Project reports

Chi-Wei Chiang, Anton Kozlov and Gene Itkis. Java Based Cryptographic Provider for Itkis-Reyzin Forward-Secure Signature Algorithm. BU-CS Technical Report.


(project reports publications pending intellectual property procedures)

G. Itkis and A. Maiss. Interactive Password Schemes.


G. Itkis and M. Lapkina. Project WebSafe.


A. Agarwal, G. Itkis and A. Shenoy. Simulation of a Multicast Security Scheme Using MACs.


G. Itkis, A. Kogan, O. Polnarev, and M. Lapkina Client-Side Encryption on WebSafe Project.


G. Itkis, K. Pinkas and V. Punjabi. Websafe: a Secure and Efficient Solution for Storing Data on the Web.


H. Hamandi and G. Itkis. Secure Group Key Manager.

White papers (1997-1999, presented at Copyright Protection Technical Working Group, CPTWG)

*C: Content Management and Protection Standard

Content Management and Protection (CMP) systems should ensure that only authorized actions (uses of content) are performed with the content. Such systems should therefore address authorization specification - how the authorized actions are specified and distinguished from unauthorized ones - and authorization enforcement - how unauthorized actions are prevented.
It is our belief that a CMP standard should focus on creating an infrastructure within which diverse proprietary authorization specification and enforcement tools can be effectively and dynamically deployed. The standard should specify the least number of specific tools as is feasible in order to achieve this.
In this paper we outline a proposed top-level structure for such a standard. This structure might be implemented differently in different contexts, over different hardware platforms. Since CMP has to be addressed in a heterogeneous environment, this common top-level structure should facilitate integration between diverse tools and interfaces.


Secrets: Who Needs Them, When, and How

This white paper examines a central issue in Content Management and Protection (sometimes referred to as copy protection), analyzing which types of devices may have no unique secret keys (private keys) without seriously compromising security. The paper considers scenarios for utilizing such devices.
We conclude that some simple devices, such as DVD players, could function with no unique secret keys without presenting a significant security threat, though these devices would still need to support Public Key cryptography functions. However, we conclude that it is essential for devices such as digital televisions (dTVs) to contain unique secret keys. Without a private key, device revocation is impossible; the compromise of any one of these ?unanimous? devices (such as via a single leak by a disgruntled employee) would then be likely to neutralize the entire security system. 


The Role of Revocation in Content Protection

This paper reviews the role of device/certificate revocation in content management and protection (CMP) systems. Drawing on the experience of the Pay-TV Conditional Access (CA) industry, which has a nearly perfect record of controlling piracy, we argue that revocation is a necessary but not sufficient component in combating piracy. The apparent tendency to limit active anti-piracy measures to revocation is likely to cripple the security of CMP systems. The paper extrapolates the lessons of the Pay-TV CA experience to propose other content protection systems where security providers would be allowed to play an active role and anti-piracy measures would include, but not be limited to, revocation of compromised devices.


Copyright Protection, Analysis and Authorization Chains, Response to DAVIC CFP 7, London, May. 1997.

This document analyzed different existing approaches to copyright protection for digital audio/video content and their limitations. Presented a new approach based on a framework enabling existing and future approaches and solutions to be deployed and utilized in an effective and efficient fashion.


Asymmetric MACs, presented at CRYPTO-96 rump session.

Message Authentication Code (MAC) is a very efficient method of verification of authenticity and integrity of messages. It uses a secret key shared by the sender and the receiver. In the case of a broadcast, this presents a potential problem: the sender and all the receivers share the same key, so one receiver can impersonate the sender to all the other receivers. This problem could be resolved using public key cryptography, but these schemes are orders of magnitude less efficient than the symmetric techniques employed in MACs. We define Asymmetric MACs (AMACs), give a construction converting any symmetric MAC scheme into an asymmetric one. In an AMAC scheme all receivers have different keys, thus no receiver can impersonate the sender to any other receiver, and our AMAC construction is resilient even against the collusion attacks.