From Ephemerizer to Timed-Ephemerizer: Achieve Assured Lifecycle Enforcement for Sensitive Data

The concept of Ephemerizer, proposed by Perlman, is a cryptographic primitive for assured data deletion. With an Ephemerizer protocol, data in persistent storage devices will always be encrypted simultaneously using an ephemeral public key of the Ephemerizer (an entity which will publish a set of ephemeral public keys and periodically delete the expired ones) and the long-term public key of a user. An Ephemerizer protocol enables the user to securely decrypt the encrypted data without leaking any information to the Ephemerizer. So far, no security model has ever been proposed for this primitive and existing protocols have not been studied formally. Not surprisingly, we show that some existing Ephemerizer protocols possess security vulnerabilities. In this paper, we introduce the notion of Timed-Ephemerizer, which can be regarded as a hybrid primitive by combining Ephemerizer and Timed-Release Encryption. Compared with an Ephemerizer protocol, a Timed-Ephemerizer protocol further guarantees that data will only be released after a pre-defined disclosure time. Moreover, we propose a security model for Timed-Ephemerizer and formalize relevant security properties. We also propose a new Timed-Ephemerizer protocol and prove its security in the security model

Dégradation de données par publication éphémère

Le respect de la vie privée est un droit fondamental mais difficile à garantir sur Internet. Malgré les recommandations des experts, le principe de minimisation des données -- qui exige notamment que les données soient effacées aussitôt qu'elles ne sont plus strictement nécessaires (rétention minimale) -- est rarement appliqué, en raison d'intérêts divergents entre les hébergeurs des données personnelles et les utilisateurs. Pour diminuer l'impact de ces divergences, une alternative à la rétention minimale a été proposée, la dégradation des données : au lieu d'être complètement effacée, une donnée peut être progressivement dégradée vers des états moins précis qui protègent mieux la vie privée de l'utilisateur tout en conservant (partiellement) l'utilité de la donnée initiale. Cependant, aucune architecture n'existe à l'heure actuelle qui garantisse la dégradation des données sans un gestionnaire de base de données de confiance. En utilisant un système de publication éphémère (une donnée ne peut plus être accédée après une date d'expiration fixée à l'avance), nous proposons dans ce travail une architecture décentralisée qui garantit la dégradation des données sans aucun acteur de confiance dans le système

Optimization of Three-dimensional Face Recognition Algorithms in Financial Identity Authentication

Identity authentication is one of the most basic components in the computer network world. It is the key technology of information security. It plays an important role in the protection of system and data security. Biometric recognition technology provides a reliable and convenient way for identity authentication. Compared with other biometric recognition technologies, face recognition has become a hot research topic because of its convenience, friendliness and easy acceptance. With the maturity and progress of face recognition technology, its commercial application has become more and more widespread. Internet finance, e-commerce and other asset-related areas have begun to try to use face recognition technology as a means of authentication, so people’s security needs for face recognition systems are also increasing. However, as a biometric recognition system, face recognition system still has inherent security vulnerabilities and faces security threats such as template attack and counterfeit attack. In view of this, this paper studies the application of threedimensional face recognition algorithm in the field of financial identity authentication. On the basis of feature extraction of face information using neural network algorithm, K-L transform is applied to image high-dimensional vector mapping to make face recognition clearer. Thus, the image loss can be reduced

Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information

Search engines are the prevalently used tools to collect information about individuals on the Internet. Search results typically comprise a variety of sources that contain personal information -- either intentionally released by the person herself, or unintentionally leaked or published by third parties, often with detrimental effects on the individual's privacy. To grant individuals the ability to regain control over their disseminated personal information, the European Court of Justice recently ruled that EU citizens have a right to be forgotten in the sense that indexing systems, must offer them technical means to request removal of links from search results that point to sources violating their data protection rights. As of now, these technical means consist of a web form that requires a user to manually identify all relevant links upfront and to insert them into the web form, followed by a manual evaluation by employees of the indexing system to assess if the request is eligible and lawful. We propose a universal framework Oblivion to support the automation of the right to be forgotten in a scalable, provable and privacy-preserving manner. First, Oblivion enables a user to automatically find and tag her disseminated personal information using natural language processing and image recognition techniques and file a request in a privacy-preserving manner. Second, Oblivion provides indexing systems with an automated and provable eligibility mechanism, asserting that the author of a request is indeed affected by an online resource. The automated ligibility proof ensures censorship-resistance so that only legitimately affected individuals can request the removal of corresponding links from search results. We have conducted comprehensive evaluations, showing that Oblivion is capable of handling 278 removal requests per second, and is hence suitable for large-scale deployment

Trust evaluation mechanism for distributed Hash table network nodes in cloud data secure self-destruction system

在云环境下的数据自毁机制中,针对分布式哈希表(DHT)网络的恶意节点和不诚信节点容易造成密钥分量丢失或泄露等问题,提出面向云数据安全自毁的DHT网络节点信任评估机制。该机制首先为节点建立二维信任评估模型,对节点可信程度进行定性和定量的考察;接着改进节点直接信任值和推荐信任值的计算方法,充分考虑节点内外因素,从节点运行环境和交互经验两个维度出发并细化到不同层级计算节点信任值,得到信任评价子云;然后将各个信任评价子云加权合成得到综合信任云,采用云发生器描绘出综合信任云一维高斯云图形;最后结合信任决策算法选出最优可信节点。实验结果表明该机制能够帮助原有的数据自毁机制找到更适合存储密钥分量的DHT网络节点,提高了系统的容灾能力并降低了系统计算负载。Distributed Hash Table( DHT) network is widely used in secure self-destruction schemes of privacy data in cloud computing environment,but malicious nodes and dishonest nodes in the DHT network easily lead to key shares loss or leakage. To tackle those problems,a trust evaluation mechanism was proposed for the DHT network used in cloud-data secure self-destruction system. In this mechanism,a trust cloud model was established for DHT nodes to describe their trust information qualitatively and quantitatively. By introducing an improved calculation method of direct trust value together with recommended trust value and fully considering the internal and external factors of DHT nodes,the trust value of nodes were first calculated on two dimensions consisted of operating experiment and interactive experience. The result data were used to build trust evaluation sub-cloud for each index. After that,all these trust evaluation sub-clouds were summed up to generate the comprehensive trust cloud according to the weights of different evaluation indexes. Then,the comprehensive trust cloud,by means of cloud generator algorithm,could be described as one-dimensional normal cloud. Finally,the reliable and efficient nodes could be selected using trust decision algorithm. Experimental results show that the proposed mechanism can help original data self-destruction system making comprehensive trust decision and finding reliable DHT network nodes,further enhancing disaster-tolerant capability and reducing computational cost of the system.国家自然科学基金资助项目(61402109,61370078);; 福建省自然科学基金资助项目(2015J05120);; 福建省高校杰出青年科研人才培育计划项目(2015)~

Secure overlay cloud storage with access control and file assured deletion

Tang, Yang.Thesis (M.Phil.)--Chinese University of Hong Kong, 2011.Includes bibliographical references (p. 60-65).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.ivChapter 1 --- Introduction --- p.1Chapter 2 --- Policy-based File Assured Deletion --- p.7Chapter 2.1 --- Background --- p.7Chapter 2.2 --- Policy-based Deletion --- p.9Chapter 3 --- Basic Design of FADE --- p.13Chapter 3.1 --- Entities --- p.13Chapter 3.2 --- Deployment --- p.15Chapter 3.3 --- "Security Goals, Threat Models, and Assumptions" --- p.16Chapter 3.4 --- The Basics - File Upload/Download --- p.18Chapter 3.5 --- Policy Revocation for File Assured Deletion --- p.23Chapter 3.6 --- Multiple Policies --- p.23Chapter 3.7 --- Policy Renewal --- p.25Chapter 4 --- Extensions of FADE --- p.27Chapter 4.1 --- Access Control with ABE --- p.27Chapter 4.2 --- Multiple Key Managers --- p.31Chapter 5 --- Implementation --- p.35Chapter 5.1 --- Representation of Metadata --- p.36Chapter 5.2 --- Client --- p.37Chapter 5.3 --- Key Managers --- p.38Chapter 6 --- Evaluation --- p.40Chapter 6.1 --- Experimental Results on Time Performance of FADE --- p.41Chapter 6.1.1 --- Evaluation of Basic Design --- p.42Chapter 6.1.2 --- Evaluation of Extensions --- p.46Chapter 6.2 --- Space Utilization of FADE --- p.49Chapter 6.3 --- Cost Model --- p.51Chapter 6.4 --- Lessons Learned --- p.53Chapter 7 --- Related Work --- p.54Chapter 8 --- Conclusions --- p.58Bibliography --- p.6

Plugging in trust and privacy : three systems to improve widely used ecosystems

The era of touch-enabled mobile devices has fundamentally changed our communication habits. Their high usability and unlimited data plans provide the means to communicate any place, any time and lead people to publish more and more (sensitive) information. Moreover, the success of mobile devices also led to the introduction of new functionality that crucially relies on sensitive data (e.g., location-based services). With our today’s mobile devices, the Internet has become the prime source for information (e.g., news) and people need to rely on the correctness of information provided on the Internet. However, most of the involved systems are neither prepared to provide robust privacy guarantees for the users, nor do they provide users with the means to verify and trust in delivered content. This dissertation introduces three novel trust and privacy mechanisms that overcome the current situation by improving widely used ecosystems. With WebTrust we introduce a robust authenticity and integrity framework that provides users with the means to verify both the correctness and authorship of data transmitted via HTTP. X-pire! and X-pire 2.0 offer a digital expiration date for images in social networks to enforce post-publication privacy. AppGuard enables the enforcement of fine-grained privacy policies on third-party applications in Android to protect the users privacy.Heutige Mobilgeräte mit Touchscreen haben unsere Kommunikationsgewohnheiten grundlegend geändert. Ihre intuitive Benutzbarkeit gepaart mit unbegrenztem Internetzugang erlaubt es uns jederzeit und überall zu kommunizieren und führt dazu, dass immer mehr (vertrauliche) Informationen publiziert werden. Des Weiteren hat der Erfolg mobiler Geräte zur Einführung neuer Dienste die auf vertraulichen Daten aufbauen (z.B. positionsabhängige Dienste) beigetragen. Mit den aktuellen Mobilgeräten wurde zudem das Internet die wichtigste Informationsquelle (z.B. für Nachrichten) und die Nutzer müssen sich auf die Korrektheit der von dort bezogenen Daten verlassen. Allerdings bieten die involvierten Systeme weder robuste Datenschutzgarantien, noch die Möglichkeit die Korrektheit bezogener Daten zu verifizieren. Diese Dissertation führt drei neue Mechanismen für das Vertrauen und den Datenschutz ein, die die aktuelle Situation in weit verbreiteten Systemen verbessern. WebTrust, ein robustes Authentizitäts- und Integritätssystem ermöglicht es den Nutzern sowohl die Korrektheit als auch die Autorenschaft von über HTTP übertragenen Daten zu verifizieren. X-pire! und X-pire 2.0 bieten ein digitales Ablaufdatum für Bilder in sozialen Netzwerken um Daten auch nach der Publikation noch vor Zugriff durch Dritte zu schützen. AppGuard ermöglicht das Durchsetzen von feingranularen Datenschutzrichtlinien für Drittanbieteranwendungen in Android um einen angemessen Schutz der Nutzerdaten zu gewährleisten

Plugging in trust and privacy : three systems to improve widely used ecosystems

The era of touch-enabled mobile devices has fundamentally changed our communication habits. Their high usability and unlimited data plans provide the means to communicate any place, any time and lead people to publish more and more (sensitive) information. Moreover, the success of mobile devices also led to the introduction of new functionality that crucially relies on sensitive data (e.g., location-based services). With our today’s mobile devices, the Internet has become the prime source for information (e.g., news) and people need to rely on the correctness of information provided on the Internet. However, most of the involved systems are neither prepared to provide robust privacy guarantees for the users, nor do they provide users with the means to verify and trust in delivered content. This dissertation introduces three novel trust and privacy mechanisms that overcome the current situation by improving widely used ecosystems. With WebTrust we introduce a robust authenticity and integrity framework that provides users with the means to verify both the correctness and authorship of data transmitted via HTTP. X-pire! and X-pire 2.0 offer a digital expiration date for images in social networks to enforce post-publication privacy. AppGuard enables the enforcement of fine-grained privacy policies on third-party applications in Android to protect the users privacy.Heutige Mobilgeräte mit Touchscreen haben unsere Kommunikationsgewohnheiten grundlegend geändert. Ihre intuitive Benutzbarkeit gepaart mit unbegrenztem Internetzugang erlaubt es uns jederzeit und überall zu kommunizieren und führt dazu, dass immer mehr (vertrauliche) Informationen publiziert werden. Des Weiteren hat der Erfolg mobiler Geräte zur Einführung neuer Dienste die auf vertraulichen Daten aufbauen (z.B. positionsabhängige Dienste) beigetragen. Mit den aktuellen Mobilgeräten wurde zudem das Internet die wichtigste Informationsquelle (z.B. für Nachrichten) und die Nutzer müssen sich auf die Korrektheit der von dort bezogenen Daten verlassen. Allerdings bieten die involvierten Systeme weder robuste Datenschutzgarantien, noch die Möglichkeit die Korrektheit bezogener Daten zu verifizieren. Diese Dissertation führt drei neue Mechanismen für das Vertrauen und den Datenschutz ein, die die aktuelle Situation in weit verbreiteten Systemen verbessern. WebTrust, ein robustes Authentizitäts- und Integritätssystem ermöglicht es den Nutzern sowohl die Korrektheit als auch die Autorenschaft von über HTTP übertragenen Daten zu verifizieren. X-pire! und X-pire 2.0 bieten ein digitales Ablaufdatum für Bilder in sozialen Netzwerken um Daten auch nach der Publikation noch vor Zugriff durch Dritte zu schützen. AppGuard ermöglicht das Durchsetzen von feingranularen Datenschutzrichtlinien für Drittanbieteranwendungen in Android um einen angemessen Schutz der Nutzerdaten zu gewährleisten

Accountable infrastructure and its impact on internet security and privacy

The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann