Social and Behavioral Sciences Commons^™

Public Key Authenticated Encryption With Designated Equality Test And Its Applications In Diagnostic Related Groups, Yuanhao Wang, Qiong Huang, Hongbo Li, Jianye Huang, Guomin Yang, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part B

Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgements and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key …

Relations Between Robustness And Rka Security Under Public-Key Encryption, Hui Cui, Yi Mu, Man Ho Au

Faculty of Engineering and Information Sciences - Papers: Part A

We revisit the notions of robustness introduced by Abdalla, Bellare and Neven (TCC 2010), and related-key attack (RKA) security raised by Bellare, Cash and Miller (ASIACRYPT 2011). In the setting of public-key encryption (PKE), robustness means that it is hard to produce a ciphertext that is valid for two different users, while RKA security means that a PKE scheme is still secure even when an attacker can induce modifications in a decryption key, and subsequently observe the outcome of this PKE scheme under this modified key. In this paper, we explore the relationship between RKA security and various notions of …

Public Cloud Data Auditing With Practical Key Update And Zero Knowledge Privacy, Yong Yu, Yannan Li, Man Ho Au, Willy Susilo, Kim-Kwang Raymond Choo, Xinpeng Zhang

Faculty of Engineering and Information Sciences - Papers: Part A

Data integrity is extremely important for cloud based storage services, where cloud users no longer have physical possession of their outsourced files. A number of data auditing mechanisms have been proposed to solve this problem. However, how to update a cloud user's private auditing key (as well as the authenticators those keys are associated with) without the user's re-possession of the data remains an open problem. In this paper, we propose a key-updating and authenticator-evolving mechanism with zero-knowledge privacy of the stored files for secure cloud data auditing, which incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. …

Reducing Unwarranted Variation In Healthcare Service Delivery Systems: Key Issues, Research Challenges And Potential Solutions, Nagesh Shukla, Senevi Kiridena, Nishikant Mishra

Nagesh Shukla

There is a growing need worldwide to increase the quality and productivity of healthcare services delivery. To this end, analysing and reducing unwarranted variations in healthcare has attracted much attention in recent times. However, current modelling and simulation approaches to reduce unwarranted variations suffer from numerous limitations. Consequently, service improvement efforts have often failed to deliver expected results. This paper discusses the key issues associated with reducing unwarranted variations in hospital service delivery systems, and proposes a research framework that aims at overcoming these issues. In doing so, it highlights the need for: accurately and efficiently modelling complex service delivery …

Leakage Resilient Authenticated Key Exchange Secure In The Auxiliary Input Model, Guomin Yang, Yi Mu, Willy Susilo, Duncan S. Wong

Professor Willy Susilo

Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They are among the most widely used cryptographic protocols in practice. In order to resist key-leakage attacks, several leakage resilient AKE protocols have been proposed recently in the bounded leakage model. In this paper, we initiate the study on leakage resilient AKE in the auxiliary input model. A promising way to construct such a protocol is to use a digital signature scheme that is entropically-unforgeable under chosen message and auxiliary input attacks. However, to date we are not aware of any …

(Strong) Multi-Designated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Allen Au, Guomin Yang, Willy Susilo

Professor Willy Susilo

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …

Public Key Encryption With Keyword Search Secure Against Keyword Guessing Attacks Without Random Oracle, Liming Fang, Willy Susilo, Chunpeng Ge, Jiandong Wang

Professor Willy Susilo

The notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a “trapdoor” (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.’s work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and …

Cross-Domain Password-Based Authenticated Key Exchange Revisited, Liqun Chen, Hoon Wei Lim, Guomin Yang

Faculty of Engineering and Information Sciences - Papers: Part A

We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this article, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords, which they share …

Optimistic Fair Exchange In The Enhanced Chosen-Key Model, Yang Wang, Man Ho Au, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full …

(Strong) Multidesignated Verifiers Signatures Secure Against Rogue Key Attack, Man Ho Au, Guomin Yang, Willy Susilo, Yunmei Zhang

Faculty of Engineering and Information Sciences - Papers: Part A

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multidesignated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …

Identity-Based Chameleon Hashing And Signatures Without Key Exposure, Xiaofeng Xiaofeng Chen, Fangguo Zhang, Willy Susilo, Haibo Tian, Jin Li, Kwangjo Kim

Faculty of Engineering and Information Sciences - Papers: Part A

The notion of chameleon hash function without key exposure plays an important role in designing secure chameleon signatures. However, all of the existing key-exposure free chameleon hash schemes are presented in the setting of certificate-based systems. In 2004, Ateniese and de Medeiros questioned whether there is an efficient construction for identity-based chameleon hashing without key exposure. In this paper, we propose the first identity-based chameleon hash scheme without key exposure based on the three-trapdoor mechanism, which provides an affirmative answer to the open problem. Moreover, we use the proposed chameleon hash scheme to design an identity-based chameleon signature scheme, which …

(Strong) Multi-Designated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Allen Au, Guomin Yang, Willy Susilo

Dr Guomin Yang

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …

Public Key Encryption With Keyword Search Secure Against Keyword Guessing Attacks Without Random Oracle, Liming Fang, Willy Susilo, Chunpeng Ge, Jiandong Wang

Faculty of Engineering and Information Sciences - Papers: Part A

The notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a “trapdoor” (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.’s work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and …

Relations Among Privacy Notions For Signcryption And Key Invisible "Sign-Then-Encrypt", Yang Wang, Mark Manulis, Man Ho Allen Au, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme.

This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. …

Anonymous Signcryption Against Linear Related-Key Attacks, Hui Cui, Yi Mu, Man Ho Au

Faculty of Engineering and Information Sciences - Papers: Part A

A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device and observes the result of the cryptographic primitive under this modified private key. In this paper, we concentrate on the security of anonymous signcryption schemes under related-key attacks, in the sense that a signcryption system should contain no information that identifies the sender of the signcryption and the receiver of the message, and yet be decipherable by the targeted receiver. To achieve this, we consider our anonymous signcryption scheme being semantically secure against chosen ciphertext and related-key attacks (CC-RKA), existentially unforgeable against …

Cil Security Proof For A Password-Based Key Exchange, Cristian Ene, Clementine Gritti, Yassine Lakhnech

Faculty of Engineering and Information Sciences - Papers: Part A

Computational Indistinguishability Logic (CIL) is a logic for reasoning about cryptographic primitives in computational model. It is sound for standard model, but also supports reasoning in the random oracle and other idealized models. We illustrate the benefits of CIL by formally proving the security of a Password-Based Key Exchange (PBKE) scheme, which is designed to provide entities communicating over a public network and sharing a short password, under a session key.

Public-Key Encryption Resilient To Linear Related-Key Attacks, Hui Cui, Yi Mu, Man Ho Au

Faculty of Engineering and Information Sciences - Papers: Part A

In this paper, we consider the security of public-key encryption schemes under linear related-key attacks, where an adversary is allowed to tamper the private key stored in a hardware device, and subsequently observe the outcome of a public-key encryption system under this modified private key. Following the existing work done in recent years, we define the security model for related-key attack (RKA) secure public-key encryption schemes as chosen-ciphertext and related-key attack (CC-RKA) security, in which we allow an adversary to issue queries to the decryption oracle on the linear shifts of the private keys. On the basis of the adaptive …

Efficient And Dynamic Key Management For Multiple Identities In Identity-Based Systems, Hua Guo, Chang Xu, Zhoujun Li, Yanqing Yao, Yi Mu

Faculty of Engineering and Information Sciences - Papers: Part A

The traditional identity-based cryptography requires a user, who holds multiple identities, to hold multiple private keys, where each private key is associated with an identity. Managing multiple private/public keys is a heavy burden to a user due to key management and storage. The recent advancement of identity-based cryptography allow a single private key to map multiple public keys (identities); therefore the private key management is simplified. Unfortunately, the existing schemes capturing this feature do not allow dynamic changes of identities and have a large data size proportional to the number of the associated identities. To overcome these problems, in this …

Leakage Resilient Authenticated Key Exchange Secure In The Auxiliary Input Model, Guomin Yang, Yi Mu, Willy Susilo, Duncan S. Wong

Faculty of Engineering and Information Sciences - Papers: Part A

Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They are among the most widely used cryptographic protocols in practice. In order to resist key-leakage attacks, several leakage resilient AKE protocols have been proposed recently in the bounded leakage model. In this paper, we initiate the study on leakage resilient AKE in the auxiliary input model. A promising way to construct such a protocol is to use a digital signature scheme that is entropically-unforgeable under chosen message and auxiliary input attacks. However, to date we are not aware of any …

(Strong) Multi-Designated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Allen Au, Guomin Yang, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …

Key-Based Scrambling For Secure Image Communication, Prashan Premaratne, Malin Premaratne

Faculty of Engineering and Information Sciences - Papers: Part A

Secure image communication is becoming increasingly important due to theft and manipulation of its content. Law enforcement agents may find it increasingly difficult to stay afloat above the ill intentions of hackers. We have been able to develop an image scrambling algorithm that is very simple to implement but almost impossible to breach with a probability less than 5x10− 300. This is possible due to the fact that a user may purchase or acquire rights for an intended image by specifying a 'key' that can form a sequence of numbers 10 to 100 in length. The content provider uses this …

Secure And Practical Key Distribution For Rfid-Enabled Supply Chains, Tieyan Li, Yingjiu Li, Guilin Wang

Faculty of Engineering and Information Sciences - Papers: Part A

In this paper, we present a fine-grained view of an RFID-enabled supply chain and tackle the secure key distribution problem on a peer-to-peer base. In our model, we focus on any pair of consecutive parties along a supply chain, who agreed on a transaction and based on which, certain RFID-tagged goods are to be transferred by a third party from one party to the other as in common supply chain practice. Under a strong adversary model, we identify and define the security requirements with those parties during the delivery process. To meet the security goal, we first propose a resilient …

Reducing Unwarranted Variation In Healthcare Service Delivery Systems: Key Issues, Research Challenges And Potential Solutions, Nagesh Shukla, Senevi Kiridena, Nishikant Mishra

Faculty of Engineering and Information Sciences - Papers: Part A

There is a growing need worldwide to increase the quality and productivity of healthcare services delivery. To this end, analysing and reducing unwarranted variations in healthcare has attracted much attention in recent times. However, current modelling and simulation approaches to reduce unwarranted variations suffer from numerous limitations. Consequently, service improvement efforts have often failed to deliver expected results. This paper discusses the key issues associated with reducing unwarranted variations in hospital service delivery systems, and proposes a research framework that aims at overcoming these issues. In doing so, it highlights the need for: accurately and efficiently modelling complex service delivery …

Identity-Based Traitor Tracing With Short Private Key And Short Ciphertext, Fuchun Guo, Yi Mu, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part B

Identity-based traitor tracing (IBTT) scheme can be utilized to identify a private (decryption) key of any identity that is illegally used in an identity-based broadcast encryption scheme. In PKC'07, Abdalla et al. proposed the first IBTT construction with short private key. In CCS'08, Boneh and Naor proposed a public-key traitor tracing, which can be extended to IBTT with short ciphertext. With a further exploration, in this paper, we propose the first IBTT with short private key and short ciphertext. Private key and ciphertext are both order of O(l 1+l 2), where l 1 is the bit length of codeword of …

Authenticated Key Exchange Under Bad Randomness, Guomin Yang, Shanshan Duan, Duncan Wong, Chik How Tan, Huaxiong Wang

Faculty of Engineering and Information Sciences - Papers: Part A

We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks.We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models by showing that they become insecure when the adversary is able to manipulate the randomness. On the positive side, we propose simple but generic …

Security Vulnerability Of Id-Based Key Sharing Schemes, Jung Yeon Hwang, Taek-Young Youn, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Recently, several ID-based key sharing schemes have been proposed, where an initiation phase generates users' secret key associated with identities under the hardness of integer factorization. In this letter, we show that, unfortunately any key sharing scheme with this initiation phase is intrinsically insecure in the sense that the collusion of some users enables them to derive master private keys and hence, generating any user's secret key.

Generic Construction Of Hybrid Public Key Traitor Tracing With Full-Public-Traceability, Duong Hieu Phan, Rei Safavi-Naini, Joseph Tonien

Faculty of Engineering and Information Sciences - Papers: Part A

No abstract provided.

An Efficient Single-Key Pirates Tracing Scheme Using Cover-Free Families, Joseph Tonien, Rei Safavi-Naini

Faculty of Engineering and Information Sciences - Papers: Part A

A cover-free family is a well-studied combinatorial structure that has many applications in computer science and cryptography. In this paper, we propose a new public key traitor tracing scheme based on cover-free families. The new traitor tracing scheme is similar to the Boneh-Franklin scheme except that in the Boneh-Franklin scheme, decryption keys are derived from Reed-Solomon codes while in our case they are derived from a cover-free family. This results in much simpler and faster tracing algorithms for single-key pirate decoders, compared to the tracing algorithms of Boneh-Franklin scheme that use Berlekamp- Welch algorithm. Our tracing algorithms never accuse innocent …

Linear Code Implies Publicf-Key Traitor Tracing With Revocation, Joseph Tonien, Rei Safavi-Naini

Faculty of Engineering and Information Sciences - Papers: Part A

In this paper, we show that the linear-coded Kurosawa–Desmedt scheme can be modified to allow revocation of users, that is to show a revocation scheme can be derived from a linear code.