Date of Completion

8-13-2015

Embargo Period

8-10-2015

Keywords

accountability, digital rights management, anti-surveillance

Major Advisor

Aggelos Kiayias

Co-Major Advisor

Alexander Russell

Associate Advisor

Marten Van Dijk

Associate Advisor

Donald Sheehy

Field of Study

Computer Science and Engineering

Degree

Doctor of Philosophy

Open Access

Open Access

Abstract

Accountability ensures the proper use and distribution of digital data, including keys and programs. Without it, the digital world would become lack of order and in turn it will hinder the development and deployment of information technology itself. In this dissertation, we considered accountability for three different entities:

We systematically studied proactive deterring mechanisms for user accountability. Specifically, we study how to enforce the user to follow the key management policy in the single user setting of traditional public key infrastructure (PKI), and the multi-user setting of digital rights management. The crux of the deterring mechanisms is that a piece of user secret information is embedded into the public key/parameter. If the key owner makes a working device, e.g., a decryption device, and leaks it, then any recipient of the device can recover the secret information. This de-incentivizes illegal re-distribution and significantly advances the existing mindsets of detect-and-punish paradigm, which becomes ineffective when facing a private illegal redistribution.

We initiated the study of cliptography: preserving security of cryptographic primitives when {\em all} algorithms may be subverted by the adversary. This is regarding implementation provider accountability. Cliptography is possible since the adversary also tries to avoid the detection of misbehavior. As a first step, we focused on dealing with key/public parameter generation algorithm, and provide the first secure one way functions, signature, and PRG in the aforementioned complete subversion model. %More importantly, we believe, this will open a new door for cryptographic research and have practical values to defending the massive surveillance.

We revisited the current techniques for enforcing service provider accountability which aims at providing {\em undeniable} proofs when a malicious behavior is detected.

Given that a fingerprinting scheme is usually used for copyrighting large files like a movie, we suggest to study and construct the first asymmetric fingerprinting scheme with an optimal communication rate. We for the first time show a generic transformation that converts any identity based encryption (IBE) to be accountable, and the ciphertext size only doubles that of the underlying IBE. Furthermore, our generic constructions can be extended without losing efficiency, to provide several properties like allowing identity re-use that are not known whether achievable before.

COinS