Time filter

Source Type

Aguilar Melchor C.,University of Limoges | Cayrel P.-L.,Center for Advanced Security Research Darmstadt | Gaborit P.,University of Limoges | Laguillaumie F.,University of Caen Lower Normandy
IEEE Transactions on Information Theory | Year: 2011

Ring signatures were introduced by Rivest, Shamir, and Tauman in 2001. These signatures allow a signer to anonymously authenticate a message on behalf of a group of his choice. This concept was then extended by Bresson, Stern, and Szydlo into t-out-of-N (threshold) ring signatures in 2002. We propose in this article a generalization of Stern's code-based identification (and signature) scheme to design a practical t -out-of-N threshold ring signature scheme. The size of the resulting signatures is in O(N) and does not depend on t , contrary to most of the existing protocols. Our scheme is existentially unforgeable under a chosen message attack in the random oracle model assuming the hardness of the minimum distance problem, is unconditionally source hiding, has a very short public key and has an overall complexity in O(N). This protocol is the first efficient code-based ring signature scheme and the first code-based threshold ring signature scheme. Moreover it has a better complexity than number-theory based schemes which have a complexity in O(Nt). This paper is an extended version of a paper published in the conference PQCrypto 2008, with complete proofs and definitions. © 2011 IEEE.

Cayrel P.-L.,Center for Advanced Security Research Darmstadt | Chabot C.,University of Limoges | Necer A.,University of Limoges
Finite Fields and their Applications | Year: 2010

Quasi-cyclic codes over a finite field are viewed as cyclic codes over a noncommutative ring of matrices over a finite field. This point of view permits to generalize some known results about linear recurring sequences and to propose a new construction of some quasi-cyclic codes and self-dual codes. © 2010 Elsevier Inc. All rights reserved.

Dagdelen O.,Center for Advanced Security Research Darmstadt | Fischlin M.,TU Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

We analyze the Extended Access Control (EAC) protocol for authenticated key agreement, recently proposed by the German Federal Office for Information Security (BSI) for the deployment in machine readable travel documents. We show that EAC is secure in the Bellare-Rogaway model under the gap Diffie-Hellman (GDH) problem, and assuming random oracles. Furthermore, we discuss that the protocol achieves some of the properties guaranteed by the extended CK security model of LaMacchia, Lauter and Mityagin (ProvSec 2008). © 2011 Springer-Verlag.

Dagdelen O.,Center for Advanced Security Research Darmstadt | Schneider M.,TU Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

Lattice basis reduction is the problem of finding short vectors in lattices. The security of lattice based cryptosystems is based on the hardness of lattice reduction. Furthermore, lattice reduction is used to attack well-known cryptosystems like RSA. One of the algorithms used in lattice reduction is the enumeration algorithm (ENUM), that provably finds a shortest vector of a lattice. We present a parallel version of the lattice enumeration algorithm. Using multi-core CPU systems with up to 16 cores, our implementation gains a speed-up of up to factor 14. Compared to the currently best public implementation, our parallel algorithm saves more than 90% of runtime. © 2010 Springer-Verlag.

Wohlgemuth S.,Center for Advanced Security Research Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2014

One future challenge in informatics is the integration of humans in an infrastructure of data-centric IT services. A critical activity of this infrastructure is trustworthy information exchange to reduce threats due to misuse of (personal) information. Privacy by Design as the present methodology for developing privacy-preserving and secure IT systems aims to reduce security vulnerabilities already in the early requirement analysis phase of software development. Incident reports show, however, that not only an implementation of a model bears vulnerabilities but also the gap between rigorous view of threat and security model on the world and real view on a run-time environment with its dependencies. Dependencies threaten reliability of information, and in case of personal information, privacy as well. With the aim of improving security and privacy during run-time, this work proposes to extend Privacy by Design by adapting an IT system not only to inevitable security vulnerabilities but in particular to their users’ view on an information exchange and its IT support with different, eventually opposite security interests. © IFIP International Federation for Information Processing 2014.

Weber S.G.,Center for Advanced Security Research Darmstadt
Journal of Ambient Intelligence and Smart Environments | Year: 2012

The present paper summarizes the PhD thesis of Stefan G. Weber. © 2012 IOS Press and the authors. All rights reserved.

Cayrel P.-L.,Center for Advanced Security Research Darmstadt | Veron P.,University of Toulon | El Yousfi Alaoui S.M.,Center for Advanced Security Research Darmstadt
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

At CRYPTO'93, Stern proposed a 3-pass code-based identification scheme with a cheating probability of 2/3. In this paper, we propose a 5-pass code-based protocol with a lower communication complexity, allowing an impersonator to succeed with only a probability of 1/2. Furthermore, we propose to use double-circulant construction in order to dramatically reduce the size of the public key. The proposed scheme is zero-knowledge and relies on an NP-complete coding theory problem (namely the q-ary Syndrome Decoding problem). The parameters we suggest for the instantiation of this scheme take into account a recent study of (a generalization of) Stern's information set decoding algorithm, applicable to linear codes over arbitrary fields Fq; the public data of our construction is then 4 Kbytes, whereas that of Stern's scheme is 15 Kbytes for the same level of security. This provides a very practical identification scheme which is especially attractive for light-weight cryptography. © 2011 Springer-Verlag Berlin Heidelberg.

Wohlgemuth S.,Center for Advanced Security Research Darmstadt
Proceedings - IEEE Symposium on Security and Privacy | Year: 2014

Security and privacy are not only general requirements of a society but also indispensable enablers for innovative IT infrastructure applications aiming at increased, sustainable welfare and safety of a society. A critical activity of these IT applications is spontaneous information exchange. This information exchange, however, creates inevitable, unknown dependencies between the participating IT systems, which, in turn threaten security and privacy. With the current approach to IT security, security and privacy follow changes and incidents rather than anticipating them. By sticking to a given threat model, the current approach fails to consider vulnerabilities which arise during a spontaneous information exchange. With the goal of improving security and privacy, this work proposes adapting an IT security model and its enforcement to current and most probable incidents before they result in an unacceptable risk for the participating parties or failure of IT applications. Usage control is the suitable security policy model, since it allows changes during run-time without conceptually raising additional incidents. © 2014 IEEE.

Wohlgemuth S.,Center for Advanced Security Research Darmstadt
ACM International Conference Proceeding Series | Year: 2014

Adaptive ICT systems promise to improve resilience by re-using and sharing ICT services and information related to electronic identities and real-time requirements of business networking applications. The aim is to improve welfare and security of a society, e.g. a "smart" city. Even though adaptive ICT systems technically enable everyone to participate both as service consumer and provider without running the required technical infrastructure by oneself, uncertain knowledge on enforcement of legal, business, and social requirements impedes taking advantage of adaptive ICT systems. Not only IT risks on confidentiality and accountability are undecidable due to lack of control with the current trust infrastructure but also IT risks on integrity and availability due to lack of transparency. Reasons are insufficient quantification of IT risk as well as unacceptable knowledge on cause-and-effect relationships and accountability. This work introduces adaptive identity management to improve control and transparency for a trustworthy spontaneous information exchange as the critical activity of adaptive ICT systems. Copyright 2014 ACM.

Baier H.,Center for Advanced Security Research Darmstadt | Breitinger F.,FH Darmstadt
Proceedings - 6th International Conference on IT Security Incident Management and IT Forensics, IMF 2011 | Year: 2011

Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum's approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum's pseudo random number generator. © 2011 IEEE.

Loading Center for Advanced Security Research Darmstadt collaborators
Loading Center for Advanced Security Research Darmstadt collaborators