Computer Laboratory

Security Group

1993 seminars

Expand all Collapse all

25 February Computer security standards / Mike Roe, Computer Laboratory

View original page

18 February Open system security / John Bull, ANSA

Room TP4, Computer Laboratory

Distributed computer networks of unlimited extensibility and scale will evolve over the next decade. On behalf of their users, a huge variety of computers systems will offer, request and exchange services in an immense international open trading enterprise where there can be no central authority and no ubiquitous security infrastructure. This seminar will present a view that to meet the challenge we must take a radically different approach to computer security. It will argue for a change of emphasis, away from enforcement of administrator imposed security policies through an infrastructure, towards a regime of self-defence by individual service providers. It will discuss the policy nuances, required mechanisms and protocol design consequences that would follow from this change of direction.

View original page

11 February Combinatorial authentication / Ross Anderson, Computer Laboratory

Room TP4, Computer Laboratory

A number of digital signature schemes have been proposed (Fiat-Shamir, Micali-Shamir and Bos-Chaum) which work by using a hash function of the message to key a combinatorial subset product. We find that such schemes need to incorporate a certain amount of freshness if they are to be secure, and we explain and quantify this.

When we consider the properties that a hash function must possess in order to be useful in this kind of application, we find that, contrary to previous belief, collision freedom is not a sufficient condition for hash functions. In fact, given any collision free hash function, we construct a derived function which is also collision free but cryptographically useless. In the process, we settle an outstanding conjecture of Okamoto that correlation freedom is a strictly stronger property than collision freedom.

View original page

28 January Defining confidentiality by refinement / Jeremy Jacob, St Peter's College, Oxford

Room TP4, Computer Laboratory

The purpose of this talk is to give a formal definition of the term "Confidentiality Property". On the way, formal definitions will be given of related terms such as "Functionality property", "Cheapness property" and "Prestige property" (the last two being pedagogic toys).

The definitions of those terms is given in terms of a "refinement relation". Refinement relations are of interest as they capture the proof obligations for showing program correctness; and so our definitions are directly related to correctness concerns. The space of refinement relations is modelled as a set of pre-orders (quasi-orders).

View original page

21 January Complexity questions in cryptography / Dominic Welsh, Merton College, Oxford

Room TP4, Computer Laboratory

This talk will be a survey of some of the advances made recently on the frontier between complexity and cryptography. In particular, it will discuss the role of uniqueness and the importance of randomness in this area.

It will be self-contained and assume only a basic knowledge of complexity concepts, so should be accessible to nonspecialists as well as of interest to experts.

View original page

14 January Threshold cryptosystems / Yvo Desmedt, University of Wisonsin at Milwaukee

Room TP4, Computer Laboratory

Often the power to use a cryptosystem has to be shared. In threshold schemes, k-out-of-l have the power to generate a secret key (while less than k have not). However threshold schemes cannot be used directly in many applications, such as threshold signatures in which k-out-of-l have to co-sign a message. For a normal threshold scheme would require the shareholders to send their shares to a trusted person who would sign for them. But the use of such a trusted person violates the main point of threshold signatures!

The first concepts of threshold cryptography were independently introduced by Boyd, Croft-Harris and Desmedt; and schemes for threshold decryption, threshold authentication and threshold signature have been presented recently. At Crypto '92, Micali argued that the use of verifiable threshold schemes would facilitate the enforcement of court ordered wiretapping.

We first overview the research in the field and then present a threshold signature scheme which is as secure as RSA. This has the property that a court does not need to order the disclosure of a master key, but only the decryption of individual messages.