Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer program that should remain ciphered and then “be triggered” (i.e., deciphered and executed) when the underlying
system satisfies a preselected condition which must remain secret after code inspection. In this work we present different solutions for problems of this sort, using different “declassification” criteria, based on a primitive we call secure triggers. We establish the notion of secure triggers in the universally-composable security framework of [Canetti 2001] and introduce several examples. Our examples demonstrate
that a new sort of obfuscation is possible. Finally, we motivate its use with applications in realistic scenarios.
Categories and Subject Descriptors:
K.6 [Management of computing and information systems]: Security and Protection—Unauthorized access; E.3 [Data Encryption]: ; C.2.4 [Computer-communication Networks]: Distributed Systems
General Terms: Security, Theory, Algorithms.
Additional Key Words and Phrases: Malicious host problem, mobile code
security, obfuscation, secure triggers, universally-composable security.