SlideShare a Scribd company logo

A Generic Algebraic Model for the Analysis of Cryptographic Key Assignment Schemes

D
dhruvgairola

This document presents an algebraic model for analyzing cryptographic key assignment schemes. It proposes representing keys as elements of a semiring structure and schemes as models with a key structure, security classes partially ordered by a key derivation relation, and an assignment function. Existing schemes like Akl-Taylor are generalized in this framework. Properties like security and key derivation can be formally verified using the theories of the algebraic structure.

Technology
1 of 25
Download to read offline
A Generic Algebraic Model for the Analysis of Cryptographic-Key Assignment Schemes Sabri and Khedri (FPS 2012) Dhruv Gairola Algebraic Methods in CS, Ridha Khedri gairold@mcmaster.ca ; dhruvgairola.blogspot.ca March 31, 2014 Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 1 / 25
Overview 1 Problem and Motivation 2 Brief Mathematical Background 3 Proposed structures 4 Akl-Taylor Technique 5 Generalizing Akl-Taylor 6 Chinese Remainder Technique 7 Verification of security properties 8 Conclusion Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 2 / 25
Problem and Motivation Problem : Many key assignment schemes. How to evaluate them? Crampton et. Al. advocate the adoption of generic key assignment model. Proposed Solution : Algebraic model to analyse these schemes. Benefit : asserting correctness in preserving confidentiality of info; better understanding of key assignment. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 3 / 25
Brief Mathematical Background Semigroup : (S, ·) where · is an associative binary operator. Semiring : (S, +, ·) (S, +) is a commutative semigroup with identity 0s (S, ·) is a semigroup with identity 1s · distributes over + on the left and right 0s is absorbing in (S, ·) i.e., (∀x|x ∈ S : 0s · x = x · 0s = 0s) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 4 / 25
Brief Mathematical Background (2) Poset : (C, ) where is a partial order relation (reflexive, transitive, antisymmetric). Antisymmetry : x y ∧ y x =⇒ x = y Quasi-ordered set : is only reflexive and transitive. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 5 / 25
Proposed key structure Key structure : K = (K, +k, ∗k, 0k, 1k) Interpretation : +k and ∗k can be seen operators which combining keys. Can represent Cesar cipher, Vigenere cipher, Boyd’s RSA cipher using the structure. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 6 / 25
Proposed scheme structure Key assignment scheme : S = (K, C, , a) K is key structure (C, ) is poset a ⊆ K → C is an onto function (assignment function) C is the set of security classes k1 d k2 : info revealed by k1 can also be revealed by k2. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 7 / 25
Proposed scheme structure (2) Given d (key derivation relation) S is said to be : Cluster secure : low class keys cannot reveal info of higher classes Class secure : cluster secure and (C, ) is a chain User secure : scheme contains independent keys s.t. no key can reveal info that can be revealed from other keys We have our structure. What about theories? (Axioms are obvious) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 8 / 25
Proposed scheme structure (3) Theories ( is a quasi-order relation): 1 k1 ≤k k2 =⇒ k1 k2 2 k1 ∗k k2 k2 3 k1 k2 =⇒ k1 +k k3 k2 +k k3 4 k1 k2 =⇒ k1 ∗k k3 k2 ∗k k3 5 k 1k Now we have structure and theories. We can analyze specific key assignment schemes and construct models. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 9 / 25
Akl-Taylor Technique Each user assigned a key, ki where ki = κti (mod m). κ is a private number m is a product of 2 large primes ti is a product of n primes Key idea : one key can be derived from another. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 10 / 25
Akl-Taylor Technique (2) Simple math : ki = κti (mod m) (Hint- j:=i) kj = κtj (mod m) (Hint- LHS) κtj (mod m) = (κti )tj /ti (mod m) (Hint- LHS) (κti )tj /ti (mod m) = k tj /ti i Therefore kj = k tj /ti i Conclusion (key derivation) : kj can be derived from ki iff tj is divisible by ti Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 11 / 25
Akl-Taylor Example Example : ki = κti (mod m), let m = 11 × 17 = 187, κ = 13 User i : ki = 135×7 (mod 187) = 21 User j : kj = 133×5×7 (mod 187) = 98 k tj /ti i = kj 213 (mod 187) = 98 Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 12 / 25
Generalizing Akl-Taylor The sever that distributes keys determines κ and keeps it private. Once κ and m are fixed, ti determines ki . This is given by log ki log κ = ti . We can view ti as the key. Can we generalize ti ? Yes! ti = {2 × 3 × 7} can be represented as {{2 × 3 × 7}} ∈ P(P(Np)) for a fixed κ and m. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 13 / 25
Generalizing Akl-Taylor (2) P = {p1 × ... × pn|∃(p1...pn|pi ∈ Np : ∀(pi , pj |pi , pj ∈ Np : i = j =⇒ pi = pj ))} P = {p1 × ... × pn|set of product of different primes) ti = {2 × 3 × 7} ∈ P From example in prev slide, generalized tigen ∈ P(P(Np)) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 14 / 25
Generalizing Akl-Taylor (3) Function rep : rep : P → P(P(Np)) rep(p1 × ... × pn) = {{p1 × ... × pn}} Each user is given a set of keys e.g., {{2 × 3 × 7}, {2 × 11 × 17}}. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 15 / 25
Model for the key structure F = (P(P(Np)), +k, ∗k, 0, 1). We have a model for key structure K! ∗k : P(P(Np)) × P(P(Np)) → P(P(Np)) A ∗k B = {a ∪ b : a ∈ A, b ∈ B} +k : P(P(Np)) × P(P(Np)) → P(P(Np)) A +k B = A ∪ B Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 16 / 25
Model for the scheme structure Generalized Akl-Taylor : S = (F, C, , a). Model for S. In Akl-Taylor (C, ) is a tree but in generalized Akl-Taylor, (C, ) can be a forest. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 17 / 25
Generalized Akl-Taylor Usefulness Useful if we need more than one key per user (e.g., user involved in more than 1 key assignment scheme). In Akl-Taylor, “one key can be derived from another” i.e., can we show κti d κtj ? Use the relators d and which are present in our scheme S . We can use the 5 theories defined in slide 9 to obtain interesting properties in our Generalized scheme. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 18 / 25
Chinese Remainder Theorem Given r, s ∈ Z+ and a, b are coprime, there ∃N ∈ Z s.t. N ≡ a(mod r) and N ≡ b(mod s). We can find N using basic algebra. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 19 / 25
Chinese Remainder Technique Uses ideas from the solution procedure for chinese remainder theorem. Key structure same as Akl-Taylor. Even ∗k, +k are defined the same. However, we have k1 d k2 ⇔ k2 k1 (dual), unlike for Akl-Taylor where d and are the same. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 20 / 25
Verification of security properties Properties can be verified : Ability of user to get info intended for higher class. Ability of using several keys to reveal info that can be revealed by using another key. Can use Prover9 to verify each property. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 21 / 25
Verification Example Six classes get assigned keys : Part-time nurses : key(cpn) = k1 ∗k k2 ∗k k4 Overnight nurses : key(cnn) = k1 ∗k k3 ∗k k4 Full-time nurses : key(cfn) = k1 ∗k k4 Part-time doctors : key(cpd ) = k2 ∗k k4 Overnight doctors : key(cnd ) = k3 ∗k k4 Full-time doctors : key(cfd ) = k4 Property : any doctor can get info of any nurse in the same class. (key(cpn) d key(cpd )) ∧ (key(cnn) d key(cnd )) ∧ (key(cfn) d key(cfd )) (k1 ∗k k2 ∗k k4 d k2 ∗k k4)∧(k1 ∗k k3 ∗k k4 d k3 ∗k k4)∧(k1 ∗k k4 d k4) Prover9 can verify such properties (automated). Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 22 / 25
Conclusion Analyse key assignment schemes using algebraic structures. Generalize existing key assignment schemes using model. Automate verification of security properties. Future work : examine other key assignment schemes to assess strengths and weaknesses. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 23 / 25
References “A Generic Algebraic Model for the Analysis of Cryptographic-Key Assignment Schemes”, Sabri, Khedri, FPS (2012) pp. 62-77 “Algebraic Framework for the Specification and Analysis of Cryptographic-Key Distribution”, Sabri, Khedri, Fundamenta Informaticae 112 (2011) pp. 305335 http://conferences.telecom- bretagne.eu/fps2012/program/slides/24.pdf http://mathworld.wolfram.com/ChineseRemainderTheorem.html Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 24 / 25
Thank you. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 25 / 25

Recommended

Pert 05 aplikasi clustering
Pert 05 aplikasi clusteringPert 05 aplikasi clustering
Pert 05 aplikasi clusteringaiiniR
 
Backtraking pic&def
Backtraking pic&defBacktraking pic&def
Backtraking pic&defbalavigneshwari
 
Final Report-1-(1)
Final Report-1-(1)Final Report-1-(1)
Final Report-1-(1)Chandramowliswaran NARAYANASWAMY
 
Output Units and Cost Function in FNN
Output Units and Cost Function in FNNOutput Units and Cost Function in FNN
Output Units and Cost Function in FNNLin JiaMing
 
Correlation clustering and community detection in graphs and networks
Correlation clustering and community detection in graphs and networksCorrelation clustering and community detection in graphs and networks
Correlation clustering and community detection in graphs and networksDavid Gleich
 
CSC446: Pattern Recognition (LN5)
CSC446: Pattern Recognition (LN5)CSC446: Pattern Recognition (LN5)
CSC446: Pattern Recognition (LN5)Mostafa G. M. Mostafa
 
Dmqb
DmqbDmqb
DmqbRahul Liam
 
A lattice-based consensus clustering
A lattice-based consensus clusteringA lattice-based consensus clustering
A lattice-based consensus clusteringDmitrii Ignatov
 

Recommended

Pert 05 aplikasi clustering
Pert 05 aplikasi clusteringPert 05 aplikasi clustering
Pert 05 aplikasi clusteringaiiniR
 
Backtraking pic&def
Backtraking pic&defBacktraking pic&def
Backtraking pic&defbalavigneshwari
 
Final Report-1-(1)
Final Report-1-(1)Final Report-1-(1)
Final Report-1-(1)Chandramowliswaran NARAYANASWAMY
 
Output Units and Cost Function in FNN
Output Units and Cost Function in FNNOutput Units and Cost Function in FNN
Output Units and Cost Function in FNNLin JiaMing
 
Correlation clustering and community detection in graphs and networks
Correlation clustering and community detection in graphs and networksCorrelation clustering and community detection in graphs and networks
Correlation clustering and community detection in graphs and networksDavid Gleich
 
CSC446: Pattern Recognition (LN5)
CSC446: Pattern Recognition (LN5)CSC446: Pattern Recognition (LN5)
CSC446: Pattern Recognition (LN5)Mostafa G. M. Mostafa
 
Dmqb
DmqbDmqb
DmqbRahul Liam
 
A lattice-based consensus clustering
A lattice-based consensus clusteringA lattice-based consensus clustering
A lattice-based consensus clusteringDmitrii Ignatov
 
Spectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structuresSpectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structuresDavid Gleich
 
Engineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network AnalysisEngineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network AnalysisDavid Gleich
 
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...guest3f9c6b
 
11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine Learning11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine LearningAndres Mendez-Vazquez
 
CSC446: Pattern Recognition (LN6)
CSC446: Pattern Recognition (LN6)CSC446: Pattern Recognition (LN6)
CSC446: Pattern Recognition (LN6)Mostafa G. M. Mostafa
 
A lattice-based consensus clustering
A lattice-based consensus clusteringA lattice-based consensus clustering
A lattice-based consensus clusteringDmitrii Ignatov
 
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...The Statistical and Applied Mathematical Sciences Institute
 
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid ParallelismDS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid ParallelismParameswaran Raman
 
Accelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference CompilationAccelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference CompilationFeynman Liang
 
Q
QQ
Qguest9b2176
 
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...The Statistical and Applied Mathematical Sciences Institute
 
CSMR11b.ppt
CSMR11b.pptCSMR11b.ppt
CSMR11b.pptPtidej Team
 
Daa chapter 3
Daa chapter 3Daa chapter 3
Daa chapter 3B.Kirron Reddi
 
Gate-Cs 2009
Gate-Cs 2009Gate-Cs 2009
Gate-Cs 2009Ravi Rajput
 
Hyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradientHyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradientFabian Pedregosa
 
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...The Statistical and Applied Mathematical Sciences Institute
 
Nearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under sethNearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under sethNobutaka Shimizu
 
CSC446: Pattern Recognition (LN4)
CSC446: Pattern Recognition (LN4)CSC446: Pattern Recognition (LN4)
CSC446: Pattern Recognition (LN4)Mostafa G. M. Mostafa
 
Error Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source ConditionError Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source Conditioncsandit
 
Interactive Latent Dirichlet Allocation
Interactive Latent Dirichlet AllocationInteractive Latent Dirichlet Allocation
Interactive Latent Dirichlet AllocationQuentin Pleplé
 
Scaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid ParallelismScaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid ParallelismParameswaran Raman
 
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...The Statistical and Applied Mathematical Sciences Institute
 

More Related Content

What's hot

Spectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structuresSpectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structuresDavid Gleich
 
Engineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network AnalysisEngineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network AnalysisDavid Gleich
 
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...guest3f9c6b
 
11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine Learning11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine LearningAndres Mendez-Vazquez
 
A lattice-based consensus clustering
A lattice-based consensus clusteringA lattice-based consensus clustering
A lattice-based consensus clusteringDmitrii Ignatov
 
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid ParallelismDS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid ParallelismParameswaran Raman
 
Accelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference CompilationAccelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference CompilationFeynman Liang
 
Hyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradientHyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradientFabian Pedregosa
 
Nearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under sethNearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under sethNobutaka Shimizu
 
Error Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source ConditionError Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source Conditioncsandit
 
Interactive Latent Dirichlet Allocation
Interactive Latent Dirichlet AllocationInteractive Latent Dirichlet Allocation
Interactive Latent Dirichlet AllocationQuentin Pleplé
 

What's hot (20)

Spectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structuresSpectral clustering with motifs and higher-order structures
Spectral clustering with motifs and higher-order structures
 
Engineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network AnalysisEngineering Data Science Objectives for Social Network Analysis
Engineering Data Science Objectives for Social Network Analysis
 
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
D E S I G N A N D A N A L Y S I S O F A L G O R I T H M S J N T U M O D E L...
 
11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine Learning11 Machine Learning Important Issues in Machine Learning
11 Machine Learning Important Issues in Machine Learning
 
CSC446: Pattern Recognition (LN6)
CSC446: Pattern Recognition (LN6)CSC446: Pattern Recognition (LN6)
CSC446: Pattern Recognition (LN6)
 
A lattice-based consensus clustering
A lattice-based consensus clusteringA lattice-based consensus clustering
A lattice-based consensus clustering
 
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...
Deep Learning Opening Workshop - Deep ReLU Networks Viewed as a Statistical M...
 
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid ParallelismDS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
DS-MLR: Scaling Multinomial Logistic Regression via Hybrid Parallelism
 
Accelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference CompilationAccelerating Metropolis Hastings with Lightweight Inference Compilation
Accelerating Metropolis Hastings with Lightweight Inference Compilation
 
Q
QQ
Q
 
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...
Deep Learning Opening Workshop - Horseshoe Regularization for Machine Learnin...
 
CSMR11b.ppt
CSMR11b.pptCSMR11b.ppt
CSMR11b.ppt
 
Daa chapter 3
Daa chapter 3Daa chapter 3
Daa chapter 3
 
Gate-Cs 2009
Gate-Cs 2009Gate-Cs 2009
Gate-Cs 2009
 
Hyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradientHyperparameter optimization with approximate gradient
Hyperparameter optimization with approximate gradient
 
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...
Deep Learning Opening Workshop - ProxSARAH Algorithms for Stochastic Composit...
 
Nearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under sethNearly optimal average case complexity of counting bicliques under seth
Nearly optimal average case complexity of counting bicliques under seth
 
CSC446: Pattern Recognition (LN4)
CSC446: Pattern Recognition (LN4)CSC446: Pattern Recognition (LN4)
CSC446: Pattern Recognition (LN4)
 
Error Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source ConditionError Estimates for Multi-Penalty Regularization under General Source Condition
Error Estimates for Multi-Penalty Regularization under General Source Condition
 
Interactive Latent Dirichlet Allocation
Interactive Latent Dirichlet AllocationInteractive Latent Dirichlet Allocation
Interactive Latent Dirichlet Allocation
 

Similar to A Generic Algebraic Model for the Analysis of Cryptographic Key Assignment Schemes

Scaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid ParallelismScaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid ParallelismParameswaran Raman
 
Deep Domain Adaptation using Adversarial Learning and GAN
Deep Domain Adaptation using Adversarial Learning and GAN Deep Domain Adaptation using Adversarial Learning and GAN
Deep Domain Adaptation using Adversarial Learning and GAN RishirajChakraborty4
 
A new generalized lindley distribution
A new generalized lindley distributionA new generalized lindley distribution
A new generalized lindley distributionAlexander Decker
 
Statistik 1 10 12 edited_anova
Statistik 1 10 12 edited_anovaStatistik 1 10 12 edited_anova
Statistik 1 10 12 edited_anovaSelvin Hadi
 
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ... Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...Gota Morota
 
Lifelong Topic Modelling presentation
Lifelong Topic Modelling presentation Lifelong Topic Modelling presentation
Lifelong Topic Modelling presentation Daniele Di Mitri
 
Machine learning in science and industry — day 1
Machine learning in science and industry — day 1Machine learning in science and industry — day 1
Machine learning in science and industry — day 1arogozhnikov
 
On theory and applications of mathematics to security in cloud computing: a c...
On theory and applications of mathematics to security in cloud computing: a c...On theory and applications of mathematics to security in cloud computing: a c...
On theory and applications of mathematics to security in cloud computing: a c...Dr. Richard Otieno
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data ijcax
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational DataDecision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Dataijcax
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data ijcax
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational DataDecision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Dataijcax
 
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docx
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docxATT00001ATT00002ATT00003ATT00004ATT00005CARD.docx
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docxikirkton
 
An investigation of inference of the generalized extreme value distribution b...
An investigation of inference of the generalized extreme value distribution b...An investigation of inference of the generalized extreme value distribution b...
An investigation of inference of the generalized extreme value distribution b...Alexander Decker
 
Putting OAC-triclustering on MapReduce
Putting OAC-triclustering on MapReducePutting OAC-triclustering on MapReduce
Putting OAC-triclustering on MapReduceDmitrii Ignatov
 

Similar to A Generic Algebraic Model for the Analysis of Cryptographic Key Assignment Schemes (20)

Scaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid ParallelismScaling Multinomial Logistic Regression via Hybrid Parallelism
Scaling Multinomial Logistic Regression via Hybrid Parallelism
 
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Generalized Probabilis...
 
Em34852854
Em34852854Em34852854
Em34852854
 
Deep Domain Adaptation using Adversarial Learning and GAN
Deep Domain Adaptation using Adversarial Learning and GAN Deep Domain Adaptation using Adversarial Learning and GAN
Deep Domain Adaptation using Adversarial Learning and GAN
 
A new generalized lindley distribution
A new generalized lindley distributionA new generalized lindley distribution
A new generalized lindley distribution
 
LDA on social bookmarking systems
LDA on social bookmarking systemsLDA on social bookmarking systems
LDA on social bookmarking systems
 
Statistik 1 10 12 edited_anova
Statistik 1 10 12 edited_anovaStatistik 1 10 12 edited_anova
Statistik 1 10 12 edited_anova
 
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ... Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...
Garge, Nikhil et. al. 2005. Reproducible Clusters from Microarray Research: ...
 
Lifelong Topic Modelling presentation
Lifelong Topic Modelling presentation Lifelong Topic Modelling presentation
Lifelong Topic Modelling presentation
 
Machine learning in science and industry — day 1
Machine learning in science and industry — day 1Machine learning in science and industry — day 1
Machine learning in science and industry — day 1
 
On theory and applications of mathematics to security in cloud computing: a c...
On theory and applications of mathematics to security in cloud computing: a c...On theory and applications of mathematics to security in cloud computing: a c...
On theory and applications of mathematics to security in cloud computing: a c...
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational DataDecision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data
 
Decision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational DataDecision Tree Algorithm Implementation Using Educational Data
Decision Tree Algorithm Implementation Using Educational Data
 
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docx
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docxATT00001ATT00002ATT00003ATT00004ATT00005CARD.docx
ATT00001ATT00002ATT00003ATT00004ATT00005CARD.docx
 
An investigation of inference of the generalized extreme value distribution b...
An investigation of inference of the generalized extreme value distribution b...An investigation of inference of the generalized extreme value distribution b...
An investigation of inference of the generalized extreme value distribution b...
 
Au4201315330
Au4201315330Au4201315330
Au4201315330
 
Putting OAC-triclustering on MapReduce
Putting OAC-triclustering on MapReducePutting OAC-triclustering on MapReduce
Putting OAC-triclustering on MapReduce
 
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
 

More from dhruvgairola

Differences bet. versions of UML diagrams.
Differences bet. versions of UML diagrams.Differences bet. versions of UML diagrams.
Differences bet. versions of UML diagrams.dhruvgairola
 
A Theory of the Learnable; PAC Learning
A Theory of the Learnable; PAC LearningA Theory of the Learnable; PAC Learning
A Theory of the Learnable; PAC Learningdhruvgairola
 
Discussion : Info sharing across private DBs
Discussion : Info sharing across private DBsDiscussion : Info sharing across private DBs
Discussion : Info sharing across private DBsdhruvgairola
 

More from dhruvgairola (8)

Differences bet. versions of UML diagrams.
Differences bet. versions of UML diagrams.Differences bet. versions of UML diagrams.
Differences bet. versions of UML diagrams.
 
Beginning jQuery
Beginning jQueryBeginning jQuery
Beginning jQuery
 
Beginning CSS.
Beginning CSS.Beginning CSS.
Beginning CSS.
 
A Theory of the Learnable; PAC Learning
A Theory of the Learnable; PAC LearningA Theory of the Learnable; PAC Learning
A Theory of the Learnable; PAC Learning
 
Discussion : Info sharing across private DBs
Discussion : Info sharing across private DBsDiscussion : Info sharing across private DBs
Discussion : Info sharing across private DBs
 
PRIMES is in P
PRIMES is in PPRIMES is in P
PRIMES is in P
 
Ajax
AjaxAjax
Ajax
 
Potters wheel
Potters wheelPotters wheel
Potters wheel
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

A Generic Algebraic Model for the Analysis of Cryptographic Key Assignment Schemes

  • 1. A Generic Algebraic Model for the Analysis of Cryptographic-Key Assignment Schemes Sabri and Khedri (FPS 2012) Dhruv Gairola Algebraic Methods in CS, Ridha Khedri gairold@mcmaster.ca ; dhruvgairola.blogspot.ca March 31, 2014 Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 1 / 25
  • 2. Overview 1 Problem and Motivation 2 Brief Mathematical Background 3 Proposed structures 4 Akl-Taylor Technique 5 Generalizing Akl-Taylor 6 Chinese Remainder Technique 7 Verification of security properties 8 Conclusion Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 2 / 25
  • 3. Problem and Motivation Problem : Many key assignment schemes. How to evaluate them? Crampton et. Al. advocate the adoption of generic key assignment model. Proposed Solution : Algebraic model to analyse these schemes. Benefit : asserting correctness in preserving confidentiality of info; better understanding of key assignment. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 3 / 25
  • 4. Brief Mathematical Background Semigroup : (S, ·) where · is an associative binary operator. Semiring : (S, +, ·) (S, +) is a commutative semigroup with identity 0s (S, ·) is a semigroup with identity 1s · distributes over + on the left and right 0s is absorbing in (S, ·) i.e., (∀x|x ∈ S : 0s · x = x · 0s = 0s) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 4 / 25
  • 5. Brief Mathematical Background (2) Poset : (C, ) where is a partial order relation (reflexive, transitive, antisymmetric). Antisymmetry : x y ∧ y x =⇒ x = y Quasi-ordered set : is only reflexive and transitive. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 5 / 25
  • 6. Proposed key structure Key structure : K = (K, +k, ∗k, 0k, 1k) Interpretation : +k and ∗k can be seen operators which combining keys. Can represent Cesar cipher, Vigenere cipher, Boyd’s RSA cipher using the structure. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 6 / 25
  • 7. Proposed scheme structure Key assignment scheme : S = (K, C, , a) K is key structure (C, ) is poset a ⊆ K → C is an onto function (assignment function) C is the set of security classes k1 d k2 : info revealed by k1 can also be revealed by k2. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 7 / 25
  • 8. Proposed scheme structure (2) Given d (key derivation relation) S is said to be : Cluster secure : low class keys cannot reveal info of higher classes Class secure : cluster secure and (C, ) is a chain User secure : scheme contains independent keys s.t. no key can reveal info that can be revealed from other keys We have our structure. What about theories? (Axioms are obvious) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 8 / 25
  • 9. Proposed scheme structure (3) Theories ( is a quasi-order relation): 1 k1 ≤k k2 =⇒ k1 k2 2 k1 ∗k k2 k2 3 k1 k2 =⇒ k1 +k k3 k2 +k k3 4 k1 k2 =⇒ k1 ∗k k3 k2 ∗k k3 5 k 1k Now we have structure and theories. We can analyze specific key assignment schemes and construct models. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 9 / 25
  • 10. Akl-Taylor Technique Each user assigned a key, ki where ki = κti (mod m). κ is a private number m is a product of 2 large primes ti is a product of n primes Key idea : one key can be derived from another. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 10 / 25
  • 11. Akl-Taylor Technique (2) Simple math : ki = κti (mod m) (Hint- j:=i) kj = κtj (mod m) (Hint- LHS) κtj (mod m) = (κti )tj /ti (mod m) (Hint- LHS) (κti )tj /ti (mod m) = k tj /ti i Therefore kj = k tj /ti i Conclusion (key derivation) : kj can be derived from ki iff tj is divisible by ti Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 11 / 25
  • 12. Akl-Taylor Example Example : ki = κti (mod m), let m = 11 × 17 = 187, κ = 13 User i : ki = 135×7 (mod 187) = 21 User j : kj = 133×5×7 (mod 187) = 98 k tj /ti i = kj 213 (mod 187) = 98 Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 12 / 25
  • 13. Generalizing Akl-Taylor The sever that distributes keys determines κ and keeps it private. Once κ and m are fixed, ti determines ki . This is given by log ki log κ = ti . We can view ti as the key. Can we generalize ti ? Yes! ti = {2 × 3 × 7} can be represented as {{2 × 3 × 7}} ∈ P(P(Np)) for a fixed κ and m. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 13 / 25
  • 14. Generalizing Akl-Taylor (2) P = {p1 × ... × pn|∃(p1...pn|pi ∈ Np : ∀(pi , pj |pi , pj ∈ Np : i = j =⇒ pi = pj ))} P = {p1 × ... × pn|set of product of different primes) ti = {2 × 3 × 7} ∈ P From example in prev slide, generalized tigen ∈ P(P(Np)) Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 14 / 25
  • 15. Generalizing Akl-Taylor (3) Function rep : rep : P → P(P(Np)) rep(p1 × ... × pn) = {{p1 × ... × pn}} Each user is given a set of keys e.g., {{2 × 3 × 7}, {2 × 11 × 17}}. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 15 / 25
  • 16. Model for the key structure F = (P(P(Np)), +k, ∗k, 0, 1). We have a model for key structure K! ∗k : P(P(Np)) × P(P(Np)) → P(P(Np)) A ∗k B = {a ∪ b : a ∈ A, b ∈ B} +k : P(P(Np)) × P(P(Np)) → P(P(Np)) A +k B = A ∪ B Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 16 / 25
  • 17. Model for the scheme structure Generalized Akl-Taylor : S = (F, C, , a). Model for S. In Akl-Taylor (C, ) is a tree but in generalized Akl-Taylor, (C, ) can be a forest. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 17 / 25
  • 18. Generalized Akl-Taylor Usefulness Useful if we need more than one key per user (e.g., user involved in more than 1 key assignment scheme). In Akl-Taylor, “one key can be derived from another” i.e., can we show κti d κtj ? Use the relators d and which are present in our scheme S . We can use the 5 theories defined in slide 9 to obtain interesting properties in our Generalized scheme. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 18 / 25
  • 19. Chinese Remainder Theorem Given r, s ∈ Z+ and a, b are coprime, there ∃N ∈ Z s.t. N ≡ a(mod r) and N ≡ b(mod s). We can find N using basic algebra. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 19 / 25
  • 20. Chinese Remainder Technique Uses ideas from the solution procedure for chinese remainder theorem. Key structure same as Akl-Taylor. Even ∗k, +k are defined the same. However, we have k1 d k2 ⇔ k2 k1 (dual), unlike for Akl-Taylor where d and are the same. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 20 / 25
  • 21. Verification of security properties Properties can be verified : Ability of user to get info intended for higher class. Ability of using several keys to reveal info that can be revealed by using another key. Can use Prover9 to verify each property. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 21 / 25
  • 22. Verification Example Six classes get assigned keys : Part-time nurses : key(cpn) = k1 ∗k k2 ∗k k4 Overnight nurses : key(cnn) = k1 ∗k k3 ∗k k4 Full-time nurses : key(cfn) = k1 ∗k k4 Part-time doctors : key(cpd ) = k2 ∗k k4 Overnight doctors : key(cnd ) = k3 ∗k k4 Full-time doctors : key(cfd ) = k4 Property : any doctor can get info of any nurse in the same class. (key(cpn) d key(cpd )) ∧ (key(cnn) d key(cnd )) ∧ (key(cfn) d key(cfd )) (k1 ∗k k2 ∗k k4 d k2 ∗k k4)∧(k1 ∗k k3 ∗k k4 d k3 ∗k k4)∧(k1 ∗k k4 d k4) Prover9 can verify such properties (automated). Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 22 / 25
  • 23. Conclusion Analyse key assignment schemes using algebraic structures. Generalize existing key assignment schemes using model. Automate verification of security properties. Future work : examine other key assignment schemes to assess strengths and weaknesses. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 23 / 25
  • 24. References “A Generic Algebraic Model for the Analysis of Cryptographic-Key Assignment Schemes”, Sabri, Khedri, FPS (2012) pp. 62-77 “Algebraic Framework for the Specification and Analysis of Cryptographic-Key Distribution”, Sabri, Khedri, Fundamenta Informaticae 112 (2011) pp. 305335 http://conferences.telecom- bretagne.eu/fps2012/program/slides/24.pdf http://mathworld.wolfram.com/ChineseRemainderTheorem.html Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 24 / 25
  • 25. Thank you. Dhruv Gairola (McMaster Univ.) Sabri and Khedri (FPS 2012) March 31, 2014 25 / 25