1,226 research outputs found
Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems
Authenticated data structures provide cryptographic proofs that their answers
are as accurate as the author intended, even if the data structure is being
controlled by a remote untrusted host. We present efficient techniques for
authenticating data structures that represent graphs and collections of
geometric objects. We introduce the path hash accumulator, a new primitive
based on cryptographic hashing for efficiently authenticating various
properties of structured data represented as paths, including any decomposable
query over sequences of elements. We show how to employ our primitive to
authenticate queries about properties of paths in graphs and search queries on
multi-catalogs. This allows the design of new, efficient authenticated data
structures for fundamental problems on networks, such as path and connectivity
queries over graphs, and complex queries on two-dimensional geometric objects,
such as intersection and containment queries.Comment: Full version of related paper appearing in CT-RSA 200
Authenticating Aggregate Range Queries over Dynamic Multidimensional Dataset
We are interested in the integrity of the query results from an outsourced database service provider. Alice passes a set
of -dimensional points, together with some authentication tag , to an untrusted service provider Bob. Later, Alice issues some query over to Bob, and Bob should produce a query result and a proof based on and .
Alice wants to verify the integrity of the query result with the help of the proof, using only the private key.
Xu J.~\emph{et al.}~\cite{maia-full} proposed an authentication scheme to solve this problem for multidimensional aggregate range query, including {\SUM, \COUNT, \MIN, \MAX} and {\MEDIAN}, and multidimensional range selection query, with communication overhead. However, their scheme only applys to static database.
This paper extends their method to support dynamic operations on the dataset, including inserting or deleting a point from the dataset. The communication overhead of our scheme is , where is the
number of data points in the dataset
An effective, secure and efficient tagging method for integrity protection of outsourced data in a public cloud storage
Data Integrity Auditing (DIA) is a security service for checking the integrity of data stored in a PCS (Public Cloud Storage), a third-party based storage service. A DIA service is provided by using integrity tags (hereafter referred to tags). This paper proposes a novel tagging method, called Tagging of Outsourced Data (TOD), for generating and verifying tags of files. TOD has a number of unique properties: (i) it supports both public and private verifiability, and achieves this property with a low level of overhead at the user end, making it particularly attractive to mobile users with resource-constrained devices, (ii) it protects data confidentiality, supports dynamic tags and is resilient against tag forgery and tag tampering (i.e. by authorised insiders) at the same time in more secure and efficient, making the method more suited to the PCS environment, (iii) it supports tags deduplication, making it more efficient, particularly for the user who has many files with data redundancy. Comprehensive security analysis and performance evaluation have been conducted to demonstrate the efficacy and efficiency of the approach taken in the design
Audio-Visual Biometric Recognition and Presentation Attack Detection: A Comprehensive Survey
Biometric recognition is a trending technology that uses unique
characteristics data to identify or verify/authenticate security applications.
Amidst the classically used biometrics, voice and face attributes are the most
propitious for prevalent applications in day-to-day life because they are easy
to obtain through restrained and user-friendly procedures. The pervasiveness of
low-cost audio and face capture sensors in smartphones, laptops, and tablets
has made the advantage of voice and face biometrics more exceptional when
compared to other biometrics. For many years, acoustic information alone has
been a great success in automatic speaker verification applications. Meantime,
the last decade or two has also witnessed a remarkable ascent in face
recognition technologies. Nonetheless, in adverse unconstrained environments,
neither of these techniques achieves optimal performance. Since audio-visual
information carries correlated and complementary information, integrating them
into one recognition system can increase the system's performance. The
vulnerability of biometrics towards presentation attacks and audio-visual data
usage for the detection of such attacks is also a hot topic of research. This
paper made a comprehensive survey on existing state-of-the-art audio-visual
recognition techniques, publicly available databases for benchmarking, and
Presentation Attack Detection (PAD) algorithms. Further, a detailed discussion
on challenges and open problems is presented in this field of biometrics
Detecting Incorrect Behavior of Cloud Databases as an Outsider
Cloud DBs offer strong properties, including serializability, sometimes
called the gold standard database correctness property. But cloud DBs are
complicated black boxes, running in a different administrative domain from
their clients; thus, clients might like to know whether the DBs are meeting
their contract. A core difficulty is that the underlying problem here, namely
verifying serializability, is NP-complete. Nevertheless, we hypothesize that on
real-world workloads, verifying serializability is tractable, and we treat the
question as a systems problem, for the first time. We build Cobra, which tames
the underlying search problem by blending a new encoding of the problem,
hardware acceleration, and a careful choice of a suitable SMT solver. cobra
also introduces a technique to address the challenge of garbage collection in
this context. cobra improves over natural baselines by at least 10x in the
problem size it can handle, while imposing modest overhead on clients
On the security of NoSQL cloud database services
Processing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS introduces new challenges such as confidentiality violation and information leakage in the presence of privileged malicious insiders and adds new dimension to the data security. We address the problem of building a secure DBaaS for a public cloud infrastructure where, the Cloud Service Provider (CSP) is not completely trusted by the data owner. We present a high level description of several architectures combining modern cryptographic primitives for achieving this goal. A novel searchable security scheme is proposed to leverage secure query processing in presence of a malicious cloud insider without disclosing sensitive information. A holistic database security scheme comprised of data confidentiality and information leakage prevention is proposed in this dissertation. The main contributions of our work are: (i) A searchable security scheme for non-relational databases of the cloud DBaaS; (ii) Leakage minimization in the untrusted cloud. The analysis of experiments that employ a set of established cryptographic techniques to protect databases and minimize information leakage, proves that the performance of the proposed solution is bounded by communication cost rather than by the cryptographic computational effort
Deep Underground Science and Engineering Laboratory - Preliminary Design Report
The DUSEL Project has produced the Preliminary Design of the Deep Underground
Science and Engineering Laboratory (DUSEL) at the rehabilitated former
Homestake mine in South Dakota. The Facility design calls for, on the surface,
two new buildings - one a visitor and education center, the other an experiment
assembly hall - and multiple repurposed existing buildings. To support
underground research activities, the design includes two laboratory modules and
additional spaces at a level 4,850 feet underground for physics, biology,
engineering, and Earth science experiments. On the same level, the design
includes a Department of Energy-shepherded Large Cavity supporting the Long
Baseline Neutrino Experiment. At the 7,400-feet level, the design incorporates
one laboratory module and additional spaces for physics and Earth science
efforts. With input from some 25 science and engineering collaborations, the
Project has designed critical experimental space and infrastructure needs,
including space for a suite of multidisciplinary experiments in a laboratory
whose projected life span is at least 30 years. From these experiments, a
critical suite of experiments is outlined, whose construction will be funded
along with the facility. The Facility design permits expansion and evolution,
as may be driven by future science requirements, and enables participation by
other agencies. The design leverages South Dakota's substantial investment in
facility infrastructure, risk retirement, and operation of its Sanford
Laboratory at Homestake. The Project is planning education and outreach
programs, and has initiated efforts to establish regional partnerships with
underserved populations - regional American Indian and rural populations
Privacy-Enhanced Query Processing in a Cloud-Based Encrypted DBaaS (Database as a Service)
In this dissertation, we researched techniques to support trustable and privacy enhanced solutions for on-line applications accessing to “always encrypted” data in
remote DBaaS (data-base-as-a-service) or Cloud SQL-enabled backend solutions.
Although solutions for SQL-querying of encrypted databases have been proposed in
recent research, they fail in providing: (i) flexible multimodal query facilities includ ing online image searching and retrieval as extended queries to conventional SQL-based
searches, (ii) searchable cryptographic constructions for image-indexing, searching and
retrieving operations, (iii) reusable client-appliances for transparent integration of multi modal applications, and (iv) lack of performance and effectiveness validations for Cloud based DBaaS integrated deployments.
At the same time, the study of partial homomorphic encryption and multimodal
searchable encryption constructions is yet an ongoing research field. In this research
direction, the need for a study and practical evaluations of such cryptographic is essential,
to evaluate those cryptographic methods and techniques towards the materialization of
effective solutions for practical applications.
The objective of the dissertation is to design, implement and perform experimental
evaluation of a security middleware solution, implementing a client/client-proxy/server appliance software architecture, to support the execution of applications requiring on line multimodal queries on “always encrypted” data maintained in outsourced cloud
DBaaS backends. In this objective we include the support for SQL-based text-queries
enhanced with searchable encrypted image-retrieval capabilities. We implemented a
prototype of the proposed solution and we conducted an experimental benchmarking
evaluation, to observe the effectiveness, latency and performance conditions in support ing those queries. The dissertation addressed the envisaged security middleware solution,
as an experimental and usable solution that can be extended for future experimental
testbench evaluations using different real cloud DBaaS deployments, as offered by well known cloud-providers.Nesta dissertação foram investigadas técnicas para suportar soluções com garantias de
privacidade para aplicações que acedem on-line a dados que são mantidos sempre cifrados em nuvens que disponibilizam serviços de armazenamento de dados, nomeadamente
soluções do tipo bases de dados interrogáveis por SQL. Embora soluções para suportar interrogações SQL em bases de dados cifradas tenham sido propostas anteriormente, estas
falham em providenciar: (i) capacidade de efectuar pesquisas multimodais que possam
incluir pesquisa combinada de texto e imagem com obtenção de imagens online, (ii) suporte de privacidade com base em construções criptograficas que permitam operações
de indexacao, pesquisa e obtenção de imagens como dados cifrados pesquisáveis, (iii)
suporte de integração para aplicações de gestão de dados em contexto multimodal, e (iv)
ausência de validações experimentais com benchmarking dobre desempenho e eficiência
em soluções DBaaS em que os dados sejam armazenados e manipulados na sua forma
cifrada.
A pesquisa de soluções de privacidade baseada em primitivas de cifras homomórficas
parciais, tem sido vista como uma possível solução prática para interrogação de dados e
bases de dados cifradas. No entanto, este é ainda um campo de investigação em desenvolvimento. Nesta direção de investigação, a necessidade de estudar e efectuar avaliações
experimentais destas primitivas em bibliotecas de cifras homomórficas, reutilizáveis em
diferentes contextos de aplicação e como solução efetiva para uso prático mais generalizado, é um aspeto essencial.
O objectivo da dissertação e desenhar, implementar e efectuar avalições experimentais
de uma proposta de solução middleware para suportar pesquisas multimodais em bases
de dados mantidas cifradas em soluções de nuvens de armazenamento. Esta proposta visa
a concepção e implementação de uma arquitectura de software client/client-proxy/server appliance para suportar execução eficiente de interrogações online sobre dados cifrados,
suportando operações multimodais sobre dados mantidos protegidos em serviços de
nuvens de armazenamento. Neste objectivo incluímos o suporte para interrogações estendidas de SQL, com capacidade para pesquisa e obtenção de dados cifrados que podem
incluir texto e pesquisa de imagens por similaridade. Foi implementado um prototipo da
solução proposta e foi efectuada uma avaliação experimental do mesmo, para observar as condições de eficiencia, latencia e desempenho do suporte dessas interrogações. Nesta
avaliação incluímos a análise experimental da eficiência e impacto de diferentes construções criptográficas para pesquisas cifradas (searchable encryption) e cifras parcialmente
homomórficas e que são usadas como componentes da solução proposta.
A dissertaçao aborda a soluçao de seguranca projectada, como uma solução experimental que pode ser estendida e utilizavel para futuras aplcações e respetivas avaliações
experimentais. Estas podem vir a adoptar soluções do tipo DBaaS, oferecidos como serviços na nuvem, por parte de diversos provedores ou fornecedores
Cyber Security
This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security
- …