Extending the Liaison Workflow Model and Engine to Support Different Signature Purposes

Currently, many software systems are developed in offices geographically distributed in different locations. Furthermore, it is also common for a software system development project to contract to different software houses. These contracted software development projects, very often, are further sub-contracted to some other software houses. These software development modes can be supported and managed by good distributed workflow systems. Signatures play an important role in these software development modes. Most workflow systems, at best, can only support digital signatures. Digital signatures with public key cryptosystem are limited to authentication, integrity, confidentiality and non-repudiation. The wide variety of signature purposes such as authorization or multiple signatures in group decision making are not supported explicitly by most workflow systems. We have studied different kinds of signature in software development and workflow systems. The paper discusses the problems and solutions of incorporating these signatures in a distributed workflow engine, in particular, the Liaison Workflow Engine, to support the contemporary modes of software developments.published_or_final_versio

Avoid illegal encrypted DRM content sharing with non-transferable re-encryption

Digital rights management (DRM) technology enables valuable electronic media content distribution while preserving content providers' rights and revenues. Traditional DRM system utilizes security techniques to restrict copying of media content or allow only a single copy to be made. However consumers are demanding for the right to make copies for personal use or the right to use content on any device. Several DRM infrastructures have been proposed for secure content sharing. These infrastructures usually require cooperation and participation of both DRM technology providers and content providers; however there is a popular flaw in these schemes: the malicious employees of DRM technology providers can distribute DRM enabled contents to any consumers or make copies of a purchased content accessible to any devices without letting content provider know, thus reducing content providers' benefit. In this paper, we propose a novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures. In the proposed infrastructure, DRM technology providers and content providers are required to cooperate to make a purchased digital content for a specific device accessible by other different devices, and get extra profit from providing such services. The system preserves DRM technology providers and content providers' security properties while achieving secure and mutual profitable DRM content sharing. Furthermore, we allow content providers to trace the content, and control the content sharing rights. Even when malicious employees in DRM technology providers and DRM agent collude, they cannot re-delegate access rights to any device without permission from content provider, thus preserving content provider's benefit. © 2011 IEEE.published_or_final_versionThe IEEE 13th International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of the 13th ICCT, 2011, p. 703-70

JSBiRTH: Dynamic javascript birthmark based on the run-time heap

JavaScript is currently the dominating client-side scripting language in the web community. However, the source code of JavaScript can be easily copied through a browser. The intellectual property right of the developers lacks protection. In this paper, we consider using dynamic software birthmark for JavaScript. Instead of using control flow trace (which can be corrupted by code obfuscation) and API (which may not work if the software does not have many API calls), we exploit the run-time heap, which reflects substantially the dynamic behavior of a program, to extract birthmarks. We introduce JSBiRTH, a novel software birthmark system for JavaScript based on the comparison of run-time heaps. We evaluated our system using 20 JavaScript programs with most of them being large-scale. Our system gave no false positive or false negative. Moreover, it is robust against code obfuscation attack. We also show that our system is effective in detecting partial code theft. © 2011 IEEE.published_or_final_versionThe 35th IEEE Annual Computer Software and Applications Conference (COMPSAC 2011), Munich, Germany, 18-22 July 2011. In Proceedings of 35th COMPSAC, 2011, p. 407-41

System-state-free false data injection attack for nonlinear state estimation in smart grid

published_or_final_versio

SkyApp: a tablet-based e-learning design tool for mathematics teachers to cater for learning diversity

Session: Effect of gamesTheme: Engaging Learners: Games and Flipped LearningLearning diversity is one of the most challenging difficulties encountered by teachers in primary and secondary schools. This project aims at building a design tool for teachers of Mathematics to develop tablet-based e-learning activities and apply different pedagogical actions based on the results of learning analytics. With the analysis of fine grained learners’ behaviors in previous activities, such as the handwriting of calculation in solving multi-step questions, number of attempts in answering each question, answering sequence and thinking time, the design tool will ...postprin

PASS: Privacy-preserving authentication scheme for smart grid network

A smart grid power system is capable of adjusting the amount of electricity generated based on real-time requests from the smart meters of customers, thus avoiding excess electricity generation and facilitating reliable and effective transmission of electricity. To ensure that requests are sent from a valid user, all request messages must be authenticated. On the other hand, by analyzing the electricity usage pattern of a customer, the daily habit of the customer, such as when he is away, may be revealed. Thus, a proper privacy preserving mechanism has to be adopted. This paper attempts to develop a scheme to address these two seemingly contradicting requirements efficiently. By using a tamper-resistant device at the smart appliance and pseudo identities, we derive a privacy preserving authentication scheme to solve the problem. The authentication process is made very efficient by means of Hash-based Message Authentication Code (HMAC). Through simulation, we show that with our scheme, the transmission and signature verification delay induced are very small and the message overhead is only 20 bytes per request message. With our efficient verification process, even under attack, the substation can effectively drop all attack messages, allowing 6 times more valid messages to reach the control center when compared to the case without any verification. Thus our scheme is both efficient and effective. © 2011 IEEE.published_or_final_versionThe 2nd IEEE International Conference on Smart Grid Communications (SmartGridComm 2011), Brussels, Belgium, 17-20 October 2011. In Proceedings of the 2nd Smartgridcomm, 2011, p. 196-20

MLAS: Multiple level authentication scheme for VANETs

The vehicular ad hoc network (VANET) is an emerging type of network which enables vehicles on roads to inter-communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely too heavily on a tamper-proof hardware device, or do not have an effective message verification scheme. In this paper, we propose a multiple level authentication scheme which still makes use of tamper-proof devices but the strong assumption that a long-term system master secret is preloaded into all tamper-proof devices is removed. Instead the master secret can be updated if needed to increase the security level. On the other hand, messages sent by vehicles are classified into two types - regular messages and urgent messages. Regular messages can be verified by neighboring vehicles by means of Hash-based Message Authentication Code (HMAC) while urgent messages can only be verified with the aid of RSUs nearby by means of a conditional privacy-preserving authentication scheme. Copyright 2011 ACM.postprintThe 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), Hong Kong, China, 22-24 March 2011. In Proceedings of 6th ACM ASIACCS, 2011, p. 471-47

SPECS: Secure and privacy enhancing communications schemes for VANETs

This journal issue entitled: Advances in Ad Hoc Networks (I)Vehicular ad hoc network (VANET) is an emerging type of networks which facilitates vehicles on roads to communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely heavily on a tamper-proof hardware device, or cannot satisfy the privacy requirement and do not have an effective message verification scheme. In this paper, we provide a software-based solution which makes use of only two shared secrets to satisfy the privacy requirement (with security analysis) and gives lower message overhead and at least 45% higher successful rate than previous solutions in the message verification phase using the bloom filter and the binary search techniques (through simulation study). We also provide the first group communication protocol to allow vehicles to authenticate and securely communicate with others in a group of known vehicles. © 2010 Elsevier B.V. All rights reserved.postprin

Privacy-preserving advance power reservation

Smart grid is considered to be the next generation power system. Integrating information and communication technology, power electronics, and power system technologies, smart grid reduces excess power generation by better matching power generation with customer demands, and facilitates renewable power generation by closely monitoring renewable energy source status. Such a large-scale network may be subject to various attacks. In particular, authentication and user privacy preservation are considered two major security concerns. In this article, we first highlight the importance of smart grid security. Next we introduce a new power request paradigm in which a customer is allowed to submit a power usage plan in advance. We then propose a secure and privacy-preserving power request scheme as a solution to this problem. To achieve the privacy-preserving property, our scheme employs two cryptographic techniques: anonymous credential and blind signature. We conclude this article by discussing the security and performance issues of our proposed scheme. © 1979-2012 IEEE.published_or_final_versio

Secure end-to-end browsing system with mobile composition

To fix the more and more serious leakage problem in remote access to confidential data, the paper designs and implements a secure end-to-end browsing system with mobile composition. It enables mobile-authenticated users to browse confidential files stored at server side using their personal computers securely. The authentication function is in real-time such that the system can stop the browsing function once it detects that the authenticated mobile is out of the communication range of user's personal computer. © 2011 IEEE.published_or_final_versio