The document summarizes a thesis defense presentation on tree-based symmetric key broadcast encryption. It discusses preliminaries on symmetric key encryption and the subset cover framework for broadcast encryption. It then outlines the thesis, which proposes contributions related to defining collections for the subset cover framework, analyzing the Naor-Naor-Lotspiech subset difference scheme, and generalizing the scheme.
The document discusses symmetric key cryptography. It begins with an introduction to cryptography and encryption techniques like substitution ciphers. It then covers symmetric encryption in more detail, explaining block ciphers like DES and AES, as well as modes of operation like ECB, CBC, and OFB. It provides an example Java implementation of AES encryption and decryption. It also briefly covers stream ciphers like RC4 and the concept of steganography.
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
This document discusses cryptography and how it can be used to own digital goods like cryptocurrency. It begins by introducing key concepts in cryptography like cryptosystems, attacks, and asymmetry. It then discusses how early systems like Jefferson's wheel cipher provided security through obscurity of algorithms and keys. The document explores how brute force attacks become impractical as key sizes increase due to the vast amounts of energy required. It introduces public key cryptography and how RSA provides asymmetry through a trapdoor function. The document explains how asymmetric cryptography can be used for signatures and confidentiality. It concludes by noting how cryptography achieves the scarcity needed for digital ownership of coins.
- The document provides an overview of the schedule and topics for a cryptography class, including an introduction to cryptography today, Elliptic Curve Cryptography and signatures on Wednesday, and a checkup on the first three classes next Monday.
- It also lists the assigned readings for chapters 1-4 of the textbook and provides information about the backgrounds of students in the class.
- The remainder of the document discusses setting up a Bitcoin wallet, downloading the blockchain, hierarchical deterministic wallets, and provides a recap of the concepts from the previous class around what makes something a currency and how ownership of digital goods can be established.
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to authenticate identity, and how public key encryption and signatures can be combined. The document discusses cryptographic attacks and principles like Kerckhoff's principle and provable security. It provides examples of cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange protocols.
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it first. This document discusses homomorphic encryption techniques including partially homomorphic encryptions that support either addition or multiplication operations, and fully homomorphic encryption introduced by Craig Gentry that supports both types of operations. It also covers the use of ideal lattices in lattice-based cryptosystems and the bootstrapping technique used to "refresh" ciphertexts and prevent noise from accumulating during homomorphic computations.
The document discusses symmetric key cryptography. It begins with an introduction to cryptography and encryption techniques like substitution ciphers. It then covers symmetric encryption in more detail, explaining block ciphers like DES and AES, as well as modes of operation like ECB, CBC, and OFB. It provides an example Java implementation of AES encryption and decryption. It also briefly covers stream ciphers like RC4 and the concept of steganography.
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
This document discusses cryptography and how it can be used to own digital goods like cryptocurrency. It begins by introducing key concepts in cryptography like cryptosystems, attacks, and asymmetry. It then discusses how early systems like Jefferson's wheel cipher provided security through obscurity of algorithms and keys. The document explores how brute force attacks become impractical as key sizes increase due to the vast amounts of energy required. It introduces public key cryptography and how RSA provides asymmetry through a trapdoor function. The document explains how asymmetric cryptography can be used for signatures and confidentiality. It concludes by noting how cryptography achieves the scarcity needed for digital ownership of coins.
- The document provides an overview of the schedule and topics for a cryptography class, including an introduction to cryptography today, Elliptic Curve Cryptography and signatures on Wednesday, and a checkup on the first three classes next Monday.
- It also lists the assigned readings for chapters 1-4 of the textbook and provides information about the backgrounds of students in the class.
- The remainder of the document discusses setting up a Bitcoin wallet, downloading the blockchain, hierarchical deterministic wallets, and provides a recap of the concepts from the previous class around what makes something a currency and how ownership of digital goods can be established.
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to authenticate identity, and how public key encryption and signatures can be combined. The document discusses cryptographic attacks and principles like Kerckhoff's principle and provable security. It provides examples of cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange protocols.
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it first. This document discusses homomorphic encryption techniques including partially homomorphic encryptions that support either addition or multiplication operations, and fully homomorphic encryption introduced by Craig Gentry that supports both types of operations. It also covers the use of ideal lattices in lattice-based cryptosystems and the bootstrapping technique used to "refresh" ciphertexts and prevent noise from accumulating during homomorphic computations.
A Biometric Approach to Encrypt a File with the Help of Session KeySougata Das
The main objective of this work is to provide a two layer authentication system through biometric (face) and conventional session based password authentication. The encryption key for this authentication will be generated with the combination of the biometric key and session based password.
This document provides an overview and summary of a master's thesis on encryption within law enforcement investigations. It begins with an introduction that frames the research question around balancing encryption and law enforcement needs. It then outlines the methodology, which first evaluates encryption conceptually before exploring technical and legal approaches to overcoming encryption. The body of the document is divided into several chapters. It will analyze the importance of encryption for human rights, discuss the "going dark" debate, examine technical approaches like backdoors and key escrow, analyze legal approaches like mandatory key disclosure orders, and explore investigative approaches such as social engineering and live forensics tools. The purpose is to assess solutions to overcoming encryption that balance law enforcement needs with human rights principles.
This document presents a project to develop a secure mobile messaging application using identity-based encryption (IBE). The goals of the project are to demonstrate that elliptic curve cryptography is viable on mobile devices, implement security in a user-friendly way with transparent encryption, and design the system to be modular and extensible. The document provides background on IBE and related concepts. It then reviews related work on secure messaging applications and their limitations. The design and implementation of the proposed mobile messaging application are described, covering authentication, IBE parameter retrieval, message encryption and decryption. Finally, the document discusses the user experience, application performance, and concludes with areas for future work.
This document describes a bounded identity-based encryption system that does not require a bilinear map. It uses a secret matrix S that is private to the domain, and secret keys are generated from rows in S corresponding to a user's identity. The public matrix P is generated from S using exponentiation. The system aims to provide security even under collusion attacks, with the size of the matrix scaling up based on the number of potential colluders. The document considers questions around the security and collision properties of the system, and compares it to other identity-based encryption approaches.
This thesis aims to give a theoretical as well as practical overview of an emerging issue in the field of IT security named Format Preserving Encryption (FPE).
Although FPE is not new, it is relatively unknown. It is used in the full-disk encryption and some other areas. Nevertheless, it is to this day even unknown to many cryptographers. Another issue that is on everyone's lips is the Internet of Things (IoT). IoT offers a whole new scope for FPE and could give it possibly a further boost.
Format Preserving Encryption is - as the name says - an encryption in which the format of the encrypted data is maintained. When a plaintext is encrypted with FPE, the ciphertext then has the same format again. As illustrated for example on the cover page: If we encrypt the owner and the number of a credit card with AES we get an unrecognizable string. If we use FPE instead, we might get for example Paul Miller and the number 4000 0838 7507 2846. The advantage is that for man and/or machine nothing changes. The encryption is therefore not noticed without analysis of the data. The advantage can also become a disadvantage. An attacker has with the format of the ciphertext already information about the plaintext.
This thesis starts with an introduction to the Format Preserving Encryption. In doing so, different variants of FPE are shown. In a next step, a Java library is explained and documented, in which we have implemented some of these FPE variants. This library is designed to enable programmers to use FPE without the need for detailed knowledge about the functionality. Then we explain by means of a tutorial and step by step with a concrete and simple example, how a subsequent integration of FPE could look like. In a final part the integration into a more complex and already widely used application is shown, an Android app called OwnTracks.
With this combination of theoretical and practical information a broad basic knowledge should be provided on the topic, which then can serve as a basis on how FPE can be used and whether a use is reasonable.
This document discusses steganography and steganalysis. It begins with an introduction and overview of steganography techniques, including encryption, decryption, least significant bit insertion, and discrete cosine transformation. It then covers steganalysis approaches like statistical, structural, and visual analysis. The document outlines experiments conducted with least significant bit insertion to hide images in audio and image files. It analyzes the output for changes to statistical characteristics to detect hidden information. In conclusion, the document examines steganography and steganalysis as techniques for covertly hiding and detecting hidden data in digital files.
This document provides an overview of facial recognition technology. It discusses the history of facial recognition, how the technology works by detecting nodal points on faces and creating faceprints for identification. It also covers implementations, comparing images to templates to verify or identify individuals, and applications in security and surveillance. Strengths are its non-invasive nature, but it can be impacted by changes in appearance.
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
In this paper we propose a scheme of encryption for Block ciphers in N-alphabet, where every member of any m-block of plain text is enciphered by different permutations which are generated by the help of a secret key word. Further we extend this method to multicode encryption using the fact that encrypting each member differently is the basis of multicode encryption.
This document provides information about a cryptography course offered at the University of Washington. It includes details such as the course name and number, instructors, meeting times, recommended texts, and a new lecture schedule. The schedule lists the dates and topics to be covered in each of the 10 lectures, along with the lecturer for each topic.
IRJET- Securing Cloud Data Under Key ExposureIRJET Journal
This document presents Bastion, a new encryption scheme that aims to ensure data confidentiality even if the encryption key is exposed. Bastion uses block cipher encryption in counter mode to encrypt plaintext data into ciphertext blocks. It then applies an efficient linear transformation to the ciphertext blocks. This linear transformation distributes information across all ciphertext blocks such that any individual block provides no information about the plaintext, even with knowledge of the encryption key. The scheme is designed to preserve confidentiality as long as an adversary does not have access to more than one ciphertext block. The document analyzes the security and performance of Bastion and suggests it could be integrated into existing cloud storage systems with low overhead.
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET Journal
This document discusses securing cloud data when encryption keys are exposed. It presents a system that distributes encrypted data across multiple cloud storage servers administered by different entities. This is done to limit an attacker's access even if they acquire the encryption key, as they would not be able to compromise every server. The paper studies data confidentiality against an adversary who knows the encryption key and has access to most but not all of the encrypted data blocks. It proposes a new security definition to capture this threat and evaluates a prototype implementation to measure performance overhead.
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
- Cryptanalysis techniques like ciphertext-only attacks, known-plaintext attacks, chosen-plaintext
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
DWT-SVD Based Visual Cryptography Scheme for Audio Watermarkinginventionjournals
This document proposes a DWT-SVD based visual cryptography scheme for audio watermarking. It aims to securely communicate hidden messages for military defense systems. The scheme works as follows:
1. A secret image is encrypted into two shares using visual cryptography.
2. Each share is then embedded as a watermark into an audio file using DWT-SVD. The DWT decomposes the audio into levels, and SVD modifies the singular values to embed the image bits.
3. To extract the shares, the watermarked audio is decomposed with DWT-SVD. The image bits are extracted from the singular values and used to reconstruct the shares.
4. The shares are combined
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device DriversPantazis Deligiannis
This document describes an approach for detecting concurrency bugs in device drivers through symbolic analysis. It first transforms a concurrent driver into a sequentialized approximation. It then performs symbolic lockset analysis to identify all potential data races. Finally, it uses a precise but bounded model checker to explore traces and find real bugs. The approach aims to efficiently and precisely detect concurrency issues like data races in complex driver code.
The document discusses public key encryption and digital signatures. It begins with an overview of public key encryption, including how each party has a public and private key pair. The document then covers the history of public key cryptography and some common public key encryption algorithms like RSA and ElGamal. It provides details on how the RSA algorithm works for both encryption and digital signatures. Finally, it discusses how digital signatures provide authentication, data integrity, and non-repudiation.
A Biometric Approach to Encrypt a File with the Help of Session KeySougata Das
The main objective of this work is to provide a two layer authentication system through biometric (face) and conventional session based password authentication. The encryption key for this authentication will be generated with the combination of the biometric key and session based password.
This document provides an overview and summary of a master's thesis on encryption within law enforcement investigations. It begins with an introduction that frames the research question around balancing encryption and law enforcement needs. It then outlines the methodology, which first evaluates encryption conceptually before exploring technical and legal approaches to overcoming encryption. The body of the document is divided into several chapters. It will analyze the importance of encryption for human rights, discuss the "going dark" debate, examine technical approaches like backdoors and key escrow, analyze legal approaches like mandatory key disclosure orders, and explore investigative approaches such as social engineering and live forensics tools. The purpose is to assess solutions to overcoming encryption that balance law enforcement needs with human rights principles.
This document presents a project to develop a secure mobile messaging application using identity-based encryption (IBE). The goals of the project are to demonstrate that elliptic curve cryptography is viable on mobile devices, implement security in a user-friendly way with transparent encryption, and design the system to be modular and extensible. The document provides background on IBE and related concepts. It then reviews related work on secure messaging applications and their limitations. The design and implementation of the proposed mobile messaging application are described, covering authentication, IBE parameter retrieval, message encryption and decryption. Finally, the document discusses the user experience, application performance, and concludes with areas for future work.
This document describes a bounded identity-based encryption system that does not require a bilinear map. It uses a secret matrix S that is private to the domain, and secret keys are generated from rows in S corresponding to a user's identity. The public matrix P is generated from S using exponentiation. The system aims to provide security even under collusion attacks, with the size of the matrix scaling up based on the number of potential colluders. The document considers questions around the security and collision properties of the system, and compares it to other identity-based encryption approaches.
This thesis aims to give a theoretical as well as practical overview of an emerging issue in the field of IT security named Format Preserving Encryption (FPE).
Although FPE is not new, it is relatively unknown. It is used in the full-disk encryption and some other areas. Nevertheless, it is to this day even unknown to many cryptographers. Another issue that is on everyone's lips is the Internet of Things (IoT). IoT offers a whole new scope for FPE and could give it possibly a further boost.
Format Preserving Encryption is - as the name says - an encryption in which the format of the encrypted data is maintained. When a plaintext is encrypted with FPE, the ciphertext then has the same format again. As illustrated for example on the cover page: If we encrypt the owner and the number of a credit card with AES we get an unrecognizable string. If we use FPE instead, we might get for example Paul Miller and the number 4000 0838 7507 2846. The advantage is that for man and/or machine nothing changes. The encryption is therefore not noticed without analysis of the data. The advantage can also become a disadvantage. An attacker has with the format of the ciphertext already information about the plaintext.
This thesis starts with an introduction to the Format Preserving Encryption. In doing so, different variants of FPE are shown. In a next step, a Java library is explained and documented, in which we have implemented some of these FPE variants. This library is designed to enable programmers to use FPE without the need for detailed knowledge about the functionality. Then we explain by means of a tutorial and step by step with a concrete and simple example, how a subsequent integration of FPE could look like. In a final part the integration into a more complex and already widely used application is shown, an Android app called OwnTracks.
With this combination of theoretical and practical information a broad basic knowledge should be provided on the topic, which then can serve as a basis on how FPE can be used and whether a use is reasonable.
This document discusses steganography and steganalysis. It begins with an introduction and overview of steganography techniques, including encryption, decryption, least significant bit insertion, and discrete cosine transformation. It then covers steganalysis approaches like statistical, structural, and visual analysis. The document outlines experiments conducted with least significant bit insertion to hide images in audio and image files. It analyzes the output for changes to statistical characteristics to detect hidden information. In conclusion, the document examines steganography and steganalysis as techniques for covertly hiding and detecting hidden data in digital files.
This document provides an overview of facial recognition technology. It discusses the history of facial recognition, how the technology works by detecting nodal points on faces and creating faceprints for identification. It also covers implementations, comparing images to templates to verify or identify individuals, and applications in security and surveillance. Strengths are its non-invasive nature, but it can be impacted by changes in appearance.
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
In this paper we propose a scheme of encryption for Block ciphers in N-alphabet, where every member of any m-block of plain text is enciphered by different permutations which are generated by the help of a secret key word. Further we extend this method to multicode encryption using the fact that encrypting each member differently is the basis of multicode encryption.
This document provides information about a cryptography course offered at the University of Washington. It includes details such as the course name and number, instructors, meeting times, recommended texts, and a new lecture schedule. The schedule lists the dates and topics to be covered in each of the 10 lectures, along with the lecturer for each topic.
IRJET- Securing Cloud Data Under Key ExposureIRJET Journal
This document presents Bastion, a new encryption scheme that aims to ensure data confidentiality even if the encryption key is exposed. Bastion uses block cipher encryption in counter mode to encrypt plaintext data into ciphertext blocks. It then applies an efficient linear transformation to the ciphertext blocks. This linear transformation distributes information across all ciphertext blocks such that any individual block provides no information about the plaintext, even with knowledge of the encryption key. The scheme is designed to preserve confidentiality as long as an adversary does not have access to more than one ciphertext block. The document analyzes the security and performance of Bastion and suggests it could be integrated into existing cloud storage systems with low overhead.
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET Journal
This document discusses securing cloud data when encryption keys are exposed. It presents a system that distributes encrypted data across multiple cloud storage servers administered by different entities. This is done to limit an attacker's access even if they acquire the encryption key, as they would not be able to compromise every server. The paper studies data confidentiality against an adversary who knows the encryption key and has access to most but not all of the encrypted data blocks. It proposes a new security definition to capture this threat and evaluates a prototype implementation to measure performance overhead.
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
- Cryptanalysis techniques like ciphertext-only attacks, known-plaintext attacks, chosen-plaintext
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
DWT-SVD Based Visual Cryptography Scheme for Audio Watermarkinginventionjournals
This document proposes a DWT-SVD based visual cryptography scheme for audio watermarking. It aims to securely communicate hidden messages for military defense systems. The scheme works as follows:
1. A secret image is encrypted into two shares using visual cryptography.
2. Each share is then embedded as a watermark into an audio file using DWT-SVD. The DWT decomposes the audio into levels, and SVD modifies the singular values to embed the image bits.
3. To extract the shares, the watermarked audio is decomposed with DWT-SVD. The image bits are extracted from the singular values and used to reconstruct the shares.
4. The shares are combined
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device DriversPantazis Deligiannis
This document describes an approach for detecting concurrency bugs in device drivers through symbolic analysis. It first transforms a concurrent driver into a sequentialized approximation. It then performs symbolic lockset analysis to identify all potential data races. Finally, it uses a precise but bounded model checker to explore traces and find real bugs. The approach aims to efficiently and precisely detect concurrency issues like data races in complex driver code.
The document discusses public key encryption and digital signatures. It begins with an overview of public key encryption, including how each party has a public and private key pair. The document then covers the history of public key cryptography and some common public key encryption algorithms like RSA and ElGamal. It provides details on how the RSA algorithm works for both encryption and digital signatures. Finally, it discusses how digital signatures provide authentication, data integrity, and non-repudiation.
The document discusses authentication protocols to securely prove identity between two parties communicating over a network. Protocol ap5.0 uses public key cryptography and a nonce (random number) to authenticate, but it is vulnerable to a man-in-the-middle attack where an attacker can pose as both parties to intercept and alter communications. The document explores several authentication protocols and their vulnerabilities to illustrate challenges in securely authenticating identities over an open network.
🎶🎵Bo-stream-ian Rhapsody: A Musical Demo of Kafka Connect and Kafka Streams 🎵🎶HostedbyConfluent
"You’ve heard of Apache Kafka. You know that real-time event streaming can be a powerful tool to power your project, product, or even company. But beyond storing and relaying messages, what can Kafka do?
In this talk, get an overview of two key components of the Kafka ecosystem beyond just brokers and clients: Kafka Connect, a distributed ingest/export framework, and Kafka Streams, a distributed stream processing library. Learn about the APIs available for developing and deploying a custom source and sink connector, and for bringing up a Streams application to manipulate the data in between them.
Through a musical demonstration involving Kafka Connect and Kafka Streams, audio will be recorded, distorted, analyzed, and played back–live and in real time.
Audience members should expect to come away with a good understanding of how to develop Kafka Connect connectors and Kafka Streams applications, as well as some basics of digital signal processing."
This document presents information on developing a lightweight encryption application for Android using the Hummingbird-2 encryption algorithm. It includes an introduction to the topic, a literature review on related work, a description of the problem being addressed, an overview of the Hummingbird-2 algorithm and its encryption/decryption process, the system architecture, a mathematical model of the system, an analysis of the algorithm's security strengths, and conclusions and future work. The goal is to create an application that uses password-based authentication and Hummingbird-2 encryption to securely store data on Android devices.
The document discusses network security and introduces concepts like cryptography, authentication, and message integrity. It notes that network security aims to ensure confidentiality, authentication, and access for legitimate users while preventing attacks from unauthorized parties. The chapter will cover principles of cryptography, security protocols for different layers, and operational security measures like firewalls and intrusion detection systems. Users are asked to cite the source if using the slides and to respect the authors' copyright.
This document discusses the use and sharing of PowerPoint slides from a textbook on computer networking. It allows the slides to be modified and used for educational purposes with only two requirements: 1) Cite the source if using the slides substantially unaltered, and 2) Note the copyright if posting slides substantially unaltered online. The document is copyrighted by the authors of the textbook from 1996-2007.
The document discusses network security and introduces concepts like cryptography, authentication, and message integrity. It notes that network security aims to ensure confidentiality, authentication, and access to services. Cryptography uses techniques like encryption, digital signatures, and hash functions to provide these security properties. The document provides examples to illustrate symmetric and public key cryptography, including how algorithms like DES, AES, RSA and hash functions work. It also introduces common network security examples like Alice, Bob and the intruder Trudy.
7. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
8. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
C ← E(M, K)
9. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
C ← E(M, K)
C = “KNQXGAQWJGJFOI”
10. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
C ← E(M, K)
C = “KNQXGAQWJGJFOI”
M ← E−1
(C, K)
11. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
C ← E(M, K)
C = “KNQXGAQWJGJFOI”
M ← E−1
(C, K)
M = “Nandan, 6:30pm”
12. Symmetric Key Encryption
Alice Bob
M = “Nandan, 6:30pm”
Insecure Communication Channel
Oscar
Enc Dec
K K
M = “Nandan, 6:30pm”
C ← E(M, K)
C = “KNQXGAQWJGJFOI”
M ← E−1
(C, K)
M = “Nandan, 6:30pm”
23. DRM in Blu-ray/DVD discs
(Copyrighted) Content Production House
n Users
legitimate player
24. DRM in Blu-ray/DVD discs
(Copyrighted) Content Production House
n Users
legitimate player
pirated player
25. Basic Schemes
N: set of all users u1, . . . , un; n = |N|
R: set of revoked users; r = |R|
26. Basic Schemes
N: set of all users u1, . . . , un; n = |N|
R: set of revoked users; r = |R|
S = {Si : Si ⊆ N}
27. Basic Schemes
N: set of all users u1, . . . , un; n = |N|
R: set of revoked users; r = |R|
S = {Si : Si ⊆ N}
Singleton Set Scheme
S = {{u1}, . . . , {un}}
Each user is assigned a unique key. O(1)
M has to be encrypted for each user in N R. O(n − r)
28. Basic Schemes
N: set of all users u1, . . . , un; n = |N|
R: set of revoked users; r = |R|
S = {Si : Si ⊆ N}
Singleton Set Scheme
S = {{u1}, . . . , {un}}
Each user is assigned a unique key. O(1)
M has to be encrypted for each user in N R. O(n − r)
Power Set Scheme
S = {{u1}, . . . , {u1, u2}, . . . , {u1, . . . , un−1}, . . . , N}
Each subset of users is assigned a unique key. O(2n)
M is encrypted only once for the set N R ∈ S. O(1)
29. Subset Cover Framework [NNL01]
1. Initiation
Choose the collection
S = {S1, . . . , Sw }; Si ⊆ N.
30. Subset Cover Framework [NNL01]
1. Initiation
Choose the collection
S = {S1, . . . , Sw }; Si ⊆ N.
Assign key Li to each Si ∈ S
Only u ∈ Si gets Li
31. Subset Cover Framework [NNL01]
1. Initiation
Choose the collection
S = {S1, . . . , Sw }; Si ⊆ N.
Assign key Li to each Si ∈ S
Only u ∈ Si gets Li
2. Encryption
Broadcast Message
(sent in sessions)
Message Block M
32. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
33. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
}
34. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
35. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
M with random Ks;
36. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
M with random Ks;
Ks with Lij
of each Sij
∈ Sc
37. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
M with random Ks;
Ks with Lij
of each Sij
∈ Sc
FKs
(M)
38. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
M with random Ks;
Ks with Lij
of each Sij
∈ Sc
FKs
(M) ELi1
(Ks) · · · ELih
(Ks)
39. Subset Cover Framework [NNL01]
2. Encryption (M, R)
For each session (with privileged users N R):
Find the Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
Encrypt:
M with random Ks;
Ks with Lij
of each Sij
∈ Sc
FKs
(M) ELi1
(Ks) · · · ELih
(Ks)
body header
40. Subset Cover Framework [NNL01]
3. Decryption
FKs
(M) ELi1
(Ks) · · · ELih
(Ks)
For u ∈ Sij
where Si,j ∈ Sc
Find ELij
(Ks) in the header
41. Subset Cover Framework [NNL01]
3. Decryption
FKs
(M) ELi1
(Ks) · · · ELih
(Ks)
For u ∈ Sij
where Si,j ∈ Sc
Find ELij
(Ks) in the header
Ks ← E−1
Lij
(ELij
(Ks))
42. Subset Cover Framework [NNL01]
3. Decryption
FKs
(M) ELi1
(Ks) · · · ELih
(Ks)
For u ∈ Sij
where Si,j ∈ Sc
Find ELij
(Ks) in the header
Ks ← E−1
Lij
(ELij
(Ks))
M ← F−1
Ks
(FKs (M))
44. Parameters of Interest
|Sc| = h: header length (costliest parameter)
Example: Pay-TV bandwidth cost
|Iu|: user storage (may be costly)
Example: High-end military receivers
45. Parameters of Interest
|Sc| = h: header length (costliest parameter)
Example: Pay-TV bandwidth cost
|Iu|: user storage (may be costly)
Example: High-end military receivers
Encryption time
Decryption time
Example: TV set-top box booting time
46. Applications of BE
Pay-TV, CableLabs standard.
AACS: Disney, Intel, Microsoft, Panasonic, Warner Bros.,
IBM, Toshiba and Sony.
Blu-ray Disc Manufacturer Player Manufacturer
47. Applications of BE
Pay-TV, CableLabs standard.
AACS: Disney, Intel, Microsoft, Panasonic, Warner Bros.,
IBM, Toshiba and Sony.
Blu-ray Disc Manufacturer Player Manufacturer
Military Broadcasts
Global Broadcast Service (US)
Joint Broadcast System (Europe)
48. Applications of BE
Pay-TV, CableLabs standard.
AACS: Disney, Intel, Microsoft, Panasonic, Warner Bros.,
IBM, Toshiba and Sony.
Blu-ray Disc Manufacturer Player Manufacturer
Military Broadcasts
Global Broadcast Service (US)
Joint Broadcast System (Europe)
File Sharing in Encrypted File Systems.
Mailing list encryption: [BGW05] OpenPGP functions as a
BE system
Online content sharing and distribution [BBW06]
eCommerce: trade secret broadcasts
. . .
49. Why NOT use Public-Key BE?
Efficiency!!!
(decryption time, hence cost)
52. The collection S
S = {S1, . . . , Sw}; Si ⊆ N
determines the header length h
(through the cover generation algorithm)
Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
53. The collection S
S = {S1, . . . , Sw}; Si ⊆ N
determines the header length h
(through the cover generation algorithm)
Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
determines the user storage |Iu|
(through the key assignment and distribution algorithm)
54. The collection S
S = {S1, . . . , Sw}; Si ⊆ N
determines the header length h
(through the cover generation algorithm)
Subset Cover Sc = {Si1
, . . . , Sih
} ⊂ S such that
N R = Si1
∪ · · · ∪ Sih
determines the user storage |Iu|
(through the key assignment and distribution algorithm)
determines the encryption and decryption time
(through the key assignment and distribution algorithm)
55. Two types of S
Subset Difference {1}, {3}, {6, 7, 8}
Punctured Interval {1, 3, 6}, {7, 8}
Dalit Naor, Moni Naor, and Jeffery Lotspiech.
Revocation and tracing schemes for stateless receivers.
In Joe Kilian, editor, CRYPTO, volume 2139 of Lecture Notes in Computer
Science, pages 41–62. Springer, 2001.
Nam-Su Jho and Jung Yeon Hwang and Jung Hee Cheon and Myung-Hwan Kim
and Dong Hoon Lee and Eun Sun Yoo.
One-Way Chain Based Broadcast Encryption Schemes.
In Ronald Cramer, editor, EUROCRYPT, volume 3494 of Lecture Notes in
Computer Science, pages 559–574. Springer, 2005.
56. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
57. Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
58. Subset Difference (SD) Scheme [NNL01]
Naor-Naor-Lotspiech (2001)
Patented
Used in the AACS standard
59. Subset Difference (SD) Scheme [NNL01]
Naor-Naor-Lotspiech (2001)
Patented
Used in the AACS standard
0
1 2
3 4 5 6
7 8 9 10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Assumed n = 2 0
63. Collection SNNL−SD has:
For all internal nodes i
For all corresponding nodes j(= i) in the subtree Ti
Si,j = Ti Tj
64. Collection SNNL−SD has:
For all internal nodes i
For all corresponding nodes j(= i) in the subtree Ti
Si,j = Ti Tj
T i
T j
All users that are in Ti but not in Tj
65. Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
67. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
68. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
69. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
70. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
71. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
72. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
GL(GL(seedi )) GR (GL(seedi ))
73. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
GL(GL(seedi )) GR (GL(seedi ))
seedi,j = GR (GL(GL(seedi )))
74. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
GL(GL(seedi )) GR (GL(seedi ))
seedi,j = GR (GL(GL(seedi )))
75. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
GL(GL(seedi )) GR (GL(seedi ))
seedi,j = GR (GL(GL(seedi )))
Li,j = GM (seedi,j )
76. Key Assignment
Key for Si,j:
Assign random seedi to each internal node i
Pseudo-random generator (PRG): G : {0, 1}k → {0, 1}3k
G(seed) = GL(seed)||GM(seed)||GR(seed)
seedi
j
GL(seedi ) GR (seedi )
GL(GL(seedi )) GR (GL(seedi ))
seedi,j = GR (GL(GL(seedi )))
Li,j = GM (seedi,j )
Key of Si,j: Li,j = GM(seedi,j)
77. Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
78. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
Figure: Secrets stored by u
79. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
Figure: Secrets stored by u
80. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
Figure: Secrets stored by u
81. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
Figure: Secrets stored by u
82. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
Figure: Secrets stored by u
83. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
GR (GL(GL(GL(seedi ))))
Figure: Secrets stored by u
84. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
GR (GL(GL(GL(seedi ))))
1 +
Figure: Secrets stored by u
85. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
GR (GL(GL(GL(seedi ))))
1 + 2 +
Figure: Secrets stored by u
86. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
GR (GL(GL(GL(seedi ))))
1 + 2 + · · · + 0 =
Figure: Secrets stored by u
87. User Storage
User u stores: for every ancestor i (at level ), the derived
seeds of nodes “falling-off” from the path between i and u,
derived from seedi.
u
seedi
GR (seedi )
GR (GL(seedi ))
GR (GL(GL(seedi )))
GR (GL(GL(GL(seedi ))))
1 + 2 + · · · + 0 = 0( 0+1)
2
Figure: Secrets stored by u
88. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
105. NNL-SD Parameters
For n users out of which r are revoked:
User storage: O(log2
(n)).
Maximum header length: 2r − 1.
Maximum decryption time: O(log n).
106. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
109. Layered SD subsets
Which Si,j ∈ SHS−LSD?
If i is at a special level:
for all j in T i, Si,j ∈ SHS−LSD
If i is not at a special level:
for all j in T i that are in the same layer as i, Si,j ∈ SHS−LSD
110. Layered SD subsets
Which Si,j ∈ SHS−LSD?
If i is at a special level:
for all j in T i, Si,j ∈ SHS−LSD
If i is not at a special level:
for all j in T i that are in the same layer as i, Si,j ∈ SHS−LSD
T i
T j
111. Layered SD subsets
Which Si,j ∈ SHS−LSD?
If i is at a special level:
for all j in T i, Si,j ∈ SHS−LSD
If i is not at a special level:
for all j in T i that are in the same layer as i, Si,j ∈ SHS−LSD
T i
T j
special level
112. Layered SD subsets
Si,j ∈ SNNL−SD SHS−LSD if
i is not at a special level
and i and j are not in the same layer
113. Layered SD subsets
Si,j ∈ SNNL−SD SHS−LSD if
i is not at a special level
and i and j are not in the same layer
How to cover these subsets?
114. Layered SD subsets
Si,j ∈ SNNL−SD SHS−LSD if
i is not at a special level
and i and j are not in the same layer
How to cover these subsets? SPLIT!!!
special level
T i
T k
T j
Subsets in SSD SLSD are split into: Si,j = Si,k ∪ Sk,j .
115. Layered SD Scheme
Key for Si,k is Li,k = GM(GL(seedi))
Key for Sk,j is Lk,j = GM(GR(GL(seedk )))
Li,k = GM (seedi,k )
k
seedi
seedi,k = GL(seedi )
GR (seedi )special level
k
j
seedk
GL(seedk ) GR (seedk )
seedk,j = GR (GL(seedk ))
Lk,j = GM (seedk,j )
116. LSD Parameters
NNL-SD scheme:
User storage needed: O(log2
(n)).
Maximum Header Length: 2r − 1.
Decryption Time: O(log n).
HS-LSD scheme:
User Storage needed: O(log3/2
n).
Maximum header length: 4r − 2.
Decryption Time: O(log n).
117. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
118. Other SD-based Schemes
[GoodrichST04] Stratified SD
Key assignment: Left and right preorder tree traversals
O(log n) storage; O(n) decryption time
Double header length
[FukushimaKTS08] 3-ary tree SD
“However, in a general a-ary tree with a ≥ 4,... our hash chain
approach fails... Thus, the construction of a coalition resistant
a-ary SD method with reasonable communication, computation,
and storage overhead is an open issue.”
[WangYL14] Balanced Double SD
Published after I submitted my thesis
We have better results now
119. Analysis of SD scheme
[ParkB06]
Generating function for N(n, r, h)
Mean header length: “complex to compute and difficult to
gain insight from”
[EagleOPR08]
Small standard deviations
[MartinMW09]
Maximum header length
120. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
121. Complete Tree SD (CTSD) Scheme
Question: What happens when n = 2 0 ?
Answer: Add dummy users to get to the next power of two.
If the dummy users are considered revoked, then the effect
on the header length is disastrous.
If the dummy users are privileged, the situation is better
but, there is still a measurable effect on the header length.
Solution: Use a complete binary tree.
“Completes” (and also subsumes) the NNL-SD scheme to
work for any number of users.
Conceptually simple; working out the details is a bit
involved.
122. CTSD Scheme: Header Length Analysis
(n, r)-revocation
A choice of r revoked users out of total n users
For each (n, r)-revocation,
h ∈ {1, . . . , hmax }
N(n, r, h)
#(n, r)-revocations for which the the header length is h.
123. CTSD Scheme: Header Length Analysis
(n, r)-revocation
A choice of r revoked users out of total n users
For each (n, r)-revocation,
h ∈ {1, . . . , hmax }
N(n, r, h)
#(n, r)-revocations for which the the header length is h.
How to compute N(n, r, h)?
The only known method would
enumerate all possible n
r (n, r)-revocations
run the cover finding algorithm for each
count the number of (n, r)-revocations leading to a header
of size h.
124. Recurrence relation for N(n, r, h)
N(λi, r1, h1) = T(λi, r1, h1) + j∈IN(i) T(λj, r1, h1 − 1)
where IN(i) is the set of all internal nodes in the subtree T i
excluding the node i.
T(λi, r1, h1) =
r1−1
r =1
h1
h =0 N(λ2i+1, r , h ) × N(λ2i+2, r1 − r , h1 − h )
where λ2i+1 (respectively λ2i+2) is the number of leaves in
the left (respectively right) subtree of T i.
T(λi , r1, h1) r1 < 0 r1 = 0 r1 = 1 2 ≤ r1 < n r1 = n r1 > n
h1 = 0 0 0 0 0 1 0
h1 ≥ 1 0 0 0 from rec. 0 0
N(λi , r1, h1) r1 < 0 r1 = 0 r1 = 1 2 ≤ r1 < n r1 = n r1 > n
h1 = 0 0 0 0 0 1 0
h1 = 1 0 1 n from rec. 0 0
h1 > 1 0 0 0 from rec. 0 0
Table: Boundary conditions on T(n, r, h) and N(n, r, h).
125. Computing N(n, r, h)
Dynamic Programming:
N(n, r, h) can be computed in O(r2h2 log n + rh log2
n) time
and O(rh log n) space.
N(n, r, h) for all possible h can be computed in
O(r4 log n + r2 log n) time and O(r2 log2
n) space.
N(n, r, h) for all possible r and h can be computed in
O(n4 log n + n2 log2
n) time and O(n2 log n) space.
N(i, r, h) for 2 ≤ i ≤ n and all possible r and h can be
computed in O(n5 + n3 log n) time and O(n3) space.
The combinatorics behind the cover generation algorithm was
well captured!
(for n ~125)
126. Using N(n, r, h): Maximum Header Length
Theorem
The maximum header length in the CTSD method for n users is
hmax = min(2r − 1, n
2 , n − r).
For the NNL-SD scheme, the bound of 2r − 1 was known.
Complete (refined) picture:
if r ≤ n/4, hmax = 2r − 1;
if n/4 < r ≤ n/2, hmax = n/2; and
for r > n/2, hmax = n − r.
127. Using N(n, r, h): More analysis
nr
The value of n for which the header length of 2r − 1 is achieved
with r revoked users.
Obtained a complete characterization of nr .
Generating Function
Similar to that of [PB06]
Probabilities and Expectation
For n ~125
Compute probabilities of h ∈ {1, . . . , hmax }
Compute expected value Hn,r
128. Expected Header Length
Random experiment
Select a random subset of revoked users R from N
(Select a random (n, r)-revocation).
Event: Node i generates a subset Si,j
Xi
n,r = 1 if Si,j ∈ Sc for some j;
Xi
n,r = 0 otherwise.
h = X0
n,r + X1
n,r + · · · Xn−1
n,r =
n−1
i=0
Xi
n,r
Hn,r : expected header length for (n, r)-revocations.
Hn,r =
n−1
i=0
E[Xi
n,r ] =
n−1
i=0
Pr[Xi
n,r = 1]
129. Hn,r for all SD based schemes
This technique has been useful for other SD-based schemes:
Hn,r =
n−1
i=0
Pr[Xi
n,r = 1]
For the NNL-SD scheme:
Computing Hn,r requires O(r log n) time and O(1) space.
130. Hn,r for the NNL-SD Scheme
Theorem: For all n ≥ 1, r ≥ 1, the expected header length
Hn,r ↑ Hr , as n increases through powers of two, where
Hr = 3r − 2 − 3 ×
r−1
i=1
−
1
2
i
+
i
k=1
(−1)k i
k
(2k − 3k )
(2k − 1)
.
r 2 3 4 5 6
Hr /r 1.25 1.25 1.2455 1.2446 1.2448
131. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
132. Halevy-Shamir LSD Scheme
0
1 2
3 4 5 6
7 8 9 10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Special Levels
0 = 4
1 = 2
2 = 0
d1 = 2
d2 = 2
[HS02]: “The root is considered to be at a special
level, and in addition we consider every level of depth
k · log (n) for k = 1 . . . log (n) as special (wlog, we
assume that these numbers are integers).”
n = 2 0 with 0 = 4, 9, 16, 25 only?
133. Layering Strategy
A choice of special levels is called a layering strategy.
General layering strategy
Layering strategy = ( 0, . . . , e):
has e + 1 special levels
0 > 1 > . . . > e−1 > e = 0.
Layering strategy d = (d1, . . . , de)
di = i − i−1 is a layer length
In general, the layer lengths need not be (almost) equal.
134. Extending the HS Scheme
Residual bottom layer
Write 0 = d(e − 1) + p where 1 ≤ p ≤ d. Then the special
levels are
0, 0 − d, 0 − 2d, . . ., − d(e − 1), 0.
Balanced layering or extended-HS (eHS)
Write 0 = d(e − 1) + p = (e − d + p)d + (d − p)(d − 1).
Define the layer lengths from the top to be
(d, . . . , d
e−d+p
, d − 1, . . . , d − 1
d−p
).
136. Storage Minimal Layering
SML0( 0)
A layering strategy which minimizes the user storage among all
layering strategies.
#SML0( 0)
User storage required by SML0( 0).
#SML0( 0) = min
1≤e≤ 0
#SML0(e, 0);
#SML0(e, 0) = min
( 0,..., e)
storage0( 0, 1, . . . , e)
Dynamic programming algorithm to compute #SML0( 0):
O( 3
0) time and O( 2
0) space.
137. Root at a Non-Special Level
[HS02]: “The root is considered to be at a special
level, and ...”
Making root level 0 non-special:
storage1( ) = storage0( ) − 1.
Hence, user storage decreases.
Pr[X0
n,r = 1] is small.
Hence, negligible increase in the expected header size.
SML1( 0): SML with non-special root.
#SML1( 0): corresponding user storage.
138. Examples of SML
Suppose there are 228 users, i.e., 0 = 28
(a good estimate as per the CableLabs website)
Scheme Name Layering Storage |Iu|
NNL-SD: (28,0) 406
eHS: (28,22,16,10,5,0) 146
SML0: (28,21,15,10,6,3,1,0) 140
SML1: (22,16,11,7,4,2,0) 119
139. Other Results
Complete Tree LSD scheme
Maximum Header Length
hmax = min (4r − 2, n
2 , n − r) if root is non-special.
hmax = min (4r − 3, n
2 , n − r) if root is special.
Expected Header Length:
The splitting of subsets complicates the analysis.
O(r log2
n) time and O(1) space.
140. Constrained Minimization
For a given r, the contribution of level max = 0 − log2 r to
the header is maximum.
As r ↑, max ↓. Hence,
Depending on the application, fix a value of rmin and set
max = 0 − log2 rmin.
Let = { max , 0}.
141. Constrained Minimization
For a given r, the contribution of level max = 0 − log2 r to
the header is maximum.
As r ↑, max ↓. Hence,
Depending on the application, fix a value of rmin and set
max = 0 − log2 rmin.
Let = { max , 0}.
Result: Hn,r close to that of NNL-SD, but, with lower user
storage.
142. Constrained Minimization
For a given r, the contribution of level max = 0 − log2 r to
the header is maximum.
As r ↑, max ↓. Hence,
Depending on the application, fix a value of rmin and set
max = 0 − log2 rmin.
Let = { max , 0}.
max = 0 − log2 r
Result: Hn,r close to that of NNL-SD, but, with lower user
storage.
143. Constrained Minimization
For a given r, the contribution of level max = 0 − log2 r to
the header is maximum.
As r ↑, max ↓. Hence,
Depending on the application, fix a value of rmin and set
max = 0 − log2 rmin.
Let = { max , 0}.
max = 0 − log2 r
Result: Hn,r close to that of NNL-SD, but, with lower user
storage.
144. A CML Example
n = 228 and rmin = 210.
Scheme Layering |Iu| Hn,r (normalized with NNL-SD)
NNL-SD: (28,0) 406 (1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00, 1.00)
eHS: (28,22,16,10,5,0) 146 (1.69, 1.63, 1.64, 1.67, 1.69, 1.72, 1.73, 1.74, 1.75, 1.75)
CML: (23, 18,0) 219 (1.14, 1.08, 1.04, 1.03, 1.01, 1.01, 1.00, 1.00, 1.00, 1.00)
Header lengths for 10 equispaced values of r from 210 to 214
normalized by the header length of the NNL-SD scheme.
145. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
146. k-ary tree SD
seedi
i
j1 j2
Li,{j} = G100(seedi )
j G010(seedi ) G001(seedi )
Li,{j1,j2} = G011(Li,{j})
Figure: Key of Si,{j1,j2} is G000(Li,{j1,j2}) = G000(G011(G100(seedi ))).
User storage
1 + (2k−1
− 1)
0
=1
= 1 +
0( 0 + 1)
2
(2k−1
− 1)
... reduced using additional tree structure
(constructed using cyclotomic cosets mod 2k − 1)
149. k-ary tree SD: Results
Why k-ary trees?
|S| ↑ =⇒ (Hn,r ↓, |Iu| ↑) always?
Hierarchy of Optimization
150. k-ary tree SD: Results
Why k-ary trees?
|S| ↑ =⇒ (Hn,r ↓, |Iu| ↑) always?
Hierarchy of Optimization
Header length analysis
hmax = min (2r − 1, n/k , n − r)
Algorithm to compute Hn,r (for n = k 0 )
O(r log n) space; O(1) time
Reducing user storage
Using cyclotomic cosets modulo 2k
− 1
An additional tree structure T(k)
151. k-ary tree SD: Results
Why k-ary trees?
|S| ↑ =⇒ (Hn,r ↓, |Iu| ↑) always?
Hierarchy of Optimization
Header length analysis
hmax = min (2r − 1, n/k , n − r)
Algorithm to compute Hn,r (for n = k 0 )
O(r log n) space; O(1) time
Reducing user storage
Using cyclotomic cosets modulo 2k
− 1
An additional tree structure T(k)
Complete Tree for arbitrary number of users
Layering
Storage Minimal Layering
Header length simulation study (for n = k 0 )
153. k-ary tree SD
k 3 4 5 6 7 8 16
δk 0.44 0.19 0.11 0.07 0.05 0.04 < 0.01
Table: Values of the threshold δk .
154. Outline
Preliminaries
Background
NNL-SD: Initiation
Define SNNL−SD
Key Assignment
Key Distribution
NNL-SD: Encryption
Halevy-Shamir Layered SD
Other Related Works
Our Contributions
Paper 1: Arbitrary n; Detailed Analysis
Paper 2: Layering; Minimizing Storage
Paper 3: k-ary Generalization
Paper 4: Assured Savings on Communication
Conclusion
156. a-ABTSD scheme
SNNL−SD ⊂ Sa−ABTSD
Augment trees of height a (with k = 2a
leaf nodes)
(Better?) Hierarchy of Optimization
157. a-ABTSD scheme
SNNL−SD ⊂ Sa−ABTSD
Augment trees of height a (with k = 2a
leaf nodes)
(Better?) Hierarchy of Optimization
Header length analysis
hmax = min (2r − 1, n/k , n − r)
Reducing user storage
Using cyclotomic cosets modulo 2k
− 1
An additional tree structure T(k)
Complete Tree for arbitrary number of users
Header length simulation study
168. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
169. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
170. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
171. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
172. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
173. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
174. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
Choice of S: |S| ↑ or |S| ↓?
175. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
Choice of S: |S| ↑ or |S| ↓?
2 Storage minimal layering
176. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
Choice of S: |S| ↑ or |S| ↓?
2 Storage minimal layering
2 Constrained minimization layering
177. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
Choice of S: |S| ↑ or |S| ↓?
2 Storage minimal layering
2 Constrained minimization layering
3 k-ary tree SD scheme
178. Summary of Contributions
What if n = 2 0 ?
1, 2, 3, 4 Use dummy users or complete trees?
Analysis of SD-based schemes?
1 N(n, r, h)
1 Generating function [PB06]
1, 2, 3, 4 Maximum and Mean Header Lengths (Hn,r )?
In [PB06]: too complicated!!! (approximations)
1 Upper bound on Hn,r ?
1.38r (sketchy proof [NNL01])
1.25r (empirical [NNL01]) - theoretical analysis?
Choice of S: |S| ↑ or |S| ↓?
2 Storage minimal layering
2 Constrained minimization layering
3 k-ary tree SD scheme
4 (a, b, c)-ABTSD scheme
183. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
184. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
185. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
186. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
187. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
188. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
a-ABTSD schemes
(for different values of a)
189. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
a-ABTSD schemes
(for different values of a)
k-SD schemes
(for different values of k)
190. |S|
Intuition:
Choice of S: |S| ↑ or |S| ↓
Singleton Set scheme
Power Set scheme
NNL-SD scheme
HS-LSD scheme
a-ABTSD schemes
(for different values of a)
k-SD schemes
(for different values of k)
191. Publications
Sanjay Bhattacherjee and Palash Sarkar.
Complete tree subset difference broadcast encryption scheme and its analysis.
Des. Codes Cryptography, 66(1-3):335–362, 2013.
Sanjay Bhattacherjee and Palash Sarkar.
Concrete analysis and trade-offs for the (complete tree) layered subset difference
broadcast encryption scheme.
IEEE Transactions on Computers, 63(7): 1709–1722, 2014.
Sanjay Bhattacherjee and Palash Sarkar.
Tree based symmetric key broadcast encryption.
J. Discrete Algorithms, 34: 78–107, 2015.
Sanjay Bhattacherjee and Palash Sarkar.
Reducing communication overhead of the subset difference scheme.
IEEE Transactions on Computers, to appear.
Sanjay Bhattacherjee and Palash Sarkar.
Implementations related to the above papers, https://drive.google.com/
folderview?id=0B7azs7qqqdS0UnB5aHp3WmJwcDQ&usp=sharing_eil.
Uploaded on 13th August, 2014.
196. Open Questions
Schemes:
More hierarchies of optimization?
Practical scheme with hmax < r
Stateless as well as forward secure?
...
Analysis:
Non-uniform distribution of revoked users?
...