Paolo D’Arco

Design of Self-Healing Key Distribution Schemes

A self-healing key distribution scheme enables dynamic groups of users of an unreliable network to establish group keys for secure communication. In such a scheme, a group manager, at the beginning of each session, in order to provide a key to each member of the group, sends packets over a broadcast channel. Every user, belonging to the group, computes the group key by using the packets and some private information. The group manager can start multiple sessions during a certain time-interval, by adding/removing users to/from the initial group. The main property of the scheme is that, if during a certain session some broadcasted packet gets lost, then users are still capable of recovering the group key for that session simply by using the packets they have received during a previous session and the packets they will receive at the beginning of a subsequent one, without requesting additional transmission from the group manager. Indeed, the only requirement that must be satisfied, in order for the user to recover the lost keys, is membership in the group both before and after the sessions in which the broadcast messages containing the keys are sent. This novel and appealing approach to key distribution is quite suitable in certain military applications and in several Internet-related settings, where high security requirements need to be satisfied. In this paper we continue the study of self-healing key distribution schemes, introduced by Staddon et al. [37]. We analyze some existing constructions: we show an attack that can be applied to one of these constructions, in order to recover session keys, and two problems in another construction. Then, we present a new mechanism for implementing the self-healing approach, and we present an efficient construction which is optimal in terms of user memory storage. Finally, we extend the self-healing approach to key distribution, and we present a scheme which enables a user to recover from a single broadcast message all keys associated with sessions in which he is member of the communication group.

Definitions and bounds for self-healing key distribution schemes

Self-healing key distribution schemes allow group managers to broadcast session keys to large and dynamic groups of users over unreliable channels. Roughly speaking, even if during a certain session some broadcast messages are lost due to network faults, the self-healing property of the scheme enables each group member to recover the key from the broadcast messages he/she has received before and after that session. Such schemes are quite suitable in supporting secure communication in wireless networks and mobile wireless ad-hoc networks. Recent papers have focused on self-healing key distribution, and have provided definitions and constructions. The contribution of this paper is the following:

The key Establishment problem

Key Establishment is one of the most intriguing, fascinating and deeply studied problems in Cryptography. In this paper we propose a brief excursus among ideas and techniques that during the last years have been applied in a variety of settings, in order to design suitable and often mathematically delightful protocols to solve this issue. The presentation uses a very simple language: it is basically an introduction to the subject. Hopefully, it is even self-contained. Formal proofs and details are omitted, but the interested reader can find them in the referred papers.

Secure Two-Party Computation: A Visual Way

In this paper we propose a novel method for performing secure two-party computation. By merging together in a suitable way two beautiful ideas of the 80’s and the 90’s, Yao’s garbled circuit construction and Naor and Shamir’s visual cryptography, respectively, we enable Alice and Bob to securely evaluate a function \(f(\cdot ,\cdot )\) of their inputs, \(x\) and \(y\), through a pure physical process. Indeed, once Alice has prepared a set of properly constructed transparencies, Bob computes the function value \(f(x,y)\) by applying a sequence of simple steps which require the use of a pair of scissors, superposing transparencies, and the human visual system. A crypto-device for the function evaluation process is not needed any more.

Analysis and Design of Distributed Key Distribution Centers

AbstractA Key Distribution Center of a network is a server who generates anddistributes secret keys to groups of users for secure communication. A Distributed Key Distribution Center is a set of servers that jointly realizes a Key Distribution Center. In this paper we describe in terms of information theory a model for Distributed Key Distribution Centers, and we present lower bounds holding in the model for the main resources needed to set up and manage a distributed center, i.e., memory storage, randomness, and bandwidth. Then we show that a previously proposed protocol which uses a bidimensional extension of Shamir’s secret sharing scheme meets the bounds and is, hence, optimal.

Private Visual Share-Homomorphic Computation and Randomness Reduction in Visual Cryptography

Secure computation through non standard methods, suitable for users who have to perform the computation without the aid of a computer, or for settings in which the degree of trustworthiness of the hardware and software equipments is very low, are an interesting, very challenging and quite unexplored research topic. In this paper we put forward a collection of ideas and some techniques which could be useful in order to make some progress in designing protocols with such properties. Our contribution is twofold: we explore the power of visual cryptography as a computing tool, exploiting alternative uses and share manipulations, and we address the central issue of randomness reduction in visual schemes, by showing a strict relation with existing results in secure multiparty computation. More specifically, we prove that: by properly defining operations on the shares, we show that visual shares are homomorphic with respect to some functions f. More precisely, in the two-party case, each user, by applying to his two shares \(a_i, b_i\) of the secrets a, b the operation, gets a share \(g_i(a_i,b_i)\), \(i=1,2\), such that the superposition of \(g_1(a_1,b_1)\) and \(g_2(a_2,b_2)\) visually provides, applying the standard Naor and Shamir superposition reconstruction strategy, the value of the function f; we link our analysis to a general known result on private two-party computation, and we classify all the boolean functions of two input bits which admit homomorphic visual share computation; we prove that by encoding pixels in groups, instead of encoding each pixel independently, and exploiting dependencies, some randomness can be saved if and only if the pixel dependencies can be expressed through some specific boolean functions. For example, given three pixels, if the third one is the and or the or of the first two, randomness reduction is impossible, while if it is the xor of the first two, randomness reduction can be achieved.

Anonymous Group Communication in Mobile Networks

In this paper we propose efficient schemes enabling groups of users of a mobile network to communicate anonymously with respect to an adversarial party (i.e, other users, network managers, and so on). Each user can start a group communication, and his identity, as well as the identities of the other members of the group, are not revealed even if several other parties of the system collude. We consider two network settings and, for each of them, we propose an efficient and secure scheme.

Measure-Independent Characterization of Contrast Optimal Visual Cryptography Schemes

The contrast in visual cryptography has received a lot of attention. It has been studied using three different measures. In this paper we follow a measure-independent approach, which, by using the structural properties of the schemes, enables us to provide a characterization of optimal schemes that is independent of the specific measure used to assess the contrast. In particular we characterize and provide constructions of optimal schemes for the cases of \((2,n)\)-threshold and \((n,n)\)-threshold schemes. Then, we apply the measure-independent results to the three measures that have been used in the literature obtaining both new characterizations and constructions of optimal schemes and alternative proofs of known results.

Hyppocrates A New Proactive Password Checker

In this paper we propose a new proactive password checker, a program which prevents the choice of easy-to-guess passwords. The checker uses a decision tree which has been set up applying the Minimum Description LengthPrinciple and a Pessimistic Pruning Technique to refine its predictive power. Experimental results show a substantial improvement in performances of this checker with respect to previous proposals. Moreover, the system is user-friendly and can be adapted to a per-site policy by the system administrator.

On the Equivalence of 2-Threshold Secret Sharing Schemes and Prefix Codes

Kmargodski et al. have shown an equivalence between \((2,\infty )\)-threshold secret sharing schemes (evolving schemes) and prefix codes for the integers. Their approach exploits the codewords of the prefix code to share the secret. In this paper we propose an alternative approach that exploits only the tree structure underlying the prefix code. The approach works equally well both for the finite case, that is for (2, n)-threshold schemes, and for the infinite case, that is for evolving 2-threshold schemes.