Anna Lisa Ferrara

A simple algorithm for the constrained sequence problems

In this paper we address the constrained longest common subsequence problem. Given two sequences X, Y and a constrained sequence P, a sequence Z is a constrained longest common subsequence for X and Y with respect to P if Z is the longest subsequence of X and Y such that P is a subsequence of Z.Recently, Tsai [Inform. Process. Lett. 88 (2003) 173-176] proposed an O(n2 . m2 . r) time algorithm to solve this problem using dynamic programming technique, where n, m and r are the lengths of X, Y and P, respectively.In this paper, we present a simple algorithm to solve the constrained longest common subsequence problem in O(n . m . r) time and show that the constrained longest common subsequence problem is equivalent to a special case of the constrained multiple sequence alignment problem which can also be solved with the same time complexity.

Ideal contrast visual cryptography schemes with reversing

A visual cryptography scheme (VCS) for a set of n participants is a method to encode a secret image, consisting of black and white pixels, into n transparencies, one for each participant. Certain qualified subsets of participants can visually recover the secret image by stacking their transparencies, whereas, other, forbidden, subsets of participants, cannot gain any information about the secret image. Recently, Viet and Kurosawa proposed a VCS with reversing, which is a VCS where the participants are also allowed to reverse their transparencies, i.e., to change black pixels to white pixels and vice-versa. They showed how to construct VCSs with reversing where the reconstruction of black (white, respectively) pixels is perfect, whereas, the reconstruction of white (black, respectively) pixels is almost perfect. In both their schemes there is a loss of resolution, since the number of pixels in the reconstructed image is greater than that in the original secret image. In this paper we show how to construct VCSs with reversing where reconstruction of both black and white pixels is perfect. In our schemes each participant is required to store a certain number of transparencies, each having the same number of pixels as the original secret image. Moreover, our schemes guarantee no loss of resolution, since the reconstructed image is exactly the same as the original secret image. Finally, compared to the schemes of Viet and Kurosawa, our schemes require each participant to store a smaller amount of information.

Provably-Secure Time-Bound Hierarchical Key Assignment Schemes

A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can compute the keys of all classes lower down in the hierarchy, according to temporal constraints.In this paper we design and analyze time-bound hierarchical key assignment schemes which are provably-secure and efficient. We consider two different goals: security with respect to key indistinguishability and against key recovery. Moreover, we distinguish security against static and adaptive adversarial behaviors. We explore the relations between all possible combinations of security goals and adversarial behaviors and, in particular, we prove that security against adaptive adversaries is (polynomially) equivalent to security against static adversaries. Finally, we propose two different constructions for time-bound key assignment schemes. The first one is based on symmetric encryption schemes, whereas the second one makes use of bilinear maps. Both constructions support updates to the access hierarchy with local changes to the public information and without requiring any private information to be re-distributed.

Unconditionally secure key assignment schemes

In this paper we propose an information-theoretic approach to the access control problem in a scenario where a group of users is divided into a number of disjoint classes. The set of rules that specify the information flow between different user classes in the system defines an access control policy. An access control policy can be implemented by using a key assignment scheme, where a trusted central authority (CA) assigns an encryption key and some private information to each class.We consider key assignment schemes where the key assigned to each class is unconditionally secure with respect to an adversary controlling a coalition of classes of a limited size. Our schemes are characterized by a security parameter r, the size of the adversary coalition. We show lower bounds on the size of the private information that each class has to store and on the amount of randomness needed by the CA to set up any key assignment scheme. Finally, we propose some optimal constructions for unconditionally secure key assignment schemes.

New constructions for provably-secure time-bound hierarchical key assignment schemes

A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys to a set of classes in a partially ordered hierarchy, in such a way that each class can derive the keys of all classes lower down in the hierarchy, according to temporal constraints. In this paper we propose new constructions for time-bound hierarchical key assignment schemes which are provably secure with respect to key indistinguishability. Our constructions exhibit a tradeoff among the amount of private information held by each class, the amount of public data, the complexity of key derivation, and the computational assumption on which their security is based.

Efficient provably-secure hierarchical key assignment schemes

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. n nIn this paper we design and analyze hierarchical key assignment schemes which are provably-secure and support dynamic updates to the hierarchy with local changes to the public information and without requiring any private information to be re-distributed. - We first show an encryption based construction which is provably secure with respect to key indistinguishability, requires a single computational assumption and improves on previous proposals. - Then, we show how to reduce key derivation time at the expense of an increment of the amount of public information, by improving a previous result. - Finally, we show a construction using as a building block a public-key broadcast encryption scheme. In particular, one of our constructions provides constant private information and public information linear in the number of classes in the hierarchy.

Variations on a theme by Akl and Taylor: Security and tradeoffs

In 1983, Akl and Taylor [Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems 1 (3) (1983) 239-248] first suggested the use of cryptographic techniques to enforce access control in hierarchical structures. Due to its simplicity and versatility, the scheme has been used, for more than twenty years, to implement access control in several different domains, including mobile agent environments and XML documents. However, despite its use over time, the scheme has never been fully analyzed with respect to security and efficiency requirements. In this paper we provide new results on the Akl-Taylor scheme and its variants. More precisely: *We provide a rigorous analysis of the Akl-Taylor scheme. We consider different key assignment strategies and prove that the corresponding schemes are secure against key recovery. *We show how to obtain different tradeoffs between the amount of public information and the number of steps required to perform key derivation in the proposed schemes. *We also look at the MacKinnon et al. and Harn and Lin schemes and prove they are secure against key recovery. *We describe an Akl-Taylor based key assignment scheme with time-dependent constraints and prove the scheme efficient, flexible and secure. *We propose a general construction, which is of independent interest, yielding a key assignment scheme offering security w.r.t. key indistinguishability, given any key assignment scheme which guarantees security against key recovery. *Finally, we show how to use our construction, along with our assignment strategies and tradeoffs, to obtain an Akl-Taylor scheme, secure w.r.t. key indistinguishability, requiring a constant amount of public information.

An Information-Theoretic Approach to the Access Control Problem

In this paper we propose an information-theoretic approach to the access control problem in a scenario where a group of users is divided into a number of disjoint classes. The set of rules that specify the information flow between different user classes in the system defines an access control policy. An access control policy can be implemented by using a key assignment scheme, where a trusted central authority (CA) assigns an encryption key and some private information to each class. We consider key assignment schemes which are unconditionally secure against attacks carried out by any coalition of classes. We show lower bounds on the size of the private information that each class has to store and on the amount of randomness needed by the CA to set up any key assignment scheme. Finally, we propose an optimal construction for unconditionally secure key assignment schemes.

A new key assignment scheme for access control in a complete tree hierarchy

A key assignment scheme is a protocol to assign encryption keys and some private information to a set of disjoint user classes in a system organized as a partially ordered hierarchy. The encryption key enables each class to protect its data by means of a symmetric cryptosystem, whereas, the private information allows each class to compute the keys assigned to classes lower down in the hierarchy. n nIn this paper we consider a particular kind of a hierarchy: the complete rooted tree hierarchy. We propose a key assignment scheme which is not based on unproven specific computational assumptions and that guarantees security against an adversary controlling a coalition of classes of a certain size. Moreover, the proposed scheme is optimal both with respect to the size of the information kept secret by each class and with respect to the randomness needed to set up the scheme.

Modeling A Certified Email Protocol using I/O Automata

Describing and reasoning about asynchronous distributed systems is often a difficult and error prone task. In this paper we experiment the Input/Output Automata framework as a tool to describe and reason about cryptographic protocols running in an asynchronous distributed system. We examine a simple certified email protocol [5], give its formalization using the IOA model, and prove that some security properties are satisfied during the execution of the protocol.