Abstract
This talk will illustrate how standard cryptographic techniques can be applied to real-life security products and services. This article presents in detail one of the examples given in the talk. It is intended to help the audience follow that part of our presentation. We chose as a characteristic example a little noticed yet ingenious Microsoft patent by Thomlinson and Walker. The Thomlinson-Walker system distributes encrypted patches to avoid reverse engineering by opponents (who would then be able to launch attacks on unpatched users). When the proportion of users who downloaded the encrypted patch becomes big enough, the decryption key is disclosed and all users install the patch.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
Horwitz, J., Lynn, B.: Towards hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)
ISO 8601: 2004 Data elements and interchange formats Information interchange Representation of dates and times
Mont, M., Harrison, K., Lotspiech, J.: The HP ttime vault service: exploiting IBE for timed release of confidential information. In: Proceedings of the International World Wide Web Conference 2003, pp. 160–169. ACM (2003)
Paterson, K.G., Quaglia, E.A.: Time specific encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 1–16. Springer, Heidelberg (2010)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Rivest, R., Shamir, A., Wagner, D.: Time-lock puzzles and timed-release crypto, Technical Report MIT/LCS/TR-684. MIT (February 1996)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Thomlinson, M., Walker, C.: Distribution of encrypted software update to reduce attack winodow. United States Patent Application 2008/007327 (August 31, 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Abdalla, M., Chabanne, H., Ferradi, H., Jainski, J., Naccache, D. (2014). Improving Thomlinson-Walker’s Software Patching Scheme Using Standard Cryptographic and Statistical Tools. In: Huang, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-06320-1_2
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06319-5
Online ISBN: 978-3-319-06320-1
eBook Packages: Computer ScienceComputer Science (R0)