Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

2007

Singapore Management University

Information Security

Articles 1 - 14 of 14

Full-Text Articles in Physical Sciences and Mathematics

An Information-Sharing Based Anti-Phishing System, Yueqing Cheng, Zhen Yuan, Lei Ma, Robert H. Deng Nov 2007

An Information-Sharing Based Anti-Phishing System, Yueqing Cheng, Zhen Yuan, Lei Ma, Robert H. Deng

Research Collection School Of Computing and Information Systems

This paper presents the design of an informationsharing based or server-assisted anti-phishing system. The system follows a client-server architecture and makes decision based on not only client side heuristics but also collective information from multiple clients. When visiting a web site, a client side proxy, installed as a plug-in to a browser, decides on the legitimacy of the web site based on a combination of white list, black list and heuristics. In case the client side proxy does not have sufficient information to make a clear judgment, it reports the suspicious site to a central server which has access to …

Go to article

Light-Weight Encryption Schemes For Multimedia Data, Feng Bao, Robert H. Deng Nov 2007

Light-Weight Encryption Schemes For Multimedia Data, Feng Bao, Robert H. Deng

Research Collection School Of Computing and Information Systems

Due to the pervasiveness of high-speed networks and multimedia communications and storage, the demand for highspeed cryptosystems is ever increasing. It is widely believed that there is a tradeoff between speed and security in cryptosystem design. No existing encryption algorithms are both fast enough for high-speed operation and sufficiently secure to withstand powerful cryptanalysis. In this paper, we propose and analyze a generic construction of high-speed encryption schemes. Our solution is based on the fact that there exist secure but relatively slow block ciphers, e. g. AES, and super-fast but relatively weaker stream ciphers. We then combine a secure block …

Go to article

Npake+: A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords, Zhiguo Wan, Robert H. Deng, Feng Bao, Bart Preneel Oct 2007

Npake+: A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords, Zhiguo Wan, Robert H. Deng, Feng Bao, Bart Preneel

Research Collection School Of Computing and Information Systems

Although two-party password-authenticated key exchange (PAKE) protocols have been intensively studied in recent years, group PAKE protocols have received little attention. In this paper, we propose a hierarchical group PAKE protocol nPAKE+ protocol under the setting where each party shares an independent password with a trusted server. The nPAKE+ protocol is a novel combination of the hierarchical key tree structure and the password-based Diffie-Hellman exchange, and hence it achieves substantial gain in computation efficiency. In particular, the computation cost for each client in our protocol is only O(logn). Additionally, the hierarchical feature of nPAKE+ enables every subgroup obtains their own …

Go to article

Flexible Access Control To Jpeg 2000 Image Code-Streams, Yongdong Wu, Di Ma, Robert H. Deng Oct 2007

Flexible Access Control To Jpeg 2000 Image Code-Streams, Yongdong Wu, Di Ma, Robert H. Deng

Research Collection School Of Computing and Information Systems

JPEG 2000 is an international standard for still image compression in the 21st century. Part 8 of the standard, named JPSEC, is concerned with all the security aspects, in particular to access control and authentication. This paper presents a novel access control scheme for JPEG 2000 image code-streams. The proposed scheme is secure against collusion attacks and highly efficient. The scheme is also very flexible, allowing access control to JPEG 2000 image code-streams according to any combination of resolution, quality layer and region of interest. The "encrypt once, decrypt many ways" property of our scheme is designed to work seamlessly …

Go to article

Anonymous And Authenticated Key Exchange For Roaming Networks, Guomin Yang, Duncan S. Wong, Xiaotie Deng Sep 2007

Anonymous And Authenticated Key Exchange For Roaming Networks, Guomin Yang, Duncan S. Wong, Xiaotie Deng

Research Collection School Of Computing and Information Systems

User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user …

Go to article

Enhanced Security By Os-Oriented Encapsulation In Tpm-Enabled Drm, Yongdong Wu, Feng Bao, Robert H. Deng, Marc Mouffron, Frederic Rousseau Aug 2007

Enhanced Security By Os-Oriented Encapsulation In Tpm-Enabled Drm, Yongdong Wu, Feng Bao, Robert H. Deng, Marc Mouffron, Frederic Rousseau

Research Collection School Of Computing and Information Systems

The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticate a Digital Rights Management (DRM) application before allowing it to run. However TCG does not provide any clear specification on what kind of software can be regarded as trusted and hence be authenticated. In fact it is unlikely that there will be a clear line between the software that should be authenticated and those should not, …

Go to article

An Efficient Identity-Based Key Exchange Protocol With Kgs Forward Secrecy For Low-Power Devices, Robert W. Zhu, Guomin Yang, Duncan S. Wong Jun 2007

An Efficient Identity-Based Key Exchange Protocol With Kgs Forward Secrecy For Low-Power Devices, Robert W. Zhu, Guomin Yang, Duncan S. Wong

Research Collection School Of Computing and Information Systems

For an ID-based key exchange (KE) protocol, KGS forward secrecy is about the protection of previously established session keys after the master secret key of the Key Generation Server (KGS) is compromised. This is the strongest notion of forward secrecy that one can provide for an ID-based KE protocol. Among all the comparable protocols, there are only a few of them that provide this level of forward secrecy, and all of these protocols require expensive bilinear pairing operations and map-to-point hash operations that may not be suitable for implementation on low-power devices such as sensors. In this paper, we propose …

Go to article

Time Capsule Signature: Efficient And Provably Secure Constructions, Bessie C. Hu, Duncan S. Wong, Qiong Huang, Guomin Yang, Xiaotie Deng Jun 2007

Time Capsule Signature: Efficient And Provably Secure Constructions, Bessie C. Hu, Duncan S. Wong, Qiong Huang, Guomin Yang, Xiaotie Deng

Research Collection School Of Computing and Information Systems

Time Capsule Signature, first formalized by Dodis and Yum in Financial Cryptography 2005, is a digital signature scheme which allows a signature to bear a (future) time t so that the signature will only be valid at time t or later, when a trusted third party called time server releases time-dependent information for checking the validity of a time capsule signature. Also, the actual signer of a time capsule signature has the privilege to make the signature valid before time t.In this paper, we provide a new security model of time capsule signature such that time server is not required …

Go to article

A More Natural Way To Construct Identity-Based Identification Schemes, Guomin Yang, Jing Chen, Duncan S. Wong, Xiaotie Deng, Dongsheng Wang Jun 2007

A More Natural Way To Construct Identity-Based Identification Schemes, Guomin Yang, Jing Chen, Duncan S. Wong, Xiaotie Deng, Dongsheng Wang

Research Collection School Of Computing and Information Systems

Constructing identification schemes is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify itself to a public verifier who knows only the claimed identity of the prover and some common information. In this paper, we propose a simple and efficient framework for constructing IBI schemes. Unlike some related framework which constructs IBI schemes from some standard identification schemes, our framework is based on some more fundamental assumptions on intractable problems. Depending on the features of the underlying intractable problems presumed in our framework, we can derive …

Go to article

Achieving End-To-End Authentication In Intermediary-Enabled Multimedia Delivery Systems, Robert H. Deng, Yanjiang Yang May 2007

Achieving End-To-End Authentication In Intermediary-Enabled Multimedia Delivery Systems, Robert H. Deng, Yanjiang Yang

Research Collection School Of Computing and Information Systems

Considerable research and experiment results in recent years have shown that the server-proxy-user architecture represents an efficient and scalable new paradigm for multimedia content delivery. However, not much effort has been spent on the security issues in such systems. In this paper, we study data authentication in multimedia content delivery, and in particular, we focus on achieving end-to-end authentication from the multimedia server to end users in the server-proxy-user architecture where intermediary proxies transcode multimedia content dynamically. We present a formal model for the end-to-end authentication problem, and propose a basic construction for generic data modality and prove its security. …

Go to article

Forgery Attack To An Asymptotically Optimal Traitor Tracing Scheme, Yongdong Wu, Feng Bao, Robert H. Deng May 2007

Forgery Attack To An Asymptotically Optimal Traitor Tracing Scheme, Yongdong Wu, Feng Bao, Robert H. Deng

Research Collection School Of Computing and Information Systems

In this paper, we present a forgery attack to a black-box traitor tracing scheme [2] called as CPP scheme. CPP scheme has efficient transmission rate and allows the tracer to identify a traitor with just one invalid ciphertext. Since the original CPP scheme is vulnerable to the multi-key attack, we improved CPP to thwart the attack. However, CPP is vulnerable to a fatal forgery attack. In the forgery attack, two traitors can collude to forge all valid decryption keys. The forged keys appear as perfect genuine keys, can decrypt all protected content, but are untraceable by the tracer. Fortunately, we …

Go to article

Vulnerability Analysis Of Emap: An Efficient Rfid Mutual Authentication Protocol, Tieyan Li, Robert H. Deng Apr 2007

Vulnerability Analysis Of Emap: An Efficient Rfid Mutual Authentication Protocol, Tieyan Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

In this paper, we analyze the security vulnerabilities of EMAP, an efficient RFID mutual authentication protocol recently proposed by Peris-Lopez et al. (2006). We present two effective attacks, a de-synchronization attack and a full-disclosure attack, against the protocol. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter completely compromises a tag by extracting all the secret information stored in the tag. The de-synchronization attack can be carried out in just round of interaction in EMAP while the full-disclosure attack is accomplished across several runs of EMAP. …

Go to article

Privacy-Preserving Credentials Upon Trusted Computing Augmented Servers, Yanjiang Yang, Robert H. Deng, Feng Bao Mar 2007

Privacy-Preserving Credentials Upon Trusted Computing Augmented Servers, Yanjiang Yang, Robert H. Deng, Feng Bao

Research Collection School Of Computing and Information Systems

Credentials are an indispensable means for service access control in electronic commerce. However, regular credentials such as X.509 certificates and SPKI/SDSI certificates do not address user privacy at all, while anonymous credentials that protect user privacy are complex and have compatibility problems with existing PKIs. In this paper we propose privacy-preserving credentials, a concept between regular credentials and anonymous credentials. The privacy-preserving credentials enjoy the advantageous features of both regular credentials and anonymous credentials, and strike a balance between user anonymity and system complexity. We achieve this by employing computer servers equipped with TPMs (Trusted Platform Modules). We present a …

Go to article

Malicious Kgc Attacks In Certificateless Cryptography, Man Ho Au, Jing Chen, Joseph K. Liu, Yi Mu, Duncan S. Wong, Guomin Yang, Guomin Yang Mar 2007

Malicious Kgc Attacks In Certificateless Cryptography, Man Ho Au, Jing Chen, Joseph K. Liu, Yi Mu, Duncan S. Wong, Guomin Yang, Guomin Yang

Research Collection School Of Computing and Information Systems

Identity-based cryptosystems have an inherent key escrow issue, that is, the Key Generation Center (KGC) always knows user secret key. If the KGC is malicious, it can always impersonate the user. Certificateless cryptography, introduced by Al-Riyami and Paterson in 2003, is intended to solve this problem. However, in all the previously proposed certificateless schemes, it is always assumed that the malicious KGC starts launching attacks (so-called Type II attacks) only after it has generated a master public/secret key pair honestly. In this paper, we propose new security models that remove this assumption for both certificateless signature and encryption schemes. Under …

Go to article