Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Cloud computing (12)
- Access control (9)
- Cloud storage (5)
- Privacy (5)
- Privacy-preserving (4)
-
- Searchable encryption (4)
- Traceability (4)
- Virtualization (4)
- Anonymity (3)
- Hypervisor (3)
- Mobile security (3)
- Revocation (3)
- Android (operating system) (2)
- Android applications (2)
- Attribute-based encryption (2)
- Blockchain (2)
- Coercive attack (2)
- Crowdsourcing (2)
- Data security and privacy (2)
- Digital signature (2)
- Fair payment (2)
- Generic framework (2)
- Isolation (2)
- Large universe (2)
- Machine learning (2)
- Multicore platform (2)
- Near field communication (2)
- Network security (2)
- Plausibly deniable encryption (2)
- RFID (2)
Articles 1 - 30 of 69
Full-Text Articles in Physical Sciences and Mathematics
Sybmatch: Sybil Detection For Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Kan Yang, Yinghui Zhang, Xiaohua Jia, Robert H. Deng
Sybmatch: Sybil Detection For Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Kan Yang, Yinghui Zhang, Xiaohua Jia, Robert H. Deng
Research Collection School Of Computing and Information Systems
The past decade has witnessed the rise of crowdsourcing, and privacy in crowdsourcing has also gained rising concern in the meantime. In this paper, we focus on the privacy leaks and sybil attacks during the task matching, and propose a privacy-preserving task matching scheme, called SybMatch. The SybMatch scheme can simultaneously protect the privacy of publishers and subscribers against semi-honest crowdsourcing service provider, and meanwhile support the sybil detection against greedy subscribers and efficient user revocation. Detailed security analysis and thorough performance evaluation show that the SybMatch scheme is secure and efficient.
Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng
Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng
Research Collection School Of Computing and Information Systems
With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information …
Making A Good Thing Better: Enhancing Password/Pin-Based User Authentication With Smartwatch, Bing Chang, Yingjiu Li, Qiongxiao Wang, Wen-Tao Zhu, Robert H. Deng
Making A Good Thing Better: Enhancing Password/Pin-Based User Authentication With Smartwatch, Bing Chang, Yingjiu Li, Qiongxiao Wang, Wen-Tao Zhu, Robert H. Deng
Research Collection School Of Computing and Information Systems
Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this …
Typing-Proof: Usable, Secure And Low-Cost Two-Factor Authentication Based On Keystroke Timings, Ximming Liu, Yingjiu Li, Robert H. Deng
Typing-Proof: Usable, Secure And Low-Cost Two-Factor Authentication Based On Keystroke Timings, Ximming Liu, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Two-factor authentication (2FA) systems provide another layer of protection to users' accounts beyond password. Traditional hardware token based 2FA and software token based 2FA are not burdenless to users since they require users to read, remember, and type a onetime code in the process, and incur high costs in deployments or operations. Recent 2FA mechanisms such as Sound-Proof, reduce or eliminate users' interactions for the proof of the second factor; however, they are not designed to be used in certain settings (e.g., quiet environments or PCs without built-in microphones), and they are not secure in the presence of certain attacks …
Privacy-Preserving Remote User Authentication With K-Times Untraceability, Yangguang Tian, Yingjiu Li, Binanda Sengupta, Robert H. Deng, Albert Ching, Weiwei Liu
Privacy-Preserving Remote User Authentication With K-Times Untraceability, Yangguang Tian, Yingjiu Li, Binanda Sengupta, Robert H. Deng, Albert Ching, Weiwei Liu
Research Collection School Of Computing and Information Systems
Remote user authentication has found numerous real-world applications, especially in a user-server model. In this work, we introduce the notion of anonymous remote user authentication with k-times untraceability (k-RUA) for a given parameter k, where authorized users authenticate themselves to an authority (typically a server) in an anonymous and k-times untraceable manner. We define the formal security models for a generic k-RUA construction that guarantees user authenticity, anonymity and user privacy. We provide a concrete instantiation of k-RUA having the following properties: (1) a third party cannot impersonate an authorized user by producing valid transcripts for the user while conversing …
Pribioauth: Privacy-Preserving Biometric-Based Remote User Authentication, Yangguang Tian, Yingjiu Li, Ximeng Liu, Robert H. Deng, Binanda Sengupta
Pribioauth: Privacy-Preserving Biometric-Based Remote User Authentication, Yangguang Tian, Yingjiu Li, Ximeng Liu, Robert H. Deng, Binanda Sengupta
Research Collection School Of Computing and Information Systems
Biometric-based remote user authentication (BRUA) is a useful primitive that allows an authorized user to remotely authenticate to a cloud server using biometrics. However, the existing BRUA solutions in the client-server setting lack certain privacy considerations. For example, authorized user's multiple sessions should not be linked while his identity remains anonymous to cloud server. In this work, we introduce an identity-concealed and unlinkable biometric-based remote user authentication framework, such that authorized users authenticate to an honest-but-curious server in an anonymous and unlinkable manner. In particular, we employ two non-colluding cloud servers to perform the complex biometrics matching. We formalize two …
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Research Collection School Of Computing and Information Systems
Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive …
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Although cloud computing offers elastic computation and storage resources, it poses challenges on verifiability of computations and data privacy. In this work we investigate verifiability for privacy-preserving multi-keyword search over outsourced documents. As the cloud server may return incorrect results due to system faults or incentive to reduce computation cost, it is critical to offer verifiability of search results and privacy protection for outsourced data at the same time. To fulfill these requirements, we design aVerifiablePrivacy-preserving keywordSearch scheme, called VPSearch, by integrating an adapted homomorphic MAC technique with a privacy-preserving multi-keyword search scheme. The proposed scheme enables the client to …
Privacy-Preserving Communication And Power Injection Over Vehicle Networks And 5g Smart Grid Slice, Yinghui Zhang, Jin Li, Dong Zheng, Ping Li, Yangguang Tian
Privacy-Preserving Communication And Power Injection Over Vehicle Networks And 5g Smart Grid Slice, Yinghui Zhang, Jin Li, Dong Zheng, Ping Li, Yangguang Tian
Research Collection School Of Computing and Information Systems
As an important combination of autonomous vehicle networks (AVNs) and smart grid, the vehicle-to-grid (V2G) network can facilitate the adoption of renewable resources. Based on V2G networks, parked electric vehicles (EVs) can charge during off-peak hours and inject excess power to the grid during peak hours for earnings. However, each EV's power injection bids in V2G are sensitive and vehicle-to-vehicle (V2V) communication may be eavesdropped, which has become an obstacle to the wide deployments of AVNs. Aiming to efficiently tackle these security and privacy issues in AVNs, we propose an efficient privacy-preserving communication and power injection (ePPCP) scheme without pairings, …
Initializing Trust In Smart Devices Via Presence Attestation, Xuhua Ding, Gene Tsudik
Initializing Trust In Smart Devices Via Presence Attestation, Xuhua Ding, Gene Tsudik
Research Collection School Of Computing and Information Systems
Many personal computing and more specialized (e.g., high-end IoT) devices are now equipped with sophisticated processors that only a few years ago were present only on high-end desktops and servers. Such processors often include an important hardware security component in the form of a DRTM (Dynamic Root of Trust for Measurement) which initiates trust and resists software (and even some physical) attacks. However, despite substantial prior research on trust establishment with secure hardware, DRTM security was always considered without any involvement of the human user, who represents a vital missing link. This prompts an important challenge: how can a user …
Hawkeye: Towards A Desired Directed Grey-Box Fuzzer, Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, Yang Liu
Hawkeye: Towards A Desired Directed Grey-Box Fuzzer, Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, Yang Liu
Research Collection School Of Computing and Information Systems
Grey-box fuzzing is a practically effective approach to test real-world programs. However, most existing grey-box fuzzers lack directedness, i.e. the capability of executing towards user-specified target sites in the program. To emphasize existing challenges in directed fuzzing, we propose Hawkeye to feature four desired properties of directed grey-box fuzzers. Owing to a novel static analysis on the program under test and the target sites, Hawkeye precisely collects the information such as the call graph, function and basic block level distances to the targets. During fuzzing, Hawkeye evaluates exercised seeds based on both static information and the execution traces to generate …
Function Risk Assessment Under Memory Leakage, Jianming Fu, Rui Jin, Yan Lin, Baihe Jiang, Zhengwei Guo
Function Risk Assessment Under Memory Leakage, Jianming Fu, Rui Jin, Yan Lin, Baihe Jiang, Zhengwei Guo
Research Collection School Of Computing and Information Systems
Code reuse attack (CRA), specifically reusing and then reconstructing the codes (gadgets) already existed in programs and libraries, is widely exploited in software attacks. Admittedly, determination of the location of the gadgets consisted of target instructions along with control flow transfer instructions, is of critical importance. Address Space Randomization (ASR), which serves as an effective technique to mitigate CRA, increases the entropy by randomizing the location of the code or data, and baffles adversaries from figuring out the memory layout. Currently, variable randomization methods of high granularity are proposed by scholars to prevent adversaries from deducting memory layout. However, their …
A Lightweight Cloud Sharing Phr System With Access Policy Updating, Zuobin Ying, Wenjie Jang, Shuanlong Cao, Ximeng Liu, Jie Cui
A Lightweight Cloud Sharing Phr System With Access Policy Updating, Zuobin Ying, Wenjie Jang, Shuanlong Cao, Ximeng Liu, Jie Cui
Research Collection School Of Computing and Information Systems
The rapid development of smart wearable devices makes personal health management feasible, which also stimulates the evolution of personal health records (PHRs). However, PHRs face many security challenges ever since it has been created. Besides, the complicated policy adjusting operation makes the PHRs stored in the cloud not so easy to use. In this paper, we propose a lightweight PHRs system on the basis of attribute-based encryption with policy updating. To update an outsourced ciphertext PHRs in the cloud, PHRs owners only need to generate an updating key, then upload it to the cloud server instead of retrieving the entire …
Resonance Attacks On Load Frequency Control Of Smart Grids, Yongdong Wu, Zhuo Wei, Jian Weng, Xin Li, Robert H. Deng
Resonance Attacks On Load Frequency Control Of Smart Grids, Yongdong Wu, Zhuo Wei, Jian Weng, Xin Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Load frequency control (LFC) is widely employed to regulate power plants in modern power generation systems of smart grids. This paper presents a simple and yet powerful type of attacks, referred to as resonance attacks, on LFC power generation systems. Specifically, in a resonance attack, an adversary craftily modifies the input of a power plant according to a resonance source (e.g., rate of change of frequency) to produce a feedback on LFC power generation system, such that the state of the power plant quickly becomes instable. Extensive computer simulations on popular LFC power generation system models which consist of linear, …
Efficient Traceable Oblivious Transfer And Its Applications, Weiwei Liu, Yinghui Zhang, Yi Mu, Guomin Yang, Yangguang Tian
Efficient Traceable Oblivious Transfer And Its Applications, Weiwei Liu, Yinghui Zhang, Yi Mu, Guomin Yang, Yangguang Tian
Research Collection School Of Computing and Information Systems
Oblivious transfer (OT) has been applied widely in privacy-sensitive systems such as on-line transactions and electronic commerce to protect users’ private information. Traceability is an interesting feature of such systems that the privacy of the dishonest users could be traced by the service provider or a trusted third party (TTP). However, previous research on OT mainly focused on designing protocols with unconditional receiver’s privacy. Thus, traditional OT schemes cannot fulfill the traceability requirements in the aforementioned applications. In this paper, we address this problem by presenting a novel traceable oblivious transfer (TOT) without involvement of any TTP. In the new …
Dsh: Deniable Secret Handshake Framework, Yangguang Tian, Yingjiu Li, Yinghui Zhang, Nan Li, Guomin Yang, Yong Yu
Dsh: Deniable Secret Handshake Framework, Yangguang Tian, Yingjiu Li, Yinghui Zhang, Nan Li, Guomin Yang, Yong Yu
Research Collection School Of Computing and Information Systems
Secret handshake is a useful primitive that allows a group of authorized users to establish a shared secret key and authenticate each other anonymously. It naturally provides a certain degree of user privacy and deniability which are also desirable for some private conversations that require secure key establishment. The inherent user privacy enables a private conversation between authorized users without revealing their real identities. While deniability allows authorized users to later deny their participating in conversations. However, deniability of secret handshakes lacks a comprehensive treatment in the literature. In this paper, we investigate the deniability of existing secret handshakes. We …
Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Research Collection School Of Computing and Information Systems
As an attractive business model of cloud computing, outsourcing services usually involve online payment and security issues. The mutual distrust between users and outsourcing service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing payment solutions only consider a specific type of outsourcing service and rely on a trusted third-party to realize fairness. In this paper, in order to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or not, we introduce BCPay, a blockchain based fair payment framework for outsourcing services in cloud computing. We first present the …
Concessive Online/Offline Attribute Based Encryption With Cryptographic Reverse Firewalls: Secure And Efficient Fine-Grained Access Control On Corrupted Machines, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Song, Shuzhou Sun, Yuting Xiao
Concessive Online/Offline Attribute Based Encryption With Cryptographic Reverse Firewalls: Secure And Efficient Fine-Grained Access Control On Corrupted Machines, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Song, Shuzhou Sun, Yuting Xiao
Research Collection School Of Computing and Information Systems
Attribute based encryption (ABE) has potential to be applied in various cloud computing applications. However, the Snowden revelations show that powerful adversaries can corrupt users’ machines to compromise the security, and many implementations of provably secure encryption schemes may present undetectable vulnerabilities that can expose secret, e.g., the scheme still works properly even some backdoors have been stealthily engineered on users’ machines. Undoubtedly, ABE is also facing the above security threats. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve the problem. Unfortunately, no CRF-based protection for ABE has been proposed so far due to the complex system …
Anonymous Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Xiaohua Jia, Kan Yang, Robert H. Deng
Anonymous Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Xiaohua Jia, Kan Yang, Robert H. Deng
Research Collection School Of Computing and Information Systems
With the development of sharing economy, crowdsourcing as a distributed computing paradigm has become increasingly pervasive. As one of indispensable services for most crowdsourcing applications, task matching has also been extensively explored. However, privacy issues are usually ignored during the task matching and few existing privacy-preserving crowdsourcing mechanisms can simultaneously protect both task privacy and worker privacy. This paper systematically analyzes the privacy leaks and potential threats in the task matching and proposes a single-keyword task matching scheme for the multirequester/multiworker crowdsourcing with efficient worker revocation. The proposed scheme not only protects data confidentiality and identity anonymity against the crowd-server, …
Lightweight Break-Glass Access Control System For Healthcare Internet-Of-Things, Yang Yang, Ximeng Liu, Robert H. Deng
Lightweight Break-Glass Access Control System For Healthcare Internet-Of-Things, Yang Yang, Ximeng Liu, Robert H. Deng
Research Collection School Of Computing and Information Systems
Healthcare Internet-of-things (IoT) has been proposed as a promising means to greatly improve the efficiency and quality of patient care. Medical devices in healthcare IoT measure patients' vital signs and aggregate these data into medical files which are uploaded to the cloud for storage and accessed by healthcare workers. To protect patients' privacy, encryption is normally used to enforce access control of medical files by authorized parties while preventing unauthorized access. In healthcare, it is crucial to enable timely access of patient files in emergency situations. In this paper, we propose a lightweight break-glass access control (LiBAC) system that supports …
Server-Aided Attribute-Based Signature With Revocation For Resource-Constrained Industrial-Internet-Of-Things Devices, Hui Cui, Robert H. Deng, Joseph K. Liu, Xun Yi, Yingjiu Li
Server-Aided Attribute-Based Signature With Revocation For Resource-Constrained Industrial-Internet-Of-Things Devices, Hui Cui, Robert H. Deng, Joseph K. Liu, Xun Yi, Yingjiu Li
Research Collection School Of Computing and Information Systems
The industrial Internet-of-things (IIoT) can be seen as the usage of Internet-of-things technologies in industries, which provides a way to improve the operational efficiency. An attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence, …
Privacy-Preserving Biometric-Based Remote User Authentication With Leakage Resilience, Yangguang Tian, Yingjiu Li, Rongmao Chen, Ximeng Liu, Bing Chang, Xingjie Yu
Privacy-Preserving Biometric-Based Remote User Authentication With Leakage Resilience, Yangguang Tian, Yingjiu Li, Rongmao Chen, Ximeng Liu, Bing Chang, Xingjie Yu
Research Collection School Of Computing and Information Systems
Biometric-based remote user authentication is a useful primitive that allows an authorized user to authenticate to a remote server using his biometrics. Leakage attacks, such as side-channel attacks, allow an attacker to learn partial knowledge of secrets (e.g., biometrics) stored on any physical medium. Leakage attacks can be potentially launched to any existing biometric-based remote user authentication systems. Furthermore, applying plain biometrics is an efficient and straightforward approach when designing remote user authentication schemes. However, this approach jeopardises user’s biometrics privacy. To address these issues, we propose a novel leakage-resilient and privacy-preserving biometric-based remote user authentication framework, such that registered …
Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung
Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung
Research Collection School Of Computing and Information Systems
It has been widely recognized as a challenge to carry out data analysis and meanwhile preserve its privacy in the cloud. In this work, we mainly focus on a well-known data analysis approach namely association rule mining. We found that the data privacy in this mining approach have not been well considered so far. To address this problem, we propose a scheme for privacy-preserving association rule mining on outsourced cloud data which are uploaded from multiple parties in a twin-cloud architecture. In particular, we mainly consider the scenario where the data owners and miners have different encryption keys that are …
Situation-Aware Authenticated Video Broadcasting Over Train-Trackside Wifi Networks, Yongdong Wu, Dengpan Ye, Zhuo Wei, Qian Wang, William Tan, Robert H. Deng
Situation-Aware Authenticated Video Broadcasting Over Train-Trackside Wifi Networks, Yongdong Wu, Dengpan Ye, Zhuo Wei, Qian Wang, William Tan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Live video programmes can bring in better travel experience for subway passengers and earn abundant advertisement revenue for subway operators. However, because the train-trackside channels for video dissemination are easily accessible to anyone, the video traffic are vulnerable to attacks which may cause deadly tragedies. This paper presents a situation-aware authenticated video broadcasting scheme in the railway network which consists of train, on-board sensor, trackside GSM-R (Global System for Mobile Communications-Railway) device, WiFi AP (Access Point), and train control center. Specifically, the scheme has four modules: (1) a train uses its on-board sensors to obtain its speed, location, and RSSI …
Tkse: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability Via Blockchain, Yinghui Zhang, Robert H. Deng, Jiangang Shu, Kan Yang, Dong Zheng
Tkse: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability Via Blockchain, Yinghui Zhang, Robert H. Deng, Jiangang Shu, Kan Yang, Dong Zheng
Research Collection School Of Computing and Information Systems
As a very attractive computing paradigm, cloud computing makes it possible for resource-constrained users to enjoy cost-effective and flexible resources of diversity. Considering the untrustworthiness of cloud servers and the data privacy of users, it is necessary to encrypt the data before outsourcing it to the cloud. However, the form of encrypted storage also poses a series of problems, such as: How can users search over the outsourced data? How to realize user-side verifiability of search results to resist malicious cloud servers? How to enable server-side verifiability of outsourced data to check malicious data owners? How to achieve payment fairness …
An Integrated Approach For Effective Injection Vulnerability Analysis Of Web Applications Through Security Slicing And Hybrid Constraint Solving, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
An Integrated Approach For Effective Injection Vulnerability Analysis Of Web Applications Through Security Slicing And Hybrid Constraint Solving, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand
Research Collection School Of Computing and Information Systems
Malicious users can attack Web applications by exploiting injection vulnerabilities in the source code. This work addresses the challenge of detecting injection vulnerabilities in the server-side code of Java Web applications in a scalable and effective way. We propose an integrated approach that seamlessly combines security slicing with hybrid constraint solving; the latter orchestrates automata-based solving with meta-heuristic search. We use static analysis to extract minimal program slices relevant to security from Web programs and to generate attack conditions. We then apply hybrid constraint solving to determine the satisfiability of attack conditions and thus detect vulnerabilities. The experimental results, using …
Security And Privacy In Smart Health: Efficient Policy-Hiding Attribute-Based Access Control, Yinghui Zhang, Dong Zheng, Robert H. Deng
Security And Privacy In Smart Health: Efficient Policy-Hiding Attribute-Based Access Control, Yinghui Zhang, Dong Zheng, Robert H. Deng
Research Collection School Of Computing and Information Systems
With the rapid development of the Internet of Things (IoT) and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports …
Mobiceal: Towards Secure And Practical Plausibly Deniable Encryption On Mobile Devices, Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, Albert Ching
Mobiceal: Towards Secure And Practical Plausibly Deniable Encryption On Mobile Devices, Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, Albert Ching
Research Collection School Of Computing and Information Systems
We introduce MobiCeal, the first practical Plausibly Deniable Encryption (PDE) system for mobile devices that can defend against strong coercive multi-snapshot adversaries, who may examine the storage medium of a user's mobile device at different points of time and force the user to decrypt data. MobiCeal relies on 'dummy write' to obfuscate the differences between multiple snapshots of storage medium due to existence of hidden data. By incorporating PDE in block layer, MobiCeal supports a broad deployment of any block-based file systems on mobile devices. More importantly, MobiCeal is secure against side channel attacks which pose a serious threat to …
Towards Dynamically Monitoring Android Applications On Non-Rooted Devices In The Wild, Xiaoxiao Tang, Daoyuan Wu, Yan Lin, Debin Gao
Towards Dynamically Monitoring Android Applications On Non-Rooted Devices In The Wild, Xiaoxiao Tang, Daoyuan Wu, Yan Lin, Debin Gao
Research Collection School Of Computing and Information Systems
Dynamic analysis is an important technique to reveal sensitive behavior of Android apps. Current works require access to the code-level and system-level events (e.g., API calls and system calls) triggered by the running apps and consequently they can only be conducted on in-lab running environments (e.g., emulators and modified OS). The strict requirement of running environment hinders their deployment in scale and makes them vulnerable to anti-analysis techniques. Furthermore, current dynamic analysis of Android apps exploits input generators to invoke app behavior, which, however, cannot provide sufficient code coverage. We propose to dynamically analyze app behavior on non-rooted devices used …
To Detect Stack Buffer Overflow With Polymorphic Canaries, Zhilong Wang, Xuhua Ding, Chengbin Pang, Jian Guo, Jun Zhu, Bing Mao
To Detect Stack Buffer Overflow With Polymorphic Canaries, Zhilong Wang, Xuhua Ding, Chengbin Pang, Jian Guo, Jun Zhu, Bing Mao
Research Collection School Of Computing and Information Systems
Stack Smashing Protection (SSP) is a simple and highly efficient technique widely used in practice as the front line defense against stack buffer overflow attacks. Unfortunately, SSP is known to be vulnerable to the so-called byte-by-byte attack. Although several remedy schemes are proposed in the recent literature, their security is achieved at the price of practicality, because their complex logics ruin SSP's simplicity and high-efficiency. In this paper, we present an elegant solution named as Polymorphic SSP (P-SSP) that attains the same security without sacrificing SSP's strengths. We also propose three extensions of the basic scheme for better compatibility, stronger …