Record:   Prev Next
作者 Mityagin, Anton
書名 Protocols and security proofs for data authentication
國際標準書號 9780542605642
book jacket
說明 133 p
附註 Source: Dissertation Abstracts International, Volume: 67-03, Section: B, page: 1525
Adviser: Mihir Bellare
Thesis (Ph.D.)--University of California, San Diego, 2006
This thesis studies security of various cryptographic primitives which provide for data authentication
We first study how security of existing primitives such as message authentication, authentication encryption, AEAD or XOR-tag schemes depends on the number of verification attempts towards forgery, the adversary is able to make
We point out that, contrary to popular belief, allowing a message authentication adversary multiple verification attempts towards forgery is not equivalent to allowing it a single one, so that the notion of security that most message authentication schemes are proven to meet does not guarantee their security in practice
We next develop a framework for establishing security of various cryptographic protocols against multiple verification queries. We introduce a new primitive, called the data authentication primitive which generalizes message authentication, authenticated encryption and other primitives. We specify a condition under which security of a data authentication primitive against multiple verification queries is equivalent to that against a single query and prove security against multiple verification queries for any data authentication primitives that satisfy to this condition
We use the results on data authentication primitives to recover security of popular classes of message authentication schemes such as MACs (including HMAC and PRF-based MACs) and CW-schemes. As well, we improve concrete security of the EAX mode of operation and of generalized Carter-Wegman message authentication schemes, where we show that multiple verification queries give virtually no advantage to the adversary
We also present a new primitive for data authentication---Append-only Signatures (AOS)---with the property that any party given an AOS signature on message M1 can "append" this signature with any message M2 to obtain the signature on a concatenation of M1 and M 2. We define the security of AOS, present concrete AOS schemes, and prove their security under standard assumptions. In addition, we find that despite its simple definition, AOS is equivalent to Hierarchical Identity-based Signatures (HIBS) through efficient and security-preserving reductions. We finally show how to apply AOS to authenticate route announcements in the BGP routing protocol, which is an important open problem in network security
School code: 0033
Host Item Dissertation Abstracts International 67-03B
主題 Computer Science
Alt Author University of California, San Diego
Record:   Prev Next