Abstract: A system and method for providing secure communication between a source and a destination that is secured by secret sharing, during a vulnerability window in which all secret shares are collected in one or more points along the communication paths. Accordingly, during the regular operation of the communication protocol, a common random secret OTP is created by sending random bits from the sender to the receiver and the source is allowed to perform bitwise XOR operation between the information to be sent and the common random secret OTP, prior to using secret sharing. The results of the bitwise XOR operation are sent to the destination using secret sharing and the destination reconstructs the random secret and decrypts the received data, using the common established random secret. The common random secret is based on polynomial randomization being transferred from the source to the destination using secret sharing.

Abstract: The present invention is directed to a method and system for testing, during runtime, the correctness of a computer program (such as a hypervisor, an operating system or an interpreter) that controls a system and has one or more software modules. Accordingly, a reflexive code of a reflex function is integrated into the software modules or into a virtual infrastructure that executes the computer program. Whenever desired, the reflexive code is activated by an input and its corresponding output is processed. Then, the correctness of the one or more software modules or of the computer program is determined according to the processing results.

Abstract: A method for providing secure connection between vehicles. A unique pair of digitally signed public key and private key is provided to each vehicle, along with additional vehicle-related data. A certificate number is generated for each vehicle and the public key, the certificate number and the attributes of the vehicle is signed by a trusted certificate generating authority. Before communicating with a second vehicle, the first vehicle sends its unique certificate to a second vehicle; the second vehicle verifies the authenticity of received unique certificate number and visible attributes by a camera. If the attributes are verified successfully, the second vehicle sends its unique certificate number to the first vehicle, along with a secret key, which is valid for the current session only. Then the first vehicle verifies the authenticity of received certificate of the second vehicle and attributes by a camera that captures visible attributes of the second vehicle.

Abstract: A method for establishing a fully private, information theoretically secure interconnection between a source and a destination, over an unmanaged data network with at least a portion of a public infrastructure. Accordingly, n shares of the source data are created at the source according to a predetermined secret sharing scheme and the shares are sent to the data network, while encrypting the sent data using (n,k) secret sharing. A plurality of intermediating nodes are deployed in different locations over the network, to create a plurality of fully and/or partially independent paths in different directions on the path from the source to the destination, and with sufficient data separation. Then, the shares are sent over the plurality of fully and/or partially independent paths while forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares.

Abstract: The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users.

Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.

Abstract: A method for providing secure connection between vehicles over channels of a wireless communication network, according to which, a first unique pair of digitally signed public key and private key is provided to each vehicle, along with additional vehicle-related data including a visually static collection of attributes of the vehicle. A unique certificate number is generated for each vehicle and monolithic data consisting of the public key, the certificate number and the attributes is signed by a trusted certificate generating authority. Prior to wireless communication between a first vehicle and a second vehicle, a verification step is performed during which the first vehicle sends its unique certificate number to a second vehicle over a communication channel; the second vehicle verifies the authenticity of received unique certificate number of the first vehicle and attributes by a camera that captures attributes which are visible, using image processing means.

Abstract: A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the agreement.

Abstract: The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users.

Abstract: A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the agreement.

Abstract: A method and apparatus for repeated communication sessions between a sender (e.g., RFID tag) and a receiver (RFID reader) that employs a proactive information security scheme is based on the assumption that the information exchanged during at least one of every n successive communication sessions is not exposed to an adversary. The sender and the receiver maintain a vector of n entries that is repeatedly refreshed by pairwise XORING entries, with a new vector of n entries that is randomly chosen by the sender and sent to the receiver as a part of each communication session. Also, a computational secure scheme based on the information secure scheme is employed to ensure that even in the case that the adversary listens to all the information exchanges, the communication between the sender and the receiver is secure. In particular, the scheme can be used in the domain of remote controls (e.g., for cars).

Abstract: Apparatus and methods for converting a processor, having a plurality of states and being operative to execute software operations stored in a memory device, into a self-stabilizing processor, comprising providing self-stabilizing watchdog hardware that, with given timing, interacts with the processor, in accordance with an interaction sequence that includes at least one trigger that sets the processor to a known state from among a set of at least one known states. Also described are applications for stabilization of operating systems and other hardware or software configurations, apparatus and methods for ensuring eventual invariance of software executed by a processor, and apparatus and methods for enforcing fixed software configurations.

Abstract: The present invention is a system for using a collective computing power of a plurality of network stations in a communication network in order to overcome threats generated by malicious applications. Collaboratively, a large group of simple network stations implement a vaccination mechanism, proliferating information concerning malicious applications (malwares) throughout the network in an efficient manner.

Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.

Abstract: A method and apparatus for repeated communication sessions between a sender (e.g., RFID tag) and a receiver (RFID reader) that employs a proactive information security scheme is based on the assumption that the information exchanged during at least one of every n successive communication sessions is not exposed to an adversary. The sender and the receiver maintain a vector of n entries that is repeatedly refreshed by pairwise XORING entries, with a new vector of n entries that is randomly chosen by the sender and sent to the receiver as a part of each communication session. Also, a computational secure scheme based on the information secure scheme is employed to ensure that even in the case that the adversary listens to all the information exchanges, the communication between the sender and the receiver is secure. In particular, the scheme can be used in the domain of remote controls (e.g., for cars).