Cryptography is now popularized and is widely used anywhere for many aims such as data confidentiality and integrity. The cryptographic key has a limited lifetime. For example, the National Institute of Standards and Technology published SP800-57 in order to provide cryptographic key management guidance, and it strictly limits the lifetime of the cryptographic key and the lifetime of encrypted data. That means, the data encryption key is required to be periodically updated and the associated encrypted data is required to be re-encrypted with the new key each time. The cost, especially network traffic, is crucial if the encrypted data is away from the key. In this paper we discuss what to be achieved by key updating and propose a key update mechanism reducing the communication and computation cost of re-encryption.

抄録全体を表示

When a hard drive (HDD) is recycled, it is recommended that all files on the HDD are repeatedly overwritten with random strings for protecting their confidentiality. However, it takes a long time to overwrite them. This problem is solved by applying the all-or-nothing transform (AONT) to the filesystem of the HDD. To use the HDD economically, it is desirable to use a length-preserving AONT (LP-AONT). Whereas previous AONTs cause the increase of size of a file, and no LP-AONT is secure under previous security definitions. However, it does not mean that the LP-AONT is useless;previous security definitions are too strict in practical applications. Then, by introducing the ambiguity of a message, we propose more practical security definitions of the AONT. We also show the secure implementation of the LP-AONT under the proposed security definitions. The analysis shows that our implementation is nearly optimal in terms of the success probability of an adversary. It means that the ambiguity of one message block allows us to construct the LP-AONT as secure as previous AONTs.

抄録全体を表示

When a hard drive (HDD) is recycled, it is recommended that all files on the HDD are repeatedly overwritten with random strings for protecting their confidentiality. However, it takes a long time to overwrite them. This problem is solved by applying the all-or-nothing transform (AONT) to the filesystem of the HDD. To use the HDD economically, it is desirable to use a length-preserving AONT (LP-AONT). Whereas previous AONTs cause the increase of size of a file, and no LP-AONT is secure under previous security definitions. However, it does not mean that the LP-AONT is useless;previous security definitions are too strict in practical applications. Then, by introducing the ambiguity of a message, we propose more practical security definitions of the AONT. We also show the secure implementation of the LP-AONT under the proposed security definitions. The analysis shows that our implementation is nearly optimal in terms of the success probability of an adversary. It means that the ambiguity of one message block allows us to construct the LP-AONT as secure as previous AONTs.

抄録全体を表示

Power analysis can be used to attack many implementations of cryptosystems, e.g., RSA and ECC, and the doubling attack is a collision based power analysis performed on two chosen ciphertexts. In this paper, we introduced a modified doubling attack to threaten RSA and ECC implementations by exploiting only one chosen ciphertext of small order. To attack the RSA implementations we selected an input of order two while to attack the ECC implementations we exploited one chosen invalid point of small order on a cryptographically weak curve rather than on the original curve. We showed that several existing power analysis countermeasures for RSA and ECC implementations are still vulnerable to the proposed attack. To prevent the proposed attack, we suggested countermeasures for RSA as well as for ECC.

抄録全体を表示

The number of IoT devices is continuously increasing. Secure data sharing governed by appropriate access control is required to safely utilize data generated by IoT devices. Storing data in a public cloud is suitable for deploying services with distributed data sharing on a large scale. However, this raises security concerns since even when the data are encrypted, an adverse third party may access them if a decryption key is stored within the same environment (key escrow problem). Conventional methods are not supposed to be used in the IoT environment or have issues with security, key distribution, and changing access authority. We propose a novel approach to securely share the data generated by IoT devices within a public cloud. Our method enables 1) addressing the key escrow problem; 2) providing forward secrecy; 3) ensuring indistinguishability under Adaptive Chosen Ciphertext Attack (safety equivalent to IND-CCA2); 4) changing access authority easily; and 5) saving computational resources of IoT devices. We implemented this method and evaluated its performance. The experimental results show that it has comparable or better performance compared with conventional methods. Furthermore, we confirm that resource consumption in our method is more practical even in the large-scale IoT environment.

抄録全体を表示