@misc{369, abstract = {{RSA Full Domain Hash ist im Zufallsorakelmodell ein EUF-CMA sicheres Signaturverfahren (existentially unforgeable under chosen-message attacks). Der Sicherheitsbeweis wird unter anderem in der Vorlesung Einf{\"u}hrung in die Kryptographie vorgestellt. Auch bei einer genaueren Analyse verliert man bei der Reduktion einen Faktor \nicefrac{1}{q_{s}}(wobei q_{s}die Anzahl der Anfragen an das Signaturorakel darstellt), was f{\"u}r die Praxis in relativ großen Systemparametern (RSA-Modul) resultiert [1].Seit der Ver{\"o}ffentlichung von [2] wurde geglaubt, dass der Faktor \nicefrac{1}{q_{s}}optimal ist. Erst zehn Jahre sp{\"a}ter offenbarten die Autoren von [3] einen Fehler in [2] und zeigten eine bessere Reduktion allerdings unter einer etwas st{\"a}rkeren Sicherheitsannahme.Die Ergebnisse aus [3] lassen sich auf PSS-Verfahren (Probabilistic Signature Scheme), das z.B. in PKCS #1 benutzt wird, {\"u}bertragen und sind somit von großer Bedeutung f{\"u}r die Praxis. Weiterhin sind die in den Beweisen verwendete Techniken n{\"u}tzlich auch bei anderen kryptographischen Verfahren.In Rahmen dieser Arbeit sollen die entsprechenden Sicherheitsbeweise aufgearbeitet und dessen Auswirkungen f{\"u}r die Praxis analysiert werden.[1] J.S. Coron, “On the Exact Security of Full Domain Hash”, CRYPTO 2000. LNCS 1880, pp. 229-235, 2000.[2] J.S. Coron, “Optimal security proofs for PPS and other signature schemes”, EUROCRYPT 2002. LNCS 2332, pp 272-287, 2002.[3] S.A. Kakvi and E. Kiltz, “Optimal Security Proofs for Full Domain Hash, Revisited”, in EUROCRYPT 2012. LNCS 7237, pp 537-553, 2012.}}, author = {{Rath, Timo}}, publisher = {{Universität Paderborn}}, title = {{{RSA-Full Domain Hash Revisited}}}, year = {{2014}}, } @inproceedings{371, abstract = {{In this work we present the first distributed storage system that is provably robust against crash failures issued by an adaptive adversary, i.e., for each batch of requests the adversary can decide based on the entire system state which servers will be unavailable for that batch of requests. Despite up to \gamma n^{1/\log\log n} crashed servers, with \gamma>0 constant and n denoting the number of servers, our system can correctly process any batch of lookup and write requests (with at most a polylogarithmic number of requests issued at each non-crashed server) in at most a polylogarithmic number of communication rounds, with at most polylogarithmic time and work at each server and only a logarithmic storage overhead. Our system is based on previous work by Eikel and Scheideler (SPAA 2013), who presented IRIS, a distributed information system that is provably robust against the same kind of crash failures. However, IRIS is only able to serve lookup requests. Handling both lookup and write requests has turned out to require major changes in the design of IRIS.}}, author = {{Scheideler, Christian and Setzer, Alexander and Eikel, Martina}}, booktitle = {{Proceedings of the 18th International Conference on Principles of Distributed Systems (OPODIS)}}, pages = {{107----122}}, title = {{{RoBuSt: A Crash-Failure-Resistant Distributed Storage System}}}, doi = {{10.1007/978-3-319-14472-6_8}}, year = {{2014}}, } @article{378, abstract = {{The Chord peer-to-peer system is considered, together with CAN, Tapestry and Pastry, as one of the pioneering works on peer-to-peer distributed hash tables (DHT) that inspired a large volume of papers and projects on DHTs as well as peer-to-peer systems in general. Chord, in particular, has been studied thoroughly, and many variants of Chord have been presented that optimize various criteria. Also, several implementations of Chord are available on various platforms. Though Chord is known to be very efficient and scalable and it can handle churn quite well, no protocol is known yet that guarantees that Chord is self-stabilizing, i.e., the Chord network can be recovered from any initial state in which the network is still weakly connected. This is not too surprising since it is known that the Chord network is not locally checkable for its current topology. We present a slight extension of the Chord network, called Re-Chord (reactive Chord), that turns out to be locally checkable, and we present a self-stabilizing distributed protocol for it that can recover the Re-Chord network from any initial state, in which the n peers are weakly connected, in O(nlogn) communication rounds. We also show that our protocol allows a new peer to join or an old peer to leave an already stable Re-Chord network so that within O(logn)^2) communication rounds the Re-Chord network is stable again.}}, author = {{Kniesburges, Sebastian and Koutsopoulos, Andreas and Scheideler, Christian}}, journal = {{Theory of Computing Systems}}, number = {{3}}, pages = {{591--612}}, publisher = {{Springer}}, title = {{{Re-Chord: A Self-stabilizing Chord Overlay Network}}}, doi = {{10.1007/s00224-012-9431-2}}, year = {{2014}}, } @inproceedings{384, abstract = {{Reputation systems provide reputation values of rated parties to users. These reputation values, typically aggregations of individual user ratings, shall be reliable, i.e. should enable a realistic assessment of the probability that the rated party behaves as expected in a transaction. In order for the reputation values to stay reliable and, thus, for the reputation system to provide a benefit, the system needs to be resistant against manipulations by users, the rated parties trying to improve their reputation values, and even against competitors trying to worsen a reputation value. At the same time, a reputation system shall provide privacy protection for users: rated parties shall not be able to learn who provided a certain rating. Otherwise users might not take part in the system as they fear bad feedback in revenge for bad ratings, or users do not want to be connected to certain transactions based on their provided ratings. In this paper we come up with a solution that provides both, reliability of reputation values on the one hand, and privacy protection for users on the other hand. In contrast to related work, our solution only makes use of a single reputation provider that needs to be trusted (to a certain extent) and does not require any bulletin boards to be present in the system. We make use of the Paillier cryptosystem to provide an aggregation of individual user ratings in a way that no party can learn which user provided a certain rating.}}, author = {{Petrlic, Ronald and Lutters, Sascha and Sorge, Christoph}}, booktitle = {{Proceedings of the 29th Symposium On Applied Computing (SAC)}}, pages = {{1712--1718}}, title = {{{Privacy-Preserving Reputation Management}}}, doi = {{10.1145/2554850.2554881}}, year = {{2014}}, } @phdthesis{385, author = {{Petrlic, Ronald}}, publisher = {{Universität Paderborn}}, title = {{{Privacy-Preserving Multiparty Digital Rights Management}}}, year = {{2014}}, } @inproceedings{386, abstract = {{We present a privacy-preserving multiparty DRM scheme that does not need a trusted third party. Users anonymously buy content from content providers and anonymously execute it at content execution centers. The executions are unlinkable to each other. The license check is performed as part of the used ciphertext-policy attribute-based encryption (CP-ABE) and, thus, access control is cryptographically enforced. The problem of authorization proof towards the key center in an ABE scheme is solved by a combination with anonymous payments.}}, author = {{Petrlic, Ronald and Sorge, Christoph}}, booktitle = {{Proceedings of the Sixth IFIP International Conference on New Technologies, Mobility and Security (NTMS)}}, pages = {{1--5}}, title = {{{Privacy-Preserving Digital Rights Management based on Attribute-based Encryption}}}, doi = {{10.1109/NTMS.2014.6814044}}, year = {{2014}}, } @article{387, abstract = {{This article studies the design of medium access control (MAC) protocols for wireless networks that are provably robust against arbitrary and unpredictable disruptions (e.g., due to unintentional external interference from co-existing networks or due to jamming). We consider a wireless network consisting of a set of n honest and reliable nodes within transmission (and interference) range of each other, and we model the external disruptions with a powerful adaptive adversary. This adversary may know the protocol and its entire history and can use this knowledge to jam the wireless channel at will at any time. It is allowed to jam a (1 − )-fraction of the timesteps, for an arbitrary constant > 0 unknown to the nodes. The nodes cannot distinguish between the adversarial jamming or a collision of two or more messages that are sent at the same time. We demonstrate, for the first time, that there is a local-control MAC protocol requiring only very limited knowledge about the adversary and the network that achieves a constant (asymptotically optimal) throughput for the nonjammed time periods under any of the aforementioned adversarial strategies. The derived principles are also useful to build robust applications on top of the MAC layer, and we present an exemplary study for leader election, one of the most fundamental tasks in distributed computing.}}, author = {{Awerbuch, Baruch and Richa, Andrea W. and Scheideler, Christian and Schmid, Stefan and Zhang, Jin}}, journal = {{Transactions on Algorithms}}, number = {{4}}, publisher = {{ACM}}, title = {{{Principles of Robust Medium Access and an Application to Leader Election}}}, doi = {{10.1145/2635818}}, year = {{2014}}, } @misc{18001, author = {{Luo, Linghui}}, publisher = {{Universität Paderborn}}, title = {{{Ein selbst-stabilisierender Algorithmus für das Finite Sleep Problem in Skip+ Graphen}}}, year = {{2014}}, } @inproceedings{441, abstract = {{Das Future Internet soll den Anforderungen heutiger und zuk{\"u}nftiger daten-intensiver Internet-Anwendungen besser gerecht werden als dies heute der Fall ist. Seit einigen Jahren wird an unterschiedlichen Verfahren geforscht, die das „Future Internet“ erm{\"o}glichen sollen – diese Ans{\"a}tze gehen weit {\"u}ber die Ziele von IPv6 hinaus. In diesem Beitrag stellen wir einige Kernpunkte der Future-Internet-Initiativen vor und identifizieren Gemeinsamkeiten der unterschiedlichen Konzepte. Wir beleuchten die Konsequenzen aus datenschutzrechtlicher Sicht und geben einen {\"U}berblick {\"u}ber Ans{\"a}tze, die die identifizierten Datenschutz-Probleme durch technische Maßnahmen bis zu einem gewissen Grad verhindern.}}, author = {{Sorge, Christoph and Petrlic, Ronald}}, booktitle = {{Tagungsband des 17. Internationalen Rechtsinformatik Symposions}}, title = {{{Datenschutz im Future Internet: rechtliche Aspekte und technische Maßnahmen}}}, year = {{2014}}, } @unpublished{442, abstract = {{We present a new transformation of chosen-plaintext secure predicate encryption schemes with public index into chosen-ciphertext secure schemes. Our construction requires only a universal one-way hash function and is selectively secure in the standard model. The transformation is not generic but can be applied to various existing schemes constructed from bilinear groups. Using common structural properties of these schemes we provide an efficient and simple transformation without overhead in form of one-time signatures or message authentication codes as required in the known generic transformations.}}, author = {{Blömer, Johannes and Liske, Gennadij}}, publisher = {{Universität Paderborn}}, title = {{{Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions}}}, year = {{2014}}, } @inproceedings{446, abstract = {{This paper considers the problem of how to efficiently share a wireless medium which is subject to harsh external interference or even jamming. While this problem has already been studied intensively for simplistic single-hop or unit disk graph models, we make a leap forward and study MAC protocols for the SINR interference model (a.k.a. the physical model). We make two contributions. First, we introduce a new adversarial SINR model which captures a wide range of interference phenomena. Concretely, we consider a powerful, adaptive adversary which can jam nodes at arbitrary times and which is only limited by some energy budget. The second contribution of this paper is a distributed MAC protocol which provably achieves a constant competitive throughput in this environment: we show that, with high probability, the protocol ensures that a constant fraction of the non-blocked time periods is used for successful transmissions.}}, author = {{Ogierman, Adrian and Richa, Andrea W. and Scheideler, Christian and Schmid, Stefan and Zhang, Jin}}, booktitle = {{Proceedings of the 33rd Annual IEEE International Conference on Computer Communications (INFOCOM)}}, pages = {{2751----2759}}, title = {{{Competitive MAC under adversarial SINR}}}, doi = {{10.1109/INFOCOM.2014.6848224}}, year = {{2014}}, } @misc{460, author = {{Mittendorf, Robert}}, publisher = {{Universität Paderborn}}, title = {{{Advanced AES-key recovery from decayed RAM-dumps using multi-threading and FPGAs}}}, year = {{2014}}, } @inproceedings{463, abstract = {{Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these have been practically evaluated. We accomplished this task and prove that fault attacks against pairing-based cryptography are indeed possible and are even practical — thus posing a serious threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We injected the first fault into the computation of the Miller Algorithm and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that allowed us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.}}, author = {{Blömer, Johannes and Gomes da Silva, Ricardo and Günther, Peter and Krämer, Juliane and Seifert, Jean-Pierre}}, booktitle = {{Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC)}}, pages = {{123----136}}, title = {{{A Practical Second-Order Fault Attack against a Real-World Pairing Implementation}}}, doi = {{10.1109/FDTC.2014.22}}, year = {{2014}}, } @article{479, abstract = {{Identity-based cryptography has attracted attention in the cryptographic research community in recent years. Despite the importance of cryptographic schemes for applications in business and law, the legal implications of identity-based cryptography have not yet been discussed. We investigate how identity-based signatures fit into the legal framework. We focus on the European Signature Directive, but also take the UNCITRAL Model Law on Electronic Signatures into account. In contrast to previous assumptions, identity-based signature schemes can, in principle, be used even for qualified electronic signatures, which can replace handwritten signatures in the member states of the European Union. We derive requirements to be taken into account in the development of future identity-based signature schemes.}}, author = {{Sorge, Christoph}}, journal = {{Computer Law & Security Review}}, number = {{2}}, pages = {{126--136}}, publisher = {{Elsevier}}, title = {{{The Legal Classification of Identity-Based Signatures}}}, doi = {{10.1016/j.clsr.2014.01.002}}, volume = {{30}}, year = {{2014}}, } @inproceedings{401, abstract = {{Service matching approaches determine to what extent a provided service matches a requester's requirements. This process is based on service specifications describing functional (e.g., signatures) as well as non-functional properties (e.g., privacy policies). However, we cannot expect service specifications to be complete as providers do not want to share all details of their services' implementation. Moreover, creating complete specifications requires much effort. In this paper, we propose a novel service matching approach taking into account a service's signatures and privacy policies. In particular, our approach applies fuzzy matching techniques that are able to deal with incomplete service specifications. As a benefit, decision-making based on matching results is improved and service matching becomes better applicable in practice.}}, author = {{Platenius, Marie Christin and Arifulina, Svetlana and Petrlic, Ronald and Schäfer, Wilhelm}}, booktitle = {{Proceedings of the 4th International Workshop on Adaptive Services for the Future Internet}}, pages = {{6--17}}, title = {{{Matching of Incomplete Service Specifications Exemplified by Privacy Policy Matching}}}, doi = {{10.1007/978-3-319-14886-1_2}}, year = {{2014}}, } @article{410, abstract = {{One goal of service-oriented computing is to realize future markets of composed services. In such markets, service providers offer services that can be flexibly combined with each other. However, although crucial for decision-making, market participants are usually not able to individually estimate the quality of traded services in advance. To overcome this problem, we present a conceptual design for a reputation system that collects and processes user feedback on transactions, and provides this information as a signal for quality to participants in the market. Based on our proposed concept, we describe the incorporation of reputation information into distinct decision-making processes that are crucial in such service markets. In this context, we present a fuzzy service matching approach that takes reputation information into account. Furthermore, we introduce an adaptive service composition approach, and investigate the impact of exchanging immediate user feedback by reputation information. Last but not least, we describe the importance of reputation information for economic decisions of different market participants. The overall output of this paper is a comprehensive view on managing and exploiting reputation information in markets of composed services using the example of On-The-Fly Computing.}}, author = {{Jungmann, Alexander and Brangewitz, Sonja and Petrlic, Ronald and Platenius, Marie Christin}}, journal = {{International Journal On Advances in Intelligent Systems (IntSys)}}, number = {{3&4}}, pages = {{572----594}}, publisher = {{IARIA}}, title = {{{Incorporating Reputation Information into Decision-Making Processes in Markets of Composed Services}}}, volume = {{7}}, year = {{2014}}, } @misc{414, author = {{Jochheim, Janek}}, publisher = {{Universität Paderborn}}, title = {{{Hiding software components using functional encryption}}}, year = {{2014}}, } @misc{416, author = {{Bemmann, Pascal}}, publisher = {{Universität Paderborn}}, title = {{{Group Signature Schemes with Strong Exculpability}}}, year = {{2014}}, } @misc{421, author = {{Lippert, Jan}}, publisher = {{Universität Paderborn}}, title = {{{Fujisaki-Okamoto Transformation}}}, year = {{2014}}, } @misc{438, author = {{Kokoschka, Andreas}}, publisher = {{Universität Paderborn}}, title = {{{Designing an Anonymous and Secure Reputation System Using a Group Signature Variant}}}, year = {{2014}}, }