. Computer Theory Lab. Chapter 11P.2 11.1 Directed-address tables Direct addressing is a simple technique that works well.

11.Hash Tables Hsu, Lih-Hsing. Computer Theory Lab. Chapter 11P Directed-address tables Direct addressing is a simple technique that works well.
Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.

Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Similar presentations

Ads by Google