Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).
Security is a most important nature of functional encryption, among which indistinguishable chosen-plaintext attack (IND-CPA) security is the most common. IND-CPA security requires that an efficient adversary cannot distinguish the encryption of two different messages even if it allows the adversary to get some extra information such as allowing them access the private key oracle. Furthermore, according to the capability of the adversary, security can be classified into the selective mode and adaptive mode. In the former, the challenge message must be chosen before the public parameter and private key is generated, while in the latter, it may be chosen at any time.
Although a wealth of results have been obtained on IND-CPA security, those schemes can only resist passive attacks. In order to resist active attacks, an IND-CCA security notion is required which is the same as IND-CPA but with exception that it additionally allows the adversary to access a decryption oracle. IND-CCA security in PKE settings has got richly studied by many researchers. Also, in the IBE  and ABE  settings, it also got extensively studied. Although IBEs and ABEs are subordinate to functional encryption, none of them could apply to general functions. Thus, studying FE with CCA security for arbitrary functions is necessary. In particular, although we allow the adversary to decrypt any ciphertext with private keys, it obtains by making key queries, and the security equipped with decryption oracle is still stronger than that without decryption oracle. The reason is, for any decryption query , the challenger can use the private key to decrypt , even conditioned on , but if without decryption oracle, the private key conditioned on is not allowed to obtain, and thus, cannot be decrypted with this key. Simulation-based CCA (SIM-CCA) is a stronger notion than IND-CCA, meaning that the reduction can be simulated via a probability polynomial time (PPT) simulator who only knows partial information and parameters that the system allows.
To construct functional encryptions with CCA security, some nontrivial techniques will be needed. We propose two (adaptively) CCA-secure generic construction for FE with CCA security for deterministic generic functions where one is in PKE settings and the other is in private-key settings. These generic constructions first yield practical FE that can be instantiated in the standard assumptions.
Note that simulation security is strong; in particular, it implies that we have to restrict ourselves to either secure against bounded collusion, which may hinder the practicability of the scheme, or to simple functionality (for example, IBE), for which the scheme cannot be simulation secure against bounded collusion. Although a weak notion, for example, an IND-CPA-secure SK-FE which may induce a more practical scheme or simple functionality, it is not applicable to our construction. This is because, when we directly use the weak scheme, during the decryption query phase, the master secret key encrypted in the underlying SK-FE ciphertext can be extracted out by the NIZK.
Let be a symmetric encryption (SE), be the secret key space, and be the message space. These PPT algorithms work as follows: (1) the key-generation algorithm works as ; (2) the encryption algorithm works as ; and (3) the decryption algorithm works as .
In the above game, we require that all challenge messages that the adversary delivers in the encryption queries to oracle satisfy for all the functions that the adversary makes queries to the key-generation oracle , where and denote the challenge message that the adversary delivers in the challenge phase. In the following, we define the functionalities of the oracles.
(i) denotes the key-generation oracle which means that when the adversary makes a function query , the oracle invokes the algorithm to get a private key .(ii) denotes an encryption oracle. On taking as input two messages , it invokes to obtain for a random bit . We denote all challenge ciphertexts as .(iii) denotes a decryption oracle which, on taking as input a tuple such that , invokes the algorithm to obtain a private key and outputs .
Theorem 1. If is a simulation-sound extractable noninteractive zero-knowledge argument, is perfectly correct -SIM-CPA-secure PK-FE scheme for deterministic function class , then is -SIM-CCA-secure functional encryption scheme for the same function class.
Remark 1. Note that applying the above simulation-sound extractable NIZK to the secret-key settings for implementing the IND-CPA-to-IND-CCA security transformation is impossible. This is because beyond the encrypted message, the extractor of the NIZK also extracts out the master secret key used for a secret parameter in the encryption process. Once the extractor obtains the master secret key, it can use it to forge the private keys for any functions of its choice.In the following, we will use the SIM-CCA-secure PK-FE proposed above and a NIZK scheme to put forward an IND-CCA-secure SK-FE.
Secure Shell (SSH) is a protocol that provides a secure (encrypted) management connection to a remote device. SSH should replace Telnet for management connections. Telnet is an older protocol that uses insecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. SSH provides security for remote connections by providing strong encryption when a device is authenticated (username and password) and also for the transmitted data between the communicating devices. SSH is assigned to TCP port 22. Telnet is assigned to TCP port 23.
SSH should replace Telnet for management connections. Telnet uses insecure plaintext communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.
By default, most Cisco routers and switches have CDP enabled on all ports. CDP information is sent in periodic, unencrypted broadcasts. This information is updated locally in the CDP database of each device. Even though CDP is a Layer 2 protocol, all Cisco devices can use CDP to communicate and share device information with an adjacent Cisco device; however, this information cannot be shared beyond a single, adjacent Cisco device.
To configure an interface to convert dynamically learned MAC addresses to sticky secure MAC addresses and add them to the running configuration, you must enable sticky learning. Sticky learning is enabled on an interface by using the switchport port-security mac-address sticky interface configuration mode command.
When this command is entered, the switch converts all dynamically learned MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. All sticky secure MAC addresses are added to the address table and to the running configuration.
Sticky secure MAC addresses can also be manually defined. When sticky secure MAC addresses are configured by using the switchport port-security mac-address sticky mac-address interface configuration mode command, all specified addresses are added to the address table and the running configuration.
If the sticky secure MAC addresses are saved to the startup configuration file, then when the switch restarts or the interface shuts down, the interface does not need to relearn the addresses. If the sticky secure addresses are not saved, they will be lost.
If sticky learning is disabled by using the no switchport port-security mac-address sticky interface configuration mode command, the sticky secure MAC addresses remain part of the address table but are removed from the running configuration.
Table 2-12 shows the commands needed to enable sticky secure MAC addresses for port security on Fast Ethernet port 0/19 of switch S1. As stated earlier, a specific maximum number of secure MAC addresses can be manually configured. In this example, the Cisco IOS command syntax is used to set the maximum number of MAC addresses to 50 for port 0/19. The violation mode is set to the default mode of shutdown. 2b1af7f3a8