Rei Safavi-Naini

A scalable and oblivious digital watermarking for images

Scalable compression algorithms, such as JPEG, can compress images to different quality or resolution levels so that the target systems with different display capabilities, can display the image. Digital watermarking is widely used for protection of copyright and identification of ownership on digital images. It is desirable to have scalable watermarking systems, where the watermark is detectable when the watermarked image is at low quality or low resolution levels. This paper presents an oblivious block-based spread-spectrum-like watermarking system which is robust against scalable JPEG compression, cropping and shifting. The system is secure against the common watermarking attacks. Experimental results support these claims.

A General Construction for Fail-Stop Signature using Authentication Codes

Security of an ordinary digital signature relies on a computational assumption. Fail-stop signature schemes provide security for a sender against a forger with unlimited computational power by enabling the sender to provide a proof of forgery, if it occurs. In this paper, we describe a method of constructing fail-stop signature schemes from authentication codes. We also give an example that fits this general construction and prove its security.

Location privacy in mobile IP

Several security issues arise, due to the design of the mobile IP and its deployment in conjunction with other network protocols. Most of the work on the security of mobile IP has focused on authentication of the control packet and the confidentiality of the content in the protocol, and there are not many proposals in the area of location privacy. In this paper, we propose a method to provide location privacy for mobile IP users. We present two protocols that use an overlay network approach, and designed particularly for mobile IP. We employ universal re-encryption and extend it to n-out-of-n universal re-encryption to achieve our goal. In contrast to other overlay network approaches, where at least n public key encryption are required, our scheme requires only 2 public key encryption operations. Therefore, it is applicable to mobile IP systems, where in most cases the mobile nodes are small devices and have computational limitation.

Families of threshold schemes

The notion of families of ideal threshold schemes (ITS) is introduced, their properties and applications are investigated. We consider secret sharing schemes whose parameters can be adjusted. Our model is a threshold scheme family (TSF) whose threshold scheme parameters can be modified dynamically. Some applications of this model includes schemes which have disenrollment capability, and a scheme to resist cheating.<<ETX>>

Authentication Codes in the Query Model

We consider unconditionally secure authentication systems in which a sender communicates a source state to a receiver by encoding it as an authenticated message under a key agreed with the receiver. An authentication code is a triple (S, M,E) where E is a collection of encoding rules, i.e. mappings from the set S of source states into the set M of messages. A probability distribution on E models the key agreement process by which the encoding rule is chosen by the sender and receiver. In the usual model the adversary observes messages transmitted between the sender and the receiver before introducing to the channel a spoofing message, chosen according to some strategy. The adversary is successful if the spoofed message is accepted by the receiver as a valid (authenticated) message. In this paper we consider the extension to the model in which the adversary interacts with the sender and the receiver. In this query model the adversary may send messages to the receiver and observe a response to determine whether or not they are accepted or the adversary may provide the sender with the source state and observe the corresponding authenticated message that the sender transmits. We discuss the nature of an optimal strategy for such an adversary and derive bounds on the probability of deception for an authentication code in this model. This also leads to combinatorial characterisations of optimal authentication codes.

Authentication codes and plaintext attack

We study authentication codes (A-codes) and obtain lower bounds on the probability of success and number of encoding rules when the enemy uses plaintext or chosen plaintext attack. A-codes with minimum number of encoding rules that provide perfect protection for impersonation and substitution in these attacks are characterized and a general method of constructing A-codes that provide perfect protection for these attacks, using A-codes that provide perfect protection in its traditional sense, are given. The constructions are optimal as they produce A-codes with minimum number of encoding rules if the original A-code has the same property.<<ETX>>

Fail-stop signature for long messages: (Extended abstract)

Security of ordinary digital signature schemes relies on a computational assumption. Fail-stop signature (FSS) schemes provide security for a signer against a forger with unlimited computational power by enabling the signer to provide a proof of forgery, if it occurs. Signing long messages using FSS requires a hash function with provable security which results in a slow signature generation process. In this paper, we propose a new construction for FSS schemes based on linear authentication codes which does not require a hash function and results in a much faster signing process at the cost of slower verification process, and longer secret key and signature. An important advantage of the scheme is that proof of forgery is the same as a traditional FSS and does not rely on the properties of the hash functions.

(ε, 0)-Secure Message Transmission

In Secure Message Transmission (SMT) protocol a sender S can send a message m to a receiver R in a ‘private’ and ‘reliable’ way. S and R are connected by n channels where at most t of them can be fully controlled by an adaptive adversary with unlimited computational power. In this paper, noting the similarity between the privacy goal of SMT and an encryption function, we introduce a new definition for privacy of SMT systems which is inspired by the definition of semantic security in encryption. We show the relationship between this new definition and the previously known one, and propose an efficient 1-round protocol that is secure under the new definition and insecure under the previous one. The protocol has a better transmission rate compared to all known 1-round protocols in the previous model. We discuss our results and show how it relates to known results in this area.

Robust Additive Secret Sharing Schemes over Zm

In a threshold secret sharing scheme, a dishonest participant can disrupt the operation of the system by submitting junk instead of his/her share. We propose two constructions for threshold secret sharing schemes that allow identification of cheaters where the secret is an element of the ringZ m . The main motivation of this work is to design RSA-based threshold cryptosystems, such as robust threshold RSA signature, in which additive (multiplicative) threshold secret sharing schemes over Abelian groups with cheater identification play the central role. The first construction extends Desmedt-Frankel’s construction of secret sharing over Z m to provide cheater detection, and the second construction uses perfect hash families to construct a robust (t, n) scheme from a (t, t) scheme. We prove security of these schemes and assess their performance.