Science and Technology Studies Commons^™

A New Approach To Keep The Privacy Information Of The Signer In A Digital Signature Scheme, Dung Hoang Duong, Willy Susilo, Viet Cuong Trinh

Faculty of Engineering and Information Sciences - Papers: Part B

In modern applications, such as Electronic Voting, e-Health, e-Cash, there is a need that the validity of a signature should be verified by only one responsible person. This is opposite to the traditional digital signature scheme where anybody can verify a signature. There have been several solutions for this problem, the first one is we combine a signature scheme with an encryption scheme; the second one is to use the group signature; and the last one is to use the strong designated verifier signature scheme with the undeniable property. In this paper, we extend the traditional digital signature scheme to …

Data Privacy And System Security For Banking And Financial Services Industry Based On Cloud Computing Infrastructure, Abhishek Mahalle, Jianming Yong, Xiaohui Tao, Jun Shen

Faculty of Engineering and Information Sciences - Papers: Part B

No abstract provided.

Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving For Cloud Storage, Yong Yu, Man Ho Au, Giuseppe Ateniese, Xinyi Huang, Willy Susilo, Yuanshun Dai, Geyong Min

Faculty of Engineering and Information Sciences - Papers: Part A

Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner's data honestly. To date, a number of RDIC protocols have been proposed in the literature. However, most of the constructions suffer from the issue of requiring complex key management. That is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system …

Improving Speech Privacy In Personal Sound Zones, Jacob Donley, Christian H. Ritz, Bastiaan (Willem) Kleijn

Faculty of Engineering and Information Sciences - Papers: Part A

This paper proposes two methods for providing speech privacy between spatial zones in anechoic and reverberant environments. The methods are based on masking the content leaked between regions. The masking is optimised to maximise the speech intelligibility contrast (SIC) between the zones. The first method uses a uniform masker signal that is combined with desired multizone loudspeaker signals and requires acoustic contrast between zones. The second method computes a space-time domain masker signal in parallel with the loudspeaker signals so that the combination of the two emphasises the spectral masking in the targeted quiet zone. Simulations show that it is …

Public Cloud Data Auditing With Practical Key Update And Zero Knowledge Privacy, Yong Yu, Yannan Li, Man Ho Au, Willy Susilo, Kim-Kwang Raymond Choo, Xinpeng Zhang

Faculty of Engineering and Information Sciences - Papers: Part A

Data integrity is extremely important for cloud based storage services, where cloud users no longer have physical possession of their outsourced files. A number of data auditing mechanisms have been proposed to solve this problem. However, how to update a cloud user's private auditing key (as well as the authenticators those keys are associated with) without the user's re-possession of the data remains an open problem. In this paper, we propose a key-updating and authenticator-evolving mechanism with zero-knowledge privacy of the stored files for secure cloud data auditing, which incorporates zero knowledge proof systems, proxy re-signatures and homomorphic linear authenticators. …

Privacy-Preserving Encryption Scheme Using Dna Parentage Test, Clementine Gritti, Willy Susilo, Thomas Plantard, Khin Than Win

Faculty of Engineering and Information Sciences - Papers: Part A

Consider the following practical scenario. Amother Alice would like to make her assets accessible only to her descen-dents. In order to do so, she encrypts her secret Swiss bank account with her DNA sequences, and provides this information to her descendents. To simplify the scenario and without losing generality, we assume that Alice has only one son, named Bob. Therefore, Alice provides the ciphertext to her family (this ciphertext can eventually be published), which will later be stored in a secure cloud storage. Later, when Alice is unable to access her assets herself (due to her illness for instance), then …

Recent Advances In Security And Privacy In Big Data, Yong Yu, Yi Mu, Giuseppe Ateniese

Faculty of Engineering and Information Sciences - Papers: Part A

Big data has become an important topic in science, engineering, medicine, healthcare, finance, business and ultimately society itself. Big data refers to the massive amount of digital information stored or transmitted in computer systems. Approximately, 2.5 quintillion bytes of data are created every day. Almost 90% of data in the world today are created in the last two years alone. Security and privacy issues becomes more critical due to large volumes and variety, due to data hosted in large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. In large-scale cloud …

Server-Aided Verification Signature With Privacy For Mobile Computing, Lingling Xu, Jin Li, Shaohua Tang, Joon Sang Baek

Faculty of Engineering and Information Sciences - Papers: Part B

No abstract provided.

Ppdcp-Abe: Privacy-Preserving Decentralized Ciphertext-Policy Attribute-Based Encryption, Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, Man Ho Au

Faculty of Engineering and Information Sciences - Papers: Part A

Cipher-policy attribute-based encryption (CP-ABE) is a more efficient and flexible encryption system as the encryptor can control the access structure when encrypting a message. In this paper, we propose a privacy-preserving decentralized CP-ABE (PPDCP-ABE) scheme where the central authority is not required, namely each authority can work independently without the cooperation to initialize the system. Meanwhile, a user can obtain secret keys from multiple authorities without releasing his global identifier (GID) and attributes to them. This is contrasted to the previous privacy-preserving multi-authority ABE (PPMA-ABE) schemes where a user can obtain secret keys from multiple authorities with them knowing his …

Improving Privacy And Security In Decentralized Ciphertext-Policy Attribute-Based Encryption, Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, Man Ho Au

Faculty of Engineering and Information Sciences - Papers: Part A

In previous privacy-preserving multi-authority attribute-based encryption (PPMA-ABE) schemes, a user can acquire secret keys from multiple authorities with them knowing his/her attributes and furthermore, a central authority is required. Notably, a user’s identity information can be extracted from his/her some sensitive attributes. Hence, existing PPMAABE schemes cannot fully protect users’ privacy as multiple authorities can collaborate to identify a user by collecting and analyzing his attributes. Moreover, ciphertext-policy ABE (CPABE) is a more efficient public-key encryption where the encryptor can select flexible access structures to encrypt messages. Therefore, a challenging and important work is to construct a PPMA-ABE scheme where …

Enhanced Privacy Of A Remote Data Integrity-Checking Protocol For Secure Cloud Storage, Yong Yu, Man Ho Au, Yi Mu, S Tang, J Ren, Willy Susilo, Liju Dong

Faculty of Engineering and Information Sciences - Papers: Part A

Remote data integrity checking (RDIC) enables a server to prove to an auditor the integrity of a stored file. It is a useful technology for remote storage such as cloud storage. The auditor could be a party other than the data owner; hence, an RDIC proof is based usually on publicly available information. To capture the need of data privacy against an untrusted auditor, Hao et al. formally defined "privacy against third party verifiers" as one of the security requirements and proposed a protocol satisfying this definition. However, we observe that all existing protocols with public verifiability supporting data update, …

P2ofe: Privacy-Preserving Optimistic Fair Exchange Of Digital Signatures, Qiong Huang, Duncan S. Wong, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

How to sign an electronic contract online between two parties (say Alice and Bob) in a fair manner is an interesting problem, and has been studied for a long time. Optimistic Fair Exchange (OFE) is an efficient solution to this problem, in which a semi-trusted third party named arbitrator is called in to resolve a dispute if there is one during an exchange between Alice and Bob. Recently, several extensions of OFE, such as Ambiguous OFE (AOFE) and Perfect AOFE (PAOFE), have been proposed to protect the privacy of the exchanging parties. These variants prevent any outsider including the arbitrator …

New Insight To Preserve Online Survey Accuracy And Privacy In Big Data Era, Joseph K. Liu, Man Ho Au, Xinyi Huang, Willy Susilo, Jianying Zhou, Yong Yu

Faculty of Engineering and Information Sciences - Papers: Part A

An online survey system provides a convenient way for people to conduct surveys. It removes the necessity of human resources to hold paper surveys or telephone interviews and hence reduces the cost significantly. Nevertheless, accuracy and privacy remain as the major obstacles that need additional attention. To conduct an accurate survey, privacy maybe lost, and vice versa. In this paper, we provide new insight to preserve these two seeming contradictory issues in online survey systems especially suitable in big data era. We propose a secure system, which is shown to be efficient and practical by simulation data. Our analysis further …

A New Payment System For Enhancing Location Privacy Of Electric Vehicles, Man Ho Au, Joseph K. Liu, Junbin Fang, Zoe L. Jiang, Willy Susilo, Jianying Zhou

Faculty of Engineering and Information Sciences - Papers: Part A

An electric vehicle (EV) is a promising and futuristic automobile propelled by electric motors, using electrical energy stored in batteries or another energy storage device. Due to the need for the battery to be recharged, the cars will be required to visit a recharging infrastructure very frequently. This may disclose the users' private information, such as their location and, thus, compromise users' privacy. In this paper, we propose a new payment system that is suitable for EVs. Our system not only supports privacy protection (location privacy) but supports traceability in the case where the cars are stolen as well. Our …

Relations Among Privacy Notions For Signcryption And Key Invisible "Sign-Then-Encrypt", Yang Wang, Mark Manulis, Man Ho Allen Au, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and key invisibility to protect the identities of signcryption users and were able to prove that key invisibility implies ciphertext anonymity by imposing certain conditions on the underlying signcryption scheme.

This paper revisits the relationship amongst privacy notions for signcryption. We prove that key invisibility implies ciphertext anonymity without any additional restrictions. …

Privacy-Enhanced Keyword Search In Clouds, Miao Zhou, Yi Mu, Willy Susilo, Man Ho Allen Au

Faculty of Engineering and Information Sciences - Papers: Part A

The advent of cloud computing has dramatically changed the IT scene, as it offers cost savings and improvements to major operations. Nevertheless, the major obstacle relies on the effort on how to secure sensitive data files that are outsourced to the cloud environment. To ensure confidentiality, the sensitive data are usually encrypted prior to being outsourced. Nevertheless, effective data utilization remains a challenging task and there is a clear need for a secure and efficient searching mechanism over the encrypted data in the cloud, to increase the us-ability of the secure cloud environment. Unfortunately, existing work in the area of …

Privacy Issues And Solutions In Social Network Sites, Xi Chen, Katina Michael

Associate Professor Katina Michael

The boom of the internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be let in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove [6] has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin [7] also asserts: “[w]e do need to sharpen and …

Book Review: Securing The Cloud: Cloud Computer Security Techniques And Tactics, Katina Michael

Associate Professor Katina Michael

With so much buzz around Cloud Computing, books like this one written by Winkler are much in demand. Winkler’s experience in the computing business shines through and as readers we are spoiled with a great deal of useful strategic information- a jam packed almost 300 page volume on securing the cloud.

Location Privacy Under Dire Threat As Uberveillance Stalks The Streets, Katina Michael, Roger Clarke

Associate Professor Katina Michael

Location tracking and monitoring applications have proliferated with the arrival of smart phones that are equipped with onboard global positioning system (GPS) chipsets. It is now possible to locate a smart phone user down to 10 metres of accuracy on average. Innovators have been quick to capitalise on this emerging market by introducing novel pedestrian tracking technologies which can denote the geographic path of a mobile user. At the same time there is contention by law enforcement personnel over the need for a warrant process to track an individual in a public space. This paper considers the future of location …

Robust Distributed Privacy-Preserving Secure Aggregation In Vehicular Communication, Bo Qin, Qianhong Wu, Josep Domingo-Ferrer, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Vehicular ad hoc networks (VANETs), formed by computers embedded in vehicles and the traffic infrastructure, are expected to develop in the near future to improve traffic safety and efficiency. To this end, VANETs should be designed to be resistant against various abuses and attacks. In this paper, we first review the existing proposals to provide security, privacy, and data aggregation in vehicle-to-vehicle communication. We then address the fundamental issue of achieving these conflicting properties in a unified solution, having observed that separate efforts cannot fulfill the VANET design objectives. A set of new mechanisms are suggested for efficiently managing identities …

Formal Security Definition And Efficient Construction For Roaming With A Privacy-Preserving Extension, Guomin Yang, Duncan S. Wong, Xiaotie Deng

Faculty of Engineering and Information Sciences - Papers: Part A

In a secure roaming scenario, a user U travels to a foreign network and communicates with a foreign server V securely so that no one other than U and V can obtain the messages exchanged between them. U may also want to travel anonymously so that no one including V can find out its identity or trace its whereabouts except its home server H. There have been many key establishment protocols proposed for secure roaming. A typical application of these protocols is the mobile roaming service which may be deployed to interconnected WLAN and 3G networks. Despite the importance of …