60 research outputs found
URDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme
Design efficient lattice-based cryptosystem secure against adaptive chosen
ciphertext attack (IND-CCA2) is a challenge problem. To the date, full
CCA2-security of all proposed lattice-based PKE schemes achieved by using a
generic transformations such as either strongly unforgeable one-time signature
schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of
commitment. The drawback of these schemes is that encryption requires "separate
encryption". Therefore, the resulting encryption scheme is not sufficiently
efficient to be used in practice and it is inappropriate for many applications
such as small ubiquitous computing devices with limited resources such as smart
cards, active RFID tags, wireless sensor networks and other embedded devices.
In this work, for the first time, we introduce an efficient universal random
data padding (URDP) scheme, and show how it can be used to construct a "direct"
CCA2-secure encryption scheme from "any" worst-case hardness problems in
(ideal) lattice in the standard model, resolving a problem that has remained
open till date. This novel approach is a "black-box" construction and leads to
the elimination of separate encryption, as it avoids using general
transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security
of this scheme can be tightly reduced in the standard model to the assumption
that the underlying primitive is an one-way trapdoor function.Comment: arXiv admin note: text overlap with arXiv:1302.0347, arXiv:1211.6984;
and with arXiv:1205.5224 by other author
Privacy preservation in Internet of Things: a secure approach for distributed group authentication through Paillier cryptosystem
Ho creato un applicativo in java per l'autenticazione distribuita di gruppo in ambienti con risorse limitate come Internet of things. L'applicativo è stato testato su una rete MANET da 2 a 5 nodi
BALANCING PRIVACY, PRECISION AND PERFORMANCE IN DISTRIBUTED SYSTEMS
Privacy, Precision, and Performance (3Ps) are three fundamental design objectives in distributed systems. However, these properties tend to compete with one another and are not considered absolute properties or functions. They must be defined and justified in terms of a system, its resources, stakeholder concerns, and the security threat model.
To date, distributed systems research has only considered the trade-offs of balancing privacy, precision, and performance in a pairwise fashion. However, this dissertation formally explores the space of trade-offs among all 3Ps by examining three representative classes of distributed systems, namely Wireless Sensor Networks (WSNs), cloud systems, and Data Stream Management Systems (DSMSs). These representative systems support large part of the modern and mission-critical distributed systems.
WSNs are real-time systems characterized by unreliable network interconnections and highly constrained computational and power resources. The dissertation proposes a privacy-preserving in-network aggregation protocol for WSNs demonstrating that the 3Ps could be navigated by adopting the appropriate algorithms and cryptographic techniques that are not prohibitively expensive.
Next, the dissertation highlights the privacy and precision issues that arise in cloud databases due to the eventual consistency models of the cloud. To address these issues, consistency enforcement techniques across cloud servers are proposed and the trade-offs between 3Ps are discussed to help guide cloud database users on how to balance these properties.
Lastly, the 3Ps properties are examined in DSMSs which are characterized by high volumes of unbounded input data streams and strict real-time processing constraints. Within this system, the 3Ps are balanced through a proposed simple and efficient technique that applies access control policies over shared operator networks to achieve privacy and precision without sacrificing the systems performance.
Despite that in this dissertation, it was shown that, with the right set of protocols and algorithms, the desirable 3P properties can co-exist in a balanced way in well-established distributed systems, this dissertation is promoting the use of the new 3Ps-by-design concept. This concept is meant to encourage distributed systems designers to proactively consider the interplay among the 3Ps from the initial stages of the systems design lifecycle rather than identifying them as add-on properties to systems
Secure communications over insecure channels based on short authenticated strings
We propose a way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings, e.g. 15 bits. We call this SAS-based authentication as for authentication based on short authenticated strings. The extra channel uses a weak notion of authentication in which strings cannot be forged nor modified, but whose delivery can be maliciously stalled, canceled, or replayed. Our protocol is optimal and relies on an extractable or equivocable commitment scheme. This approach offers an alternative (or complement) to public-key infrastructures, since we no longer need any central authority, and to password-based authenticated key exchange, since we no longer need to establish a confidential password. It can be used to establish secure associations in ad-hoc networks. Applications could be the authentication of a public key (e.g. for SSH or PGP) by users over the telephone, the user-aided pairing of wireless (e.g. BIuetooth) devices, or the restore of secure associations in a disaster case, namely when one remote peer had his long-term keys corrupte
Recommended from our members
Telecommunication Network Security
YesOur global age is practically defined by the ubiquity of the Internet; the worldwide interconnection of
cyber networks that facilitates accessibility to virtually all ICT and other elements of critical
infrastructural facilities, with a click of a button. This is regardless of the user’s location and state of
equilibrium; whether static or mobile. However, such interconnectivity is not without security
consequences.
A telecommunication system is indeed a communication system with the distinguishing key
word, the Greek tele-, which means "at a distance," to imply that the source and sink of the system
are at some distance apart. Its purpose is to transfer information from some source to a distant user;
the key concepts being information, transmission and distance. These would require a means, each,
to send, convey and receive the information with safety and some degree of fidelity that is
acceptable to both the source and the sink.
Chapter K begins with an effort to conceptualise the telecommunication network security
environment, using relevant ITU-T2* recommendations and terminologies for secure telecommunications.
The chapter is primarily concerned with the security aspect of computer-mediated
telecommunications. Telecommunications should not be seen as an isolated phenomenon; it is a critical
resource for the functioning of cross-industrial businesses in connection with IT. Hence, just as
information, data or a computer/local computer-based network must have appropriate level of security,
so also a telecommunication network must have equivalent security measures; these may often be the
same as or similar to those for other ICT resources, e.g., password management.
In view of the forgoing, the chapter provides a brief coverage of the subject matter by first assessing
the context of security and the threat-scape. This is followed by an assessment of telecommunication
network security requirements; identification of threats to the systems, the conceivable counter or
mitigating measures and their implementation techniques. These bring into focus various
cryptographic/crypt analytical concepts, vis a vis social engineering/socio-crypt analytical techniques and
password management.
The chapter noted that the human factor is the most critical factor in the security system for at least
three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor
that transcends all the other elements of the entire system. This underscores the significance of social
2*International Telecommunications Union - Telecommunication Standardisation Sector
12
engineering in every facet of security arrangement. It is also noted that password security could be
enhanced, if a balance is struck between having enough rules to maintain good security and not having
too many rules that would compel users to take evasive actions which would, in turn, compromise
security. The chapter is of the view that network security is inversely proportional to its complexity. In
addition to the traditional authentication techniques, the chapter gives a reasonable attention to locationbased
authentication. The chapter concludes that security solutions have a technological component, but
security is fundamentally a people problem. This is because a security system is only as strong as its
weakest link, while the weakest link of any security system is the human infrastructure.
A projection for the future of telecommunication network security postulates that, network security
would continue to get worse unless there is a change in the prevailing practice of externality or vicarious
liability in the computer/security industry; where consumers of security products, as opposed to
producers, bear the cost of security ineffectiveness. It is suggested that all transmission devices be made
GPS-compliant, with inherent capabilities for location-based mutual authentication. This could enhance
the future of telecommunication security.Petroleum Technology Development Fun
Techniques, Taxonomy, and Challenges of Privacy Protection in the Smart Grid
As the ease with which any data are collected and transmitted increases,
more privacy concerns arise leading to an increasing need to protect and preserve
it. Much of the recent high-profile coverage of data mishandling and public mis-
leadings about various aspects of privacy exasperates the severity. The Smart Grid
(SG) is no exception with its key characteristics aimed at supporting bi-directional
information flow between the consumer of electricity and the utility provider. What
makes the SG privacy even more challenging and intriguing is the fact that the very
success of the initiative depends on the expanded data generation, sharing, and pro-
cessing. In particular, the deployment of smart meters whereby energy consumption
information can easily be collected leads to major public hesitations about the tech-
nology. Thus, to successfully transition from the traditional Power Grid to the SG
of the future, public concerns about their privacy must be explicitly addressed and
fears must be allayed. Along these lines, this chapter introduces some of the privacy
issues and problems in the domain of the SG, develops a unique taxonomy of some
of the recently proposed privacy protecting solutions as well as some if the future
privacy challenges that must be addressed in the future.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111644/1/Uludag2015SG-privacy_book-chapter.pd
Information management and security protection for internet of vehicles
Considering the huge number of vehicles on the roads, the Internet of Vehicles is envisioned to foster a variety of new applications ranging from road safety enhancement to mobile entertainment. These new applications all face critical challenges which are how to handle a large volume of data streams of various kinds and how the secure architecture enhances the security of the Internet of Vehicles systems. This dissertation proposes a comprehensive message routing solution to provide the fundamental support of information management for the Internet of Vehicles. The proposed approach delivers messages via a self-organized moving-zone-based architecture formed using pure vehicle-to-vehicle communication and integrates moving object modeling and indexing techniques to vehicle management. It can significantly reduce the communication overhead while providing higher delivery rates. To ensure the identity and location privacy of the vehicles on the Internet of Vehicles environment, a highly efficient randomized authentication protocol, RAU+ is proposed to leverage homomorphic encryption and enable individual vehicles to easily generate a new randomized identity for each newly established communication while each authentication server would not know their real identities. In this way, not any single party can track the user. To minimize the infrastructure reliance, this dissertation further proposes a secure and lightweight identity management mechanism in which vehicles only need to contact a central authority once to obtain a global identity. Vehicles take turns serving as the captain authentication unit in self-organized groups. The local identities are computed from the vehicle's global identity and do not reveal true identities. Extensive experiments are conducted under a variety of Internet of Vehicles environments. The experimental results demonstrate the practicality, effectiveness, and efficiency of the proposed protocols.Includes bibliographical references
Privacy-aware Security Applications in the Era of Internet of Things
In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties.
The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods
- …