975 research outputs found
Efficient Verifiable Computation of XOR for Biometric Authentication
This work addresses the security and privacy issues in remotebiometric authentication by proposing an efficient mechanism to verifythe correctness of the outsourced computation in such protocols.In particular, we propose an efficient verifiable computation of XORingencrypted messages using an XOR linear message authenticationcode (MAC) and we employ the proposed scheme to build a biometricauthentication protocol. The proposed authentication protocol is bothsecure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient
Extended Functionality in Verifiable Searchable Encryption
Abstract. When outsourcing the storage of sensitive data to an (un-trusted) remote server, a data owner may choose to encrypt the data beforehand to preserve confidentiality. However, it is then difficult to efficiently retrieve specific portions of the data as the server is unable to identify the relevant information. Searchable encryption has been well studied as a solution to this problem, allowing data owners and other au-thorised users to generate search queries which the server may execute over the encrypted data to identify relevant data portions. However, many current schemes lack two important properties: verifia-bility of search results, and expressive queries. We introduce Extended Verifiable Searchable Encryption (eVSE) that permits a user to verify that search results are correct and complete. We also permit verifiabl
FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme
A symmetric searchable encryption (SSE) scheme allows a client (data owner)
to search on encrypted data outsourced to an untrusted cloud server. The search
may either be a single keyword search or a complex query search like
conjunctive or Boolean keyword search. Information leakage is quite high for
dynamic SSE, where data might be updated. It has been proven that to avoid this
information leakage an SSE scheme with dynamic data must be forward private. A
dynamic SSE scheme is said to be forward private, if adding a keyword-document
pair does not reveal any information about the previous search result with that
keyword.
In SSE setting, the data owner has very low computation and storage power. In
this setting, though some schemes achieve forward privacy with
honest-but-curious cloud, it becomes difficult to achieve forward privacy when
the server is malicious, meaning that it can alter the data. Verifiable dynamic
SSE requires the server to give a proof of the result of the search query. The
data owner can verify this proof efficiently. In this paper, we have proposed a
generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward
private DSSE scheme verifiable without losing forward privacy. The proposed
scheme does not require any extra storage at owner-side and requires minimal
computational cost as well for the owner. Moreover, we have compared our scheme
with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201
Verifiable Outsourced Database Model: A Game-Theoretic Approach
In the verifiable database (VDB) model, a computationally weak client (database owner) delegates
his database management to a database service provider on the cloud, which is considered
untrusted third party, while users can query the data and verify the integrity of query results. Since
the process can be computationally costly and has a limited support for sophisticated query types
such as aggregated queries, we propose in this research a framework that helps bridge the gap between
security and practicality. The proposed framework remodels the verifiable database problem
using Stackelberg security game. In the new model, the database owner creates and uploads to
the database service provider the database and its authentication structure (AS). Next, the game is
played between the defender (verifier), who is a trusted party to the database owner and runs scheduled
randomized verifications using Stackelberg mixed strategy, and the database service provider.
The idea is to randomize the verification schedule in an optimized way that grants the optimal payoff
for the verifier while making it extremely hard for the database service provider or any attacker
to figure out which part of the database is being verified next.
We have implemented and compared the proposed model performance with a uniform randomization
model. Simulation results show that the proposed model outperforms the uniform randomization
model. Furthermore, we have evaluated the efficiency of the proposed model against
different cost metrics
Hybrid Publicly Verifiable Computation
Publicly Verifiable Outsourced Computation (PVC) allows weak devices to delegate com-putations to more powerful servers, and to verify the correctness of results. Delegation and verification rely only on public parameters, and thus PVC lends itself to large multi-user systems where entities need not be registered. In such settings, individual user requirements may be diverse and cannot be realised with current PVC solutions. In this paper, we in-troduce Hybrid PVC (HPVC) which, with a single setup stage, provides a flexible solution to outsourced computation supporting multiple modes: (i) standard PVC, (ii) PVC with cryptographically enforced access control policies restricting the servers that may perform a given computation, and (iii) a reversed model of PVC which we call Verifiable Delegable Computation (VDC) where data is held remotely by servers. Entities may dynamically play the role of delegators or servers as required
Dynamic proofs of retrievability with low server storage
Proofs of Retrievability (PoRs) are protocols which allow a client to store
data remotely and to efficiently ensure, via audits, that the entirety of that
data is still intact. A dynamic PoR system also supports efficient retrieval
and update of any small portion of the data. We propose new, simple protocols
for dynamic PoR that are designed for practical efficiency, trading decreased
persistent storage for increased server computation, and show in fact that this
tradeoff is inherent via a lower bound proof of time-space for any PoR scheme.
Notably, ours is the first dynamic PoR which does not require any special
encoding of the data stored on the server, meaning it can be trivially composed
with any database service or with existing techniques for encryption or
redundancy. Our implementation and deployment on Google Cloud Platform
demonstrates our solution is scalable: for example, auditing a 1TB file takes
just less than 5 minutes and costs less than $0.08 USD. We also present several
further enhancements, reducing the amount of client storage, or the
communication bandwidth, or allowing public verifiability, wherein any
untrusted third party may conduct an audit
- …