An Efficient Code-Based Threshold Ring Signature Scheme with a Leader-Participant Model

Digital signature schemes with additional properties have broad applications, such as in protecting the identity of signers allowing a signer to anonymously sign a message in a group of signers (also known as a ring). While these number-theoretic problems are still secure at the time of this research, the situation could change with advances in quantum computing. There is a pressing need to design PKC schemes that are secure against quantum attacks. In this paper, we propose a novel code-based threshold ring signature scheme with a leader-participant model. A leader is appointed, who chooses some shared parameters for other signers to participate in the signing process. This leader-participant model enhances the performance because every participant including the leader could execute the decoding algorithm (as a part of signing process) upon receiving the shared parameters from the leader. The time complexity of our scheme is close to Courtois et al.’s (2001) scheme. The latter is often used as a basis to construct other types of code-based signature schemes. Moreover, as a threshold ring signature scheme, our scheme is as efficient as the normal code-based ring signature

Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks

This chapter discusses the need of security and privacy protection mechanisms in aggregation protocols used in wireless sensor networks (WSN). It presents a comprehensive state of the art discussion on the various privacy protection mechanisms used in WSNs and particularly focuses on the CPDA protocols proposed by He et al. (INFOCOM 2007). It identifies a security vulnerability in the CPDA protocol and proposes a mechanism to plug that vulnerability. To demonstrate the need of security in aggregation process, the chapter further presents various threats in WSN aggregation mechanisms. A large number of existing protocols for secure aggregation in WSN are discussed briefly and a protocol is proposed for secure aggregation which can detect false data injected by malicious nodes in a WSN. The performance of the protocol is also presented. The chapter concludes while highlighting some future directions of research in secure data aggregation in WSNs.Comment: 32 pages, 7 figures, 3 table

Decentralizing Trust with Resilient Group Signatures in Blockchains

Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased internetworking model that does not depend on centralized trust parties. Along with research on better scalability, performance, consistency control, and security guarantees in their service planes, other challenges aimed at better trust decentralization and fairness models on the research community’s agenda today. Asymmetric cryptography and digital signatures are key components of blockchain systems. As a common flaw in different blockchains, public keys and verification of single-signed transactions are handled under the principle of trust centralization. In this dissertation, we propose a better fairness and trust decentralization model by proposing a service plane for blockchains that provides support for collective digital signatures and allowing transactions to be collaboratively authenticated and verified with groupbased witnessed guarantees. The proposed solution is achieved by using resilient group signatures from randomly and dynamically assigned groups. In our approach we use Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness of blockchain systems while preserving their decentralization nature. We have designed and implemented a modular and portable cryptographic provider that supports operations expressed by smart contracts. Our system is designed to be a service plane agnostic and adaptable to the base service planes of different blockchains. Therefore, we envision our solution as a portable, adaptable and reusable plugin service plane for blockchains, as a way to provide authenticated group-signed transactions with decentralized auditing, fairness, and long-term security guarantees and to leverage a better decentralized trust model. We conducted our experimental evaluations in a cloudbased testbench with at least sixteen blockchain nodes distributed across four different data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada. Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias de segurança nos planos de serviço, outros desafios como a melhoria do modelo de descentralização e na equidade estão na agenda da comunidade científica. Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas de blockchains. Porém, as blockchains, chaves públicas e verificações de transações assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos propor uma solução que inclui melhores condições de equidade e descentralização de confiança, modelado por um plano de serviços para a blockchain que fornece suporte para assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada, irá ser baseada em assinaturas threshold à prova de falhas Bizantinas. Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar e portável para suportar operações criptográficas que podem ser expressas por smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada, justiça, e garantias de longo termo para criar modelo melhor da descentralização da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis nós distribuídos em quatro data centres, observando os benefícios da solução proposta

Communication-Efficient Cluster Federated Learning in Large-scale Peer-to-Peer Networks

A traditional federated learning (FL) allows clients to collaboratively train a global model under the coordination of a central server, which sparks great interests in exploiting the private data distributed on clients. However, once the central server suffers from a single point of failure, it will lead to system crash. In addition, FL usually involves a large number of clients, which requires expensive communication costs. These challenges inspire a communication-efficient design of decentralized FL. In this paper, we propose an efficient and privacy-preserving global model training protocol in the context of FL in large-scale peer-to-peer networks, CFL. The proposed CFL protocol aggregates local contributions hierarchically by a cluster-based aggregation mode, as well as a leverged authenticated encryption scheme to ensure the security communication, whose key is distributed by a modified secure communication key establishment protocol. Theoretical analyses show that CFL guarantees the privacy of local model update parameters, as well as integrity and authenticity under the widespread internal semi-honest and external malicious threat models. In particular, the proposed key revocation based on public voting can effectively defense against external adversaries hijacking honest participants to ensure the confidentiality of the communication keys. Moreover, the modified secure communication key establishment protocol indeed achieves high network connectivity probability to ensure transmission security of the system

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Extending the Exposure Score of Web Browsers by Incorporating CVSS

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Yet its content differs from one browser to another. Despite the privacy and security risks of User-Agent strings, very few works have tackled this problem. Our previous work proposed giving Internet browsers exposure relative scores to aid users to choose less intrusive ones. Thus, the objective of this work is to extend our previous work through: first, conducting a user study to identify its limitations. Second, extending the exposure score via incorporating data from the NVD. Third, providing a full implementation, instead of a limited prototype. The proposed system: assigns scores to users’ browsers upon visiting our website. It also suggests alternative safe browsers, and finally it allows updating the back-end database with a click of a button. We applied our method to a data set of more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available here [4].</p