Verifying secrets and relative secrecy
Abstract
Systems that authenticate a user based on a shared secret (such as a password or PIN) normally allows anyone to query whether the secret is a given value. For example, an ATM machine allows one to ask whether a string is the secret PIN of a (lost or stolen) ATM card. Yet such queries are prohibited in any model whose programs satisfy an information flow property like Noninterference. But there is a complexity-based justification for allowing these queries. A type system is given that provides the access control needed to prove that no well-tyoed program can leak secrets in polynomial time, or even leak them with nonnegligible probability if secrets are of sufficient length and randomly chosen. However, there are well-typed deterministic programs in a synchronous concurrent model capable of leaking secrets in linear time.
Description
The article of record as published may be located at http://dx.doi.org/10.1145/325694.325729
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
An Alternative Framework for Agent Recruitment: From MICE to RASCLS
Burkett, Randy (2013-03);Ask any CIA National Clandestine Service officer what his or her mission is and the likely reply will be â to recruit spies to steal secrets and conduct covert action.â This mission has been relatively unchanged ... -
Secret Sharing Schemes and Advanced Encryption Standard
Lim, Bin Yong (Monterey, California: Naval Postgraduate School, 2015-09);The major objective of this study is to identify a simplified methodology to reconstruct a secret that is distributed using Shamir’s Secret Sharing Scheme, and to use the derived results to investigate implications on ... -
Two missions, one secret service : the value of the investigative mission
Harlow, Richard. (Monterey, California. Naval Postgraduate School, 2011-09);The dual missions of the United States Secret Service, investigations and protection, appear to be without relationship or value to the other, and as a result, support and attention for the investigative mission has waned. ...