ACM SIGCAS Computers and Society
On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
An information-theoretic model for steganography
Information and Computation
ICML '06 Proceedings of the 23rd international conference on Machine learning
Anonymity protocols as noisy channels
Information and Computation
Reliability criteria in information theory and in statistical hypothesis testing
Foundations and Trends in Communications and Information Theory
On the Bayes risk in information-hiding protocols
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
User-aided data authentication
International Journal of Security and Networks
Information Theoretic Security
Foundations and Trends in Communications and Information Theory
A hypothesis testing approach to semifragile watermark-based authentication
IEEE Transactions on Information Forensics and Security
Authentication over noisy channels
IEEE Transactions on Information Theory
ISIT'09 Proceedings of the 2009 IEEE international conference on Symposium on Information Theory - Volume 3
An algebraic watchdog for wireless network coding
ISIT'09 Proceedings of the 2009 IEEE international conference on Symposium on Information Theory - Volume 2
Commitment and authentication systems
Designs, Codes and Cryptography
Efficient compromising resilient authentication schemes for large scale wireless sensor networks
Proceedings of the third ACM conference on Wireless network security
Unconditionally secure homomorphic pre-distributed commitments
AAECC'03 Proceedings of the 15th international conference on Applied algebra, algebraic algorithms and error-correcting codes
On the optimality of linear, differential, and sequential distinguishers
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Anonymity protocols as noisy channels
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Transactions on data hiding and multimedia security III
EPSON: enhanced physical security in OFDM networks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Combinatorial Designs for Authentication and Secrecy Codes
Foundations and Trends in Communications and Information Theory
Physical layer authentication over an OFDM fading wiretap channel
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
Tight bounds for unconditional authentication protocols in the manual channel and shared key models
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
On logarithmically asymptotically optimal testing of hypotheses and identification
General Theory of Information Transfer and Combinatorics
Bit commitment in the bounded storage model: tight bound and simple optimal construction
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Wireless Personal Communications: An International Journal
Hi-index | 754.90 |
By interpreting message authentication as a hypothesis testing problem, this paper provides a generalized treatment of information-theoretic lower bounds on an opponent's probability of cheating in one-way message authentication. We consider the authentication of an arbitrary sequence of messages, using the same secret key shared between sender and receiver. The adversary tries to deceive the receiver by forging one of the messages in the sequence. The classical two types of cheating are considered, impersonation and substitution attacks, and lower bounds on the cheating probability for any authentication system are derived for three types of goals the adversary might wish to achieve. These goals are: (1) that the fraudulent message should be accepted by the receiver, or, in addition, (2) that the adversary wishes to know or (3) wants to even choose the value of the plaintext message obtained by the legitimate receiver after decoding with the secret key