Nevenko Zunic

Methods for Protecting Password Transmission

In this paper, we present a secure method for protecting passwords while being transmitted over untrusted networks. We also present a secure method for changing an old password to a new password. The proposed solutions do not require the use of any additional keys (such as symmetric keys or public/private keys) to protect password exchanges. Unlike existing solutions, the proposed schemes do not use any symmetric-key or public-key cryptosystems (such as DES, RC5, RSA, etc.). Our schemes only employ a collision-resistant hash function such as SHA-1.

Decentralized group key management for secure multicast communications

Multicast protocols provide mechanisms for a sender to send a message to multiple receivers simultaneously. When the multicast message is of a sensitive nature, it should be encrypted. This would require that all the members of the multicast group share the same encryption key. In this paper, we present a simple and scaleable method to create and distribute symmetric cryptographic keys amongst a group of communicating network users for multicast communications. The group symmetric keys permit each user to conveniently and securely communicate, share and access data belonging to the multicast group. Unlike current group key-management mechanisms, this scheme does not involve the use of a centralized key distribution center-only the group members generate and distribute group symmetric keys. Once a long-term group key has been established among a group of communicating peers, the scheme provides an easy way for any group member to send secure messages to all other group members without having to send the session key individually to each group member. Moreover, the scheme provides an option for allowing data traffic to be authenticated on a per-sender basis with sender-specific keys.

Refereed paper: Reversible data mixing procedure for efficient public-key encryption

This paper describes a data mixing method for encrypting a plaintext block using a block encryption algorithm (such as Elliptic Curve, RSA, etc.) having a block size smaller than that of the plaintext block. The process of encrypting a plaintext block consists of first mixing the plaintext block and then encrypting a portion or all of the mixed plaintext block. The mixing method is a reversible procedure which performs a complete mixing of the plaintext block such that no secret bit in the plaintext block can be determined unless every bit in the mixed plaintext block is known. The mixing of the plaintext is done in such a way that encrypting only a small portion of the mixed plaintext will still provide the same level of protection as if the entire plaintext was encrypted.

Generating user-based cryptographic keys and random numbers

In some applications, it might be useful or necessary to tie a cryptographic key or a random number to a particular individual, either through a user Identifier (userID) or information that may be used to identify the individual such as a persons biometric data. These data can be the users fingerprints, hand geometry, iris pattern, or any other suitable biometric identification. Here we make the key or random number generation process dependent on user-specific data, such as a userID or biometric data. A userID-based or biometric-based key or random number generated based on our algorithms may be used in asymmetric-key cryptographic systems (such as the RSA) or the symmetric-key cryptographic systems (such as the DES).

Generation of RSA Keys That Are Guaranteed to be Unique for Each User

This paper describes a method for assuring that the RSA primes generated by two different parties will always be different. While this condition is not required for the RSA signatures and encryption, this user-dependence of RSA primes is highly desirable in view of possible disputes around the authenticity of a digital signature. A cheating party may claim that a pair of prime numbers was generated by someone else. Our method will eliminate such possibility and will make the entire class of attacks obsolete. In addition to being different when different users derive them, the RSA primes generated according to the algorithm described in this paper will satisfy all of the requirements imposed by the national and international standards.

Non-PKI methods for public key distribution

The X.509 certification authority-based (CA) public key infrastructure (PKI) is a widely accepted PKI standard which defines data formats and procedures related to the distribution of public keys via public key certificates that are digitally signed by CAs. However, X.509 requires a huge and expensive infrastructure with complex operations. This overhead may be tolerable in some cases, but it is highly desirable to find other solutions. The objective of this paper is to present alternative simpler solutions to the X.509 PKI to save storage, bandwidth and to reduce the complexity of the operations. We offer three such solutions. They rely on the existence of passwords that are known to both users and service providers.

Refereed Methods for preventing unauthorized software distribution

In this paper we present algorithms for protecting software from unauthorized installation. We assume that the user buys software on a disk or downloads it from the Internet - although our methods are not limited to protecting software under these circumstances. We consider two kinds of adversaries. One kind of attacker is a sophisticated hacker who can monitor a line and can read and intercept any information flowing unprotected over the Internet. These attackers are also skillful programmers who can analyze the software, locate any data of interest to them and also write and execute any programs, even the most complicated ones. Another kind of attacker is an average attacker who can copy and use personal or business software.

Multiparty Biometric-Based Authentication

A multiparty biometric-based access control might be desirable, or even required, in some applications. That is, a group of individuals might have to present valid readings of biometrics parameters in order to gain access to a system or application in order to receive authorization to use a particular resource. Such multiparty schemes can often provide greater protection. This paper presents several techniques for multiparty biometric-based authentication. It also shows a technique for biometric substitution which allows different biometrics to be used concurrently or substituted over time.

Ticket and Challenge-Based Protocols for Timestamping

In this paper we introduce two methods that allow you to certify the time when a particular document was presented to a certifying authority. While some of the algorithms that served this purpose already existed in the literature, our methodology has significant practical advantages. The two methods we show are more straightforward, by giving a user a chance, in some cases, to operate on one value rather than two. They give the user the flexibility to select the most appropriate algorithm. They provide for a reasonable sharing of the workload between the user and the timestamping authority.

Refereed Papers: Alternative Method for Unique RSA Primes Generation

This paper describes a new method for generating RSA primes. While the primes generated according to this method satisfy all of the existing requirements for making RSA encryption and signature generation secure and efficient, they possess two additional properties. First, the RSA primes derived by different parties will always be different. This is a highly desirable property in view of possible disputes around the authenticity of a digital signature. Second, it will not be necessary to store any seed values to verify that these primes were generated according to the prescribed procedure. This is achieved by incorporating the required information about the seeds into the primes themselves without weakening the security properties of the RSA primes.