[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIT Talk on randomness/key management



[I have no more information than is contained in the announcement --AW]

>                      Friday, April 15, 1994
>         Refreshments at 1:45pm, Talk at 2:00pm in NE43-518
>                          
>``Regaining Pseudorandomness by Cooperation with Applications to Key
>                             Management'' 
>                   by Amir Herzberg, IBM Watson
>         
>                             ABSTRACT
>
>Consider a multiparty system where parties may be occasionally
>``infected'' by malicious agents, called {\sf viruses.} The viruses
>are controlled by an adversary. Once a party is infected the entire
>contents of its memory is revealed and possibly modified.  After some
>time the virus is expelled and the party wishes to regain its
>security.  Since the leaving virus knows the entire contents of the
>infected party's memory, a source of ``fresh'' randomness,
>unpredictable by the adversary, seems essential for full recovery
>(e.g., for selecting new keys).  However, such an ``on-line'' source
>of randomness may not be always readily available, or beneficial to use.
>
>We describe a scheme in which the parties, being given access to
>randomness only at the onset of the computation, jointly generate a
>sequence of numbers that are pseudorandom from the point of view of
>the adversary (a different generated number for the use of each party
>at each round).  Thus, these pseudorandom numbers can be used just as
>``fresh'' randomness in the design of protocols (e.g., for regaining
>security).  These properties of our scheme hold as long as in each
>round there is at least {\em one} non-infected party.
>
>We describe an important application of our scheme to
>practical key-management systems, such as Kerberos and \NetSP.
>
>Joint with Ran Canetti, Weizmann Institute
>
>Host:  Nancy Lynch