Information Security Commons^™

Investigating The Spatial Complexity Of Various Pke-Peks Schematics, Jacob Patterson

Rose-Hulman Undergraduate Research Publications

With the advent of cloud storage, people upload all sorts of information to third party servers. However, uploading plaintext does not seem like a good idea for users who wish to keep their data private. Current solutions to this problem in literature involves integrating Public Key Encryption and Public key encryption with keyword search techniques. The intent of this paper is to analyze the spatial complexities of various PKE-PEKS schemes at various levels of security and discuss potential avenues for improvement.

A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang

Faculty Research & Publications

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.

Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky

Articles

Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …

A Privacy-Preserving Outsourced Functional Computation Framework Across Large-Scale Multiple Encrypted Domains, Ximeng Liu, Baodong Qin, Robert H. Deng, Rongxing Lu, Jianfeng Ma

Research Collection School Of Computing and Information Systems

In this paper, we propose a framework for privacy-preserving outsourced functional computation across large-scale multiple encrypted domains, which we refer to as POFD. With POFD, a user can obtain the output of a function computed over encrypted data from multiple domains while protecting the privacy of the function itself, its input and its output. Specifically, we introduce two notions of POFD, the basic POFD and its enhanced version, in order to tradeoff the levels of privacy protection and performance. We present three protocols, named Multi-domain Secure Multiplication protocol (MSM), Secure Exponent Calculation protocol with private Base (SECB), and Secure Exponent …

Iterated Random Oracle: A Universal Approach For Finding Loss In Security Reduction, Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang

Research Collection School Of Computing and Information Systems

The indistinguishability security of a public-key cryptosystem can be reduced to a computational hard assumption in the random oracle model, where the solution to a computational hard problem is hidden in one of the adversary’s queries to the random oracle. Usually, there is a finding loss in finding the correct solution from the query set, especially when the decisional variant of the computational problem is also hard. The problem of finding loss must be addressed towards tight(er) reductions under this type. In EUROCRYPT 2008, Cash, Kiltz and Shoup proposed a novel approach using a trapdoor test that can solve the …

Server-Aided Public Key Encryption With Keyword Search, Rongman Chen, Yi Mu, Guomin Yang, Fuchun Guo, Xinyi Huang, Xiaofen Wang, Yongjun Wang

Research Collection School Of Computing and Information Systems

Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to …

Attacking Android Smartphone Systems Without Permissions, Mon Kywe Su, Yingjiu Li, Kunal Petal, Michael Grace

Research Collection School Of Computing and Information Systems

Android requires third-party applications to request for permissions when they access critical mobile resources, such as users' personal information and system operations. In this paper, we present the attacks that can be launched without permissions. We first perform call graph analysis, component analysis and data-flow analysis on various parts of Android framework to retrieve unprotected APIs. Unprotected APIs provide a way of accessing resources without any permissions. We then exploit selected unprotected APIs and launch a number of attacks on Android phones. We discover that without requesting for any permissions, an attacker can access to device ID, phone service state, …

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …

Cryptographic Reverse Firewall Via Malleable Smooth Projective Hash Functions, Rongmao Chen, Guomin Yang, Guomin Yang, Willy Susilo, Fuchun Guo, Mingwu Zhang

Research Collection School Of Computing and Information Systems

Motivated by the revelations of Edward Snowden, postSnowden cryptography has become a prominent research direction in recent years. In Eurocrypt 2015, Mironov and Stephens-Davidowitz proposed a novel concept named cryptographic reverse firewall (CRF) which can resist exfiltration of secret information from an arbitrarily compromised machine. In this work, we continue this line of research and present generic CRF constructions for several widely used cryptographic protocols based on a new notion named malleable smooth projective hash function. Our contributions can be summarized as follows. – We introduce the notion of malleable smooth projective hash function, which is an extension of the …

Ciphertext-Policy Attribute-Based Encryption With Partially Hidden Access Structure And Its Application To Privacy-Preserving Electronic Medical Record System In Cloud Environment, Lixian Liu, Junzuo Lai, Robert H. Deng, Yingjiu Li

Research Collection School Of Computing and Information Systems

With the development of cloud computing, more and more sensitive data are uploaded to cloud by companies or individuals, which brings forth new challenges for outsourced data security and privacy. Ciphertext-policy attribute-based encryption (CP-ABE) provides fine-grained access control of encrypted data in the cloud; in a CP-ABE scheme, an access structure, also referred to as ciphertext-policy, is sent along with a ciphertext explicitly, and anyone who obtains a ciphertext can know the access structure associated with the ciphertext. In certain applications, access structures contain very sensitive information and must be protected from everyone except the users whose private key attributes …

Automated Verification Of Timed Security Protocols With Clock Drift, Li Li, Jun Sun

Research Collection School Of Computing and Information Systems

Time is frequently used in security protocols to provide better security. For instance, critical credentials often have limited lifetime which improves the security against brute-force attacks. However, it is challenging to correctly use time in protocol design, due to the existence of clock drift in practice. In this work, we develop a systematic method to formally specify as well as automatically verify timed security protocols with clock drift. We first extend the previously proposed timed applied ππ -calculus as a formal specification language for timed protocols with clock drift. Then, we define its formal semantics based on timed logic rules, …

An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys, Ximeng Liu, Robert H. Deng, Kim-Kwang Raymond Choo, Jian Weng

Research Collection School Of Computing and Information Systems

In this paper, we propose a toolkit for efficient and privacy-preserving outsourced calculation under multiple encrypted keys (EPOM). Using EPOM, a large scale of users can securely outsource their data to a cloud server for storage. Moreover, encrypted data belonging to multiple users can be processed without compromising on the security of the individual user's (original) data and the final computed results. To reduce the associated key management cost and private key exposure risk in EPOM, we present a distributed two-trapdoor public-key cryptosystem, the core cryptographic primitive. We also present the toolkit to ensure that the commonly used integer operations …

Privacy-Preserving Outsourced Calculation On Floating Point Numbers, Ximeng Liu, Robert H. Deng, Wenxiu Ding, Rongxing Lu

Research Collection School Of Computing and Information Systems

In this paper, we propose a framework for privacy-preserving outsourced calculation on floating point numbers (POCF). Using POCF, a user can securely outsource the storing and processing of floating point numbers to a cloud server without compromising on the security of the (original) data and the computed results. In particular, we first present privacy-preserving integer processing protocols for common integer operations. We then present an approach to outsourcing floating point numbers for storage in a privacy-preserving way, and securely processing commonly used floating point number operations on-the-fly. We prove that the proposed POCF achieves the goal of floating point number …

A Study On A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Deng, Robert H., Lingyun Ying, Wei He

Research Collection School Of Computing and Information Systems

Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. Existing no-root approaches require users to launch a separate service via Android Debug Bridge (ADB) on an Android device, which would perform user-desired tasks. However, it is unusual for a third-party Android application to work with a separate native service via sockets, and it requires the application developers to have extra knowledge such …

An Efficient And Expressive Ciphertext-Policy Attribute-Based-Encryption Scheme With Partially Hidden Access Structures, Hui Cui, Deng, Robert H., Guowei Wu, Junzuo Lai

Research Collection School Of Computing and Information Systems

A promising solution to protect data privacy in cloud storage services is known as ciphertext-policy attribute-based encryption (CP-ABE). However, in a traditional CP-ABE scheme, a ciphertext is bound with an explicit access structure, which may leak private information about the underlying plaintext in that anyone having access to the ciphertexts can tell the attributes of the privileged recipients by looking at the access structures. A notion called CP-ABE with partially hidden access structures [14, 15, 18, 19, 24] was put forth to address this problem, in which each attribute consists of an attribute name and an attribute value and the …

Editorial: Trust Management For Multimedia Big Data, Zheng Yan, Jun Liu, Deng, Robert H., Francisco Herrera

Research Collection School Of Computing and Information Systems

No abstract provided.

Achieving Ind-Cca Security For Functional Encryption For Inner Products, Shiwei Zhang, Yi Mu, Guomin Yang

Research Collection School Of Computing and Information Systems

Functional encryption allows the authorised parties to reveal partial information of the plaintext hidden in a ciphertext while in conventional encryption decryption is all-or-nothing. Focusing on the functionality of inner product evaluation (i.e. given vectors xxxx and yyyy, calculate ⟨xx,yy⟩⟨xx,yy⟩), Abdalla et al. (PKC 2015) proposed a functional encryption scheme for inner product functionality (FE-IP) with s-IND-CPA security. In some recent works by Abdalla et al. (eprint: Report 2016/11) and Agrawal et al. (CRYPTO 2016), IND-CPA secure FE-IP schemes have also been proposed. In order to achieve Indistinguishable under Chosen Ciphertext Attacks (IND-CCA security) for FE-IP, in this paper, we …

On The Security Of Two Identity-Based Conditional Proxy Re-Encryption Schemes, Kai He, Jian Weng, Robert H. Deng, Joseph K. Liu

Research Collection School Of Computing and Information Systems

Proxy re-encryption allows a semi-trusted proxy with a re-encryption key to convert a delegator's ciphertext into a delegatee's ciphertext, and the semi-trusted proxy cannot learn anything about the underlying plaintext. If a proxy re-encryption scheme is indistinguishable against chosen-ciphertext attacks, its initialized ciphertext should be non-malleable. Otherwise, there might exist an adversary who can break the chosen-ciphertext security of the scheme. Recently, Liang et al. proposed two proxy re-encryption schemes. They claimed that their schemes were chosen-ciphertext secure in the standard model. However, we find that the original ciphertext in their schemes are malleable. Thus, we present some concrete attacks …

One-Round Attribute-Based Key Exchange In The Multi-Party Setting, Yangguang Tian, Guomin Yang, Yi Mu, Kaitai Liang, Yong Yu

Research Collection School Of Computing and Information Systems

Attribute-based authenticated key exchange (AB-AKE) is a useful primitive that allows a group of users to establish a shared secret key and at the same time enables fine-grained access control. A straightforward approach to design an AB-AKE protocol is to extend a key exchange protocol using attribute-based authentication technique. However, insider security is a challenge security issue for AB-AKE in the multi-party setting and cannot be solved using the straightforward approach. In addition, many existing key exchange protocols for the multi-party setting (e.g., the well-known Burmester-Desmedt protocol) require multiple broadcast rounds to complete the protocol. In this paper, we propose …

M(2)-Abks: Attribute-Based Multi-Keyword Search Over Encrypted Personal Health Records In Multi-Owner Setting, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, Xu An Wang

Research Collection School Of Computing and Information Systems

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search …

A Provably Secure Aggregate Signature Scheme For Healthcare Wireless Sensor Networks, Limin Shen, Jianfeng Ma, Ximeng Liu, Meixia Miao

Research Collection School Of Computing and Information Systems

Wireless sensor networks (WSNs) are being used in a wide range of applications for healthcare monitoring, like heart rate monitors and blood pressure monitors, which can minimize the need for healthcare professionals. In medical system, sensors on or in patients produce medical data which can be easily compromised by a vast of attacks. Although signature schemes can protect data authenticity and data integrity, when the number of users involved in the medical system becomes huge, the bandwidth and storage cost will rise sharply so that existing signature schemes are inapplicability for WSNs. In this paper, we propose an efficient aggregate …

Efficient Tag Path Authentication Protocol With Less Tag Memory, Hongbing Wang, Yingjiu Li, Zongyang Zhang, Yunlei Zhao

Research Collection School Of Computing and Information Systems

Logistical management has been advanced rapidly in these years, taking advantage of the broad connectivity of the Internet. As it becomes an important part of our lives, it also raises many challenging issues, e.g., the counterfeits of expensive goods pose a serious threat to supply chain management. As a result, path authentication becomes especially important in supply chain management, since it helps us maintain object pedigree and supply chain integrity. Meanwhile, tag path authentication must meet a series of security requirements, such as authentication, privacy, and unlinkability. In addition, the authentication protocol must be efficient.In 2011, the first tag path …

A Novel Covert Channel Detection Method In Cloud Based On Xsrm And Improved Event Association Algorithm, Lina Wang, Weijie Liu, Neeraj Kumar, Debiao He, Cheng Tan, Debin Gao

Research Collection School Of Computing and Information Systems

Covert channel is a major threat to the information system security and commonly found in operating systems, especially in cloud computing environment. Owing to the characteristics in cloud computing environment such as resources sharing and logic boundaries, covert channels become more varied and difficult to find. Focusing on those problems, this paper presents a universal method for detecting covert channel automatically. To achieve a global detection, we leveraged a virtual machine event record mechanism in hypervisor to gather necessary metadata. Combining the shared resources matrix methodology with events association mechanism, we proposed a distinctive algorithm that can accurately locate and …

Ownership-Hidden Group-Oriented Proofs Of Storage From Pre-Homomorphic Signatures, Yujue Wang, Qianhong Wu, Bo Qin, Xiaofeng Chen, Xinyi Huang, Jungang Lou

Research Collection School Of Computing and Information Systems

In this paper, we study the problem of secure cloud storage in a multi-user setting such that the ownership of outsourced files can be hidden against the cloud server. There is a group manager for initiating the system, who is also responsible for issuing private keys for the involved group members. All authorized members are able to outsource files to the group’s storage account at some cloud server. Although the ownership of outsourced file is preserved against the cloud server, the group manager could trace the true identity of any suspicious file for liability investigation. To address this issue, we …

Virtual Values For Taint And Information Flow Analysis, Prakasam Kannan, Thomas Austin, Mark Stamp, Tim Disney, Cormac Flanagan

Faculty Publications, Computer Science

Security controls such as taint analysis and information flow analysis can be powerful tools to protect against many common attacks. However, incorporating these controls into a language such as JavaScript is challenging. Native implementations require the support of all JavaScript VMs. Code rewriting requires developers to reason about the entire abstract syntax of JavaScript. In this paper, we demonstrate how virtual values may be used to more easily integrate these security controls. Virtual values provide hooks to alter the behavior of primitive operations, allowing programmers to create the desired security controls in a more declarative fashion, facilitating more rapid prototyping. …

A Method For Revealing And Addressing Security Vulnerabilities In Cyber-Physical Systems By Modeling Malicious Agent Interactions With Formal Verification, Dean C. Wardell, Robert F. Mills, Gilbert L. Peterson, Mark E. Oxley

Faculty Publications

Several cyber-attacks on the cyber-physical systems (CPS) that monitor and control critical infrastructure were publically announced over the last few years. Almost without exception, the proposed security solutions focus on preventing unauthorized access to the industrial control systems (ICS) at various levels – the defense in depth approach. While useful, it does not address the problem of making the systems more capable of responding to the malicious actions of an attacker once they have gained access to the system. The first step in making an ICS more resilient to an attacker is identifying the cyber security vulnerabilities the attacker can …

Active Snort Rules And The Needs For Computing Resources: Computing Resources Needed To Activate Different Numbers Of Snort Rules, Chad A. Arney, Xinli Wang

School of Technology Publications

This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.

The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.

The Infosys Times, Vol. 3, No. 1, St. Cloud State University

The Infosys TIMES

• 3M Innovation Center Tour
• New NSF Scholars Announced
• Tutoring Available at CH 415
• Extended OPT for F-1 students
• More Online Course from Spring 2017
• Business Analytics Minor
• Meet the Faculty Abdulla Abu Hussein, Prabesh Shrestha, Channa Jayanath Kumarage
• MSIA Culminating Projects
• Road to RedHat Internship
• Career Day at Atwood
• Why Leadership Positions in Student Organizations Matter
• Alumnus Insight, Houa Xiong
• GenCyber at SCSU
• Wolters Kluwer Partners with SCSU in Class
• Education Abroad - AUS
• STEM vs non-STEM
• IS Club Election 2016
• Merger of IA and ITS Club

Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen

Masters Theses & Specialist Projects

Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.

Although many systems such as REDCap and Taverna are built for …

Dissecting Developer Policy Violating Apps: Characterization And Detection, Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng

Research Collection School Of Computing and Information Systems

To ensure quality and trustworthiness of mobile apps, Google Play store imposes various developer policies. Once an app is reported for exhibiting policy-violating behaviors, it is removed from the store to protect users. Currently, Google Play store relies on mobile users’ feedbacks to identify policy violations. Our paper takes the first step towards understanding these policy-violating apps. First, we crawl 302 Android apps, which are reported in the Reddit forum by mobile users for policy violations and are later removed from the Google Play store. Second, we perform empirical analysis, which reveals that many violating behaviors have not been studied …