Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey

Efficient trapdoor-based client puzzle system against DoS attacks

Denial of service (DoS) and distributed denial of service (DDoS) are serious threats to computer networks. DoS and DDoS attacks aim to shut down a target server by depleting its resources and rendering it incapable of offering stable and integrated service to legitimate clients. Preventing DoS and DDoS attacks is a difficult task. A promising countermeasure against DoS attacks is the Client Puzzle method, which nevertheless faces a number of challenges, such as the complexity of puzzle construction and solution verification. Our research focuses on exploring novel puzzle constructions to satisfy the high demands of DoS defence in practice. In this thesis, we first identify the underlying weaknesses of existing client puzzles. To mitigate these vulnerabilities, we recommend the necessary requirements for good client puzzles. Based on this, we propose a new model for puzzle distribution, called the Trapdoor-based Client Puzzle System (TCPS). Two specific schemes are presented to construct puzzles within TCPS. We depict these two schemes, where each trapdoor algorithm is applied respectively. Both schemes have two distinct features: the computational overheads are low, and the difficulty level of puzzles is measurable. Moreover, both puzzle schemes are provably secure under traditional hard problems in mathematics. Our contribution to client puzzle defence against DoS attacks can be summarised as follows: * Identify the shortcomings of existing client puzzles. * Recommend the requirements of good client puzzles. * Formally define the Trapdoor-based Client Puzzle System, along with strict security conditions. * Propose a client puzzle scheme whose security is based on the RSA Assumption. Effectiveness and security are analysed and proven. * Propose a second client puzzle scheme whose security is based on the Discrete Logarithm Problem (DLP). Similarly, effectiveness and security are also analysed. * Provide a possible configuration for system parameters. * Discuss further possible attacks and their solutions. As our research is carried out in DoS attack scenarios, we also introduce this technical background before our achievements are presented

Secured Data Outsourcing in Cloud Computing

Cloud computing is a popular technology in the IT world. After internet, it is the biggest thing for IT world. Cloud computing uses the Internet for performing the task on the computer and it is the next- generation architecture of IT Industry. It is related to different technologies and the convergence of various technologies has emerged to be called as cloud computing. It places the application software and databases to the huge data centers, where the supervision of the data and services may not be fully trusted. This unique attribute poses many new security challenges which have not been well understood. In this paper, we develop system which allows customer to use cloud server with various profits and strong securities. So when customer stores his sensitive data on cloud server he should not worry about securities, we also protect customer’s account from malicious behaviors by verifying the result. This result verification mechanism is highly efficient for both cloud server and cloud customer. Covering security analysis and experiment results shows the immediate practicability of our mechanism design. DOI: 10.17762/ijritcc2321-8169.150314

Cloud based privacy preserving data mining model using hybrid k-anonymity and partial homomorphic encryption

The evolution of information and communication technologies have encourage numerous organizations to outsource their business and data to cloud computing to perform data mining and other data processing operations. Despite the great benefits of the cloud, it has a real problem in the security and privacy of data. Many studies explained that attackers often reveal the information from third-party services or third-party clouds. When a data owners outsource their data to the cloud, especially the SaaS cloud model, it is difficult to preserve the confidentiality and integrity of the data. Privacy-Preserving Data Mining (PPDM) aims to accomplish data mining operations while protecting the owner's data from violation. The current models of PPDM have some limitations. That is, they suffer from data disclosure caused by identity and attributes disclosure where some private information is revealed which causes the success of different types of attacks. Besides, existing solutions have poor data utility and high computational performance overhead. Therefore, this research aims to design and develop Hybrid Anonymization Cryptography PPDM (HAC-PPDM) model to improve the privacy-preserving level by reducing data disclosure before outsourcing data for mining over the cloud while maintaining data utility. The proposed HAC-PPDM model is further aimed reducing the computational performance overhead to improve efficiency. The Quasi-Identifiers Recognition algorithm (QIR) is defined and designed depending on attributes classification and Quasi-Identifiers dimension determine to overcome the identity disclosure caused by Quasi-Identifiers linking to reduce privacy leakage. An Enhanced Homomorphic Scheme is designed based on hybridizing Cloud-RSA encryption scheme, Extended Euclidean algorithm (EE), Fast Modular Exponentiation algorithm (FME), and Chinese Remainder Theorem (CRT) to minimize the computational time complexity while reducing the attribute disclosure. The proposed QIR, Enhanced Homomorphic Scheme and k-anonymity privacy model have been hybridized to obtain optimal data privacy-preservation before outsourced it on the cloud while maintaining the utility of data that meets the needs of mining with good efficiency. Real-world datasets have been used to evaluate the proposed algorithms and model. The experimental results show that the proposed QIR algorithm improved the data privacy-preserving percentage by 23% while maintaining the same or slightly better data utility. Meanwhile, the proposed Enhanced Homomorphic Scheme is more efficient comparing to the related works in terms of time complexity as represented by Big O notation. Moreover, it reduced the computational time of the encryption, decryption, and key generation time. Finally, the proposed HAC-PPDM model successfully reduced the data disclosures and improved the privacy-preserving level while preserved the data utility as it reduced the information loss. In short, it achieved improvement of privacy preserving and data mining (classification) accuracy by 7.59 % and 0.11 % respectively

A Review on: Association Rule Mining Using Privacy for Partitioned Database

Data Analysis techniques that are Association manage mining and Frequent thing set mining are two prominent and broadly utilized for different applications. The conventional framework concentrated independently on vertically parceled database and on a level plane apportioned databases on the premise of this presenting a framework which concentrate on both on a level plane and vertically divided databases cooperatively with protection safeguarding component. Information proprietors need to know the continuous thing sets or affiliation rules from an aggregate information set and unveil or uncover as few data about their crude information as could reasonably be expected to other information proprietors and outsiders. To guarantee information protection a Symmetric Encryption Technique is utilized to show signs of improvement result. Cloud supported successive thing set mining arrangement used to exhibit an affiliation govern mining arrangement. The subsequent arrangements are intended for outsourced databases that permit various information proprietors to proficiently share their information safely without trading off on information protection. Information security is one of the key procedures in outsourcing information to different outside clients. Customarily Fast Distribution Mining calculation was proposed for securing conveyed information. These business locales an issue by secure affiliation governs over parceled information in both even and vertical. A Frequent thing sets calculation and Distributed affiliation administer digging calculation is used for doing above method adequately in divided information, which incorporates administrations of the information in outsourcing process for disseminated databases. This work keeps up or keeps up proficient security over vertical and flat perspective of representation in secure mining applications

A Novel WLAN Client Puzzle against DoS Attack Based on Pattern Matching

Despite the popularity of 802.11 based networks, they suffer several types of DoS attack, launched by an attacker whose aim is to make an access point (AP) unavailable to legitimate users. One of the most common DoS attacks on 802.11 based networks is to deplete the resources of the AP. A serious situation like this can occur when the AP receives a burst of connection requests. This paper addresses this common DoS attack and proposes a lightweight puzzle, based on pattern-matching. Using a pattern-matching technique, this model adequately resists resource-depletion attacks in terms of both puzzle generation and solution verification. Using a sensible series of contextual comparisons, the outcomes were modelled by a simulator, and the security definition and proofs are verified, among other results

Efficient Delegated Private Set Intersection on Outsourced Private Datasets

Private set intersection (PSI) is an essential cryptographic protocol that has many real world applications. As cloud computing power and popularity have been swiftly growing, it is now desirable to leverage the cloud to store private datasets and delegate PSI computation to it. Although a set of efficient PSI protocols have been designed, none support outsourcing of the datasets and the computation. In this paper, we propose two protocols for delegated PSI computation on outsourced private datasets. Our protocols have a unique combination of properties that make them particularly appealing for a cloud computing setting. Our first protocol, O-PSI, satisfies these properties by using additive homomorphic encryption and point-value polynomial representation of a set. Our second protocol, EO-PSI, is mainly based on a hash table and point-value polynomial representation and it does not require public key encryption; meanwhile, it retains all the desirable properties and is much more efficient than the first one. We also provide a formal security analysis of the two protocols in the semi-honest model and we analyze their performance utilizing prototype implementations we have developed. Our performance analysis shows that EO-PSI scales well and is also more efficient than similar state-of-the-art protocols for large set sizes