Generalizations of All-or-Nothing Transforms and their Application in Secure Distributed Storage

An all-or-nothing transform is an invertible function that maps s inputs to s outputs such that, in the calculation of the inverse, the absence of only one output makes it impossible for an adversary to obtain any information about any single input. In this thesis, we generalize this structure in several ways motivated by different applications, and for each generalization, we provide some constructions. For a particular generalization, where we consider the security of t input blocks in the absence of t output blocks, namely, t-all-or-nothing transforms, we provide two applications. We also define a closeness measure and study structures that are close to t-all-or-nothing transforms. Other generalizations consider the situations where: i) t covers a range of values and the structure maintains its t-all-or-nothingness property for all values of t in that range; ii) the transform provides security for a smaller, yet fixed, number of inputs than the number of absent outputs; iii) the missing output blocks are only from a fixed subset of the output blocks; and iv) the transform generates n outputs so that it can still reconstruct the inputs as long as s outputs are available. In the last case, the absence of n-s+t outputs can protect the security of any t inputs. For each of these transforms, various existence and non-existence results, as well as bounds and equivalence results are presented. We finish with proposing an application of generalization (iv) in secure distributed storage

Tunable Security for Deployable Data Outsourcing

Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management

Communication Security in Wireless Sensor Networks

A wireless sensor network (WSN) usually consists of a large number of small, low-cost devices that have limited energy supply, computation, memory, and communication capacities. Recently, WSNs have drawn a lot of attention due to their broad applications in both military and civilian domains. Communication security is essential to the success of WSN applications, especially for those mission-critical applications working in unattended and even hostile environments. However, providing satisfactory security protection in WSNs has ever been a challenging task due to various network & resource constraints and malicious attacks. This motivates the research on communication security for WSNs. This dissertation studies communication security in WSNs with respect to three important aspects. The first study addresses broadcast/multicast security in WSNs. We propose a multi-user broadcast authentication technique, which overcomes the security vulnerability of existing solutions. The proposed scheme guarantees immediate broadcast authentication by employing public key cryptography, and achieves the efficiency through integrating various techniques from different domains. We also address multicast encryption to solve data confidentiality concern for secure multicast. We propose an efficient multicast key management scheme supporting a wide range of multicast semantics, which utilizes the fact that sensors are both routers and end-receivers. The second study addresses data report security in WSNs. We propose a location-aware end-to-end security framework for WSNs, in which secret keys are bound to geographic locations so that the impact of sensor compromise are limited only to their vicinity. The proposed scheme effectively defeats not only bogus data injection attacks but also various DoS attacks. In this study, we also address event boundary detection as a specific case of secure data aggregation in WSNs. We propose a secure and fault-tolerant event boundary detection scheme, which securely detects the boundaries of large spatial events in a localized statistic manner. The third study addresses random key pre-distribution in WSNs. We propose a keyed-hash-chain-based key pool generation technique, which leads to a more efficient key pre-distribution scheme with better security resilience in the case of sensor compromise