Sirene Online Abstracts 1996

(Sorted by authors.)

Most of the following papers are available online in gnuzipped Postscript, some also in PDF. There is also a complete list of all our publications sorted by language and subject.

Don't forget: some proceedings are published in a later year than the conference is held.


N. Asokan, Matthias Schunter, Michael Waidner: Optimistic Protocols for Fair Exchange (ps.gz, 655 KByte, or PDF, 113 KByte); IBM Research Report RZ2858 (#90806) 09/02/96, IBM Research Division, Zürich, Sept. 1996.

No abstract (but see revision AsSW_97).


N. Asokan, Matthias Schunter, Michael Waidner: Optimistic Protocols for Multi-Party Fair Exchange (ps.gz, 630 KByte, or PDF, 85 KByte); IBM Research Report RZ 2892 29/11/96, IBM Research Division, Zürich, Nov. 1996.

Abstract: We describe a generic protocol for fair multi-party exchange of electronic goods over unreliable networks with non-repudiation, where goods are either signatures (i.e., non-repudiation tokens of public data), confidential data, or payments. The protocol does not involve a third party except for recovery over a reliable network.


N. Asokan, Gene Tsudik, Michael Waidner: Server-supported signatures; Computer Security -- ESORICS, LNCS 1146, Springer, Berlin 1996, 131-143.

Abstract: Non-repudiation is one of the most important security services. In this paper we present a novel non-repudiation technique, called Server-Supported Signatures, S3. It is based on one-way hash functions and traditional digital signatures. One of its highlights is that for ordinary users the use of asymmetric cryptography is limited to signature verification. S3 is efficient in terms of computational, communication and storage costs. It also offers a degree of security comparable to existing techniques based on asymmetric cryptography.


Thilo Baldin, Gerrit Bleumer: CryptoManager++ -- An object oriented software library for cryptographic mechanisms; 12th IFIP International Conference on Information Security (IFIP/Sec '96), Chapman & Hall, London 1996, 489-491. Longer version available online.

Abstract: An object oriented approach to implementing non-interactive cryptographic mechanisms is presented. The primary design goals are object reuse, minimal code redundancy, easy update and extension by new algorithms and an intuitive application programming interface. The object orientation proved to cause a run time overhead of no more than 4%.


Andreas Bertsch, Herbert Damker, Hannes Federrath: Persönliches Erreichbarkeitsmanagement; it+ti 38/4 (1996) 20-23.

Abstract: Der Beitrag beschreibt ein datenschutzfreundliches Konzept zur Steuerung der persönlichen Erreichbarkeit. Erreichbarkeitswünsche werden so ausgehandelt, daß die kommunikative Selbstbestimmung des Teilnehmers gefördert wird, ohne dabei seine Datenschutzinteressen zu verletzen.


Herbert Damker, Hannes Federrath, Michael J. Schneider: Maskerade-Angriffe im Internet; Datenschutz und Datensicherung DuD 20/5 (1996) 286-294.

Abstract: Das Kolleg "Sicherheit in der Kommunikationstechnik" der Gottlieb Daimler - und Karl Benz - Stiftung in Ladenburg hat sich zum Anliegen gemacht, die Sicherheit und Unsicherheit von Kommunikationsnetzen durch verschiedene Arten von Demonstratoren anschaulich zu machen. Die Arbeit verfolgt dies für das Problem des Vortäuschens einer falschen Absenderidentität bei Email im Internet, hier Maskerade-Angriff genannt. Die Autoren möchten einen Eindruck vermitteln, wie leicht ein beliebiger Nutzer im Internet elektronische Nachrichten unter Vortäuschung einer falschen Identität verschicken kann.
Dazu werden zunächst die technischen Hintergründe und einige mögliche Angriffsvarianten beschrieben. Anschließend wird auf Verletzlichkeitsfragen im Zusammenhang mit Maskerade-Angriffen eingegangen und eine kurze Übersicht über Schutz- und Gegenmaßnahmen gegeben. Einige kommentierende Bemerkungen schließen den Beitrag ab.


Ivan B. Damgård, Torben P. Pedersen, Birgit Pfitzmann: Statistical Secrecy and Multi-Bit Commitments; BRICS Report Series RS-96-45, Computer Science Department, Aarhus University, Nov. 1996.

Abstract: We present and compare definitions of the notion of "statistically hiding" protocols, and we propose a novel statistically hiding commitment scheme. Informally, a protocol statistically hides a secret if a computationally unlimited adversary who conducts the protocol with the owner of the secret learns almost nothing about it. One definition is based on the L_1-norm distance between probability distributions, the other on information theory. We prove that the two definitions are essentially equivalent. For completeness, we also show that statistical counterparts of definitions of computational secrecy are essentially equivalent to our main definitions.

Commitment schemes are an important cryptologic primitive. Their purpose is to commit one party to a certain value, while hiding this value from the other party until some later time. We present a statistically hiding commitment scheme allowing commitment to many bits. The commitment and reveal protocols of this scheme are constant round, and the size of a commitment is independent of the number of bits committed to. This also holds for the total communication complexity, except of course for the bits needed to send the secret when it is revealed. The proof of the hiding property exploits the equivalence of the two definitions.


Hannes Federrath, Anja Jerichow, Dogan Kesdogan, Andreas Pfitzmann, Otto Spaniol: Mobilkommunikation ohne Bewegungsprofile; it+ti 38/4 (1996) 24-29.
Nachgedruckt in: G. Müller, A. Pfitzmann (Hrsg.): Mehrseitige Sicherheit in der Kommunikationstechnik; Addison-Wesley-Longman, 1997, 169-180.

Abstract: Mobilkommunikation bietet viele neue Möglichkeiten. Durch den Mobilitätsaspekt verschärfen sich jedoch Datenschutzprobleme.
Unser Ziel ist es, Informationen über den Aufenthaltsort einer Mobilstation vertraulich zu verwalten. Die vorgeschlagene Verwaltung dieser Informationen dient der Anonymisierung der Teilnehmer und erfüllt somit deren Wunsch nach Privatsphäre.


Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: MIXes in Mobile Communication Systems: Location Management with Privacy; Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 121-135.

Abstract: This paper introduces a new technique for location management in cellular networks. It avoids the recording of moving tracks of mobile subscribers. The described procedures are derived from the well known untraceable MIX network and the distributed storage of location information according to GSM networks.


Elke Franz, Anja Jerichow, Steffen Möller, Andreas Pfitzmann, Ingo Stierand: Computer Based Steganography: How it works and why therefore any restrictions on cryptography are nonsense, at best; Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 7-21.

Abstract: In the future, messages, e.g. speech, text or pictures, will be transmitted digitally since this is cheaper, more perfect and more flexible. It is possible to hide messages, which are of necessity much shorter, nearly unrecognizable for outsiders in such digitized messages. In this article we describe how computer based steganography works and give a summary on the results of our implementation.


Ralf Hauser, Michael Steiner, MichaelWaidner: Micro-payments based on iKP; IBM Research Report RZ 2791 (#89269) 02/12/96, IBM Research Division, Zürich, Feb. 1996; also appeared at SECURICOM 96, 14th Worldwide Congress on Computer and Communications Security and Protection, Jun. 5-6, 1996, Paris, 67-82.

Abstract: Micro-payments are payments too small in amount to warrant the overhead costs of current financial clearing networks. Furthermore one can expect that content servers for the global information infrastructure (GII) will have to process so many of these low value transactions that computationally complex and costly cryptographic protocols will be impractical. This report proposes a micro-payment scheme that can be bootstrapped with the already well-known payment protocols for larger amounts, but does not depend on them for each micro-transaction. Special attention is given to its integration into IBM's Internet Keyed Payment Systems (iKP).


Michaela Huhn, Andreas Pfitzmann: Technische Randbedingungen jeder Kryptoregulierung; Datenschutz und Datensicherheit DuD 20/1 (1996) 23-26.

Abstract: Politische Diskussionen über die Regulierung kryptographischer Techniken werfen häufig die verschiedensten Dinge durcheinander. Oft sind die in ihnen aufgestellten Forderungen an die technische Gestaltung unerfüllbar oder den angestrebten Zielen ganz und gar nicht dienlich. Hauptthema der politischen Diskussion sind Erzeugung und Verwaltung kryptographischer Schlüssel. Dabei wird davon ausgegangen, daß kryptographische Systeme eine fest vorgegebene Systemarchitektur und einen bestimmten Verwendungsmodus (Integritätssicherung oder Vertraulichkeitsschutz) besitzen. Beide Annahmen sind falsch:

Jede Sicherheitsinfrastruktur für digitale Signatursysteme, die technisch zuverlässige Signierschlüssel bereitstellt, ermöglicht auch den sicheren Austausch von Schlüsseln für Konzelationssysteme (Vertraulichkeitsschutz).

Jedes Konzelationssystem kann zum zunächst nicht bemerkbaren Austausch von Schlüsseln für weitere aufgesetzte Konzelationssysteme verwendet werden. Dies relativiert insbesondere den Nutzen von Key-Escrow-Systemen, also von Kryptosystemen mit zwangsweiser Hinterlegung von "geheimen" Schlüsseln, die dann für die Verbrechensbekämpfung zugänglich sind.

Neben den bekannten asymmetrischen Konzelationssystemen kann jede datenintensive Anwendung mittels steganographischer Verfahren zum Konzelationssystem ausgebaut werden. Damit können Benutzer jede Einschränkung der Verwendung von kryptographischen Konzelationssystemen unterlaufen, sofern sie nur einen Bruchteil der vom Kommunikationssystem bereitgestellten Bandbreite benötigen. Auch steganographische Systeme können mit Schlüsseln parametrisiert und so in offenen Benutzergruppen sicher eingesetzt werden.

Außerdem sollte unterschieden werden zwischen Schlüsseln zum Schutz von Kommunikation und solchen zum Schutz langfristig zu speichernder Daten: Key-Escrow-Systeme zur Rekonstruktion verlorengegangener Schlüssel sind nur für die letztere Anwendung dem Nutzer dienlich, während sie für erstere vornehmlich den Sicherheitsbehörden die Überwachung der Kommunikation ermöglichen.

Resümee: Eine gesetzliche Regulierung von Konzelationssystemen mit dem Ziel der Verbrechensbekämpfung muß ihr Ziel verfehlen und sollte daher unterbleiben, da sie gravierende Nachteile für informationelle Selbstbestimmung und Sicherheit der Bürger wie auch für die Schutzinteressen der Wirtschaft hat.


Michaela Huhn, Andreas Pfitzmann: Krypto(de)regulierung; DANA, Datenschutz-Nachrichten 19/6 (1996) 4-13.

Abstract: Durch die Verbreitung der Telekommunikation haben die Möglichkeiten zugenommen, unbeobachtet Informationen auszuspähen oder zu manipulieren, während das Schützen von Informationen gegen diese Gefahren erschwert wurde. Durch den Einsatz kryptographischer und steganographischer Verfahren verschieben sich die Kosten wieder zugunsten des Schützens. Diese Entwicklung wird von politischer Seite unterstützt, soweit sie nicht mit den Sicherheitsinteressen der jeweiligen Staaten kollidiert.

Als Hauptargument für eine rechtliche Regulierung von Kryptographie wird auf nationaler und internationaler Ebene die Bekämpfung der (organisierten) Kriminalität ins Feld geführt. Eine Regulierung kryptographischer Verfahren -- besonders von Verschlüsselung zum Schutz der Vertraulichkeit -- muß aber schon aus technischen Gründen ins Leere laufen. Insbesondere das organisierte Verbrechen kann jede Kryptoregulierung problemlos unterlaufen, während sie den Schutz aller anderen Anwender erheblich verringert und der Wirtschaft durch Wettbewerbsnachteile schadet. Vertreter der Wissenschaft und der deutschen Wirtschaft plädieren daher gegen eine Regulierung von Verschlüsselung.

Über politische Einflußnahme, insbesondere der USA, wird z.Z. versucht, Key-Recovery-Systemen zu einer marktbeherrschenden Position zu verhelfen. Key-Recovery-Systeme sollen den Sicherheitsdiensten den Zugriff auf Informationen gewährleisten, ihre technische Sicherheit wird aber zu Recht angezweifelt.


Phil Janson, Michael Waidner: Electronic Payment Systems; Datenschutz und Datensicherheit DuD 20/6 (1996) 350-361.

Abstract: As business is moving from face-to-face trading, mail order and telephone order to electronic commerce over open networks such as the Internet, crucial security issues are being raised. While Electronic Funds Transfer over financial networks is reasonably secure, securing payments over open networks connecting commercial servers and consumer workstations poses challenges of a new dimension.
This report reviews the state of the art in payment technologies, and sketches emerging developments, especially IBM's Internet Keyed Payment protocol, iKP.


Dogan Kesdogan, Hannes Federrath, Anja Jerichow, Andreas Pfitzmann: Location Management Strategies increasing Privacy in Mobile Communication Systems; IFIP SEC '96, Proceedings of the IFIP TC11, Chapman & Hall, London 1996, 39-48.

Abstract: Mobile communication offers many new opportunities. However, because of the mobility of the subscribers trustworthiness of data, reliability and security are major issues. Our objective is to increase the network's trustworthiness by providing means to prevent generation of moving tracks: The protection should be shifted into a subscriber's domain where the administration of the location information of his mobile station is handled as far as possible. Outside his domain, the subscriber should be able to act anonymously whenever possible. The location management strategies presented in this paper achieve anonymity of the communicating parties and therefore fulfill the requirement of privacy.


Birgit Pfitzmann: Sorting Out Signature Schemes; CWI Quarterly 8/2 (1995) 147-172 (invited; appeared March 1996).

Abstract: Digital signature schemes are a fundamental tool for secure distributed systems. It is important to have a formal notion of what a secure digital signature scheme is, so that there is a clear interface between designers and users of such schemes. A definition that seemed final was given by Goldwasser, Micali, and Rivest in 1988. Since then, however, several signature schemes with new security properties have been presented, which are not covered by this definition. Hence the new properties were not defined as additions, but each new type of scheme needed a new definition from scratch. This was unsatisfactory.
This paper presents an overview of a general definition of digital signature schemes that covers all these schemes, and hopefully all that might be invented in future. Additional properties of special types of schemes are then presented in an orthogonal way, so that existing schemes can be classified systematically. It turns out that signature schemes are best defined by a separation of service, structure, and degree of security. For the service specification, we use temporal logic. Several parts of such a definition can easily be reused for general definitions of other classes of cryptologic schemes.


Birgit Pfitzmann: Elektronische Zahlungssysteme; Vortrag bei GI-Regionalgruppe Braunschweig, 31.1.1996.

Abstract: Viele Unternehmen erschließen derzeit das Potential vernetzter Informationsdienste, insbesondere über das Internet. Die Pläne für eine globale Informations-Infrastruktur mit sogenannten Datenautobahnen werden diese Entwicklung noch beschleunigen. Damit besteht plötzlich großer Bedarf an sicheren Lösungen für elektronische Zahlungen über offene Netze. Für normale Verbraucher ist zugleich die Einführung elektronischer Zahlungssysteme für Zahlungen in echten Läden mindestens ebenso bedeutsam.
Dieser Vortrag gibt einen Überblick über Systemtypen, Aspekte von Sicherheit und Datenschutz, grundsätzliche Techniken zur Realisierung und die wichtigsten aktuellen Feldversuche und Projekte, unter anderem die Projekte CAFE und SEMPER, an denen die Universität Hildesheim beteiligt ist.


Birgit Pfitzmann: Trials of Traced Traitors; Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 49-64.

Abstract: Traitor tracing schemes as introduced by Chor, Fiat, and Naor at Crypto '94 are intended for tracing people who abuse a broadcast encryption scheme by allowing additional, illegitimate users to decrypt the data. The schemes should also provide legal evidence for such treachery.
We discuss and improve the quality of such evidence, i.e., the security of trials that would be held about supposedly traced traitors. In particular, previous traitor tracing schemes are symmetric in the sense that legitimate users of the broadcast information share all their secrets with the information provider. Thus they cannot offer non-repudiation. We define asymmetric traitor tracing schemes, where the provider, confronted with treachery, obtains information that he could not have produced on his own, and that is therefore much better evidence. Examples of concrete constructions are given.
We also discuss the general model of traitor tracing and propose improvements to the symmetric schemes.


Birgit Pfitzmann: Digital Signature Schemes -- General Framework and Fail-Stop Signatures; LNCS 1100, Springer-Verlag, August 1996.(xvi + 396 pp.; 78 DM (1 DM is about 0.66$); ISBN 3-540-61517-2.)

It has no abstract, but you can find more information, including the table of contents.


Birgit Pfitzmann (collected by): Information Hiding Terminology -- Results of an informal plenary meeting and additional proposals; Information Hiding, LNCS 1174, Springer-Verlag, Berlin 1996, 347-350. (14KByte)

Abstract: The common opinion among the participants of this workshop was that all the topics that Ross Anderson had chosen, such as steganography and fingerprinting, had indeed much in common, and that we all profited by learning about the treatment of these topics in usually quite different communities and from different points of view. To facilitate this, we decided to agree on some common terminology in the final session of the workshop. I have tried to collect the results of this session, and added a few additional proposals.


Andreas Pfitzmann: Mehrseitige Sicherheit in verteilten IT-Systemen; Tagung Rechtliche Gestaltung der Informationstechnik, Zwischen rechtlicher Regulierung und technischem Selbstschutz", TH Darmstadt, Alcatel SEL Stiftung, Stiftungsreihe 22, 1996, 21-23.

Abstract: Nach einer Motivation der Notwendigkeit mehrseitiger Sicherheit wird skizziert, daß IT-Sicherheit eine wesentliche Voraussetzung ist und daß mehrseitige IT-Sicherheit nur durch verteilte IT-Systeme erreicht werden kann. Verteilte IT-Systeme bilden also nicht in erster Linie eine Gefährdung der Sicherheit, sondern bei geeigneter Gestaltung die einzige bekannte Möglichkeit, Sicherheit in demokratieverträglicher Weise -- was bedeutet: mehrseitig -- zu realisieren.


Birgit Pfitzmann, Matthias Schunter: Asymmetric Fingerprinting; Eurocrypt '96, LNCS 1070, Springer-Verlag, Berlin 1996, 84-95.

Abstract: Fingerprinting schemes deter people from illegal copying of digital data by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally. All known fingerprinting schemes are symmetric in the following sense: Both the buyer and the merchant know the fingerprinted copy. Thus, when the merchant finds this copy somewhere, there is no proof that it was the buyer who put it there, and not the merchant.
We introduce asymmetric fingerprinting, where only the buyer knows the fingerprinted copy, and the merchant, upon finding it somewhere, can find out and prove to third parties whose copy it was. We present a detailed definition of this concept and constructions. The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives; it is provably secure if all these underlying schemes are. We also present more specific and more efficient constructions.


Birgit Pfitzmann, Michael Waidner: Properties of Payment Systems - General Definition Sketch and Classification; IBM Research Report RZ 2823 (#90126) 05/06/96, IBM Research Division, Zurich, May 1996.

Abstract: We present a systematic treatment of the properties of digital payment systems. By properties, we mean that we abstract from internal details and only consider what kind of service the system offers its users, which may be people or other processes. In particular, the integrity properties are meant as a sketch of a general formal definition of payment systems, which can be filled in with moderate difficulty given previous papers; and there is currently no other comprehensive definition (even of only the integrity and at this degree of detail) of payment systems in the literature.


Birgit Pfitzmann, Michael Waidner: Asymmetric Fingerprinting for Larger Collusions; IBM Research Report RZ 2857 (#90805) 08/19/96, IBM Research Division, Zurich, August 1996.

Abstract: Fingerprinting schemes deter people from illegally redistributing digital data by enabling the original merchant of the data to identify the original buyer of a redistributed copy. So-called traitor-tracing schemes have the same goal for keys that can be used to decrypt information that is broadcast in encrypted form. Recently, asymmetric fingerprinting and traitor-tracing schemes were introduced. Here, only the buyer knows the fingerprinted copy after a sale, and if the merchant finds this copy somewhere, he obtains a proof that he found the copy of this particular buyer. First constructions showed the validity of the concept.
However, essentially all these constructions use so-called memory-less symmetric schemes as building blocks, whereas the better ones among the known symmetric schemes are not memory-less in this sense. Consequently, the previous asymmetric constructions did not reach the same level of tolerance against collusions as symmetric schemes. We now show asymmetric constructions without this restriction.


Birgit Pfitzmann, Michael Waidner: Anonymous Fingerprinting; IBM Research Report RZ 2881 (#90829) 11/18/96, IBM Research Division, Zürich, Nov. 1996.

Abstract: Fingerprinting schemes deter people from illegally redistributing digital data by enabling the original merchant of the data to identify the original buyer of a redistributed copy. Recently, asymmetric fingerprinting schemes were introduced. Here, only the buyer knows the fingerprinted copy after a sale, and if the merchant finds this copy somewhere, he obtains a proof that it was the copy of this particular buyer.
A problem with all previous fingerprinting schemes arises in the context of electronic marketplaces where untraceable electronic cash offers buyers privacy similar to that when buying books or music in normal shops with normal cash. Now buyers would have to identify themselves solely for the purpose of fingerprinting. To remedy this, we introduce and construct anonymous asymmetric fingerprinting schemes, where buyers can buy information anonymously, but can nevertheless be identified if they redistribute this information illegally.
A subresult of independent interest is an asymmetric fingerprinting protocol with reasonable collusion-tolerance and 2-party trials, which have several practical advantages over the previous 3-party trials. Our results can also be applied to so-called traitor tracing, the equivalent of fingerprinting for broadcast encryption.


Birgit Pfitzmann, Michael Waidner: Information-Theoretic Pseudosignatures and Byzantine Agreement for t &greaterequal; n/3; IBM Research Report RZ 2882 (#90830) 11/18/96, IBM Research Division, Zürich, Nov. 1996.

Abstract: Byzantine agreement means achieving reliable broadcast on a point-to-point network of n processors, of which up to t may be maliciously faulty. A well-known result by Pease, Shostak, and Lamport says that perfect Byzantine agreement is only possible if t < n/3. In contrast, so-called authenticated protocols achieve Byzantine agreement for any t based on computational assumptions, typically the existence of a digital signature scheme, an assumption equivalent to the existence of one-way functions. The "folklore" belief based on these two results is that computational assumptions are necessary to achieve Byzantine agreement for t &greaterequal; n/3.
We present a protocol that refutes this folklore belief, i.e., it achieves Byzantine agreement for any t in an information-theoretic setting. It does not, however, contradict the precise impossibility result: More than one difference exists between the model in that proof and the model of the existing authenticated protocols, and we only remove the computational assumption.
Our protocol is based on a new information-theoretically secure authentication scheme with many of the properties of digital signatures; we call it pseudosignatures. Our construction of pseudosignatures generalizes a scheme by Chaum and Roijakkers.


Andreas Pfitzmann, Birgit Pfitzmann, Matthias Schunter, Michael Waidner: Mobile User Devices and Security Modules: Design for Trustworthiness; IBM Research Report RZ 2784 (#89262) 02/05/96, IBM Research Division, Zurich, Feb. 1996.

Abstract: There are many plans to supply users with personal devices to improve security in such areas as electronic commerce, payment systems, and digital signature functions. Most of these plans consider only smartcards. However, far more powerful mobile user devices are a rapidly growing market; just consider mobile phones, pagers, gameboys, multifunctional watches, personal communicators, and personal digital assistants (PDAs). Moreover, most mobile user devices naturally need security functions for some of their prospective applications.
We therefore expect these two separate developments to merge to a great extent over the next decade. This opens up new architectural options for security, but also poses new threats. The present article surveys the resulting design issues. Although no device can be completely trustworthy, we believe that the combination of security functions and powerful mobile user devices is to their mutual benefit if appropriate measures are taken.


Kai Rannenberg, Andreas Pfitzmann, Günter Müller: Sicherheit, insbesondere mehrseitige IT-Sicherheit; it+ti 38/4 (1996) 7-10.

Abstract: Sicherheit besteht bei informationstechnischen (IT-) Systemen darin, daß Schutzziele trotz intelligenter Angreifer durchgesetzt werden. In diesem Text wird zunächst der Begriff Sicherheit im Kontext von IT-Systemen kurz diskutiert, insbesondere die Erweiterung, die er im Zuge der Entwicklung der IT und der Verbreitung ihrer Anwendung, speziell bei IT-gestützten Kommunikationssystemen erfahren hat. Danach werden potentielle Angreifer betrachtet. Eine Erläuterung und ein Beispiel für Sicherheitsanforderungen aus mehreren Sichten (mehrseitige Sicherheit) folgen. Eine kurze Betrachtung der Möglichkeiten, mehrseitige Sicherheit in verteilten Systemen zu realisieren, schließt den Text ab.


Michael Steiner, Gene Tsudik, MichaelWaidner: Diffie-Hellman Key Distribution Extended to Groups; 3rd ACM Conference on Computer and Communications Security, ACM Press, 31-37.

Abstract: Ever since 2-party Diffie-Hellman key exchange was first proposed in 1976, there have been efforts to extend its simplicity and elegance to a group setting. Notable solutions have been proposed by Ingemarsson et al. (in 1982) and Burmester/Desmedt (in 1994). In this paper, we consider a class of protocols that we call natural extensions of Diffie-Hellman to the $n$-party case. After demonstrating the security of the entire class based on the intractability of the Diffie-Hellman problem we introduce two novel and practical protocols and compare them to the previous results. We argue that our protocols are optimal with respect to certain aspects of protocol complexity.


Michael Waidner: Development of a Secure Electronic Marketplace for Europe; Computer Security -- ESORICS '96, LNCS 1146, Springer, Berlin 1996, 1-14; also published in: EDI Forum 9/2 (1996) 98-106.

Abstract: Backed by the European Commission, a consortium of partners from European industry, financial institutions, and academia has embarked on a research project to develop the fundamentals of secure electronic commerce. The goal of Project SEMPER (Secure Electronic Marketplace for Europe) is to provide the first open and comprehensive solutions for secure commerce over the Internet and other public information networks. We describe the objectives and summarise the initial architecture of SEMPER.


Michael Waidner: Electronic Payment Systems; Public Key Solutions 1996, Zurich, 30 Sep - 2 Oct 1996.

Abstract: As business is moving from face-to-face trading, mail order and phone order to electronic commerce over open networks such as the Internet, crucial security issues are being raised. While EFT over financial networks is reasonably secure, securing payments over open networks connecting commercial servers and consumer workstations poses challenges of a new dimension. This talk reviews the state of the art in payment models and technologies, and sketches emerging developments.


Michael Waidner: Keine Angst um Ihr Geld! -- Entwicklung des sicheren Zahlungsverkehrs im Internet; erschien mit wenigen Veränderungen in Neue Zürcher Zeitung (NZZ), 8. Oktober 1996, Nr. 234, Seite B51.

Abstract: Mit rasanter Geschwindigkeit entwickelt sich das Internet zu einem Medium, über das jeder mit jedem Geschäfte abwickeln kann. Dabei spielt es keine Rolle mehr, ob die Partner sich bereits zuvor kannten, ob sie im selben Land angesiedelt sind, oder dieselbe Sprache sprechen. Sicherheit vor Betrug und Datenschutz auf diesem globalen Marktplatz zu garantieren ist ein Problem völlig neuer Dimension. Eine der Grundfunktionen hierfür ist das sichere Bezahlen.


Back to SIRENE's Home or Pointers to the Outside World.


Ahmad-Reza Sadeghi, sadeghi@cs.uni-sb.de
Last modified: $Date: 2000/09/06 12:02:22 $