Robust distributed privacy-preserving secure aggregation in vehicular communication

Vehicular ad hoc networks (VANETs), formed by computers embedded in vehicles and the traffic infrastructure, are expected to develop in the near future to improve traffic safety and efficiency. To this end, VANETs should be designed to be resistant against various abuses and attacks. In this paper, we first review the existing proposals to provide security, privacy, and data aggregation in vehicle-to-vehicle communication. We then address the fundamental issue of achieving these conflicting properties in a unified solution, having observed that separate efforts cannot fulfill the VANET design objectives. A set of new mechanisms are suggested for efficiently managing identities and securely compressing cryptographic witnesses, which are among the major obstacles to the deployment of strong security mechanisms in VANETs. Finally, we employ the standard threshold cryptographic technology to improve the basic protocol with robustness

BDTS: Blockchain-based Data Trading System

Trading data through blockchain platforms is hard to achieve \textit{fair exchange}. Reasons come from two folds: Firstly, guaranteeing fairness between sellers and consumers is a challenging task as the deception of any participating parties is risk-free. This leads to the second issue where judging the behavior of data executors (such as cloud service providers) among distrustful parties is impractical in the context of traditional trading protocols. To fill the gaps, in this paper, we present a \underline{b}lockchain-based \underline{d}ata \underline{t}rading \underline{s}ystem, named BDTS. BDTS implements a fair-exchange protocol in which benign behaviors can get rewarded while dishonest behaviors will be punished. Our scheme requires the seller to provide consumers with the correct encryption keys for proper execution and encourage a rational data executor to behave faithfully for maximum benefits from rewards. We analyze the strategies of consumers, sellers, and dealers in the trading game and point out that everyone should be honest about their interests so that the game will reach Nash equilibrium. Evaluations prove efficiency and practicability.Comment: ICICS 2023 (Best Paper Award

Secure server-aided data sharing clique with attestation

National Research Foundation (NRF) Singapor

Identity-Based Authenticated Asymmetric Group Key Agreement Protocol

In identity-based public-key cryptography, an entity\u27s public key can be easily derived from its identity. The direct derivation of public keys in identity-based public-key cryptography eliminates the need for certificates and solves certain public key management problems in traditional public-key cryptosystems. Recently, the notion of asymmetric group key agreement was introduced, in which the group members merely negotiate a common encryption key which is accessible to any entity, but they hold respective secret decryption keys. In this paper, we first propose a security model for identity-based authenticated asymmetric group key agreement (IB-AAGKA) protocols. We then propose an IB-AAGKA protocol which is proven secure under the Bilinear Di±e-Hellman Exponent assumption. Our protocol is also efficient, and readily adaptable to provide broadcast encryption

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing

With the advances of cloud computing, data sharing becomes easier for large-scale enterprises. When deploying privacy and security schemes in data sharing systems, fuzzy-entity data sharing, entity management, and efficiency must take into account, especially when the system is asked to share data with a large number of users in a tree-like structure. (Hierarchical) Identity-Based Encryption is a promising candidate to ensure fuzzy-entity data sharing functionalities while meeting the security requirement, but encounters efficiency difficulty in multi-user settings. This paper proposes a new primitive called Hierarchical Identity-Based Broadcast Encryption (HIBBE) to support multi-user data sharing mechanism. Similar to HIBE, HIBBE organizes users in a tree-like structure and users can delegate their decryption capability to their subordinates. Unlike HIBE merely allowing a single decryption path, HIBBE enables encryption to any subset of the users and only the intended users (and their supervisors) can decrypt. We define Ciphertext Indistinguishability against Adaptively Chosen-Identity-Vector-Set and Chosen-Ciphertext Attack (IND-CIVS-CCA2) for HIBBE, which capture the most powerful attacks in the real world. We achieve this goal in the standard model in two steps. We first construct an efficient HIBBE Scheme (HIBBES) against Adaptively Chosen-Identity-Vector-Set and Chosen-Plaintext Attack (IND-CIVS-CPA) in which the attacker is not allowed to query the decryption oracle. Then we convert it into an IND-CIVS-CCA2 scheme at only a marginal cost, i.e., merely adding one on-the-fly dummy user at the first depth of hierarchy in the basic scheme without requiring any other cryptographic primitives. Our CCA2-secure scheme natively allows public ciphertext validity test, which is a useful property when a CCA2-secure HIBBES is used to design advanced protocols and auditing mechanisms for HIBBE-based data sharing