Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Authentication (2)
- Conditional proxy re-encryption (2)
- Interdependence (2)
- Scalability (2)
- Security (2)
-
- Self-healing group key distribution (2)
- And serviceability (1)
- Anonymous (1)
- Anonymous password authentication (1)
- Availability (1)
- Behavioral distance. (1)
- Broadcast encryption (1)
- Certificateless public key encryption (1)
- Chosen-ciphertext security (1)
- Convention on Cybercrimes (1)
- Cyber Attacks (1)
- Cyber attacks (1)
- Denial-of-service attack (1)
- Different types of investors (1)
- End-to-end authentication (1)
- Enforcement (1)
- Ensemble and individual noise reduction (1)
- Fault-tolerance (1)
- Firm performance (1)
- Generic unpacker (1)
- Group signatures (1)
- Guessing attack (1)
- Heterogeneous wireless sensor network (1)
- Hierarchical identity-coupling broadcast encryption (1)
- Induction motor (1)
Articles 1 - 26 of 26
Full-Text Articles in Physical Sciences and Mathematics
On The Untraceability Of Anonymous Rfid Authentication Protocol With Constant Key-Lookup, Bing Liang, Yingjiu Li, Tieyan Li, Robert H. Deng
On The Untraceability Of Anonymous Rfid Authentication Protocol With Constant Key-Lookup, Bing Liang, Yingjiu Li, Tieyan Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In ASIACCS'08, Burmester, Medeiros and Motta proposed an anonymous RFID authentication protocol (BMM protocol [2]) that preserves the security and privacy properties, and achieves better scalability compared with other contemporary approaches. We analyze BMM protocol and find that some of security properties (especial untraceability) are not fulfilled as originally claimed. We consider a subtle attack, in which an adversary can manipulate the messages transmitted between a tag and a reader for several continuous protocol runs, and can successfully trace the tag after these interactions. Our attack works under a weak adversary model, in which an adversary can eavesdrop, intercept and …
Cyber Attacks: Does Physical Boundary Matter?, Qiu-Hong Wang, Seung-Hyun Kim
Cyber Attacks: Does Physical Boundary Matter?, Qiu-Hong Wang, Seung-Hyun Kim
Research Collection School Of Computing and Information Systems
Information security issues are characterized with interdependence. Particularly, cyber criminals can easily cross national boundaries and exploit jurisdictional limitations between countries. Thus, whether cyber attacks are spatially autocorrelated is a strategic issue for government authorities and a tactic issue for insurance companies. Through an empirical study of cyber attacks across 62 countries during the period 2003-2007, we find little evidence on the spatial autocorrelation of cyber attacks at any week. However, after considering economic opportunity, IT infrastructure, international collaboration in enforcement and conventional crimes, we find strong evidence that cyber attacks were indeed spatially autocorrelated as they moved over time. …
Denial-Of-Service Attacks On Host-Based Generic Unpackers, Limin Liu, Jiang Ming, Zhi Wang, Debin Gao, Chunfu Jia
Denial-Of-Service Attacks On Host-Based Generic Unpackers, Limin Liu, Jiang Ming, Zhi Wang, Debin Gao, Chunfu Jia
Research Collection School Of Computing and Information Systems
With the advance of packing techniques, a few generic and automatic unpackers have been proposed. These unpackers are designed to automatically unpack packed binaries without specific knowledge of the packing techniques used. In this paper, we present an automatic packer with which packed malware forges spurious unpacking behaviors that lead to a denial-of-service attack on host-based generic unpackers. We present the design, implementation, and evaluation of the proposed packer and malware produced using the proposed packer, and show the success of denial-of-service attacks on host-based generic unpackers.
Wake Up Or Fall Asleep: Value Implication Of Trusted Computing, Nan Hu, Jianhui Huang, Ling Liu, Yingjiu Li, Dan Ma
Wake Up Or Fall Asleep: Value Implication Of Trusted Computing, Nan Hu, Jianhui Huang, Ling Liu, Yingjiu Li, Dan Ma
Research Collection School Of Computing and Information Systems
More than 10 years have passed since trusted computing (TC) technology was introduced to the market; however, there is still no consensus about its value. The increasing importance of user and enterprise security and the security promised by TC, coupled with the increasing tension between the proponents and the opponents of TC, make it timely to investigate the value relevance of TC in terms of both capital market and accounting performance. Based on both price and volume studies, we found that news releases related to the adoption of the TC technology had no information content. All investors, regardless of whether …
Computationally Secure Hierarchical Self-Healing Key Distribution For Heterogeneous Wireless Sensor Networks, Yanjiang Yang, Jianying Zhou, Robert H. Deng, Feng Bao
Computationally Secure Hierarchical Self-Healing Key Distribution For Heterogeneous Wireless Sensor Networks, Yanjiang Yang, Jianying Zhou, Robert H. Deng, Feng Bao
Research Collection School Of Computing and Information Systems
Self-healing group key distribution is a primitive aimed to achieve robust key distribution in wireless sensor networks (WSNs) over lossy communication channels. However, all the existing self-healing group key distribution schemes in the literature are designed for homogenous WSNs that do not scale. In contract, heterogeneous WSNs have better scalability and performance. We are thus motivated to study self-healing group key distribution for heterogeneous WSNs. In particular, we propose the concept of hierarchical self-healing group key distribution, tailored to the heterogeneous WSN architecture; we further revisit and adapt Dutta et al.’s model to the setting of hierarchical self-healing group …
Enabling Secure Secret Updating For Unidirectional Key Distribution In Rfid-Enabled Supply Chains, Shaoying Cai, Tieyan Li, Changshe Ma, Yingjiu Li, Robert H. Deng
Enabling Secure Secret Updating For Unidirectional Key Distribution In Rfid-Enabled Supply Chains, Shaoying Cai, Tieyan Li, Changshe Ma, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In USENIX Security 08, Juels, Pappu and Parno proposed a secret sharing based mechanism to alleviate the key distribution problem in RFID-enabled supply chains. Compared to existing pseudonym based RFID protocols, the secret sharing based solution is more suitable for RFID-enabled supply chains since it does not require a database of keys be distributed among supply chain parties for secure ownership transfer of RFID tags. However, this mechanism cannot resist tag tracking and tag counterfeiting attacks in supply chain systems. It is also not convenient for downstream supply chain parties to adjust the size of RFID tag collections in recovering …
Insights Into Malware Detection And Prevention On Mobile Phones, Qiang Yan, Yingjiu Li, Tieyan Li, Robert H. Deng
Insights Into Malware Detection And Prevention On Mobile Phones, Qiang Yan, Yingjiu Li, Tieyan Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
The malware threat for mobile phones is expected to increase with the functionality enhancement of mobile phones. This threat is exacerbated with the surge in population of smart phones instilled with stable Internet access which provides attractive targets for malware developers. Prior research on malware protection has focused on avoiding the negative impact of the functionality limitations of mobile phones to keep the performance cost within the limitations of mobile phones. Being different, this paper investigates the positive impact of these limitations on suppressing the development of mobile malware. We study the state-of-the-art mobile malware, as well as the progress …
A New Approach For Anonymous Password Authentication, Yanjiang Yang, Jianying Zhou, Jian Weng, Feng Bao
A New Approach For Anonymous Password Authentication, Yanjiang Yang, Jianying Zhou, Jian Weng, Feng Bao
Research Collection School Of Computing and Information Systems
Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials …
Ensemble And Individual Noise Reduction Method For Induction-Motor Signature Analysis, Zhaoxia Wang, C.S. Chang, Tw Chua, W.W Tan
Ensemble And Individual Noise Reduction Method For Induction-Motor Signature Analysis, Zhaoxia Wang, C.S. Chang, Tw Chua, W.W Tan
Research Collection School Of Computing and Information Systems
Unlike a fixed-frequency power supply, the voltagesupplying an inverter-fed motor is heavily corrupted by noises,which are produced from high-frequency switching leading tonoisy stator currents. To extract useful information from statorcurrentmeasurements, a theoretically sound and robust denoisingmethod is required. The effective filtering of these noisesis difficult with certain frequency-domain techniques, such asFourier transform or Wavelet analysis, because some noises havefrequencies overlapping with those of the actual signals, andsome have high noise-to-frequency ratios. In order to analyze thestatistical signatures of different types of signals, a certainnumber is required of the individual signals to be de-noisedwithout sacrificing the individual characteristic and quantity ofthe …
Secure Mobile Agents With Designated Hosts, Qi Zhang, Yi Mu, Minji Zhang, Robert H. Deng
Secure Mobile Agents With Designated Hosts, Qi Zhang, Yi Mu, Minji Zhang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Mobile agents often travel in a hostile environment where their security and privacy could be compromised by any party including remote hosts in which agents visit and get services. It was proposed in the literature that the host visited by an agent should jointly sign a service agreement with the agent's home, where a proxy-signing model was deployed and every host in the agent system can sign. We observe that this actually poses a serious problem in that a host that should be excluded from an underlying agent network could also send a signed service agreement. In order to solve …
A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang
A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang
Research Collection School Of Computing and Information Systems
Compared with the direct server-user approach, the server-proxy-user architecture for multimedia delivery promises significantly improved system scalability. The introduction of the intermediary transcoding proxies between content servers and end users in this architecture, however, brings unprecedented challenges to content security. In this article, we present a systematic study on the end-to-end content authentication problem in the server-proxy-user context, where intermediary proxies transcode multimedia content dynamically. We present a formal model for the authentication problem, propose a concrete construction for authenticating generic data modality and formally prove its security. We then apply the generic construction to authenticating specific multimedia formats, for …
Hierarchical Self-Healing Key Distribution For Heterogeneous Wireless Sensor Networks, Yanjiang Yang, Jianying Zhou, Robert H. Deng, Feng Bao
Hierarchical Self-Healing Key Distribution For Heterogeneous Wireless Sensor Networks, Yanjiang Yang, Jianying Zhou, Robert H. Deng, Feng Bao
Research Collection School Of Computing and Information Systems
Self-healing group key distribution aims to achieve robust key distribution over lossy channels in wireless sensor networks (WSNs). However, all existing self-healing group key distribution schemes in the literature consider homogenous WSNs which are known to be unscalable. Heterogeneous WSNs have better scalability and performance than homogenous ones. We are thus motivated to study hierarchial self-healing group key distribution, tailored to the heterogeneous WSN architecture. In particular, we revisit and adapt Dutta et al.’s model to the setting of hierarchical self-healing group key distribution, and propose a concrete scheme that achieves computational security and high efficiency.
Efficient Conditional Proxy Re-Encryption With Chosen-Ciphertext Security, Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng
Efficient Conditional Proxy Re-Encryption With Chosen-Ciphertext Security, Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we re-formalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosen-ciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme …
Efficient Non-Interactive Range Proof, Tsz Hon Yuen, Qiong Huang, Yi Mu, Willy Susilo, Duncan S. Wong, Guomin Yang
Efficient Non-Interactive Range Proof, Tsz Hon Yuen, Qiong Huang, Yi Mu, Willy Susilo, Duncan S. Wong, Guomin Yang
Research Collection School Of Computing and Information Systems
We propose the first constant size non-interactive range proof which is not based on the heuristic Fiat-Shamir transformation and whose security does not rely on the random oracle assumption. The proof consists of a constant number of group elements. Compared with the most efficient constant-size range proof available in the literature, our scheme has significantly reduced the proof size. We showed that our scheme achieves perfect completeness, perfect soundness and composable zero-knowledge under a conventional number-theoretic assumption, namely the Subgroup Decision Problem.
Leak-Free Mediated Group Signatures, Xuhua Ding, Gene Tsudik, Shouhuai Xu
Leak-Free Mediated Group Signatures, Xuhua Ding, Gene Tsudik, Shouhuai Xu
Research Collection School Of Computing and Information Systems
Group signatures are a useful cryptographic construct for privacy-preserving non-repudiable authentication, and there have been many group signature schemes. In this paper, we introduce a variant of group signatures that offers two new security properties called leak-freedom and immediate-revocation. Intuitively, the former ensures that an insider (i.e., an authorized but malicious signer) be unable to convince an outsider (e.g., a signature receiver) that she indeed signed a certain message; whereas the latter ensures that the authorization for a user to issue group signatures can be immediately revoked whenever the need arises (temporarily or permanently). These properties are not offered in …
Conditional Proxy Broadcast Re-Encryption, Cheng-Kang Chu, Jian Weng, Sherman S. W. Chow, Jianying Zhou, Robert H. Deng
Conditional Proxy Broadcast Re-Encryption, Cheng-Kang Chu, Jian Weng, Sherman S. W. Chow, Jianying Zhou, Robert H. Deng
Research Collection School Of Computing and Information Systems
A proxy re-encryption (PRE) scheme supports the delegation of decryption rights via a proxy, who makes the ciphertexts decryptable by the delegatee. PRE is useful in various applications such as encrypted email forwarding. In this paper, we introduce a more generalized notion of conditional proxy broadcast re-encryption (CPBRE). A CPBRE scheme allows Alice to generate a re-encryption key for some condition specified during the encryption, such that the re-encryption power of the proxy is restricted to that condition only. This enables a more fine-grained delegation of decryption right. Moreover, Alice can delegate decryption rights to a set of users at …
On The Effectiveness Of Software Diversity: A Systematic Study On Real-World Vulnerabilities, Jin Han, Debin Gao, Robert H. Deng
On The Effectiveness Of Software Diversity: A Systematic Study On Real-World Vulnerabilities, Jin Han, Debin Gao, Robert H. Deng
Research Collection School Of Computing and Information Systems
Many systems have been introduced to detect software intrusions by comparing the outputs and behavior of diverse replicas when they are processing the same, potentially malicious, input. When these replicas are constructed using off-the-shelf software products, it is assumed that they are diverse and not compromised simultaneously under the same attack. In this paper, we analyze vulnerabilities published in 2007 to evaluate the extent to which this assumption is valid. We focus on vulnerabilities in application software, and show that the majority of these software products --- including those providing the same service (and therefore multiple software substitutes can be …
Applying Sanitizable Signature To Web-Service-Enabled Business Processes: Going Beyond Integrity Protection, Kar Way Tan, Robert H. Deng
Applying Sanitizable Signature To Web-Service-Enabled Business Processes: Going Beyond Integrity Protection, Kar Way Tan, Robert H. Deng
Research Collection School Of Computing and Information Systems
This paper studies the scenario where data in business documents is aggregated by different entities via the use of web services in streamlined business processes. The documents are transported within the Simple Object Access Protocol (SOAP) messages and travel through multiple intermediary entities, each potentially makes changes to the data in the documents. The WS-Security provides integrity protection by allowing portions of a SOAP message to be signed using eXtensible Markup Language (XML) signature scheme. This method however, has not considered the situation where a portion of data may be modified by another entity, therefore a need to allow the …
Cyber Attacks: Cross-Country Interdependence And Enforcement, Qiu-Hong Wang, Seung Hyun Kim
Cyber Attacks: Cross-Country Interdependence And Enforcement, Qiu-Hong Wang, Seung Hyun Kim
Research Collection School Of Computing and Information Systems
This study empirically characterizes the interdependence in cyber attacks and examines theimpact from the first international treaty against cybercrimes (Convention on Cybercrimes:Europe Treaty Series No. 185). With the data covering 62 countries over the period from year2003 to 2007, we find that, international cooperation in enforcement as measured by theindicator of joining the Convention on Cybercrimes, deterred cyber attacks originating from anyparticular country by 15.81% ~ 24.77% (in 95% confidence interval). Second, joining theConvention also affected the interdependence in cyber attacks from two angels. First, for anypair of country, closer status in joining or not joining the Convention was associated …
Ss-Ids: Statistical Signature Based Ids, Payas Gupta, Chedy Raissi, Gerard Dray, Pascal Poncelet, Johan Brissaud
Ss-Ids: Statistical Signature Based Ids, Payas Gupta, Chedy Raissi, Gerard Dray, Pascal Poncelet, Johan Brissaud
Research Collection School Of Computing and Information Systems
Security of web servers has become a sensitive subject today. Prediction of normal and abnormal request is problematic due to large number of false alarms in many anomaly based Intrusion, Detection Systems(IDS). SS-IDS derives automatically the parameter profiles from the analyzed data thereby generating the Statistical Signatures. Statistical Signatures are based on modeling of normal requests and their distribution value without explicit intervention. Several attributes are used to calculate the behavior of the legitimate request on the web server. SS-IDS is best suited for the newly installed web servers which doesn't have low gene number of requests in. the data …
Achieving Better Privacy Protection In Wireless Sensor Networks Using Trusted Computing, Yanjiang Yang, Robert H. Deng, Jianying Zhou, Ying Qiu
Achieving Better Privacy Protection In Wireless Sensor Networks Using Trusted Computing, Yanjiang Yang, Robert H. Deng, Jianying Zhou, Ying Qiu
Research Collection School Of Computing and Information Systems
A wireless sensor network (WSN) is an ad-hoc wireless network composed of small sensor nodes deployed in large numbers. Sensor nodes are usually severely resource limited and power constrained. Security enforcement in WSNs is thus a challenging task. In this paper we propose a clustered heterogeneous architecture for WSNs, where high-end cluster heads are incorporated, and they are further equipped with trusted computing technology (TC). As such, the cluster heads act as trusted parties, and are expected to help effectively address privacy issues in WSNs. As concrete examples, we discuss in details how user query privacy and source location privacy …
Ensuring Dual Security Modes In Rfid-Enabled Supply Chain Systems, Shaoying Cai, Tieyan Li, Yingjiu Li, Robert H. Deng
Ensuring Dual Security Modes In Rfid-Enabled Supply Chain Systems, Shaoying Cai, Tieyan Li, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
While RFID technology has greatly facilitated the supply chain management, designing a secure, visible, and efficient RFID- enabled supply chain system is still a challenge since the three equally important requirements (i.e., security, visibility, and efficiency) may conflict to each other. Few research works have been conducted to address these issues simultaneously. In this paper, we observe the different security requirements in RFID-enabled supply chain environments and differentiate the simplified model into two security levels. Accordingly, dual security modes are properly defined in our RFID setting. In the relatively secure environment, our system is set to the weak security mode, …
Rsa-Based Certificateless Public Key Encryption, Junzuo Lai, Robert H. Deng, Shengli Liu, Weidong Kou
Rsa-Based Certificateless Public Key Encryption, Junzuo Lai, Robert H. Deng, Shengli Liu, Weidong Kou
Research Collection School Of Computing and Information Systems
Certificateless Public Key Cryptography was first introduced by Al-Riyami and Paterson in order to eliminate the inherent key-escrow problem of Identity-Based Cryptography. In this paper, we present a new practical construction of certificateless public key encryption scheme without paring. Our scheme is, in the random oracle model, provably secure under the assumption that the RSA problem is intractable.
Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song
Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song
Research Collection School Of Computing and Information Systems
Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to "mimicry" attacks in which the injected code masquerades as the original server software, including returning the correct service responses, while conducting its attack. "Behavioral distance," by which two diverse replicas processing the same inputs are continually monitored to detect divergence in their low-level (system-call) behaviors and hence potentially the compromise of one of them, has been proposed for detecting mimicry attacks. In this paper, we present a novel approach to behavioral distance measurement using a new type of hidden …
A Comprehensive Study For Rfid Malwares On Mobile Devices, Qiang Yan, Yingjiu Li, Tieyan Li, Robert Huijie Deng
A Comprehensive Study For Rfid Malwares On Mobile Devices, Qiang Yan, Yingjiu Li, Tieyan Li, Robert Huijie Deng
Research Collection School Of Computing and Information Systems
Radio Frequency Identification (RFID) technique has been widely accepted as wireless identification standard in the business world. While RFID technique enables efficient collection of identification information, it also introduces new security risk due to the emerging of RFID malwares. This risk becomes increasingly severe due to the adoption of internet in RFID applications (e.g., track and trace in EPCglobal network) and the use of mobile devices as RFID readers. The prior work to defend the threat of RFID malwares has mainly focused on the protection of front-end tag-reader communications and back-end database systems. Less work has been conducted to defend …
Multiuser Private Queries Over Encrypted Databases, Yanjiang Yang, Feng Bao, Xuhua Ding, Robert H. Deng
Multiuser Private Queries Over Encrypted Databases, Yanjiang Yang, Feng Bao, Xuhua Ding, Robert H. Deng
Research Collection School Of Computing and Information Systems
Searchable encryption schemes allow users to perform keyword-based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multiuser setting. Our results include a set of security notions for multiuser searchable encryption as well as a construction which is provably secure under the newly introduced security notions. We also discuss how …