Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Blockchain (7)
- Privacy (5)
- Anonymity (3)
- Bitcoin (3)
- Cloud computing (3)
-
- Searchable encryption (3)
- Authentication (2)
- Cyber-physical systems (2)
- Industrial control systems (2)
- Integrity (2)
- Outsourcing computation (2)
- Protocols (2)
- Revocation (2)
- Transparency (2)
- 5G (1)
- AVISPA (1)
- Access pattern (1)
- Accountability (1)
- Acoustic attack (1)
- Adversarial attacks (1)
- Adversarial robustness (1)
- Aggregation (1)
- Android (1)
- Android Security (1)
- Android malware (1)
- Animation (1)
- Anomaly detection (1)
- Anomaly detectors (1)
- App repackaging (1)
- Application programs (1)
Articles 1 - 30 of 54
Full-Text Articles in Physical Sciences and Mathematics
A Fine-Grained Attribute Based Data Retrieval With Proxy Re-Encryption Scheme For Data Outsourcing Systems, Hanshu Hong, Ximeng Liu, Zhixin Sun
A Fine-Grained Attribute Based Data Retrieval With Proxy Re-Encryption Scheme For Data Outsourcing Systems, Hanshu Hong, Ximeng Liu, Zhixin Sun
Research Collection School Of Computing and Information Systems
Attribute based encryption is suitable for data protection in data outsourcing systems such as cloud computing. However, the leveraging of encryption technique may retrain some routine operations over the encrypted data, particularly in the field of data retrieval. This paper presents an attribute based date retrieval with proxy re-encryption (ABDR-PRE) to provide both fine-grained access control and retrieval over the ciphertexts. The proposed scheme achieves fine-grained data access management by adopting KP-ABE mechanism, a delegator can generate the re-encryption key and search indexes for the ciphertexts to be shared over the target delegatee’s attributes. Throughout the process of data sharing, …
Data Fusion For Trust Evaluation, Zheng Yan, Qinghua Zheng, Laurence T. Yang, Robert H. Deng
Data Fusion For Trust Evaluation, Zheng Yan, Qinghua Zheng, Laurence T. Yang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Trust evaluation is a process to quantify trust by analyzing the data related to the factors that affect trust. It has been widely applied in many fields to facilitate decision making, system entity collaboration and security establishment. For example, in social networking, trust evaluation helps users make a social decision, reduce the risk of social interactions, and ensure the quality of a social networking environment. In digital communications, trust evaluation can be applied to detect malicious nodes, filter unwanted traffic and improve communication security. In e-commerce and cloud services, trust evaluation helps users selecting an appropriate product or service from …
Hrpdf: A Software-Based Heterogeneous Redundant Proactive Defense Framework For Programmable Logic Controller, Ke Liu, Jing-Yi Wang, Qiang Wei, Zhen-Yong Zhang, Jun Sun, Rong-Kuan Ma, Rui-Long Deng
Hrpdf: A Software-Based Heterogeneous Redundant Proactive Defense Framework For Programmable Logic Controller, Ke Liu, Jing-Yi Wang, Qiang Wei, Zhen-Yong Zhang, Jun Sun, Rong-Kuan Ma, Rui-Long Deng
Research Collection School Of Computing and Information Systems
Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC …
Concise Mercurial Subvector Commitments: Definitions And Constructions, Yannan Li, Willy Susilo, Guomin Yang, Tran Viet Xuan Phuong, Yong Yu, Dongxi Liu
Concise Mercurial Subvector Commitments: Definitions And Constructions, Yannan Li, Willy Susilo, Guomin Yang, Tran Viet Xuan Phuong, Yong Yu, Dongxi Liu
Research Collection School Of Computing and Information Systems
Vector commitment and its variants have attracted a lot of attention recently as they have been exposed to a wide range of applications in blockchain. Two special extensions of vector commitments, namely subvector commitments and mercurial commitments, have been proposed with attractive features that are desirable in many applications. Nevertheless, to the best of our knowledge, a single construction satisfying all those attractive features is still missing. In this work, we analyze those important properties and propose a new primitive called mercurial subvector commitments, which are efficiently updatable, mercurial hiding, position binding, and aggregatable. We formalize the system model and …
Video Snapshot: Single Image Motion Expansion Via Invertible Motion Embedding, Qianshu Zhu, Chu Han, Guoqiang Han, Tien-Tsin Wong, Shengfeng He
Video Snapshot: Single Image Motion Expansion Via Invertible Motion Embedding, Qianshu Zhu, Chu Han, Guoqiang Han, Tien-Tsin Wong, Shengfeng He
Research Collection School Of Computing and Information Systems
Unlike images, finding the desired video content in a large pool of videos is not easy due to the time cost of loading and watching. Most video streaming and sharing services provide the video preview function for a better browsing experience. In this paper, we aim to generate a video preview from a single image. To this end, we propose two cascaded networks, the motion embedding network and the motion expansion network. The motion embedding network aims to embed the spatio-temporal information into an embedded image, called video snapshot. On the other end, the motion expansion network is proposed to …
Functional Signatures: New Definition And Constructions, Qingwen Guo, Qiong Huang, Sha Ma, Meiyan Xiao, Guomin Yang, Willy Susilo
Functional Signatures: New Definition And Constructions, Qingwen Guo, Qiong Huang, Sha Ma, Meiyan Xiao, Guomin Yang, Willy Susilo
Research Collection School Of Computing and Information Systems
Functional signatures (FS) enable a master authority to delegate its signing privilege to an assistant. Concretely, the master authority uses its secret key sk(F) to issue a signing key sk(f) for a designated function f is an element of F-FS and sends both f and sk(f) to the assistant E, which is then able to compute a signature sigma(f) with respect to pk(F) for a message y in the range of f. In this paper, we modify the syntax of FS slightly to support the application scenario where a certificate of authorization is necessary. Compared with the original FS, our …
Broadcast Authenticated Encryption With Keyword Search, Xueqiao Liu, Kai He, Guomin Yang, Willy Susilo, Joseph Tonien, Qiong Huang
Broadcast Authenticated Encryption With Keyword Search, Xueqiao Liu, Kai He, Guomin Yang, Willy Susilo, Joseph Tonien, Qiong Huang
Research Collection School Of Computing and Information Systems
The emergence of public-key encryption with keyword search (PEKS) has provided an elegant approach to enable keyword search over encrypted content. Due to its high computational complexity proportional to the number of intended receivers, the trivial way of deploying PEKS for data sharing with multiple receivers is impractical, which motivates the development of a new PEKS framework for broadcast mode. However, existing works suffer from either the vulnerability to keyword guessing attacks (KGA) or high computation and communication complexity. In this work, a new primitive for keyword search in broadcast mode, named broadcast authenticated encryption with keyword search (BAEKS), is …
Deriving Invariant Checkers For Critical Infrastructure Using Axiomatic Design Principles, Cheah Huei Yoong, Venkata Reddy Palleti, Rajib Ranjan Maiti, Arlindo Silva, Christopher M. Poskitt
Deriving Invariant Checkers For Critical Infrastructure Using Axiomatic Design Principles, Cheah Huei Yoong, Venkata Reddy Palleti, Rajib Ranjan Maiti, Arlindo Silva, Christopher M. Poskitt
Research Collection School Of Computing and Information Systems
Cyber-physical systems (CPSs) in critical infrastructure face serious threats of attack, motivating research into a wide variety of defence mechanisms such as those that monitor for violations of invariants, i.e. logical properties over sensor and actuator states that should always be true. Many approaches for identifying invariants attempt to do so automatically, typically using data logs, but these can miss valid system properties if relevant behaviours are not well-represented in the data. Furthermore, as the CPS is already built, resolving any design flaws or weak points identified through this process is costly. In this paper, we propose a systematic …
Efficient Server-Aided Secure Two-Party Computation In Heterogeneous Mobile Cloud Computing, Yulin Wu, Xuan Wang, Willy Susilo, Guomin Yang, Zoe L. Jiang, Qian Chen, Peng Xu
Efficient Server-Aided Secure Two-Party Computation In Heterogeneous Mobile Cloud Computing, Yulin Wu, Xuan Wang, Willy Susilo, Guomin Yang, Zoe L. Jiang, Qian Chen, Peng Xu
Research Collection School Of Computing and Information Systems
With the ubiquity of mobile devices and rapid development of cloud computing, mobile cloud computing (MCC) has been considered as an essential computation setting to support complicated, scalable and flexible mobile applications by overcoming the physical limitations of mobile devices with the aid of cloud. In the MCC setting, since many mobile applications (e.g., map apps) interacting with cloud server and application server need to perform computation with the private data of users, it is important to realize secure computation for MCC. In this article, we propose an efficient server-aided secure two-party computation (2PC) protocol for MCC. This is the …
Leap: Leakage-Abuse Attack On Efficiently Deployable, Efficiently Searchable Encryption With Partially Known Dataset, Jianting Ning, Xinyi Huang, Geong Sen Poh, Jiaming Yuan, Yingjiu Li, Jian Weng, Robert H. Deng
Leap: Leakage-Abuse Attack On Efficiently Deployable, Efficiently Searchable Encryption With Partially Known Dataset, Jianting Ning, Xinyi Huang, Geong Sen Poh, Jiaming Yuan, Yingjiu Li, Jian Weng, Robert H. Deng
Research Collection School Of Computing and Information Systems
Searchable Encryption (SE) enables private queries on encrypted documents. Most existing SE schemes focus on constructing industrialready, practical solutions at the expense of information leakages that are considered acceptable. In particular, ShadowCrypt utilizes a cryptographic approach named “efficiently deployable, efficiently searchable encryption” (EDESE) that reveals the encrypted dataset and the query tokens among other information. However, recent attacks showed that such leakages can be exploited to (partially) recover the underlying keywords of query tokens under certain assumptions on the attacker’s background knowledge. We continue this line of work by presenting LEAP, a new leakageabuse attack on EDESE schemes that can …
Covid-19 One Year On: Security And Privacy Review Of Contact Tracing Mobile Apps, Wei Yang Ang, Lwin Khin Shar
Covid-19 One Year On: Security And Privacy Review Of Contact Tracing Mobile Apps, Wei Yang Ang, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
The ongoing COVID-19 pandemic caused 3.8 million deaths since December 2019. At the current vaccination pace, this global pandemic could persist for several years. Throughout the world, contact tracing (CT) apps were developed, which play a significant role in mitigating the spread of COVID-19. This work examines the current state of security and privacy landscape of mobile CT apps. Our work is the first attempt, to our knowledge, which provides a comprehensive analysis of 70 CT apps used worldwide as of year Q1 2021. Among other findings, we observed that 80% of them may have handled sensitive data without adequate …
An Exploratory Study Of Social Support Systems To Help Older Adults In Managing Mobile Safety, Tamir Mendel, Debin Gao, David Lo, Eran Toch
An Exploratory Study Of Social Support Systems To Help Older Adults In Managing Mobile Safety, Tamir Mendel, Debin Gao, David Lo, Eran Toch
Research Collection School Of Computing and Information Systems
Older adults face increased safety challenges, such as targeted online fraud and phishing, contributing to the growing technological divide between them and younger adults. Social support from family and friends is often the primary way older adults receive help, but it may also lead to reliance on others. We have conducted an exploratory study to investigate older adults' attitudes and experiences related to mobile social support technologies for mobile safety. We interviewed 18 older adults about their existing support and used the think-aloud method to gather data about a prototype for providing social support during mobile safety challenges. Our findings …
Privacy-Preserving Voluntary-Tallying Leader Election For Internet Of Things, Tong Wu, Guomin Yang, Liehuang Zhu, Yulin Wu
Privacy-Preserving Voluntary-Tallying Leader Election For Internet Of Things, Tong Wu, Guomin Yang, Liehuang Zhu, Yulin Wu
Research Collection School Of Computing and Information Systems
The Internet of Things (IoT) is commonly deployed with devices of limited power and computation capability. A centralized IoT architecture provides a simplified management for IoT system but brings redundancy by the unnecessary data traffic with a data center. A decentralized IoT reduces the cost on data traffic and is resilient to the single-point-of failure. The blockchain technique has attracted a large amount of research, which is redeemed as a perspective of decentralized IoT system infrastructure. It also brings new privacy challenges for that the blockchain is a public ledger of all digital events executed and shared among all participants. …
Sylpeniot: Symmetric Lightweight Predicate Encryption For Data Privacy Applications In Iot Environments, Tran Viet Xuan Phuong, Willy Susilo, Guomin Yang, Jongkil Kim, Yangwai Chow, Dongxi Liu
Sylpeniot: Symmetric Lightweight Predicate Encryption For Data Privacy Applications In Iot Environments, Tran Viet Xuan Phuong, Willy Susilo, Guomin Yang, Jongkil Kim, Yangwai Chow, Dongxi Liu
Research Collection School Of Computing and Information Systems
Privacy preserving mechanisms are essential for protecting data in IoT environments. This is particularly challenging as IoT environments often contain heterogeneous resource-constrained devices. One method for protecting privacy is to encrypt data with a pattern or metadata. To prevent information leakage, an evaluation using the pattern must be performed before the data can be retrieved. However, the computational costs associated with typical privacy preserving mechanisms can be costly. This makes such methods ill-suited for resource-constrained devices, as the high energy consumption will quickly drain the battery. This work solves this challenging problem by proposing SyLPEnIoT – Symmetric Lightweight Predicate Encryption …
On The Usability (In)Security Of In-App Browsing Interfaces In Mobile Apps, Zicheng Zhang, Daoyuan Wu, Lixiang Li, Debin Gao
On The Usability (In)Security Of In-App Browsing Interfaces In Mobile Apps, Zicheng Zhang, Daoyuan Wu, Lixiang Li, Debin Gao
Research Collection School Of Computing and Information Systems
Due to the frequent encountering of web URLs in various application scenarios (e.g., chatting and email reading), many mobile apps build their in-app browsing interfaces (IABIs) to provide a seamless user experience. Although this achieves user-friendliness by avoiding the constant switching between the subject app and the system built-in browser apps, we find that IABIs, if not well designed or customized, could result in usability security risks. In this paper, we conduct the first empirical study on the usability (in)security of in-app browsing interfaces in both Android and iOS apps. Specifically, we collect a dataset of 25 high-profile mobile apps …
Revocable Policy-Based Chameleon Hash, Shengmin Xu, Jianting Ning, Jinhua Ma, Guowen Xu, Jiaming Yuan, Robert H. Deng
Revocable Policy-Based Chameleon Hash, Shengmin Xu, Jianting Ning, Jinhua Ma, Guowen Xu, Jiaming Yuan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Policy-based chameleon hash (PCH) is a cryptographic building block which finds increasing practical applications. Given a message and an access policy, for any chameleon hash generated by a PCH scheme, a chameleon trapdoor holder whose rewriting privileges satisfy the access policy can amend the underlying message without affecting the hash value. In practice, it is necessary to revoke the rewriting privileges of a trapdoor holder due to various reasons, such as change of positions, compromise of credentials, or malicious behaviours. In this paper, we introduce the notion of revocable PCH (RPCH) and formally define its security. We instantiate a concrete …
Adversarial Attacks And Mitigation For Anomaly Detectors Of Cyber-Physical Systems, Yifan Jia, Jingyi Wang, Christopher M. Poskitt, Sudipta Chattopadhyay, Jun Sun, Yuqi Chen
Adversarial Attacks And Mitigation For Anomaly Detectors Of Cyber-Physical Systems, Yifan Jia, Jingyi Wang, Christopher M. Poskitt, Sudipta Chattopadhyay, Jun Sun, Yuqi Chen
Research Collection School Of Computing and Information Systems
The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we …
Secure And Verifiable Outsourced Data Dimension Reduction On Dynamic Data, Zhenzhu Chen, Anmin Fu, Robert H. Deng, Ximeng Liu, Yang Yang, Yinghui Zhang
Secure And Verifiable Outsourced Data Dimension Reduction On Dynamic Data, Zhenzhu Chen, Anmin Fu, Robert H. Deng, Ximeng Liu, Yang Yang, Yinghui Zhang
Research Collection School Of Computing and Information Systems
Dimensionality reduction aims at reducing redundant information in big data and hence making data analysis more efficient. Resource-constrained enterprises or individuals often outsource this time-consuming job to the cloud for saving storage and computing resources. However, due to inadequate supervision, the privacy and security of outsourced data have been a serious concern to data owners. In this paper, we propose a privacypreserving and verifiable outsourcing scheme for data dimension reduction, based on incremental Non-negative Matrix Factorization (NMF) method. We emphasize the importance of incremental data processing, exploiting the properties of NMF to enable data dynamics in consideration of data updating …
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Research Collection School Of Computing and Information Systems
As a milestone in the development of outsourcing services, cloud computing enables an increasing number of individuals and enterprises to enjoy the most advanced services from outsourcing service providers. Because online payment and data security issues are involved in outsourcing services, the mutual distrust between users and service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing solutions only consider a specific type of services and rely on a trusted third-party to realize fair payment. In this paper, to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or …
Unlinkable And Revocable Secret Handshake, Yangguang Tian, Yingliu Li, Guomin Yang, Guomin Yang
Unlinkable And Revocable Secret Handshake, Yangguang Tian, Yingliu Li, Guomin Yang, Guomin Yang
Research Collection School Of Computing and Information Systems
In this paper, we introduce a new construction for unlinkable secret handshake that allows a group of users to perform handshakes anonymously. We define formal security models for the proposed construction and prove that it can achieve session key security, anonymity and affiliation hiding. In particular, the proposed construction ensures that (i) anonymity against protocol participants (including group authority) is achieved since a hierarchical identity-based signature is used in generating group user's pseudonym-credential pairs and (ii) revocation is achieved using a secret sharing-based revocation mechanism.
Receiver-Anonymity In Rerandomizable Rcca-Secure Cryptosystems Resolved, Yi Wang, Rongmao Chen, Guomin Yang, Xinyi Huang, Baosheng Wang, Moti Yung
Receiver-Anonymity In Rerandomizable Rcca-Secure Cryptosystems Resolved, Yi Wang, Rongmao Chen, Guomin Yang, Xinyi Huang, Baosheng Wang, Moti Yung
Research Collection School Of Computing and Information Systems
In this work we resolve the open problem raised by Prabhakaran and Rosulek at CRYPTO 2007, and present the first anonymous, rerandomizable, Replayable-CCA (RCCA) secure public-key encryption scheme. This solution opens the door to numerous privacy-oriented applications with a highly desired RCCA security level. At the core of our construction is a non-trivial extension of smooth projective hash functions (Cramer and Shoup, EUROCRYPT 2002), and a modular generic framework developed for constructing rerandomizable RCCA-secure encryption schemes with receiver-anonymity. The framework gives an enhanced abstraction of the original Prabhakaran and Rosulek’s scheme (which was the first construction of rerandomizable RCCA-secure encryption …
Privacy-Preserving Proof Of Storage For The Pay-As-You-Go Business Model, Tong Wu, Guomin Yang, Yi Mu, Fuchun Guo, Robert H. Deng
Privacy-Preserving Proof Of Storage For The Pay-As-You-Go Business Model, Tong Wu, Guomin Yang, Yi Mu, Fuchun Guo, Robert H. Deng
Research Collection School Of Computing and Information Systems
Proof of Storage (PoS) enables a cloud storage provider to prove that a client's data is intact. However, existing PoS protocols are not designed for the pay-as-you-go business model in which payment is made based on both storage volume and duration. In this paper, we propose two PoS protocols suitable for the pay-as-you-go storage business model. The first is a time encapsulated Proof of Retrievability (PoR) protocol that ensures retrievability of the original file upon successful auditing by a client. Considering the large size of outsourced data, we then extend the protocol to a privacy-preserving public auditing protocol which allows …
A Coprocessor-Based Introspection Framework Via Intel Management Engine, Lei Zhou, Fengwei Zhang, Jidong Xiao, Kevin Leach, Westley Weimer, Xuhua Ding, Guojun Wang
A Coprocessor-Based Introspection Framework Via Intel Management Engine, Lei Zhou, Fengwei Zhang, Jidong Xiao, Kevin Leach, Westley Weimer, Xuhua Ding, Guojun Wang
Research Collection School Of Computing and Information Systems
During the past decade, virtualization-based (e.g., virtual machine introspection) and hardware-assisted approaches (e.g., x86 SMM and ARM TrustZone) have been used to defend against low-level malware such as rootkits. However, these approaches either require a large Trusted Computing Base (TCB) or they must share CPU time with the operating system, disrupting normal execution. In this article, we propose an introspection framework called NIGHTHAWK that transparently checks system integrity and monitor the runtime state of target system. NIGHTHAWK leverages the Intel Management Engine (IME), a co-processor that runs in isolation from the main CPU. By using the IME, our approach has …
Rnnrepair: Automatic Rnn Repair Via Model-Based Analysis, Xiaofei Xie, Wenbo Guo, Lei Ma, Wei Le, Jian Wang, Lingjun Zhou, Yang Liu, Xinyu Xing
Rnnrepair: Automatic Rnn Repair Via Model-Based Analysis, Xiaofei Xie, Wenbo Guo, Lei Ma, Wei Le, Jian Wang, Lingjun Zhou, Yang Liu, Xinyu Xing
Research Collection School Of Computing and Information Systems
Deep neural networks are vulnerable to adversarial attacks. Due to their black-box nature, it is rather challenging to interpret and properly repair these incorrect behaviors. This paper focuses on interpreting and repairing the incorrect behaviors of Recurrent Neural Networks (RNNs). We propose a lightweight model-based approach (RNNRepair) to help understand and repair incorrect behaviors of an RNN. Specifically, we build an influence model to characterize the stateful and statistical behaviors of an RNN over all the training data and to perform the influence analysis for the errors. Compared with the existing techniques on influence function, our method can efficiently estimate …
A Mean-Field Markov Decision Process Model For Spatial-Temporal Subsidies In Ride-Sourcing Markets, Zheng Zhu, Jintao Ke, Hai Wang
A Mean-Field Markov Decision Process Model For Spatial-Temporal Subsidies In Ride-Sourcing Markets, Zheng Zhu, Jintao Ke, Hai Wang
Research Collection School Of Computing and Information Systems
Ride-sourcing services are increasingly popular because of their ability to accommodate on-demand travel needs. A critical issue faced by ride-sourcing platforms is the supply-demand imbalance, as a result of which drivers may spend substantial time on idle cruising and picking up remote passengers. Some platforms attempt to mitigate the imbalance by providing relocation guidance for idle drivers who may have their own self-relocation strategies and decline to follow the suggestions. Platforms then seek to induce drivers to system-desirable locations by offering them subsidies. This paper proposes a mean-field Markov decision process (MF-MDP) model to depict the dynamics in ride-sourcing markets …
Ultrapin: Inferring Pin Entries Via Ultrasound, Liu, Ximing, Robert H. Deng, Robert H. Deng
Ultrapin: Inferring Pin Entries Via Ultrasound, Liu, Ximing, Robert H. Deng, Robert H. Deng
Research Collection School Of Computing and Information Systems
While PIN-based user authentication systems such as ATM have long been considered to be secure enough, they are facing new attacks, named UltraPIN, which can be launched from commodity smartphones. As a target user enters a PIN on a PIN-based user authentication system, an attacker may use UltraPIN to infer the PIN from a short distance (50 cm to 100 cm). In this process, UltraPIN leverages smartphone speakers to issue human-inaudible ultrasound signals and uses smartphone microphones to keep recording acoustic signals. It applies a series of signal processing techniques to extract high-quality feature vectors from low-energy and high-noise signals …
Lattice-Based Remote User Authentication From Reusable Fuzzy Signature, Yangguang Tian, Yingjiu Li, Robert H. Deng, Binanda Sengupta, Guomin Yang
Lattice-Based Remote User Authentication From Reusable Fuzzy Signature, Yangguang Tian, Yingjiu Li, Robert H. Deng, Binanda Sengupta, Guomin Yang
Research Collection School Of Computing and Information Systems
In this paper, we introduce a new construction of reusable fuzzy signature based remote user authentication that is secure against quantum computers. We investigate the reusability of fuzzy signature, and we prove that the fuzzy signature schemes provide biometrics reusability (aka. reusable fuzzy signature). We define formal security models for the proposed construction, and we prove that it achieves user authenticity and user privacy. The proposed construction ensures: 1) a user’s biometrics can be securely reused in remote user authentication; 2) a third party having access to the communication channel between a user and the authentication server cannot identify the …
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Research Collection School Of Computing and Information Systems
Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the expressiveness of policy for practical application scenarios, attributes may be repeated in a policy. For certain policies, the attributes repetition cannot be avoided even after applying the boolean optimization techniques to attain an equivalent smaller length boolean formula. For such policies, …
Expressive Bilateral Access Control For Internet-Of-Things In Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Jinhua Ma, Xinyi Huang, Hwee Hwa Pang, Robert H. Deng
Expressive Bilateral Access Control For Internet-Of-Things In Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Jinhua Ma, Xinyi Huang, Hwee Hwa Pang, Robert H. Deng
Research Collection School Of Computing and Information Systems
As a versatile system architecture, cloud-fog Internet-of-Things (IoT) enables multiple resource-constrained devices to communicate and collaborate with each other. By outsourcing local data and immigrating expensive workloads to cloud service providers and fog nodes (FNs), resource-constrained devices can enjoy data services with low latency and minimal cost. To protect data security and privacy in the untrusted cloud-fog environment, many cryptographic mechanisms have been invented. Unfortunately, most of them are impractical when directly applied to cloud-fog IoT computing, mainly due to the large number of resource-constrained end-devices (EDs). In this paper, we present a secure cloud-fog IoT data sharing system with …
Secure Repackage-Proofing Framework For Android Apps Using Collatz Conjecture, Haoyu Ma, Shijia Li, Debin Gao, Chunfu Jia
Secure Repackage-Proofing Framework For Android Apps Using Collatz Conjecture, Haoyu Ma, Shijia Li, Debin Gao, Chunfu Jia
Research Collection School Of Computing and Information Systems
App repackaging has been raising serious concerns about the health of the Android ecosystem, and repackage-proofing is an important mitigation against threat of such attacks. However, existing app repackage-proofing schemes were only evaluated against trivial adversaries simulated using analyzers for other purposes (e.g., disclosing privacy leakage vulnerabilities), hence were shown “effective” mainly because their key programming features were not even supported by those toolkits. Furthermore, existing works have also neglected dynamic adversaries capable of manipulating victim apps at runtime, making them vulnerable against such stronger opponents. In this paper, we propose a novel repackage-proofing framework, which deploys distributed detection and …