4,381 research outputs found
User Collusion Avoidance Scheme for Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption -- Full Version
Recent trend towards cloud computing paradigm, smart devices and 4G wireless
technologies has enabled seamless data sharing among users. Cloud computing
environment is distributed and untrusted, hence data owners have to encrypt
their data to enforce data confidentiality. The data confidentiality in a
distributed environment can be achieved by using attribute-based encryption
technique. Decentralized attribute-based encryption technique is a variant of
multiple authority based attribute-based encryption whereby any attribute
authority can independently join and leave the system without collaborating
with the existing attribute authorities. In this paper, we propose a
privacy-preserving decentralized key-policy attribute-based encryption scheme.
The scheme preserves the user privacy when users interact with multiple
authorities to obtain decryption keys while mitigating the well-known user
collusion security vulnerability. We showed that our scheme relies on
decisional bilinear Diffie-Hellman standard complexity assumption in contrast
to the previous nonstandard complexity assumptions such as decisional
Diffie-Hellman inversion
Remote Document Encryption - encrypting data for e-passport holders
We show how any party can encrypt data for an e-passport holder such that
only with physical possession of the e-passport decryption is possible. The
same is possible for electronic identity cards and driver licenses. We also
indicate possible applications. Dutch passports allow for 160 bit security,
theoretically giving sufficient security beyond the year 2079, exceeding
current good practice of 128 bit security. We also introduce the notion of RDE
Extraction PIN which effectively provides the same security as a regular PIN.
Our results ironically suggest that carrying a passport when traveling abroad
might violate export or import laws on strong cryptography
A Taxonomy for Understanding the Security Technical Debts in Blockchain Based Systems
Blockchain is a disruptive technology intended at implementing secure
decentralized distributed systems, in which transactional data can be shared,
stored and verified by participants of a system using cryptographic and
consensus mechanisms, elevating the need for a central
authentication/verification authority. Contrary to the belief, blockchain-based
systems are not inherently secure by design; it is crucial for security
software engineers to be aware of the various blockchain specific architectural
design decisions and choices and their consequences on the dependability of the
software system. We argue that sub-optimal and ill-informed design decisions
and choices of blockchain components and their configurations including smart
contracts, key management, cryptographic and consensus mechanisms, on-chain vs.
off chain storage choices can introduce security technical debt into the
system. The technical debt metaphor can serve as a powerful tool for early,
preventive and transparent evaluation of the security design of
blockchain-based systems by making the potential security technical debt
visible to security software engineers. We review the core architectural
components of blockchain-based systems and we show how the ill-choice or
sub-optimal design decisions and configuration of these components can manifest
into security technical debt. We contribute to a taxonomy that classifies the
blockchain specific design decisions and choices and we describe their
connection to potential debts. The taxonomy can help architects of this
category of systems avoid potential security risks by visualising the security
technical debts and raising its visibility. We use examples from two case
studies to discuss the taxonomy and its application
Emerging Privacy Issues and Solutions in Cyber-Enabled Sharing Services: From Multiple Perspectives
Fast development of sharing services has become a crucial part of the
cyber-enabled world construction process, as sharing services reinvent how
people exchange and obtain goods or services. However, privacy leakage or
disclosure remains a key concern during the sharing service development
process. While significant efforts have been undertaken to address various
privacy issues in recent years, there is a surprising lack of review for
privacy concerns in the cyber-enabled sharing world. To bridge the gap, in this
study, we survey and evaluate existing and emerging privacy issues relating to
sharing services from various perspectives. Differing from existing similar
works on surveying sharing practices in various fields, our work
comprehensively covers six branches of sharing services in the cyber-enabled
world and selects solutions mostly from the recent five to six years. We
conclude the issues and solutions from three perspectives, namely, from users',
platforms' and service providers' perspectives. Hot topics and less discussed
topics are identified, which provides hints to researchers for their future
studies.Comment: 28 pages, 13 figure
Security Protocols in a Nutshell
Security protocols are building blocks in secure communications. They deploy
some security mechanisms to provide certain security services. Security
protocols are considered abstract when analyzed, but they can have extra
vulnerabilities when implemented. This manuscript provides a holistic study on
security protocols. It reviews foundations of security protocols, taxonomy of
attacks on security protocols and their implementations, and different methods
and models for security analysis of protocols. Specifically, it clarifies
differences between information-theoretic and computational security, and
computational and symbolic models. Furthermore, a survey on computational
security models for authenticated key exchange (AKE) and password-authenticated
key exchange (PAKE) protocols, as the most important and well-studied type of
security protocols, is provided.Comment: Based on the introduction part of the author's dissertatio
Private Web Search with an Expected Constant Round
Web searching is becoming an essential activity because it is often the most
effective and convenient way of finding information. However, a Web search can
be a threat to the privacy of the searcher because the queries may reveal
sensitive information about the searcher. Private Web search (PWS) solutions
allow users to find information on the Internet while preserving their privacy.
Here, privacy means maintaining the confidentiality of the identity of the
communicating users. According to their underlying technology, existing PWS
solutions can be divided into three types: proxy-based solutions,
obfuscation-based solutions, and cryptography-based solutions. Of these,
cryptography-based PWS (CB-PWS) systems are particularly interesting because
they provide strong privacy guarantees in the cryptographic sense. In this
paper, we present a round-efficient CB-PWS protocol that preserves
computational efficiency compared to other known CB-PWS systems. Assuming a
broadcast channel, our protocol is a \emph{four-round} cryptographic scheme
that requires communication complexity. However, if only point-to-point
interaction is available, with the users emulating the broadcast channel, our
protocol requires an expected -round complexity and the same computation
and communication overhead. Further analyzing the efficiency of our protocol
shows that our proposal requires only modular exponentiations for
users. To evaluate the security of our protocol, we demonstrate that our
construction is secure in terms of a semi-honest model. We then discuss how to
enhance its security to render it secure in the presence of malicious
adversaries. We provide a specific protocol for managing users' groups, which
is also an advantage over existing systems
Knowledge and Security
Epistemic concepts, and in some cases epistemic logic, have been used in
security research to formalize security properties of systems. This survey
illustrates some of these uses by focusing on confidentiality in the context of
cryptographic protocols, and in the context of multi-level security systems.Comment: 51 pages; preliminary version of a chapter for an upcoming Handbook
of Logics for Knowledge and Belie
A Technical Look At The Indian Personal Data Protection Bill
The Indian Personal Data Protection Bill 2019 provides a legal framework for
protecting personal data. It is modeled after the European Union's General Data
Protection Regulation(GDPR). We present a detailed description of the Bill, the
differences with GDPR, the challenges and limitations in implementing it. We
look at the technical aspects of the bill and suggest ways to address the
different clauses of the bill. We mostly explore cryptographic solutions for
implementing the bill. There are two broad outcomes of this study. Firstly, we
show that better technical understanding of privacy is important to clearly
define the clauses of the bill. Secondly, we also show how technical and legal
solutions can be used together to enforce the bill
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
-MABE: Distributed Multilevel Attribute-Based EMR Management and Applications
Current systems used by medical institutions for the management and transfer
of Electronic Medical Records (EMR) can be vulnerable to security and privacy
threats. In addition, these centralized systems often lack interoperability and
give patients limited or no access to their own EMRs. In this paper, we propose
a novel distributed data sharing scheme that applies the security benefits of
blockchain to handle these concerns. With blockchain, we incorporate smart
contracts and a distributed storage system to alleviate the dependence on the
record-generating institutions to manage and share patient records. To preserve
privacy of patient records, we implement our smart contracts as a method to
allow patients to verify attributes prior to granting access rights. Our
proposed scheme also facilitates selective sharing of medical records among
staff members that belong to different levels of a hierarchical institution. We
provide extensive security, privacy, and evaluation analyses to show that our
proposed scheme is both efficient and practical
- β¦