Shay Kutten

Perfectly secure key distribution for dynamic conferences

Abstract In this paper we analyze perfectly secure key distribution schemes for dynamic conferences. In this setting, any member of a group of t users can compute a common key using only his private initial piece of information and the identities of the other t −1 users in the group. Keys are secure against coalitions of up to k users; that is, even if k users pool together their pieces they cannot compute anything about a key of any conference comprised of t other users. First we consider a noninteractive model where users compute the common key without any interaction. We prove the tight bound on the size of each users piece of information of[formula]times the size of the common key. Then, we consider the model where interaction is allowed in the common key computation phase and show a gap between the models by exhibiting a one-round interactive scheme in which the users information is only k + t −1 times the size of the common key. Finally, we present its adaptation to network topologies with neighbourhood constraints and to asymmetric (e.g., client-server) communication models.

Perfectly-Secure Key Distribution for Dynamic Conferences

A key distribution scheme for dynamic conferences is a method by which initially an (off-line) trusted server distributes private individual pieces of information to a set of users. Later any group of users of a given size (a dynamic conference) is able to compute a common secure key. In this paper we study the theory and applications of such perfectly secure systems. In this setting, any group of t users can compute a common key by each user computing using only his private piece of information and the identities of the other t - 1 group users. Keys are secure against coalitions of up to k users, that is, even if k users pool together their pieces they cannot compute anything about a key of any t-size conference comprised of other users.First we consider a non-interactive model where users compute the common key without any interaction. We prove a lower hound on the size of the users piece of information of (k+t-1 t-1) times the size of the common key. We then establish the optimality of this bound, by describing and analyzing a scheme which exactly meets this limitation (the construction extends the one in [2]). Then, we consider the model where interaction is allowed in the common key computation phase, and show a gap between the models by exhibiting an interactive scheme in which the users information is only k + t - 1 times the size of the common key. We further show various applications and useful modifications of our basic scheme. Finally, we present its adaptation to network topologies with neighborhood constraints.

On Broadcasting in Radio Networks--Problem Analysis and Protocol Design

In this paper we develop a graph-oriented model for dealing with broadcasting in radio networks. Using this model, optimality in broadcasting protocols is defined, and it is shown that the problem of finding an optimal protocol is NP-hard. A polynomial time algorithm is proposed under which a channel is assigned to nodes from global, multiple-source broadcasting considerations. In particular, nodes participating in the broadcast do not interfere with each others transmissions, but otherwise simultaneous channel reuse is permitted. Protocol implementations of this approach by frequency division and by time division are given. It is shown that, using these protocols, bounded delay for broadcasted messages can be guaranteed.

Fast Distributed Construction of Smallk-Dominating Sets and Applications

This article presents a fast distributed algorithm to compute a smallk-dominating setD(for any fixedk) and to compute its induced graph partition (breaking the graph into radiuskclusters centered around the vertices ofD). The time complexity of the algorithm isO(klog*n). Smallk-dominating sets have applications in a number of areas, including routing with sparse routing tables, the design of distributed data structures, and center selection in a distributed network. The main application described in this article concerns a fast distributed algorithm for constructing a minimum-weight spanning tree (MST). On ann-vertex network of diameterd, the new algorithm constructs an MST in time, improving on previous results.

Systematic design of a family of attack-resistant authentication protocols

Most existing designs for two-way cryptographic authentication protocols suffer from one or more limitations. Among other things, they require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, and they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use. Designing suitable cryptographic protocols that cater to large and dynamic network communities but do not suffer from these problems presents substantial problems. It is shown how a few simple protocols, including one proposed by ISO, can easily be broken, and properties that authentication protocols should exhibit are derived. A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described. Examples of protocols of that family that presents various advantages in specific distributed system scenarios are discussed. >

Time optimal self-stabilizing synchronization

In the network synchronization model, each node maintains a local pulse counter such that the advance of the pulse numbers simulates the advance of a clock in a synchronous network. In this paper we present a tame optimai sel&stabilizing scheme for network synchronization. Our construction has two parts. First, we give a simple rule by which each node can compute its pulse number as a function of its neighbors’ pulse numbers. This rule stabilizes in time bounded by t?te diameter of the network, it does not revoke global operations, and does not require any additional memory space. However, this rule works correctly only if the pulse numbers may grow unfoundedly. The second part of the construction (whzch is of independent interest in its own right) takes care of this problem. Specifically, we present the jirst self-stabilizing reset procedure that stabilizes in tzme proportional to the diameter of the network. This procedure can be combined with unbounded-register protocols to yield bounded-register algorithms. “Lab. for Computer Science, MIT. Supported by Air Force Contract TNDGAFOSR-86-0078, ARO contract DAAL03-86K-01 71, NSF contract CCR861 1442, DARPA contract NOOO1489-J-1988, and a special grant from IBM. t IBM T.J. Watson Research Center.

Memory-Efficient Self Stabilizing Protocols for General Networks

Tel-Aviv University and IBM T.J. Watson Research Center.

The KryptoKnight family of light-weight protocols for authentication and key distribution

Lab. for Computer Science, MIT. Research partly done while visiting IBM T.J. Watson Research Center. Supported in part by DARPA contracts NOOO1 4-92J-4o33 and NOOO1492-J-1799, ONR contract NOOO14-91-J-1O46, and NSF contract 8915206-CCR. !IDEG, 55o King Street, Llttleton, MA 01460. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice ia given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. 25th ACM STOC ‘93-51931CA,USA @ J993 AG~ Q-89~9J-59 J-7/93 /QQQ51Q652,..

The local detection paradigm and its applications to self-stabilization

J.~Q

Worst-case analysis of dynamic wavelength allocation in optical networks

A self stabilizing protocol for constructing a rooted spanning tree in an arbitrary asynchronous network of processors that communicate through shared memory is presented. The processors have unique identifiers but are otherwise identical. The network topology is assumed to be dynamic, that is, edges can join or leave the computation before it eventually stabilizes.