98 research outputs found
Certificateless Key Insulated Encryption: Cryptographic Primitive for Achieving Key-escrow free and Key-exposure Resilience
Certificateless encryption (CLE) alleviates the heavy certificate management in traditional public key encryption and the key escrow problem in the ID-based encryption simultaneously. Current CLE
schemes assumed that the user’s secret key is absolutely secure. Unfortunately, this assumption is too strong in case the CLE is deployed in the
hostile setting and the leakage of secret key is inevitable. In this paper,
we present a new concept called an certificateless key insulated encryption scheme (CL-KIE). We argue that this is an important cryptographic
primitive that can be used to achieve key-escrow free and key-exposure
resilience. We also present an efficient CL-KIE scheme based on bilinear pairing. After that, the security of our scheme is proved under the
Bilinear Diffie-Hellman assumption in the random oracle model.
Certificateless encryption (CLE) alleviates the heavy certificate management in traditional public key encryption and the key escrow problem in
the ID-based encryption simultaneously. Current CLE schemes assumed
that the user’s secret key is absolutely secure. Unfortunately, this assumption is too strong in case the CLE is deployed in the hostile setting
and the leakage of the secret key is inevitable. In this paper, we present
a new concept called a certificateless key insulated encryption scheme
(CL-KIE). We argue that this is an important cryptographic primitive
that can be used to achieve key-escrow free and key-exposure resilience.
We also present an efficient CL-KIE scheme based on bilinear pairing.
After that, the security of our scheme is proved under the Bilinear DiffieHellman assumption in the random oracle model
Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct
Sexual misconduct is prevalent in workplace and education settings
but stigma and risk of further damage deter many victims from
seeking justice. Callisto, a non-profit that has created an online sexual assault reporting platform for college campuses, is expanding its
work to combat sexual assault and harassment in other industries.
In this new product, users will be invited to an online "matching
escrow" that will detect repeat perpetrators and create pathways
to support for victims. Users submit encrypted data about their
perpetrator, and this data can only be decrypted by the Callisto
Options Counselor (a lawyer), when another user enters the identity of the same perpetrator. If the perpetrator identities match,
both users will be put in touch independently with the Options
Counselor, who will connect them to each other (if appropriate) and
help them determine their best path towards justice. The client relationships with the Options Counselors are structured so that any
client-counselor communications would be privileged. A combination of client-side encryption, encrypted communication channels,
oblivious pseudo-random functions, key federation, and Shamir
Secret Sharing keep data confidential in transit, at rest, and during
the matching process with the guarantee that only the lawyer ever
has access to user submitted data, and even then only when a match
is identified.Accepted manuscrip
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption
A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys
Recommended from our members
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption
A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
Techniques, Taxonomy, and Challenges of Privacy Protection in the Smart Grid
As the ease with which any data are collected and transmitted increases,
more privacy concerns arise leading to an increasing need to protect and preserve
it. Much of the recent high-profile coverage of data mishandling and public mis-
leadings about various aspects of privacy exasperates the severity. The Smart Grid
(SG) is no exception with its key characteristics aimed at supporting bi-directional
information flow between the consumer of electricity and the utility provider. What
makes the SG privacy even more challenging and intriguing is the fact that the very
success of the initiative depends on the expanded data generation, sharing, and pro-
cessing. In particular, the deployment of smart meters whereby energy consumption
information can easily be collected leads to major public hesitations about the tech-
nology. Thus, to successfully transition from the traditional Power Grid to the SG
of the future, public concerns about their privacy must be explicitly addressed and
fears must be allayed. Along these lines, this chapter introduces some of the privacy
issues and problems in the domain of the SG, develops a unique taxonomy of some
of the recently proposed privacy protecting solutions as well as some if the future
privacy challenges that must be addressed in the future.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111644/1/Uludag2015SG-privacy_book-chapter.pd
Crowdfunding Non-fungible Tokens on the Blockchain
Non-fungible tokens (NFTs) have been used as a way of rewarding content creators. Artists publish their works on the blockchain as NFTs, which they can then sell. The buyer of an NFT then holds ownership of a unique digital asset, which can be resold in much the same way that real-world art collectors might trade paintings. However, while a deal of effort has been spent on selling works of art on the blockchain, very little attention has been paid to using the blockchain as a means of fundraising to help finance the artist’s work in the first place. Additionally, while blockchains like Ethereum are ideal for smaller works of art, additional support is needed when the artwork is larger than is feasible to store on the blockchain. In this paper, we propose a fundraising mechanism that will help artists to gain financial support for their initiatives, and where the backers can receive a share of the profits in exchange for their support. We discuss our prototype implementation using the SpartanGold framework. We then discuss how this system could be expanded to support large NFTs with the 0Chain blockchain, and describe how we could provide support for ongoing storage of these NFTs
Fake Malware Generation Using HMM and GAN
In the past decade, the number of malware attacks have grown considerably and, more importantly, evolved. Many researchers have successfully integrated state-of-the-art machine learning techniques to combat this ever present and rising threat to information security. However, the lack of enough data to appropriately train these machine learning models is one big challenge that is still present. Generative modelling has proven to be very efficient at generating image-like synthesized data that can match the actual data distribution. In this paper, we aim to generate malware samples as opcode sequences and attempt to differentiate them from the real ones with the goal to build fake malware data that can be used to effectively train the machine learning models. We use and compare different Generative Adversarial Networks (GAN) algorithms and Hidden Markov Models (HMM) to generate such fake samples obtaining promising results
Toward Unified Security and Privacy Protection for Smart Meter Networks
The management of security and privacy protection mechanisms is one fundamental issue of future smart grid and metering networks. Designing effective and economic measures is a non-trivial task due to a) the large number of system requirements and b) the uncertainty over how the system functionalities are going to be specified and evolve. The paper explores a unified approach for addressing security and privacy of smart metering systems. In the process, we present a unified framework that entails the analysis and synthesis of security solutions associated with closely interrelated components of a typical smart metering system. Ultimately, the proposed framework can be used as a guideline for embedding cross-domain security and privacy solutions into smart grid communication systems
A Console GRID Leveraged Authentication and Key Agreement Mechanism for LTE/SAE
Growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among bulk of the human race that happens to be cellular technology users, has fueled the adaptation to long-term evolution (LTE)/system architecture evolution. The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in authentication mechanism used in LTE that without countermeasures might give super user rights to unauthorized users. The LTE uses static LTE key to derive the entire key hierarchy, i.e., LTE follows Evolved Packet System–Authentication and Key Agreement based authentication, which discloses user identity, location, and other personally identifiable information. To counter this, we propose a public key cryptosystem named “International mobile subscriber identity Protected Console Grid based Authentication and Key Agreement (IPG-AKA) protocol” to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves security of authentication procedures, but also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper prove that IPG-AKA improves security in authentication procedure and performance in the LTE
- …