Friday, May 4, 2007

Application of Ring Signatures

The below cryptographic scheme has many applications, both in security-related systems and in building other cryptographic schemes. Please help suggesting more applications!

Ring signature is a "signer-ambiguous" signature, the verifier can only ensure the message is signed by 1 out of n purported users, but not exactly whom. For signing, (i.e. to produce a ring signature), the actual signer declares an arbitrary set of possible signers that
must include himself, and computes the signature entirely by himself using only
his secret key and the others' public keys. In particular, the other possible "members of this group"may be completely unaware that their public keys are used by a
stranger to produce such a ring signature on a message they have never seen and
would not wish to sign.

You may assume additional properties that you find useful, e.g. 1. perfect anonymity, 2. there exists a guy who can revoke the anonymity of the signature; or 3. we can tell if two signatures are signed by the same signer, but with the identity remains hidden. You name it, I (try to) build it!

A generic anti-spyware solution by access control list at kernel level

Our class has a project about monitoring the access patterns of processes to flag potential abnormalities. The idea is good and I think the combination of this project and the following work will be useful.

Title: A generic anti-spyware solution by access control list at kernel level



Spyware refers to programs that steal the user information stored in the user's computer and transmit this information via the internet to a designated home server without the user being aware of this transmission. Existing anti-spyware solutions are not generic and flexible. These solutions either check for the existence of known spyware or try to block the transmission of the private information at the packet level. In this paper, we propose a more generic and flexible anti-spyware solution by utilizing an access control ist in kernel mode of the operating system. The major difference between our approach and the existing approaches is that instead of asking a guard to look for the theft (spyware) or control the exit of the computer (and hence giving the spyware enough time to hide the information to be transmitted). we put a guard besides the treasure (the private information) and carefully control the access to it in the kernel mode. We also show the details of an implementation that realizes our proposed solution.