G. Simmons, "A survey of information authentication", G. Simmon (ed.), Contemporary Cryptography: The Science of Information Integrity, 379--419, IEEE Press, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....be the theoretical minimum (i.e. 1= one can sometimes reduce the number of authentication rules in an authentication code signi cantly, at least in the case where k . 2 Authentication codes The general theory of unconditional authentication has been developed by Simmons (see e.g. 7] and [8]) and has been extensively studied in recent years. In this section, we will give a brief review of some relevant known results concerning authentication without secrecy. In the usual model for authentication, there are three participants: a transmitter, a receiver, and an opponent. The ....

G. J. Simmons. A survey of information authentication. Proceedings of the IEEE 76 (1988), 603-620.

....might control all other vertices in the network) cannot change or delete a message sent on the edge hu; vi or insert a message on the channel. We assume that some pairs of parties share authentication keys. We informally explain what authentication schemes are; the reader is referred to, e.g. [15] for more details. An authentication scheme enables a sender and a receiver who share a common key to exchange messages such that the receiver can verify that the message was sent by the sender. We describe which pairs of parties have a common authentication key by a graph GA = hV; EAi. That is, u ....

G. J. Simmons. A survey of information authentication. In G. J. Simmons, editor, Contemporary Cryptology, The Science of Information Integrity, pages 441--497. IEEE Press, 1992.

....to untrusted networks and might be contaminated with viruses, sni er programs or Trojan horses and thus can not be trusted either [7] Again this means that a secure connection might be compromised without notice to the user. Clearly, there is a large variety of cryptographic techniques available [10, 14] to ensure the authenticity and protect privacy when information is transmitted over a network. However, these techniques can not be applied straightforwardly for communication over untrusted networks since it is assumed that decryption is performed on a trusted device. In this paper, we present ....

G. Simmons, A survey of information authentication, in Contemporary Cryptography - The science of information integrity, IEEE Press, 379-419.

....and recipient may or may not rely on complexity assumptions (e.g. that factoring is hard) They may or may not wish to be able to prove to third parties that the message was indeed sent by the informant. For a general survey of authentication issues and results, the reader may refer to [8]. This paper deals with the simple scenario where two parties A and B communicate and want to assure that the message received by B is the one sent by 356 A. We provide nearly tight bounds for the case of two party unconditionally secure authentication without secrecy defined as follows. A ....

G. Simmons, A Survey of Information Authentication, Proceedings of the IEEE, Vol. 76, No. 5, May 1988

.... tight reductions, so that an adversary who can successfully break the MAC can break the underlying cryptographic primitive (the pseudorandom function F) with essentially identical efficiency. PREWOUS WORK. The general theory of unconditional authentication was developed by Simmons; see [26] for a survey. As we have already explained, the universM hash and then encrypt paradigm is due to Wegman and Carter [32] The idea springs from their highly influential [10] In Wegman Carter authentication the size of the hash family corresponds to the number of bits of shared key one reason ....

G. Simmons, A survey of information authentication, in Contemporary Cryptography, The Science oInormation Integrity, G. Simmons, editor, IEEE Press, New York, 1992.

....end of the message being authenticated. In this case Y would be of the form Y = 35 I I a) where a is the appended authenticator and I I denotes concatenation. Authentication could also be achieved by redundancy present in the structure of the message, which could be recognized by the receiver [1]. Most of the work in authentication assumes the former case. Now, if Bob receives Y = 35 I I a) he could verify, using a verification key, that a is indeed a valid authenticator for X and accept the message. In a symmetric key system, the authentication and verification key are identical and ....

....Alice has sent to Bob. Such an attack is called an impersonation attack. Oscar may also choose freely between a substitution attack and an impersonation attack. Authentication techniques that are unconditionally secure against these attacks, from an information theoretic point of view, are known [1]. One problem with the model described above is that Alice can always disclaim originating a message. Non repudiable authentication techniques are also known that can prevent such a situation. For an excellent recent survey on authentication techniques, the reader is referred to [ 1 ] Closely ....

[Article contains additional citation context not shown here]

Gus Simmons. "A Survey of Information Authentication," In Contemporary Cryptography, The Science of Information Integrity, IEEE Press, (1992).

....for each source state. Previously, only entropy based lower bounds were known. Our bounds for the model without secrecy are tight because the A codes given by Johansson meet our bounds with equality. 1 Introduction In the model of unconditionally secure authentication codes (A codes) [1], there are three participants, a transmitter, a receiver and an opponent. The opponent tries to cheat the receiver by impersonation attack and substitution attack. This model has been studied extensively so far. Lower bounds on the cheating probabilities based on entropy were given by [2, 3] ....

G.J.Simmons, "A survey of Information Authentication", in Contemporary Cryptology, The science of information integrity, ed. G.J.Simmons, IEEE Press, New York, 1992.

....we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A codes. Especially, our bounds for A codes without secrecy are all tight for small size of source states. 1 Introduction In the model of unconditionally secure authentication codes (A codes) [1], there are three participants, a transmitter, a receiver and an opponent. The opponent tries to cheat the receiver by impersonation attack and substitution attack. This model has been studied extensively so far. Lower bounds on the cheating probabilities based on entropy were given by [2, 3] ....

G.J.Simmons. "A survey of Information Authentication ". In Contemporary Cryptology, The Science of information integrity, ed. G.J.Simmons,IEEE Press,New York, 1992.

....can be either computational or information theoretic, and we are here only interested in the latter. 3. 1 Unconditional Authentication Unconditionally secure message authentication based on a shared secret key was first considered in [24] and later in a large number of papers (e.g. see [44] [41], 42] Another line of research is devoted to proving lower bounds on the cheating probability as a function of the entropy of the key, H(K) see [33] for a discussion and generalization of these bounds. Assume that the secret key 2 For instance, C is an encryption of M , or M together with an ....

G. J. Simmons, A survey of information authentication, Proceedings of the IEEE, vol. 76, pp. 603--620, 1988.

....for A 2 codes without secrecy are all tight for small size of source states. Our main technique is a reduction of an A 2 code to a splitting A code. Keywords: Cryptography, Authentication Code, Arbitration 1. Introduction In the model of unconditionally secure authentication codes (A codes) [19], there are three participants, a transmitter, a receiver and an opponent. The opponent tries to cheat the receiver by impersonation attack and substitution attack. This model has been studied extensively so far. Lower bounds on the cheating probabilities based on entropy were given by [16, 4] ....

G. J. Simmons. "A survey of Information Authentication ". In Contemporary Cryptology, The Science of information integrity, ed. G.J.Simmons,IEEE Press,New York, 1992.

....avoids the administrative overheads associated with distributing cryptographic keys. Second, even when the sender of a message is not reliably provided by the network, the sender can be authenticated using techniques that require no cryptographic assumptions (for a survey of these techniques, see [Sim92]) Employing digital signatures, on the other hand, would require assumptions limiting the computational power of faulty replicas. Third, pairwise authentication typically incurs a low computation overhead on replicas, whereas digitally signing each message would impose a significantly higher ....

G. J. Simmons. A survey of information authentication. In Contemporary Cryptology, The Science of Information Integrity, IEEE Press, 1992.

....then the rows of the resulting matrix determine the w shares. 6 Authentication Codes Unconditionally secure authentication codes were introduced in 1974 by Gilbert, MacWilliams and Sloane [72] and Simmons developed a comprehensive theory of authentication codes in the 1980 s (see, for example, [76]) 6.1 The Application We begin with a brief motivation of this topic. Two fundamental goals of cryptography are to ensure secrecy and integrity of sensitive data. Secrecy is achieved through encryption, while data integrity is accomplished by means such as signature schemes and message ....

G. J. Simmons, A survey of information authentication, in Contemporary Cryptology, The Science of Information Integrity IEEE Press, (1992), pp. 379--419.

....keys and the center broadcasts O(klogklogn) messages regardless of the size of the priviledged set. Their analysis was based on a probabilistic method. On the other hand, authentication codes protect the transmitter and the receiver from impersonation and substitution attacks of an opponent [1 8]. In the model of authenticaiton codes [1 8] the opponent is infinitely powerful. Therefore, digital signatures cannot be used. For authenticaiton codes, see [15] too. Broadcast authentication was introduced by [10] see pp.185) In broadcast authentication, a transmitter broadcasts v messages ....

....messages regardless of the size of the priviledged set. Their analysis was based on a probabilistic method. On the other hand, authentication codes protect the transmitter and the receiver from impersonation and substitution attacks of an opponent [1 8] In the model of authenticaiton codes [1 8], the opponent is infinitely powerful. Therefore, digital signatures cannot be used. For authenticaiton codes, see [15] too. Broadcast authentication was introduced by [10] see pp.185) In broadcast authentication, a transmitter broadcasts v messages e 1 (s) Delta Delta Delta ; e v (s) and ....

G.J.Simmons, "A survey of Information Authentication ", in Contemporary Cryptology, The science of information integrity, ed. G.J. Simmons, IEEE Press, New York, (1992)

....authenticate three different messages M 0 , M 1 , and M 2 without revealing any information about any component of the authentication key. While for the function auth( each authentication key (a; b) can only be used to authenticate one message (that is, it is a kind of one time pad) see Simmons [15]) each authentication key (a; b; c; d) in our scheme can be used to authenticate 3 messages. Note that den Boer [4] used similar polynomials to construct one time authentication schemes. Theorem 2.1 Let key : a; b; c; d) be chosen uniformly from F 4 , M i 2 F, and s i : auth 4 (M i ; key) ....

G. J. Simmons. A survey of information authentication. In: Contemporary Cryptology, The Science of Information Integrity, pages 379--419. IEEE Press, 1992.

No context found.

G. Simmons, "A survey of information authentication", G. Simmon (ed.), Contemporary Cryptography: The Science of Information Integrity, 379--419, IEEE Press, 1992.

No context found.

G. Simmons, "A survey of information authentication", G. Simmon (ed.), Contemporary Cryptography: The Science of Information Integrity, 379--419, IEEE Press, 1992.

No context found.

G. Simmons, "A survey of information authentication", G. Simmon (ed.), Contemporary Cryptography: The Science of Information Integrity, 379--419, IEEE Press, 1992.

No context found.

G.J. Simmons, "A survey of information authentication," in `Contemporary Cryptology: The Science of Information Integrity,' G.J. Simmons, Ed., IEEE Press, 1991, pp. 381-- 419.

No context found.

G. J. Simmons, A survey of information authentication, Proceedings of the IEEE, Vol. 76, pp. 603--620, 1988.

No context found.

G. J. Simmons. A survey of information authentication. In Contemporary Cryptology, The Science of Information Integrity, IEEE Press, 1992.

No context found.

G. J. Simmons, "A survey of information authentication," Proceedings of IEEE, vol. 76, pp. 603--620, 1988. 20

No context found.

G. J. Simmons. A survey of information authentication. In Contemporary Cryptology, The Science of Information Integrity, IEEE Press, 1992. 15

No context found.

G. J. Simmons. A survey of information authentication, Proc. of the IEEE 76 (1988), 603-620.

No context found.

G. Simmons, A survey of information authentication, in Contemporary Cryptography - The science of information integrity, IEEE Press, 379-419.

No context found.

G.J.Simmons, "A survey of Information Authentication", in Contemporary Cryptology, The science of information integrity, ed. G.J.Simmons, IEEE Press, New York, 1992.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC