Results 1 - 10
of
428
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data
, 2008
"... We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying mater ..."
Abstract
-
Cited by 535 (38 self)
- Add to MetaCart
We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is error-tolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Generalized privacy amplification
- IEEE Transactions on Information Theory
, 1995
"... Abstract- This paper provides a general treatment of pri-vacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario. Privacy amplification is a process that allows two parties to distill a secret key from a common random variable about which ..."
Abstract
-
Cited by 325 (19 self)
- Add to MetaCart
(Show Context)
Abstract- This paper provides a general treatment of pri-vacy amplification by public discussion, a concept introduced by Bennett, Brassard, and Robert for a special scenario. Privacy amplification is a process that allows two parties to distill a secret key from a common random variable about which an eavesdropper has partial information. The two parties generally know nothing about the eavesdropper’s information except that it satisfies a certain constraint. The results have applications to unconditionally secure secret-key agreement protocols and quantum cryptography, and they yield results on wiretap and broadcast channels for a considerably strengthened definition of secrecy capacity. Index Terms- Cryptography, secret-key agreement, uncondi-tional security, privacy amplification, wiretap channel, secrecy capacity, RCnyi entropy, universal hashing, quantum cryptogra-phy. I.
Secure communication over fading channels
, 2007
"... The fading broadcast channel with confidential messages (BCC) is investigated, where a source node has common information for two receivers (receivers 1 and 2), and has confidential information intended only for receiver 1. The confidential information needs to be kept as secret as possible from rec ..."
Abstract
-
Cited by 186 (21 self)
- Add to MetaCart
The fading broadcast channel with confidential messages (BCC) is investigated, where a source node has common information for two receivers (receivers 1 and 2), and has confidential information intended only for receiver 1. The confidential information needs to be kept as secret as possible from receiver 2. The broadcast channel from the source node to receivers 1 and 2 is corrupted by multiplicative fading gain coefficients in addition to additive Gaussian noise terms. The channel state information (CSI) is assumed to be known at both the transmitter and the receivers. The parallel BCC with independent subchannels is first studied, which serves as an information-theoretic model for the fading BCC. The secrecy capacity region of the parallel BCC is established. This result is then specialized to give the secrecy capacity region of the parallel BCC with degraded subchannels. The secrecy capacity region is then established for the parallel Gaussian BCC, and the optimal source power allocations that achieve the boundary of the secrecy capacity region are derived. In particular, the secrecy capacity region is established for the basic Gaussian BCC. The secrecy capacity results are then
Wireless information-theoretic security - part I: Theoretical aspects
- IEEE Trans. on Information Theory
, 2006
"... In this two-part paper, we consider the transmission of confidential data over wireless wiretap channels. The first part presents an information-theoretic problem formulation in which two legitimate partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissi ..."
Abstract
-
Cited by 162 (12 self)
- Add to MetaCart
(Show Context)
In this two-part paper, we consider the transmission of confidential data over wireless wiretap channels. The first part presents an information-theoretic problem formulation in which two legitimate partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissions through another independent quasi-static fading channel. We define the secrecy capacity in terms of outage probability and provide a complete characterization of the maximum transmission rate at which the eavesdropper is unable to decode any information. In sharp contrast with known results for Gaussian wiretap channels (without feedback), our contribution shows that in the presence of fading information-theoretic security is achievable even when the eavesdropper has a better average signal-to-noise ratio (SNR) than the legitimate receiver — fading thus turns out to be a friend and not a foe. The issue of imperfect channel state information is also addressed. Practical schemes for wireless information-theoretic security are presented in Part II, which in some cases comes close to the secrecy capacity limits given in this paper.
Discrete memoryless interference and broadcast channels with confidential messages: secrecy rate regions
- IEEE Transactions on Information Theory
, 2008
"... Abstract — Discrete memoryless interference and broadcast channels in which independent confidential messages are sent to two receivers are considered. Confidential messages are transmitted to each receiver with perfect secrecy, as measured by the equivocation at the other receiver. In this paper, w ..."
Abstract
-
Cited by 162 (13 self)
- Add to MetaCart
Abstract — Discrete memoryless interference and broadcast channels in which independent confidential messages are sent to two receivers are considered. Confidential messages are transmitted to each receiver with perfect secrecy, as measured by the equivocation at the other receiver. In this paper, we derive inner and outer bounds for the achievable rate regions for these two communication systems. I.
Information-theoretic key agreement: From weak to strong secrecy for free
- LECTURE NOTES IN COMPUTER SCIENCE
, 2000
"... One of the basic problems in cryptography is the generation of a common secret key between two parties, for instance in order to communicate privately. In this paper we consider information-theoretically secure key agreement. Wyner and subsequently Csiszár and Körner described and analyzed settings ..."
Abstract
-
Cited by 125 (2 self)
- Add to MetaCart
(Show Context)
One of the basic problems in cryptography is the generation of a common secret key between two parties, for instance in order to communicate privately. In this paper we consider information-theoretically secure key agreement. Wyner and subsequently Csiszár and Körner described and analyzed settings for secret-key agreement based on noisy communication channels. Maurer as well as Ahlswede and Csiszár generalized these models to a scenario based on correlated randomness and public discussion. In all these settings, the secrecy capacity and the secret-key rate, respectively, have been defined as the maximal achievable rates at which a highly-secret key can be generated by the legitimate partners. However, the privacy requirements were too weak in all these definitions, requiring only the ratio between the adversary’s information and the length of the key to be negligible, but hence tolerating her to obtain a possibly substantial amount of information about the resulting key in an absolute sense. We give natural stronger definitions of secrecy capacity and secret-key rate, requiring that the adversary obtains virtually no information about the entire key. We show that not only secret-key agreement satisfying the strong secrecy condition is possible, but even that the achievable key-generation rates are equal to the previous weak notions of secrecy capacity and secret-key rate. Hence the unsatisfactory old definitions can be completely replaced by the new ones. We prove these results by a generic reduction of strong to weak key agreement. The reduction makes use of extractors, which allow to keep the required amount of communication negligible as compared to the length of the resulting key.
Radio-telepathy: extracting a secret key from an unauthenticated wireless channel
- In MobiCom ’08
, 2008
"... Securing communications requires the establishment of cryptographic keys, which is challenging in mobile scenarios where a key management infrastructure is not always present. In this paper, we present a protocol that allows two users to establish a common cryptographic key by exploiting special pro ..."
Abstract
-
Cited by 119 (3 self)
- Add to MetaCart
(Show Context)
Securing communications requires the establishment of cryptographic keys, which is challenging in mobile scenarios where a key management infrastructure is not always present. In this paper, we present a protocol that allows two users to establish a common cryptographic key by exploiting special properties of the wireless channel: the underlying channel response between any two parties is unique and decorrelates rapidly in space. The established key can then be used to support security services (such as encryption) between two users. Our algorithm uses level-crossings and quantization to extract bits from correlated stochastic processes. The resulting protocol resists cryptanalysis by an eavesdropping adversary and a spoofing attack by an active adversary without requiring an authenticated channel, as is typically assumed in prior information-theoretic key establishment schemes. We evaluate our algorithm through theoretical and numerical studies, and provide validation through two complementary experimental studies. First, we use an 802.11 development platform with customized logic that extracts raw channel impulse response data from the preamble of a format-compliant 802.11a packet. We show that it is possible to practically achieve key establishment rates of ∼ 1 bit/sec in a real, indoor wireless environment. To illustrate the generality of our method, we show that our approach is equally applicable to per-packet coarse signal strength measurements using off-the-shelf 802.11 hardware.
Secrecy Capacity of Wireless Channels
- in Proc. IEEE Int. Symp. Information Theory (ISIT
, 2006
"... Abstract — We consider the transmission of confidential data over wireless channels with multiple communicating parties. Based on an information-theoretic problem formulation in which two legitimate partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissi ..."
Abstract
-
Cited by 113 (4 self)
- Add to MetaCart
(Show Context)
Abstract — We consider the transmission of confidential data over wireless channels with multiple communicating parties. Based on an information-theoretic problem formulation in which two legitimate partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissions through another independent quasi-static fading channel, we define the secrecy capacity in terms of outage probability and provide a complete characterization of the maximum transmission rate at which the eavesdropper is unable to decode any information. In sharp contrast with known results for Gaussian wiretap channels (without feedback), our contribution shows that in the presence of fading information-theoretic security is achievable even when the eavesdropper has a better average signal-to-noise ratio (SNR) than the legitimate receiver — fading thus turns out to be a friend and not a foe. I.
The Gaussian Multiple Access Wire-tap Channel
- IEEE TRANSACTION ON INFORMATION THEORY
, 2008
"... We consider the Gaussian multiple access wire-tap channel (GMAC-WT). In this scenario, multiple users communicate with an intended receiver in the presence of an intelligent and informed wire-tapper who receives a degraded version of the signal at the receiver. We define suitable security measures ..."
Abstract
-
Cited by 110 (13 self)
- Add to MetaCart
(Show Context)
We consider the Gaussian multiple access wire-tap channel (GMAC-WT). In this scenario, multiple users communicate with an intended receiver in the presence of an intelligent and informed wire-tapper who receives a degraded version of the signal at the receiver. We define suitable security measures for this multiaccess environment. Using codebooks generated randomly according to a Gaussian distribution, achievable secrecy rate regions are identified using superposition coding and time-division multiple access (TDMA) coding schemes. An upper bound for the secrecy sum-rate is derived, and our coding schemes are shown to achieve the sum capacity. Numerical results are presented showing the new rate region and comparing it with the capacity region of the Gaussian multiple-access channel (GMAC) with no secrecy constraints, which quantifies the price paid for secrecy.
Secrecy capacities for multiple terminals
- IEEE Trans. Inform. Theory
, 2004
"... Abstract—We derive single-letter characterizations of (strong) secrecy capacities for models with an arbitrary number of terminals, each of which observes a distinct component of a discrete memoryless multiple source, with unrestricted and interactive public communication permitted between the termi ..."
Abstract
-
Cited by 104 (12 self)
- Add to MetaCart
(Show Context)
Abstract—We derive single-letter characterizations of (strong) secrecy capacities for models with an arbitrary number of terminals, each of which observes a distinct component of a discrete memoryless multiple source, with unrestricted and interactive public communication permitted between the terminals. A subset of these terminals can serve as helpers for the remaining terminals in generating secrecy. According to the extent of an eavesdropper’s knowledge, three kinds of secrecy capacity are considered: secret key (SK), private key (PK), and wiretap secret key (WSK) capacity. The characterizations of the SK and PK capacities highlight the innate connections between secrecy generation and multiterminal source coding without secrecy requirements. A general upper bound for WSK capacity is derived which is tight in the case when the eavesdropper can wiretap noisy versions of the components of the underlying multiple source, provided randomization is permitted at the terminals. These secrecy capacities are seen to be achievable with noninteractive communication between the terminals. The achievability results are also shown to be universal. Index Terms—Common randomness, multiple source, private key, public discussion, secrecy capacity, security index, Slepian–Wolf constraints, wiretap. I.
