Heap graph based software theft detection

published_or_final_versio

A privilege escalation vulnerability checking system for android applications

Android is a free, open source mobile platform based on the Linux kernel. The openness of the application platform attracts developers, both benign and malicious. Android depends on privilege separation to isolate applications from each other and from the system. However, a recent research reported that a genuine application exploited at runtime or a malicious application can escalate granted permissions. The attack depends on a carelessly designed application which fails to protect the permissions granted to it. In this research, we propose a vulnerability checking system to check if an application can be potentially leveraged by an attacker to launch such privilege escalation attack. We downloaded 1038 applications from the wild and found 217 potentially vulnerable applications that need further inspection.published_or_final_versionThe 13th IEEE International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of 13th ICCT, 2011, p. 681-68

Supporting efficient authorization in delegation with supervision

Delegation is commonly used in organizations to transfer some permission by one user to another user. However, most existing delegation schemes do not support supervision, which allows the delegators to retain control over how the delegated permission can be exercised. In this paper, we will describe how to support efficient authorization in delegation with supervision using proxy signature techniques. © 2005 IEEE.published_or_final_versio

Security and privacy issues for inter-vehicle communications in VANETs

Vehicular ad hoc network (VANET) is an emerging type of networks to allow vehicles on roads to communicate for driving safety. An vehicle can broadcast messages (e.g. accident information) to other vehicles. These messages may have impact on other vehicles as well as the traffic control system, so all messages must be signed and authenticated. On the other hand, privacy should be enforced while the real identity of the sender should be traceable by authorized party. In this poster, we first discuss the limitations of existing solutions. In particular, we describe an impersonation attack to one of the schemes, highlight the problem of communications overhead, and effectiveness of the message verification procedure. Then, we present the main ideas of our proposed scheme which can be shown to be secure and more effective than existing schemes.published_or_final_versionThe 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks Workshops (SECON Workshops '09), Rome, Italy, 22-26 June 2009. In Proceedings of the 6th IEEE SECON Workshops, 2009, p. 1-

Non-Transferable Proxy Re-Encryption Scheme

SEC8: Selected topics in Information SecurityA proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate reencryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. © 2012 IEEE.published_or_final_versio

Emphysematous pyelonephritis: an eight-year retrospective review across four hospitals in a single cluster

香港泌尿外科學會Moderated Poster (Free Paper) Session II - Upper Tract and Robotic Surgery: MP.2-1OBJECTIVE: Emphysematous pyelonephritis (EPN) is a rare but life-threatening infection. We aim to review our cluster’s experience of managing this urologic emergency. PATIENTS & METHODS: Case notes of patients with EPN in four acute hospitals in the KWC (PMH, CMC, KWH and YCH) were retrospectively reviewed. The patients’ demographic data, clinical presentation, investigation findings, treatment and outcome were studied. OBJECTIVE: Emphysematous pyelonephritis (EPN) is a rare but life-threatening infection. We aim to review our cluster’s experience of managing this urologic emergency. PATIENTS & METHODS: Case notes of patients with EPN in four acute hospitals in the KWC (PMH, CMC, KWH and YCH) were retrospectively reviewed. The patients’ demographic data, clinical presentation, investigation findings, treatment and outcome were studied.published_or_final_versionThe 17th Annual Scientific Meeting of the Hong Kong Urological Association, Hong Kong, 6 November 2011. In Program Book, 2011, p. 6

Efficient key integrity verification for quantum cryptography using combinatorial group testing

Quantum Information and Computation VIII 77020F (April 23, 2010)In quantum cryptography, the key can be directly distributed to the communicating parties through the communication channel. The security is guaranteed by the quantum properties of the channel. However, the transmitted key may contain errors due to the noise of the channel. Key integrity verification is an indispensable step in quantum cryptography and becomes an important problem in higher speed systems. Computing only one hash value for the key string does not provide an effective solution as it may lead to dropping all the bits once the hash values on both sides do not agree. In this paper, we introduce a new idea of using the technique of combinatorial group testing, which seems to be an unrelated topic, to design a scheme to identify the error bits to avoid dropping all the bits. Our scheme can precisely locate the error bits if the number of error bits is within the maximum set by the scheme while the overhead is insignificant based on our experiments (additional bits: 0.1% of the key; time for computing the hash values: 16ms; verification time: 22 ms). Also, even if the number of error bits is higher than the maximum set by the scheme, only some correct bits may be misclassified as error bits but not the vice versa. The results show that we can still keep the majority of the correct bits (e.g. the bits discarded due to misclassification is only 5% of the whole string even if the number of error bits is 10 times of the maximum). © 2010 SPIE.published_or_final_versionThe 2010 SPIE Conference on Defense, Security, and Sensing, Orlando, FL., 5 April 2010. In Proceedings of SPIE - The International Society for Optical Engineering, v. 7702, p. 77020F-1 - 77020F-

SPCS: Secure and Privacy-Preserving Charging-Station Searching using VANET

Electric vehicle has attracted more and more attention all around the world in recent years because of its many advan- tages such as low pollution to the environment. However, due to the limitation of current technology, charging remains an important issue. In this paper, we study the problem of finding and making reservation on charging stations via a vehicular ad hoc network (VANET). Our focus is on the privacy concern as drivers would not like to be traced by knowing which charging stations they have visited. Technically, we make use of the property of blind signature to achieve this goal. In brief, an electric vehicle first generates a set of anonymous credentials on its own. A trusted au- thority then blindly signs on them after verifying the identity of the vehicle. After that, the vehicle can make charging station searching queries and reservations by presenting those signed anonymous credentials. We implemented the scheme and show that the credential signing process (expected to be the most time consuming step) can be completed within reasonable time when the parameters are properly set. In particular, the process can be completed in 5 minutes when 1024 bits of RSA signing key is used. Moreover, we show that our scheme is secure in terms of authentication and privacy-preserving.published_or_final_versio

Privacy preserving confidential forensic investigation for shared or remote servers

The Best Paper AwardIt is getting popular that customers make use of third party data service providers to store their data and emails. It is common to have a large server shared by many different users. This creates a big problem for forensic investigation. It may not be easy to clone a copy of data from the storage device(s) due to the huge volume of data. Even if it is possible to make a clone, there are many irrelevant information/data stored in the same device for which the investigators have no right to access. The other alternative is to let the service provider search the relevant information and retrieve the data for the investigator provided a warrant can be provided. However, sometimes, due to the confidentiality of the crime, the investigator may not want the service provider to know what information they are looking for or the service provider herself may be one of the suspects. The problem becomes even more obvious in terms of cloud computing technology. In this paper, we address this problem and using homomorphic encryption and commutative encryption, we provide two forensically sound schemes to solve the problem so that the investigators can obtain the necessary evidence while the privacy of other users can be protected and at the same time, the service provider cannot know what information the investigators are interested in. © 2011 IEEE.published_or_final_versionThe 7th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP 2011), Dalian, China, 14-16 October 2011. In Proceedings of the 7th IIHMSP, 2011, p. 378-38

UV-Diagram: A Voronoi Diagram for Uncertain Spatial Databases

published_or_final_versio