Mike Burmester

A secure and efficient conference key distribution system

We present practical conference key distribution systems based on public keys, which authenticate the users and which are ‘proven’ secure provided the Diffie-Hellman problem is intractable. A certain number of interactions is needed but the overall cost is low. There is a complexity tradeoff. Depending on the network used, we either have a constant (in the number of conference participants) number of rounds (exchanges) or a constant communication and computation overhead. Our technique for authentication can be extended and used as the basis for an authentication scheme which is ‘proven’ secure against any type of attack, provided the Discrete Logarithm problem is intractable.

Universally composable and forward-secure RFID authentication and authenticated key exchange

Recently, a universally composable framework for RFID authentication protocols providing availability, anonymity, and authenticity was proposed. In this paper we extend that framework to address forward-security issues in the presence of key compromise.We also introduce new, provably secure, and highly practical protocols for anonymous authentication and key-exchange by RFID devices. The new protocols are lightweight, requiring only a pseudo-random bit generator. The new protocols satisfy forward-secure anonymity, authenticity, and availability requirements in the Universal Composability model.

Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols

This paper examines two unlinkably anonymous, simple RFID identification protocols that require only the ability to evaluate hash functions and generate random values, and that are provably secure against Byzantine adversaries. The main contribution is a universally composable security model tuned for RFlD applications. By making specific setup, communication, and concurrency assumptions that are realistic in the RFID application setting, we arrive at a model that guarantees strong security and availability properties, while still permitting the design of practical RFID protocols. We show that two protocols are provably secure within the new security model. Our proofs do not employ random oracles - the protocols are shown to be secure in the standard model under the assumption of existence of pseudo-random function families

A secure and scalable Group Key Exchange system

We present a Group Key Exchange protocol which extends in a natural way the Diffie-Hellman protocol. Our protocol is scalable: it has two rounds (for n>2 parties) and the number of modular exponentiations per user is constant. It is secure against a passive adversary if the Diffie-Hellman problem is intractable.

Secure Transactions with Mobile Agents in Hostile Environments

A major problem of mobile agents is their apparent inability to authenticate transactions in hostile environments. In this paper, we consider a framework for the prevention of agent tampering without compromising the mobility or autonomy of the agent. Our approach uses encrypted functions. We present an RSA implementation which answers affirmatively the open problem on undetachable signatures of Sander and Tschudin.

Efficient and Secure Conference-Key Distribution

Key distribution is a major cryptographic component for secure communication. For privacy data must be encrypted with keys which are distributed securely. In this paper we focus on conference key distribution. Our approach is to use a two-party key distribution system as an underlying cryptographic primitive and extend it to a conference system.

Cooperation in Mobile Ad Hoc Networks

Mobile ad hoc networks (MANETs) are collections of self-organizing mobile nodes with dynamic topologies and no fixed infrastructure [1, 2]. Cooperation among nodes is fundamental to the function of a MANET. However, nodes in a MANET are autonomous and independent wireless devices. Due to the lack of infrastructure, the constraints of resources at each node, and the ad hoc nature of nodes, we cannot assume that every node behaves as the protocol requires. This chapter presents a detailed study on the recent advances in stimulating cooperation in MANETs. Virtual currency systems and reputation systems are described, followed by a discussion of the directions for future research.

LARS: a locally aware reputation system for mobile ad hoc networks

Mobile ad hoc networks (MANETs) have nodes that are dynamically and arbitrarily located. The nodes are often battery powered and may behave selfishly to preserve power. A promising mechanism to deal with node selfishness is to use reputation methods. In this paper, we discuss some general issues with current reputation methods that are used to mitigate selfish node behavior and propose a simple and efficient Locally Aware Reputation System (LARS) for which the reputation of the nodes is derived by using direct observation. LARS is flexible and can deal with both extreme selfishness and selective selfishness.

Receipt-Freeness in Large-Scale Elections without Untappable Channels

For an electronic election to be fully democratic there is a need for security mechanisms that will assure the privacy of the voters. With receipt-free electronic voting, a voter neither obtains nor is able to construct a receipt proving the content of her vote. In this paper we first consider the minimal requirements for receipt-free elections, without untappable communication channels between the voter and the voting authorities. We then propose a solution, which satisfies these requirements. This solution is based on an encryption blackbox, which uses its own randomness. Finally we present an implementation with smartcards, suitable for Internet voting.

Universally Composable RFID Identification and Authentication Protocols

As the number of RFID applications grows, concerns about their security and privacy become greatly amplified. At the same time, the acutely restricted and cost-sensitive nature of RFID tags rules out simple reuse of traditional security/privacy solutions and calls for a new generation of extremely lightweight identification and authentication protocols. This article describes a universally composable security framework designed especially for RFID applications. We adopt RFID-specific setup, communication, and concurrency assumptions in a model that guarantees strong security, privacy, and availability properties. In particular, the framework supports modular deployment, which is most appropriate for ubiquitous applications. We also describe a set of simple, efficient, secure, and anonymous (untraceable) RFID identification and authentication protocols that instantiate the proposed framework. These protocols involve minimal interaction between tags and readers and place only a small computational load on the tag, and a light computational burden on the back-end server. We show that our protocols are provably secure within the proposed framework.