Tri Van Le

Universally composable and forward-secure RFID authentication and authenticated key exchange

Recently, a universally composable framework for RFID authentication protocols providing availability, anonymity, and authenticity was proposed. In this paper we extend that framework to address forward-security issues in the presence of key compromise.We also introduce new, provably secure, and highly practical protocols for anonymous authentication and key-exchange by RFID devices. The new protocols are lightweight, requiring only a pseudo-random bit generator. The new protocols satisfy forward-secure anonymity, authenticity, and availability requirements in the Universal Composability model.

Adaptive gossip protocols: Managing security and redundancy in dense ad hoc networks

Many ad hoc routing algorithms rely on broadcast flooding for location discovery or, more generally, for secure routing applications. Flooding is a robust algorithm but because of its extreme redundancy, it is impractical in dense networks. Indeed in large wireless networks, the use of flooding algorithms may lead to broadcast storms where the number of collisions is so large that it causes system failure. To prevent broadcast storms, many mechanisms that reduce redundant transmissions have been proposed that reduce retransmission overhead either deterministically or probabilistically. Gossip is a probabilistic algorithm in which packet retransmission is based on the outcome of coin tosses. The retransmission probability can be fixed, dynamic or adaptive. With dynamic gossip, local information is used to determine the retransmission probability. With adaptive gossip, the decision to relay is adjusted adaptively based on the outcome of coin tosses, the local network structure, and the local response to the flooding call. The goal of gossip is to minimize the number of retransmissions, while retaining the main benefits of flooding, e.g., universal coverage, minimal state retention, and path length preservation. In this paper we consider ways to reduce the number of redundant transmissions in flooding while guaranteeing security. We present several new gossip protocols that exploit local connectivity to adaptively correct propagation failures and protect against Byzantine attacks. A main contribution of this work is that we introduce a cell-grid approach that allows us to analytically prove performance and security protocol properties. The last two gossip protocols that we give are fully adaptive, i.e., they automatically correct all faults and guarantee delivery, the first such protocols to the best of our knowledge.

Cryptanalysis of UCLA Watermarking Schemes for Intellectual Property Protection

We analyze four recently proposed watermarking schemes for intellectual property protection of digital designs.The first scheme watermarks solutions of a hard optimization problem, namely the graph coloring problem.Th e other three schemes belong to a family of techniques for watermarking digital circuits on programmable hardware.They are different from the usual image and audio watermarking since they must maintain correctness of the watermarked objects. Thus their watermarks cannot be embedded in the form of small errors as usually done in audio and visual watermarking. Although constraint-based watermarking schemes existed long before, these schemes are the first ones to protect hardware designs. In this paper, we apply a novel method to break the first of these schemes. We show how to modify a watermarked object in such a way that every signature strings can be extracted from it. Thus anyone can claim ownership of the object, yet leave no traces of who leaked the object. According to our best knowledge, this method is new and it may be of its own interest. In the remaining three schemes, we show how to locate and to remove the watermark embedded in the object, without knowing the secret key used in the embedding.

Moiré cryptography

As already pointed out by other researchers, one of the central problems with applicability of visual cryptography is the random nature of its secret shares. It makes secret shares not suited for carrying or for transmission over an open channel. In this paper, we apply concepts of steganography to create secret sharing schemes whose shares are realistically looking images. Our new technique is based on an idea of employing Moir e patterns for producing images. The advantage of this scheme over others is that it does not require a complicated algorithm, thus a computer, to decrypt the ciphertext. The cleartext can be read simply by putting the ciphertexts one onto the other. We therefore give a solution to the above mentioned problem with a novel type of visual secret sharing schemes, whose secrecy and anonymity are both satis ed.

Short c-Secure Fingerprinting Codes

In this paper we consider c-secure fingerprinting codes for copyright protection. We construct a probabilistic fingerprint code and show that at least one colluder in a coalition of up to c users can be traced with high probability. We prove that this code is shorter than the Boneh-Shaw code. In addition, we show that it is asymptotically optimal when c is constant.

Complementation-Like and cyclic properties of AES round functions

While it is known previously that the cycle lengths of individual components of the AES round function are very small, we demonstrate here that the cycle length of the S-box combined with the ShiftRow and MixColumn transformation is at least 10205. This result is obtained by providing new invariances of the complete AES round function without the key addition. Furthermore, we consider self-duality properties of the AES round function and derive a property analogous to the complementation property of the DES round function.These results confirm the assessments given in other publications that the AES components have several unexpected structural properties.

How to Prove That a Committed Number Is Prime

The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic protocols. So far, there have been several studies in literature on this topic. However, except the scheme of Camenisch and Michels, other works are only limited to some special forms of arithmetic format with prime elements. In Camenisch and Michelss scheme, the main building block is a protocol to prove a committed number to be prime based on algebraic primality testing algorithms. In this paper, we propose a new protocol to prove a committed number to be prime. Our protocol is O(t) times more efficient than Camenisch and Michelss protocol, where t is the security parameter. This results in O(t) time improvement for the overall scheme.

Weathering the Storm: Managing Redundancy and Security in Ad Hoc Networks

Many ad hoc routing algorithms rely on broadcast flooding for location discovery or more generally for secure routing applications, particularly when dealing with Byzantine threats. Flooding is a robust algorithm but, because of its extreme redundancy, it is impractical in dense networks. Indeed in large wireless networks, the use of flooding algorithms may lead to a broadcast storm in which the number of collisions is so large that we get system failure. Further reducing unnecessary transmissions greatly improves energy efficiency of such networks. Several variants have been proposed to reduce the relay overhead either deterministically or probabilistically. Gossip is a probabilistic algorithm, in which packet relaying is based on the outcome of coin tosses. The relay probability can be fixed, dynamic or adaptive. With dynamic Gossip, local information (local connectivity) is used. With adaptive Gossip, the decision to relay is adjusted adaptively based on the outcome of coin tosses, the local network structure and the local response to the flooding call. The goal of gossiping is to minimize the number of relays, while retaining the main benefits of flooding, i.e., effective distance.

Bandwidth optimal steganography secure against adaptive chosen stegotext attacks

We provide construction of steganographic schemes secure against adaptive chosen stegotext attacks. Our constructions achieve embedding rate equals to the Shannon entropy bound on steganographic channel capacity. Further the covertext distribution can be given as either an integrable probability function or as a random covertext sampler. We also introduce steganographic codes that are of interests in constructing other steganographic protocols such as steganographic secret sharing or steganographic distributed computations.

Error Correcting and Complexity Aspects of Linear Secret Sharing Schemes

Linear secret sharing schemes and general access structures have played a key role in modern cryptography. Cramer-Damgard-Maurer recently proved that any linear secret sharing scheme over a finite field can be a verifiable one. We give a simple proof based on error-correcting codes. Our proof allows us to generalize the Cramer-Damgard-Maurer’s result to linear schemes over modules, which played an important role in threshold cryptography, i.e. any existing linear secret sharing scheme over a module can be changed into a verifiable one. We then reflect on another aspect of linear secret sharing. While there has been lots of research on bounds in general access secret sharing schemes, little has been done on the computational complexity aspects. In this paper we also demonstrate that verifying whether a linear scheme is a secret sharing scheme for a given access structure is coNP-complete. The later result relates to the problem cheating sharedealer, the dual problem of secret sharing.