Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Keyword
-
- ABE (4)
- Revocation (4)
- Android (3)
- Cloud computing (3)
- Cloud storage (3)
-
- Homomorphic encryption (3)
- Smooth projective hash function (3)
- Access control (2)
- Aggregate signature (2)
- Android Debug Bridge (ADB) (2)
- Anonymity (2)
- Attribute-based encryption (2)
- Authentication (2)
- Chosen-ciphertext security (2)
- Cloud security (2)
- Data outsourcing (2)
- Data privacy (2)
- Exploits analysis (2)
- Granular revocation (2)
- Identity-based broadcast encryption (2)
- No-root approach (2)
- Oblivious signature-based envelope (2)
- Outsourced computation (2)
- Permission explosion (2)
- Privacy (2)
- Privacy-preserving (2)
- Proxy signature (2)
- Random oracle model (2)
- Robustness (2)
- Root (2)
- Publication
- Publication Type
Articles 1 - 30 of 57
Full-Text Articles in Information Security
A Privacy-Preserving Outsourced Functional Computation Framework Across Large-Scale Multiple Encrypted Domains, Ximeng Liu, Baodong Qin, Robert H. Deng, Rongxing Lu, Jianfeng Ma
A Privacy-Preserving Outsourced Functional Computation Framework Across Large-Scale Multiple Encrypted Domains, Ximeng Liu, Baodong Qin, Robert H. Deng, Rongxing Lu, Jianfeng Ma
Research Collection School Of Computing and Information Systems
In this paper, we propose a framework for privacy-preserving outsourced functional computation across large-scale multiple encrypted domains, which we refer to as POFD. With POFD, a user can obtain the output of a function computed over encrypted data from multiple domains while protecting the privacy of the function itself, its input and its output. Specifically, we introduce two notions of POFD, the basic POFD and its enhanced version, in order to tradeoff the levels of privacy protection and performance. We present three protocols, named Multi-domain Secure Multiplication protocol (MSM), Secure Exponent Calculation protocol with private Base (SECB), and Secure Exponent …
Iterated Random Oracle: A Universal Approach For Finding Loss In Security Reduction, Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang
Iterated Random Oracle: A Universal Approach For Finding Loss In Security Reduction, Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang
Research Collection School Of Computing and Information Systems
The indistinguishability security of a public-key cryptosystem can be reduced to a computational hard assumption in the random oracle model, where the solution to a computational hard problem is hidden in one of the adversary’s queries to the random oracle. Usually, there is a finding loss in finding the correct solution from the query set, especially when the decisional variant of the computational problem is also hard. The problem of finding loss must be addressed towards tight(er) reductions under this type. In EUROCRYPT 2008, Cash, Kiltz and Shoup proposed a novel approach using a trapdoor test that can solve the …
Server-Aided Public Key Encryption With Keyword Search, Rongman Chen, Yi Mu, Guomin Yang, Fuchun Guo, Xinyi Huang, Xiaofen Wang, Yongjun Wang
Server-Aided Public Key Encryption With Keyword Search, Rongman Chen, Yi Mu, Guomin Yang, Fuchun Guo, Xinyi Huang, Xiaofen Wang, Yongjun Wang
Research Collection School Of Computing and Information Systems
Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to …
Attacking Android Smartphone Systems Without Permissions, Mon Kywe Su, Yingjiu Li, Kunal Petal, Michael Grace
Attacking Android Smartphone Systems Without Permissions, Mon Kywe Su, Yingjiu Li, Kunal Petal, Michael Grace
Research Collection School Of Computing and Information Systems
Android requires third-party applications to request for permissions when they access critical mobile resources, such as users' personal information and system operations. In this paper, we present the attacks that can be launched without permissions. We first perform call graph analysis, component analysis and data-flow analysis on various parts of Android framework to retrieve unprotected APIs. Unprotected APIs provide a way of accessing resources without any permissions. We then exploit selected unprotected APIs and launch a number of attacks on Android phones. We discover that without requesting for any permissions, an attacker can access to device ID, phone service state, …
Cryptographic Reverse Firewall Via Malleable Smooth Projective Hash Functions, Rongmao Chen, Guomin Yang, Guomin Yang, Willy Susilo, Fuchun Guo, Mingwu Zhang
Cryptographic Reverse Firewall Via Malleable Smooth Projective Hash Functions, Rongmao Chen, Guomin Yang, Guomin Yang, Willy Susilo, Fuchun Guo, Mingwu Zhang
Research Collection School Of Computing and Information Systems
Motivated by the revelations of Edward Snowden, postSnowden cryptography has become a prominent research direction in recent years. In Eurocrypt 2015, Mironov and Stephens-Davidowitz proposed a novel concept named cryptographic reverse firewall (CRF) which can resist exfiltration of secret information from an arbitrarily compromised machine. In this work, we continue this line of research and present generic CRF constructions for several widely used cryptographic protocols based on a new notion named malleable smooth projective hash function. Our contributions can be summarized as follows. – We introduce the notion of malleable smooth projective hash function, which is an extension of the …
Ciphertext-Policy Attribute-Based Encryption With Partially Hidden Access Structure And Its Application To Privacy-Preserving Electronic Medical Record System In Cloud Environment, Lixian Liu, Junzuo Lai, Robert H. Deng, Yingjiu Li
Ciphertext-Policy Attribute-Based Encryption With Partially Hidden Access Structure And Its Application To Privacy-Preserving Electronic Medical Record System In Cloud Environment, Lixian Liu, Junzuo Lai, Robert H. Deng, Yingjiu Li
Research Collection School Of Computing and Information Systems
With the development of cloud computing, more and more sensitive data are uploaded to cloud by companies or individuals, which brings forth new challenges for outsourced data security and privacy. Ciphertext-policy attribute-based encryption (CP-ABE) provides fine-grained access control of encrypted data in the cloud; in a CP-ABE scheme, an access structure, also referred to as ciphertext-policy, is sent along with a ciphertext explicitly, and anyone who obtains a ciphertext can know the access structure associated with the ciphertext. In certain applications, access structures contain very sensitive information and must be protected from everyone except the users whose private key attributes …
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun
Research Collection School Of Computing and Information Systems
Time is frequently used in security protocols to provide better security. For instance, critical credentials often have limited lifetime which improves the security against brute-force attacks. However, it is challenging to correctly use time in protocol design, due to the existence of clock drift in practice. In this work, we develop a systematic method to formally specify as well as automatically verify timed security protocols with clock drift. We first extend the previously proposed timed applied ππ -calculus as a formal specification language for timed protocols with clock drift. Then, we define its formal semantics based on timed logic rules, …
An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys, Ximeng Liu, Robert H. Deng, Kim-Kwang Raymond Choo, Jian Weng
An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys, Ximeng Liu, Robert H. Deng, Kim-Kwang Raymond Choo, Jian Weng
Research Collection School Of Computing and Information Systems
In this paper, we propose a toolkit for efficient and privacy-preserving outsourced calculation under multiple encrypted keys (EPOM). Using EPOM, a large scale of users can securely outsource their data to a cloud server for storage. Moreover, encrypted data belonging to multiple users can be processed without compromising on the security of the individual user's (original) data and the final computed results. To reduce the associated key management cost and private key exposure risk in EPOM, we present a distributed two-trapdoor public-key cryptosystem, the core cryptographic primitive. We also present the toolkit to ensure that the commonly used integer operations …
Privacy-Preserving Outsourced Calculation On Floating Point Numbers, Ximeng Liu, Robert H. Deng, Wenxiu Ding, Rongxing Lu
Privacy-Preserving Outsourced Calculation On Floating Point Numbers, Ximeng Liu, Robert H. Deng, Wenxiu Ding, Rongxing Lu
Research Collection School Of Computing and Information Systems
In this paper, we propose a framework for privacy-preserving outsourced calculation on floating point numbers (POCF). Using POCF, a user can securely outsource the storing and processing of floating point numbers to a cloud server without compromising on the security of the (original) data and the computed results. In particular, we first present privacy-preserving integer processing protocols for common integer operations. We then present an approach to outsourcing floating point numbers for storage in a privacy-preserving way, and securely processing commonly used floating point number operations on-the-fly. We prove that the proposed POCF achieves the goal of floating point number …
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. Existing no-root approaches require users to launch a separate service via Android Debug Bridge (ADB) on an Android device, which would perform user-desired tasks. However, it is unusual for a third-party Android application to work with a separate native service via sockets, and it requires the application developers to have extra knowledge such …
An Efficient And Expressive Ciphertext-Policy Attribute-Based-Encryption Scheme With Partially Hidden Access Structures, Hui Cui, Deng, Robert H., Guowei Wu, Junzuo Lai
An Efficient And Expressive Ciphertext-Policy Attribute-Based-Encryption Scheme With Partially Hidden Access Structures, Hui Cui, Deng, Robert H., Guowei Wu, Junzuo Lai
Research Collection School Of Computing and Information Systems
A promising solution to protect data privacy in cloud storage services is known as ciphertext-policy attribute-based encryption (CP-ABE). However, in a traditional CP-ABE scheme, a ciphertext is bound with an explicit access structure, which may leak private information about the underlying plaintext in that anyone having access to the ciphertexts can tell the attributes of the privileged recipients by looking at the access structures. A notion called CP-ABE with partially hidden access structures [14, 15, 18, 19, 24] was put forth to address this problem, in which each attribute consists of an attribute name and an attribute value and the …
Editorial: Trust Management For Multimedia Big Data, Zheng Yan, Jun Liu, Deng, Robert H., Francisco Herrera
Editorial: Trust Management For Multimedia Big Data, Zheng Yan, Jun Liu, Deng, Robert H., Francisco Herrera
Research Collection School Of Computing and Information Systems
No abstract provided.
Achieving Ind-Cca Security For Functional Encryption For Inner Products, Shiwei Zhang, Yi Mu, Guomin Yang
Achieving Ind-Cca Security For Functional Encryption For Inner Products, Shiwei Zhang, Yi Mu, Guomin Yang
Research Collection School Of Computing and Information Systems
Functional encryption allows the authorised parties to reveal partial information of the plaintext hidden in a ciphertext while in conventional encryption decryption is all-or-nothing. Focusing on the functionality of inner product evaluation (i.e. given vectors xxxx and yyyy, calculate ⟨xx,yy⟩⟨xx,yy⟩), Abdalla et al. (PKC 2015) proposed a functional encryption scheme for inner product functionality (FE-IP) with s-IND-CPA security. In some recent works by Abdalla et al. (eprint: Report 2016/11) and Agrawal et al. (CRYPTO 2016), IND-CPA secure FE-IP schemes have also been proposed. In order to achieve Indistinguishable under Chosen Ciphertext Attacks (IND-CCA security) for FE-IP, in this paper, we …
On The Security Of Two Identity-Based Conditional Proxy Re-Encryption Schemes, Kai He, Jian Weng, Robert H. Deng, Joseph K. Liu
On The Security Of Two Identity-Based Conditional Proxy Re-Encryption Schemes, Kai He, Jian Weng, Robert H. Deng, Joseph K. Liu
Research Collection School Of Computing and Information Systems
Proxy re-encryption allows a semi-trusted proxy with a re-encryption key to convert a delegator's ciphertext into a delegatee's ciphertext, and the semi-trusted proxy cannot learn anything about the underlying plaintext. If a proxy re-encryption scheme is indistinguishable against chosen-ciphertext attacks, its initialized ciphertext should be non-malleable. Otherwise, there might exist an adversary who can break the chosen-ciphertext security of the scheme. Recently, Liang et al. proposed two proxy re-encryption schemes. They claimed that their schemes were chosen-ciphertext secure in the standard model. However, we find that the original ciphertext in their schemes are malleable. Thus, we present some concrete attacks …
One-Round Attribute-Based Key Exchange In The Multi-Party Setting, Yangguang Tian, Guomin Yang, Yi Mu, Kaitai Liang, Yong Yu
One-Round Attribute-Based Key Exchange In The Multi-Party Setting, Yangguang Tian, Guomin Yang, Yi Mu, Kaitai Liang, Yong Yu
Research Collection School Of Computing and Information Systems
Attribute-based authenticated key exchange (AB-AKE) is a useful primitive that allows a group of users to establish a shared secret key and at the same time enables fine-grained access control. A straightforward approach to design an AB-AKE protocol is to extend a key exchange protocol using attribute-based authentication technique. However, insider security is a challenge security issue for AB-AKE in the multi-party setting and cannot be solved using the straightforward approach. In addition, many existing key exchange protocols for the multi-party setting (e.g., the well-known Burmester-Desmedt protocol) require multiple broadcast rounds to complete the protocol. In this paper, we propose …
M(2)-Abks: Attribute-Based Multi-Keyword Search Over Encrypted Personal Health Records In Multi-Owner Setting, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, Xu An Wang
M(2)-Abks: Attribute-Based Multi-Keyword Search Over Encrypted Personal Health Records In Multi-Owner Setting, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, Xu An Wang
Research Collection School Of Computing and Information Systems
Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search …
A Provably Secure Aggregate Signature Scheme For Healthcare Wireless Sensor Networks, Limin Shen, Jianfeng Ma, Ximeng Liu, Meixia Miao
A Provably Secure Aggregate Signature Scheme For Healthcare Wireless Sensor Networks, Limin Shen, Jianfeng Ma, Ximeng Liu, Meixia Miao
Research Collection School Of Computing and Information Systems
Wireless sensor networks (WSNs) are being used in a wide range of applications for healthcare monitoring, like heart rate monitors and blood pressure monitors, which can minimize the need for healthcare professionals. In medical system, sensors on or in patients produce medical data which can be easily compromised by a vast of attacks. Although signature schemes can protect data authenticity and data integrity, when the number of users involved in the medical system becomes huge, the bandwidth and storage cost will rise sharply so that existing signature schemes are inapplicability for WSNs. In this paper, we propose an efficient aggregate …
Efficient Tag Path Authentication Protocol With Less Tag Memory, Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao
Efficient Tag Path Authentication Protocol With Less Tag Memory, Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao
Research Collection School Of Computing and Information Systems
Logistical management has been advanced rapidly in these years, taking advantage of the broad connectivity of the Internet. As it becomes an important part of our lives, it also raises many challenging issues, e.g., the counterfeits of expensive goods pose a serious threat to supply chain management. As a result, path authentication becomes especially important in supply chain management, since it helps us maintain object pedigree and supply chain integrity. Meanwhile, tag path authentication must meet a series of security requirements, such as authentication, privacy, and unlinkability. In addition, the authentication protocol must be efficient.In 2011, the first tag path …
A Novel Covert Channel Detection Method In Cloud Based On Xsrm And Improved Event Association Algorithm, Lina Wang, Weijie Liu, Neeraj Kumar, Debiao He, Cheng Tan, Debin Gao
A Novel Covert Channel Detection Method In Cloud Based On Xsrm And Improved Event Association Algorithm, Lina Wang, Weijie Liu, Neeraj Kumar, Debiao He, Cheng Tan, Debin Gao
Research Collection School Of Computing and Information Systems
Covert channel is a major threat to the information system security and commonly found in operating systems, especially in cloud computing environment. Owing to the characteristics in cloud computing environment such as resources sharing and logic boundaries, covert channels become more varied and difficult to find. Focusing on those problems, this paper presents a universal method for detecting covert channel automatically. To achieve a global detection, we leveraged a virtual machine event record mechanism in hypervisor to gather necessary metadata. Combining the shared resources matrix methodology with events association mechanism, we proposed a distinctive algorithm that can accurately locate and …
Ownership-Hidden Group-Oriented Proofs Of Storage From Pre-Homomorphic Signatures, Yujue Wang, Qianhong Wu, Bo Qin, Xiaofeng Chen, Xinyi Huang, Jungang Lou
Ownership-Hidden Group-Oriented Proofs Of Storage From Pre-Homomorphic Signatures, Yujue Wang, Qianhong Wu, Bo Qin, Xiaofeng Chen, Xinyi Huang, Jungang Lou
Research Collection School Of Computing and Information Systems
In this paper, we study the problem of secure cloud storage in a multi-user setting such that the ownership of outsourced files can be hidden against the cloud server. There is a group manager for initiating the system, who is also responsible for issuing private keys for the involved group members. All authorized members are able to outsource files to the group’s storage account at some cloud server. Although the ownership of outsourced file is preserved against the cloud server, the group manager could trace the true identity of any suspicious file for liability investigation. To address this issue, we …
Dissecting Developer Policy Violating Apps: Characterization And Detection, Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng
Dissecting Developer Policy Violating Apps: Characterization And Detection, Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng
Research Collection School Of Computing and Information Systems
To ensure quality and trustworthiness of mobile apps, Google Play store imposes various developer policies. Once an app is reported for exhibiting policy-violating behaviors, it is removed from the store to protect users. Currently, Google Play store relies on mobile users’ feedbacks to identify policy violations. Our paper takes the first step towards understanding these policy-violating apps. First, we crawl 302 Android apps, which are reported in the Reddit forum by mobile users for policy violations and are later removed from the Google Play store. Second, we perform empirical analysis, which reveals that many violating behaviors have not been studied …
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Integrated Software Fingerprinting Via Neural-Network-Based Control Flow Obfuscation, Haoyu Ma, Ruiqi Li, Xiaoxu Yu, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. …
Attribute-Based Encryption With Granular Revocation, Hui Cui, Deng, Robert H., Xuhua Ding, Yingjiu Li
Attribute-Based Encryption With Granular Revocation, Hui Cui, Deng, Robert H., Xuhua Ding, Yingjiu Li
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) enables an access control mechanism over encrypted data by specifying access policies over attributes associated with private keys or ciphertexts, which is a promising solution to protect data privacy in cloud storage services. As an encryption system that involves many data users whose attributes might change over time, it is essential to provide a mechanism to selectively revoke data users’ attributes in an ABE system. However, most of the previous revokable ABE schemes consider how to disable revoked data users to access (newly) encrypted data in the system, and there are few of them that can be …
Provably Secure Robust Optimistic Fair Exchange Of Distributed Signatures, Yujue Wang, Qianhong Wu, Duncan S. Wong, Bo Qin, Jian Mao, Yong Ding
Provably Secure Robust Optimistic Fair Exchange Of Distributed Signatures, Yujue Wang, Qianhong Wu, Duncan S. Wong, Bo Qin, Jian Mao, Yong Ding
Research Collection School Of Computing and Information Systems
We introduce the concept of optimistic fair exchange of distributed signatures (OFEDS) which allows two groups of parties to fairly exchange digital signatures. Specifically, an authorized set of parties from each group can jointly take part in the protocol on behalf of the affiliated group to fulfill obligation, and a semi-trusted arbitrator will intervene in the protocol only when there are disputes between two sides. Our OFEDS extends the functionality of optimistic fair exchange of threshold signatures to a more generic case. We formalize the security model of OFEDS, in which besides the standard security requirements for existing optimistic fair …
Server-Aided Revocable Attribute-Based Encryption, Hui Cui, Deng, Robert H., Yingjiu Li, Baodong Qin
Server-Aided Revocable Attribute-Based Encryption, Hui Cui, Deng, Robert H., Yingjiu Li, Baodong Qin
Research Collection School Of Computing and Information Systems
As a one-to-many public key encryption system, attribute-based encryption (ABE) enables scalable access control over encrypted data in cloud storage services. However, efficient user revocation has been a very challenging problem in ABE. To address this issue, Boldyreva, Goyal and Kumar [5] introduced a revocation method by combining the binary tree data structure with fuzzy identity-based encryption, in which a key generation center (KGC) periodically broadcasts key update information to all data users over a public channel. The Boldyreva-Goyal-Kumar approach reduces the size of key updates from linear to logarithm in the number of users, and it has been widely …
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Indoor Localization Via Multi-Modal Sensing On Smartphones, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Ke Yi, Yunhao Liu
Research Collection School Of Computing and Information Systems
Indoor localization is of great importance to a wide range ofapplications in shopping malls, office buildings and publicplaces. The maturity of computer vision (CV) techniques andthe ubiquity of smartphone cameras hold promise for offering sub-meter accuracy localization services. However, pureCV-based solutions usually involve hundreds of photos andpre-calibration to construct image database, a labor-intensiveoverhead for practical deployment. We present ClickLoc, anaccurate, easy-to-deploy, sensor-enriched, image-based indoor localization system. With core techniques rooted insemantic information extraction and optimization-based sensor data fusion, ClickLoc is able to bootstrap with few images. Leveraging sensor-enriched photos, ClickLoc also enables user localization with a single photo of the …
Trustworthy Authentication On Scalable Surveillance Video With Background Model Support, Zhuo Wei, Zheng Yan, Yongdong Wu, Robert H. Deng
Trustworthy Authentication On Scalable Surveillance Video With Background Model Support, Zhuo Wei, Zheng Yan, Yongdong Wu, Robert H. Deng
Research Collection School Of Computing and Information Systems
H.264/SVC (Scalable Video Coding) codestreams, which consist of a single base layer and multiple enhancement layers, are designed for quality, spatial, and temporal scalabilities. They can be transmitted over networks of different bandwidths and seamlessly accessed by various terminal devices. With a huge amount of video surveillance and various devices becoming an integral part of the security infrastructure, the industry is currently starting to use the SVC standard to process digital video for surveillance applications such that clients with different network bandwidth connections and display capabilities can seamlessly access various SVC surveillance (sub)codestreams. In order to guarantee the trustworthiness and …
Design And Evaluation Of Advanced Collusion Attacks On Collaborative Intrusion Detection Networks In Practice, Weizhi Meng, Xiapu Luo, Wenjuan Li, Yan Li
Design And Evaluation Of Advanced Collusion Attacks On Collaborative Intrusion Detection Networks In Practice, Weizhi Meng, Xiapu Luo, Wenjuan Li, Yan Li
Research Collection School Of Computing and Information Systems
To encourage collaboration among single intrusion detection systems (IDSs), collaborative intrusion detection networks (CIDNs) have been developed that enable different IDS nodes to communicate information with each other. This distributed network infrastructure aims to improve the detection performance of a single IDS, but may suffer from various insider attacks like collusion attacks, where several malicious nodes can collaborate to perform adversary actions. To defend against insider threats, challenge-based trust mechanisms have been proposed in the literature and proven to be robust against collusion attacks. However, we identify that such mechanisms depend heavily on an assumption of malicious nodes, which is …
Revocable And Decentralized Attribute-Based Encryption, Hui Cui, Deng, Robert H.
Revocable And Decentralized Attribute-Based Encryption, Hui Cui, Deng, Robert H.
Research Collection School Of Computing and Information Systems
In this paper, we propose a revocable and decentralized attribute-based encryption (ABE) system that splits the task of decryption key generation across multiple attribute authorities (AAs) without requiring any central party such that it achieves attribute revocation by simply stopping updating of the corresponding private key. In our system, a party can easily behave as an AA by creating a public and private key pair without any global communication except the creation for the common system parameters, under which it can periodically issue/update private key components for users that reflect their attributes, and an AA can freely leave the system …
Linear Encryption With Keyword Search, Shiwei Zhang, Guomin Yang, Yi Mu
Linear Encryption With Keyword Search, Shiwei Zhang, Guomin Yang, Yi Mu
Research Collection School Of Computing and Information Systems
Nowadays an increasing amount of data stored in the public cloud need to be searched remotely for fast accessing. For the sake of privacy, the remote files are usually encrypted, which makes them difficult to be searched by remote servers. It is also harder to efficiently share encrypted data in the cloud than those in plaintext. In this paper, we develop a searchable encryption framework called Linear Encryption with Keyword Search (LEKS) that can semi-generically convert some existing encryption schemes meeting our Linear Encryption Template (LET) to be searchable without re-encrypting all the data. For allowing easy data sharing, we …