Information Security Commons^™

Investigating The Spatial Complexity Of Various Pke-Peks Schematics, Jacob Patterson

Rose-Hulman Undergraduate Research Publications

With the advent of cloud storage, people upload all sorts of information to third party servers. However, uploading plaintext does not seem like a good idea for users who wish to keep their data private. Current solutions to this problem in literature involves integrating Public Key Encryption and Public key encryption with keyword search techniques. The intent of this paper is to analyze the spatial complexities of various PKE-PEKS schemes at various levels of security and discuss potential avenues for improvement.

Iterated Random Oracle: A Universal Approach For Finding Loss In Security Reduction, Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang

Research Collection School Of Computing and Information Systems

The indistinguishability security of a public-key cryptosystem can be reduced to a computational hard assumption in the random oracle model, where the solution to a computational hard problem is hidden in one of the adversary’s queries to the random oracle. Usually, there is a finding loss in finding the correct solution from the query set, especially when the decisional variant of the computational problem is also hard. The problem of finding loss must be addressed towards tight(er) reductions under this type. In EUROCRYPT 2008, Cash, Kiltz and Shoup proposed a novel approach using a trapdoor test that can solve the …

A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang

Research & Publications

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.

Cryptographic Reverse Firewall Via Malleable Smooth Projective Hash Functions, Rongmao Chen, Guomin Yang, Guomin Yang, Willy Susilo, Fuchun Guo, Mingwu Zhang

Research Collection School Of Computing and Information Systems

Motivated by the revelations of Edward Snowden, postSnowden cryptography has become a prominent research direction in recent years. In Eurocrypt 2015, Mironov and Stephens-Davidowitz proposed a novel concept named cryptographic reverse firewall (CRF) which can resist exfiltration of secret information from an arbitrarily compromised machine. In this work, we continue this line of research and present generic CRF constructions for several widely used cryptographic protocols based on a new notion named malleable smooth projective hash function. Our contributions can be summarized as follows. – We introduce the notion of malleable smooth projective hash function, which is an extension of the …

M(2)-Abks: Attribute-Based Multi-Keyword Search Over Encrypted Personal Health Records In Multi-Owner Setting, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, Xu An Wang

Research Collection School Of Computing and Information Systems

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search …

Active Snort Rules And The Needs For Computing Resources: Computing Resources Needed To Activate Different Numbers Of Snort Rules, Chad A. Arney, Xinli Wang

School of Technology Publications

This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.

The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.

Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen

Masters Theses & Specialist Projects

Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.

Although many systems such as REDCap and Taverna are built for …

A Key-Insulated Cp-Abe With Key Exposure Accountability For Secure Data Sharing In The Cloud, Hanshu Hong, Zhixin Sun, Ximeng Liu

Research Collection School Of Computing and Information Systems

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). …

Efficient Verifiable Computation Of Linear And Quadratic Functions Over Encrypted Data, Ngoc Hieu Tran, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

In data outsourcing, a client stores a large amount of data on an untrusted server; subsequently, the client can request the server to compute a function on any subset of the data. This setting naturally leads to two security requirements: confidentiality of input data, and authenticity of computations. Existing approaches that satisfy both requirements simultaneously are built on fully homomorphic encryption, which involves expensive computation on the server and client and hence is impractical. In this paper, we propose two verifiable homomorphic encryption schemes that do not rely on fully homomorphic encryption. The first is a simple and efficient scheme …

Big Data And The Fourth Estate: Protecting The Development Of News Media Monitoring Databases, Joseph A. Tomain

Articles by Maurer Faculty

No abstract provided.

Privacy-Preserving And Verifiable Data Aggregation, Ngoc Hieu Tran, Robert H. Deng, Hwee Hwa Pang

Research Collection School Of Computing and Information Systems

There are several recent research studies on privacy-preserving aggregation of time series data, where an aggregator computes an aggregation of multiple users' data without learning each individual's private input value. However, none of the existing schemes allows the aggregation result to be verified for integrity. In this paper, we present a new data aggregation scheme that protects user privacy as well as integrity of the aggregation. Towards this end, we first propose an aggregate signature scheme in a multi-user setting without using bilinear maps. We then extend the aggregate signature scheme into a solution for privacy-preserving and verifiable data aggregation. …