|
Manuscripts.
- Vipul Goyal, Abhishek Jain
On the Round Complexity of Covert Computation
In STOC'05, Ahn, Hopper and Langford introduced the notion of covert computation. In covert computation, a party runs a secure computation protocol over a covert (or steganographic) channel without knowing if the other parties are participating as well or not. At the end of the protocol, if all parties participated in the protocol and if the function output is "favorable" to all parties, then the output is revealed (along with the fact that everyone participated). All covert computation protocols known so far require a large polynomial number of rounds. In this work, we first study the question of the round complexity of covert computation and obtain the following results:
-- There does not exist a constant round covert computation protocol with respect to black box simulation even for the case of two parties. (In comparison, such protocols are known even for the multi-party case if there is no covertness requirement.)
-- By relying on the two slot non-black-box simulation technique of Pass (STOC'04) and techniques from cryptography in NC0 (FOCS'04), we obtain a construction of a constant round covert multi-party computation protocol.
Put together, the above adds one more example to the growing list of tasks for which non-black-box simulation techniques (introduced in the work of Barak in FOCS'01) are necessary.
Finally, we study the problem of covert multi-party computation in the setting where the parties only have point to point (covert) communication channels. We observe that our covert computation protocol for the broadcast channel inherits, from the protocol of Pass, the property of secure composition in the bounded concurrent setting. Then, as an application of this protocol, somewhat surprisingly we show the existence of covert multi-party computation with point to point channels (assuming that the number of parties is a constant).
- Vipul Goyal, Abhishek Jain, Rafail Ostrovsky
Concurrent Password-Authenticated Key Exchange in the Plain Model
The problem of password-authenticated key exchange (PAKE) has been extensively studied. However to date, no construction is known for a PAKE protocol that is secure in the plain model in the setting of concurrent self-composition, where polynomially many protocol sessions with the same password may be executed on the network in an arbitrarily interleaved manner, and where the adversary may corrupt any number of parties.
We resolve this open problem. In particular, we give the first construction of a PAKE protocol that is secure (with respect to the definition of Goldreich and Lindell) in the concurrent setting in the plain model. We stress that we allow polynomially-many concurrent sessions and an arbitrary corruption pattern.
Publications.
- Xin Zhang, Abhishek Jain, Adrian Perrig
Packet Dropping Adversary Identification for Data Plane Security
CoNEXT 2008
-- 4th ACM International Conference on emerging Networking EXperiments and Technologies
Nearly two decades ago, Perlman first studied packet dropping attacks on routing paths in the context of data-plane security. However, until recently, the design of packet dropping adversary identification protocols that are simultaneously robust to both benign packet loss and malicious behavior has proven to be surprisingly elusive. In this paper, we strive to propose a secure and practical packet-dropping adversary localization scheme that is robust (in the sense as described earlier) and simultaneously achieves high detection rate and low communication and storage overhead -- the three key performance metrics for such protocols in realistic settings. Recent work optimizes either the detection rate or the communication overhead only. We systematically explore the design space of acknowledgment based protocols to identify a packet dropping adversary on a forwarding path from a source to a destination. In particular, we investigate a set of primitive protocols where each protocol exemplifies a design dimension; and examine the underlying tradeoff between the performance metrics. For each primitive protocol, we present both upper/lower performance bounds via theoretical analysis and average-case results via simulations. We conclude that the proposed PAI-1 protocol outperforms other related schemes in terms of practicality in a realistic network setting.
- Vipul Goyal, Abhishek Jain, Omkant Pandey, Amit Sahai
Bounded Ciphertext Policy Attribute based Encryption
ICALP 2008
-- 35th International Colloquium on Automata, Languages and Programming
In a ciphertext policy attribute based encryption system, a user's private key is associated with a set of attributes (describing the user) and an encrypted ciphertext will specify an access policy over attributes. A user will be able to decrypt if and only if his attributes satisfy the ciphertext's policy. In this work, we present the first construction of a ciphertext-policy attribute based encryption scheme having a security proof based on a number theoretic assumption and supporting advanced access structures. Previous CP-ABE systems could either support only very limited access structures or had a proof of security only in the generic group model. Our construction can support access structures which can be represented by a bounded size access tree with threshold gates as its nodes. The bound on the size of the access trees is chosen at the time of the system setup. Our security proof is based on the standard Decisional Bilinear Diffie-Hellman assumption.
- Jun Han, Abhishek Jain, Mark Luk, Adrian Perrig
Don't Sweat Your Privacy: Using Humidity to Detect Human Presence
UbiPriv 2007
-- 5th International Workshop on Privacy in UbiComp
Sensor nodes are increasingly deployed in many environments. Most of these nodes feature onboard sensor chips to measure environmental data such as humidity, temperature and light. In this paper, we show that seemingly innocuous and non-sensitive data such as humidity measurements can disclose private information such as human presence. We conduct several experiments using Telos motes running TinyOS to justify our claims. Our results motivate the need for research to investigate mechanisms to prevent the leakage of private information.
- Vipul Goyal, Abhishek Jain, Jean Jacques Quisquater
Improvements to Mitchell's Remote User Authentication Protocol
ICISC 2005
-- 8th International Conference on Information Security and Cryptography
A provably secure protocol for remote authentication is presented.
Only public information is stored at the verifying host that makes our scheme
resistant to server compromise. We use one time signatures coupled with offline
transcripts for synchronization. Due to sole usage of fast cryptographic hash
functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks.
|
