1,200 research outputs found
Keyword-Based Delegable Proofs of Storage
Cloud users (clients) with limited storage capacity at their end can
outsource bulk data to the cloud storage server. A client can later access her
data by downloading the required data files. However, a large fraction of the
data files the client outsources to the server is often archival in nature that
the client uses for backup purposes and accesses less frequently. An untrusted
server can thus delete some of these archival data files in order to save some
space (and allocate the same to other clients) without being detected by the
client (data owner). Proofs of storage enable the client to audit her data
files uploaded to the server in order to ensure the integrity of those files.
In this work, we introduce one type of (selective) proofs of storage that we
call keyword-based delegable proofs of storage, where the client wants to audit
all her data files containing a specific keyword (e.g., "important"). Moreover,
it satisfies the notion of public verifiability where the client can delegate
the auditing task to a third-party auditor who audits the set of files
corresponding to the keyword on behalf of the client. We formally define the
security of a keyword-based delegable proof-of-storage protocol. We construct
such a protocol based on an existing proof-of-storage scheme and analyze the
security of our protocol. We argue that the techniques we use can be applied
atop any existing publicly verifiable proof-of-storage scheme for static data.
Finally, we discuss the efficiency of our construction.Comment: A preliminary version of this work has been published in
International Conference on Information Security Practice and Experience
(ISPEC 2018
Quantum Attacks on Modern Cryptography and Post-Quantum Cryptosystems
Cryptography is a critical technology in the modern computing industry, but the security of many cryptosystems relies on the difficulty of mathematical problems such as integer factorization and discrete logarithms. Large quantum computers can solve these problems efficiently, enabling the effective cryptanalysis of many common cryptosystems using such algorithms as Shor’s and Grover’s. If data integrity and security are to be preserved in the future, the algorithms that are vulnerable to quantum cryptanalytic techniques must be phased out in favor of quantum-proof cryptosystems. While quantum computer technology is still developing and is not yet capable of breaking commercial encryption, these steps can be taken immediately to ensure that the impending development of large quantum computers does not compromise sensitive data
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy
Cloud storage services have become accessible and used by everyone.
Nevertheless, stored data are dependable on the behavior of the cloud servers,
and losses and damages often occur. One solution is to regularly audit the
cloud servers in order to check the integrity of the stored data. The Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
presented in ACISP'15 is a straightforward design of such solution. However,
this scheme is threatened by several attacks. In this paper, we carefully
recall the definition of this scheme as well as explain how its security is
dramatically menaced. Moreover, we proposed two new constructions for Dynamic
Provable Data Possession scheme with Public Verifiability and Data Privacy
based on the scheme presented in ACISP'15, one using Index Hash Tables and one
based on Merkle Hash Trees. We show that the two schemes are secure and
privacy-preserving in the random oracle model.Comment: ISPEC 201
- …