The Multi Owner Data Distribution using Identity Based Encryption on Cloud Storage

Data sharing has never been anything but difficult to the progression of cloud computing. The storage data gives number of advantages to both the general public and people. Storage-as-an administration possible by cloud specialist co-ops (CSPs) is paid capacity that empowers associations to assign their delicate data to be put away on out of reach servers. This paper proposes a cloud based storage technique that permits the data proprietor to profit by the comforts offered by the CSP and empowers trust between them. Character based (ID-based) ring mark, which evacuates procedure of authentication check, can be utilized as a substitute. In this paper, we proposed the security of ID-based ring mark by giving forward wellbeing: If a top mystery key of any client has been bargained, all previous created marks that incorporate this client still longer substantial. This property is particularly imperative to any expansive scale data conveyance framework, as it is impractical to ask all data proprietors to again confirm their data regardless of the possibility that a mystery key of any client has been bargained. It permits the proprietor to financing or disavow induction to the outsourced data

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft

Searchable atribute-based mechanism with efficiient data sharing for secure cloud storage

To date, the growth of electronic personal data leads to a trend that data owners prefer to remotely outsource their data to clouds for the enjoyment of the high-quality retrieval and storage service without worrying the burden of local data management and maintenance. However, secure share and search for the outsourced data is a formidable task, which may easily incur the leakage of sensitive personal information. Efficient data sharing and searching with security is of critical importance. This paper, for the first time, proposes a searchable attribute-based proxy re-encryption system. When compared to existing systems only supporting either searchable attribute-based functionality or attribute-based proxy re-encryption, our new primitive supports both abilities and provides flexible keyword update service. Specifically, the system enables a data owner to efficiently share his data to a specified group of users matching a sharing policy and meanwhile, the data will maintain its searchable property but also the corresponding search keyword(s) can be updated after the data sharing. The new mechanism is applicable to many real-world applications, such as electronic health record systems. It is also proved chosen ciphertext secure in the random oracle model

Secure and Privacy-Preserving Vehicular Communications

Road safety has been drawing increasing attention in the public, and has been subject to extensive efforts from both industry and academia in mitigating the impact of traffic accidents. Recent advances in wireless technology promise new approaches to facilitating road safety and traffic management, where each vehicle (or referred to as On-board unit (OBU)) is allowed to communicate with each other as well as with Roadside units (RSUs), which are located in some critical sections of the road, such as a traffic light, an intersection, and a stop sign. With the OBUs and RSUs, a self-organized network, called Vehicular Ad Hoc Network (VANET), can thus be formed. Unfortunately, VANETs have faced various security threats and privacy concerns, which would jeopardize the public safety and become the main barrier to the acceptance of such a new technology. Hence, addressing security and privacy issues is a prerequisite for a market-ready VANET. Although many studies have recently addressed a significant amount of efforts in solving the related problems, few of the studies has taken the scalability issues into consideration. When the traffic density is getting large, a vehicle may become unable to verify the authenticity of the messages sent by its neighbors in a timely manner, which may result in message loss so that public safety may be at risk. Communication overhead is another issue that has not been well addressed in previously reported studies. Many efforts have been made in recent years in achieving efficient broadcast source authentication and data integrity by using fast symmetric cryptography. However, the dynamic nature of VANETs makes it very challenging in the applicability of these symmetric cryptography-based protocols. In this research, we propose a novel Secure and Efficient RSU-aided Privacy Preservation Protocol, called SERP^3, in order to achieve efficient secure and privacy-preserving Inter-Vehicle Communications (IVCs). With the commitments of one-way key chains distributed to vehicles by RSUs, a vehicle can effectively authenticate any received message from vehicles nearby even in the presence of frequent change of its neighborship. Compared with previously reported public key infrastructure (PKI)-based packet authentication protocols for security and privacy, the proposed protocol not only retains the security and privacy preservation properties, but also has less packet loss ratio and lower communication overhead, especially when the road traffic is heavy. Therefore, the protocol solves the scalability and communication overhead issues, while maintaining acceptable packet latency. However, RSU may not exist in some situations, for example, in the early stage deployment phase of VANET, where unfortunately, SERP^3 is not suitable. Thus, we propose a complementary Efficient and Cooperative Message Validation Protocol, called ECMVP, where each vehicle probabilistically validates a certain percentage of its received messages based on its own computing capacity and then reports any invalid messages detected by it. Since the ultimate goal of designing VANET is to develop vehicle safety/non-safety related applications to improve road safety and facilitate traffic management, two vehicle applications are further proposed in the research to exploit the advantages of vehicular communications. First, a novel vehicle safety application for achieving a secure road traffic control system in VANETs is developed. The proposed application helps circumvent vehicles safely and securely through the areas in any abnormal situation, such as a car crash scene, while ensuring the security and privacy of the drivers from various threats. It not only enhances traveler safety but also minimizes capacity restrictions due to any unusual situation. Second, the dissertation investigates a novel mobile payment system for highway toll collection by way of vehicular communications, which addresses all the issues in the currently existing toll collection technologies

Controle de acesso baseado em criptografia para a distribuição segura de conteúdo multimídia em redes centradas de informação

Orientador : Carlos Alberto MazieroTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa: Curitiba, 17/06/2016Inclui referências : f. 79-93Área de concentração : Ciência da computaçãoResumo: O uso cada vez maior da Internet destaca o seu grande sucesso, mas também revela as deficiências de uma arquitetura que sustenta uma rede de distribuição de conteúdo com um modelo inicialmente planejado para a comunicação ponto a ponto. As redes centradas em informação (Information-Centric Network - ICN) representam uma abordagem promissora ao abordar esse problema com um modelo mais adequado para a distribuição de conteúdo, no qual o conteúdo é a entidade principal da camada de rede. Para isso, o roteamento e o encaminhamento são realizados pelo nome dos conteúdos ao invés de endereços de máquina, e os conteúdos podem ser armazenados em caches na rede. Essa mudança traz diversos benefícios para a rede, principalmente para conteúdos muito acessados, como músicas e vídeos, mas gera preocupações com relação ao acesso não autorizado a conteúdos protegidos, pois os provedores não são consultados em requisições que são atendidas pelos caches. As soluções propostas para o controle de acesso em ICN geralmente limitam os benefícios trazidos pelos caches ou não garantem um nível de segurança adequado. Assim, este trabalho propõe uma solução para controle de acesso que permita que o conteúdo seja armazenado nos caches, que seja segura contra o acesso não autorizado e que não interfira no funcionamento das arquiteturas de ICN. Para isso, a solução proposta utiliza o esquema de recifragem por proxy, em que um conteúdo cifrado com uma chave pública pk(u1) pode ser transformado em um conteúdo cifrado com uma chave pública pk(u2), sem expor o conteúdo original nem as chaves privadas correspondentes. Essa transformação é tradicionalmente feita por uma entidade semi-confiável denominada proxy, usando uma chave de recifragem definida e criada por u1 a partir da sua chave privada e da chave pública de u2. Na solução proposta, a recifragem por proxy é adaptada ao transferir as funções do proxy para o próprio usuário, que recebe a chave de recifragem diretamente do provedor de conteúdo. Desta forma, o provedor distribui seus conteúdos cifrados e cada usuário, ao acessar um conteúdo, solicita uma chave de recifragem correspondente para o provedor. A chave de recifragem enviada é exclusiva do usuário para determinado conteúdo e só funciona com o conhecimento da chave privada do usuário que solicitou o acesso. Assim, ao receber uma requisição para a chave de recifragem de um conteúdo, o provedor pode aplicar as políticas de controle de acesso necessárias, impedindo que usuários não autorizados possam decifrar os conteúdos recuperados dos caches. A solução proposta é analisada em quatro aspectos: desempenho de uma arquitetura de ICN na distribuição de conteúdos multimídia, desempenho do esquema de recifragem por proxy, desempenho da solução proposta nos provedores e nos usuários e comparação com outras soluções criptográficas. Os resultados confirmam os benefícios da ICN na distribuição de conteúdo multimídia, e revelam que enquanto o esquema de recifragem por proxy tem desempenho adequado no domínio do provedor, a operação de decifragem no domínio do usuário se mostra inadequada para o fluxo de conteúdos maiores que 1GB por hora. Assim, é proposta uma otimização que diminui o tempo da operação de decifragem em até 96%, tornando o esquema atrativo para o controle de acesso de conteúdos em ICN. Em comparação com outras soluções, a solução proposta é mais segura, mais eficiente e faz o melhor uso dos caches na rede. Palavras-chave: recifragem por proxy, controle de acesso, redes centradas em informação.Abstract: The increasing use of the Internet by the users in their daily routines highlights the Internet great success whilst reveals the shortcomings of an architecture that supports a content distribution network with an architectural model originally designed for point to point communication. In this context, the Information-Centric Network (ICN) paradigm is a promising approach to address the current shortcomings of the Internet with an architecture more suitable for content distribution. In ICN, the content is the main entity on the network layer, thus routing and forwarding are performed on named content rather than host addresses, and content can be stored on in-network caches. This change brings many benefits to the network, especially for popular contents such as music and video, but also raises concerns about unauthorized access, since the provider does not interact with users which have their requests satisfied by caches. Existing solutions for access control in ICN often limit the benefits of caches or do not guarantee an adequate level of security. Thus, this work proposes an access control solution for ICN that allows content to be stored in caches and recovered by any user, is safe against unauthorized access, and does not interfere on ICN functioning. The proposed solution employs a proxy reencryption scheme, in which a content encrypted with a public key pk(u1) can be transformed into a content encrypted with a public key pk(u2), without exposing the original content nor the corresponding private keys. This transformation is traditionally done by a semi-trusted entity called the proxy, using a reencryption key defined and created by u1 from its private key and u2 public key. In the proposed solution, the proxy reencryption is adapted to transfer proxy functions to the user himself, who receives the reencryption key directly from the content provider. Thus, the content provider distributes encrypted content, and each user requests a reencryption key for each content they wish to access. The reencryption key sent by the content provider is exclusive to that user and to the requested content; consequently, it works only with the corresponding public-private key pair of the user requesting the content. Therefore, before issuing a reencryption key, the content provider can apply access control policies, preventing malicious users to decrypt the contents retrieved from in-network caches. The proposed solution is evaluated in four aspects: ICN performance on multimedia distribution, performance of proxy reencryption, performance of the proposed solution on content providers and users, and a comparative analysis with two distinct cryptographic solutions. Results confirm the benefits of ICN on multimedia content distribution, and reveals that while the proxy reencryption scheme is adequate for the content provider domain, the decryption operation on the user's domain is inadequate for content flows bigger than 1GB per hour. Thus, we propose an optimization on reencryption and decryption operations, leading to a reduction of up to 96% the decryption time on users, making the scheme attractive and suitable for content access control in ICN. Compared to other cryptographic access control solutions, the proposed solution is safer, more efficient and makes the best use of in-network caches. Keywords: proxy reencryption, access control, information-centric networks

On Achieving Secure Message Authentication for Vehicular Communications

Vehicular Ad-hoc Networks (VANETs) have emerged as a new application scenario that is envisioned to revolutionize the human driving experiences, optimize traffic flow control systems, etc. Addressing security and privacy issues as the prerequisite of VANETs' development must be emphasized. To avoid any possible malicious attack and resource abuse, employing a digital signature scheme is widely recognized as the most effective approach for VANETs to achieve authentication, integrity, and validity. However, when the number of signatures received by a vehicle becomes large, a scalability problem emerges immediately, where a vehicle could be difficult to sequentially verify each received signature within 100-300 ms interval in accordance with the current Dedicated Short Range Communications (DSRC) protocol. In addition, there are still some unsolved attacks in VANETs such as Denial of Service (Dos) attacks, which are not well addressed and waiting for us to solve. In this thesis, we propose the following solutions to address the above mentioned security related issues. First of all, to address the scalability issues, we introduce a novel roadside unit (RSU) aided message authentication scheme, named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k-anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. Secondly, we further consider the situation that RSUs may not cover all the busy streets of a city or a highway in some situations, for example, at the beginning of a VANETs' deployment period, or due to the physical damage of some RSUs, or simply for economic considerations. Under these circumstances, we further propose an efficient identity-based batch signature verification scheme for vehicular communications. The proposed scheme can make vehicles verify a batch of signatures once instead of one after another, and thus it efficiently increases vehicles' message verification speed. In addition, our scheme achieves conditional privacy: a distinct pseudo identity is generated along with each message, and a trust authority can trace a vehicle's real identity from its pseudo identity. In order to find invalid signatures in a batch of signatures, we adopt group testing technique which can find invalid signatures efficiently. Lastly, we identify a DoS attack, called signature jamming attack (SJA), which could easily happen and possibly cause a profound vicious impact on the normal operations of a VANET, yet has not been well addressed in the literature. The SJA can be simply launched at an attacker by flooding a significant number of messages with invalid signatures that jam the surrounding vehicles and prevent them from timely verifying regular and legitimate messages. To countermeasure the SJA, we introduces a hash-based puzzle scheme, which serves as a light-weight filter for excluding likely false signatures before they go through relatively lengthy signature verification process. To further minimize the vicious effect of SJA, we introduce a hash recommendation mechanism, which enables vehicles to share their information so as to more efficiently thwart the SJA. For each research solution, detailed analysis in terms of computational time, and transmission overhead, privacy preservation are performed to validate the efficiency and effectiveness of the proposed schemes

A Taxonomy for and Analysis of Anonymous Communications Networks

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

Cryptographic Analysis of Secure Messaging Protocols

Instant messaging applications promise their users a secure and private way to communicate. The validity of these promises rests on the design of the underlying protocol, the cryptographic primitives used and the quality of the implementation. Though secure messaging designs exist in the literature, for various reasons developers of messaging applications often opt to design their own protocols, creating a gap between cryptography as understood by academic research and cryptography as implemented in practice. This thesis contributes to bridging this gap by approaching it from both sides: by looking for flaws in the protocols underlying real-world messaging applications, as well as by performing a rigorous analysis of their security guarantees in a provable security model.Secure messaging can provide a host of different, sometimes conflicting, security and privacy guarantees. It is thus important to judge applications based on the concrete security expectations of their users. This is particularly significant for higher-risk users such as activists or civil rights protesters. To position our work, we first studied the security practices of protesters in the context of the 2019 Anti-ELAB protests in Hong Kong using in-depth, semi-structured interviews with participants of these protests. We report how they organised on different chat platforms based on their perceived security, and how they developed tactics and strategies to enable pseudonymity and detect compromise.Then, we analysed two messaging applications relevant in the protest context: Bridgefy and Telegram. Bridgefy is a mobile mesh messaging application, allowing users in relative proximity to communicate without the Internet. It was being promoted as a secure communication tool for use in areas experiencing large-scale protests. We showed that Bridgefy permitted its users to be tracked, offered no authenticity, no effective confidentiality protections and lacked resilience against adversarially crafted messages. We verified these vulnerabilities by demonstrating a series of practical attacks.Telegram is a messaging platform with over 500 million users, yet prior to this work its bespoke protocol, MTProto, had received little attention from the cryptographic community. We provided the first comprehensive study of the MTProto symmetric channel as implemented in cloud chats. We gave both positive and negative results. First, we found two attacks on the existing protocol, and two attacks on its implementation in official clients which exploit timing side channels and uncover a vulnerability in the key exchange protocol. Second, we proved that a fixed version of the symmetric MTProto protocol achieves security in a suitable bidirectional secure channel model, albeit under unstudied assumptions. Our model itself advances the state-of-the-art for secure channels