34 research outputs found
Verifiable Order Queries and Order Statistics on a List in Zero-Knowledge
Given a list L with n elements, an order query on L asks
whether a given element x in L precedes or follows another
element y in L.
More generally, given a set of m elements from L, an order
query asks for the set ordered according to the positions of the
elements in L.
We introduce two formal models for answering order queries on a list
in a verifiable manner and in zero-knowledge. We also present
efficient constructions for these models.
Our first model, called \emph{zero-knowledge list} (ZKL), generalizes
membership queries on a set to order queries on a list in zero-knowledge.
We present a construction of ZKL based on zero-knowledge
sets and a homomorphic integer commitment scheme.
Our second model, \emph{privacy-preserving authenticated list} (PPAL),
extends authenticated data structures by adding a zero-knowledge
privacy requirement. In this model, a list is outsourced by a trusted
owner to an untrusted cloud server, which answers order queries issued
by clients. The server also returns a proof of the answer, which is
verified by the client using a digest of the list obtained from the
owner. PPAL supports the security properties of data integrity against
a malicious server and privacy protection against a malicious client.
Though PPAL can be implemented using our ZKL construction, this
construction is not as efficient as desired in cloud applications. To
this end, we present an efficient PPAL construction based on
blinded bilinear accumulators and bilinear maps, which is provably
secure and zero-knowledge (e.g., hiding even the size of the list). Our PPAL construction uses proofs of size and allows the client to verify a proof in time.~The owner executes the setup in time and space. The server uses space to store the list and related authentication information, and takes time to answer a query and generate a proof.
Both our ZKL and PPAL constructions have one round of communication
and are secure in the random oracle model.
Finally, we show that our ZKL and PPAL frameworks
can be extended to support fundamental statistical queries (including maximum, minimum, median, threshold and top-t elements) efficiently
and in zero-knowledge
Privacy, Access Control, and Integrity for Large Graph Databases
Graph data are extensively utilized in social networks, collaboration networks, geo-social networks, and communication networks. Their growing usage in cyberspaces poses daunting security and privacy challenges. Data publication requires privacy-protection mechanisms to guard against information breaches. In addition, access control mechanisms can be used to allow controlled sharing of data. Provision of privacy-protection, access control, and data integrity for graph data require a holistic approach for data management and secure query processing. This thesis presents such an approach. In particular, the thesis addresses two notable challenges for graph databases, which are: i) how to ensure users\u27 privacy in published graph data under an access control policy enforcement, and ii) how to verify the integrity and query results of graph datasets. To address the first challenge, a privacy-protection framework under role-based access control (RBAC) policy constraints is proposed. The design of such a framework poses a trade-off problem, which is proved to be NP-complete. Novel heuristic solutions are provided to solve the constraint problem. To the best of our knowledge, this is the first scheme that studies the trade-off between RBAC policy constraints and privacy-protection for graph data. To address the second challenge, a cryptographic security model based on Hash Message Authentic Codes (HMACs) is proposed. The model ensures integrity and completeness verification of data and query results under both two-party and third-party data distribution environments. Unique solutions based on HMACs for integrity verification of graph data are developed and detailed security analysis is provided for the proposed schemes. Extensive experimental evaluations are conducted to illustrate the performance of proposed algorithms
On Structural Signatures for Tree Data Structures
Abstract. In this paper, we present new attacks on the redactable signature scheme introduced by Kundu and Bertino at VLDB '08. This extends the work done by Brzuska et al. at ACNS '10 and Samelin et al. at ISPEC '12. The attacks address unforgeability, transparency and privacy. Based on the ideas of Kundu and Bertino, we introduce a new provably secure construction. The corresponding security model is more flexible than the one introduced by Brzuska et al. Moreover, we have implemented schemes introduced by Brzuska et al. and Kundu and Bertino. The evaluation shows that schemes with a quadratic complexity become unuseable very fast
Verifiably encrypted cascade-instantiable blank signatures to secure progressive decision management
National Research Foundation (NRF) Singapore under NC
A Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing
The storage of health records in electronic format, and the
wide-spread sharing of these records among different health
care providers, have enormous potential benefits to the U.S.
healthcare system. These benefits include both improving
the quality of health care delivered to patients and reducing
the costs of delivering that care. However, maintaining the
security of electronic health record systems and the privacy
of the information they contain is paramount to ensure that
patients have confidence in the use of such systems. In this
paper, we propose a framework for electronic health record
sharing that is patient centric, i.e. it provides patients with
substantial control over how their information is shared and
with whom; provides for verifiability of original sources of
health information and the integrity of the data; and permits fine-grained decisions about when data can be shared
based on the use of attribute-based techniques for authorization and access control. We present the architecture of the
framework, describe a prototype system we have built based
on it, and demonstrate its use within a scenario involving
emergency responders' access to health record information
Secure Digital Information Forward Using Highly Developed AES Techniques in Cloud Computing
Nowadays, in communications, the main criteria are ensuring the digital information and communication in the network. The normal two users' communication exchanges confidential data and files via the web. Secure data communication is the most crucial problem for message transmission networks. To resolve this problem, cryptography uses mathematical encryption and decryption data on adaptation by converting data from a key into an unreadable format. Cryptography provides a method for performing the transmission of confidential or secure communication. The proposed AES (Advanced Encryption Standard)-based Padding Key Encryption (PKE) algorithm encrypts the Data; it generates the secret key in an unreadable format. The receiver decrypts the data using the private key in a readable format. In the proposed PKE algorithm, the sender sends data into plain Text to cypher-text using a secret key to the authorized person; the unauthorized person cannot access the data through the Internet; only an authorized person can view the data through the private key. A method for identifying user groups was developed. Support vector machines (SVM) were used in user behaviour analysis to estimate probability densities so that each user could be predicted to launch applications and sessions independently. The results of the proposed simulation offer a high level of security for transmitting sensitive data or files to recipients compared to other previous methods and user behaviour analysis
Cloud technology options towards Free Flow of Data
This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them