Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Access Control (2)
- Access control (2)
- Authentication (2)
- Defect prediction (2)
- EPC Discovery Service (2)
-
- H.264/SVC (2)
- Static code attributes (2)
- Anonymity (1)
- Authentication protocol (1)
- Autonomous agents (1)
- Behavioral economics (1)
- Binary diffing (1)
- Biometrics (1)
- Broadcast encryption (1)
- Bug localization (1)
- Bug reports (1)
- CDH assumption (1)
- Calendar (1)
- Cell phone (1)
- Ciphertext-Policy Attribute-Based Encryption (1)
- Cloud computing (1)
- Cloud storage (1)
- Coarse-grained behavior modeling (1)
- Code auditing (1)
- Coercion resistance (1)
- Comparison (1)
- Computer Security (1)
- Computer Viruses (1)
- Computer crime (1)
- Computers (1)
Articles 1 - 30 of 32
Full-Text Articles in Physical Sciences and Mathematics
Ibinhunt: Binary Hunting With Inter-Procedural Control Flow, Jiang Ming, Meng Pan, Debin Gao
Ibinhunt: Binary Hunting With Inter-Procedural Control Flow, Jiang Ming, Meng Pan, Debin Gao
Research Collection School Of Computing and Information Systems
Techniques have been proposed to find the semantic differences between two binary programs when the source code is not available. Analyzing control flow, and in particular, intra-procedural control flow, has become an attractive technique in the latest binary diffing tools since it is more resistant to syntactic, but non-semantic, differences. However, this makes such techniques vulnerable to simple function obfuscation techniques (e.g., function inlining) attackers any malware writers could use. In this paper, we first show function obfuscation as an attack to such binary diffing techniques, and then propose iBinHunt which uses deep taint and automatic input generation to find …
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, testers or auditors can then check the defenses extracted from code to verify their adequacy. We have evaluated the feasibility, effectiveness, and usefulness …
Scalable Malware Clustering Through Coarse-Grained Behavior Modeling, Mahinthan Chandramohan, Hee Beng Kuan Tan, Lwin Khin Shar
Scalable Malware Clustering Through Coarse-Grained Behavior Modeling, Mahinthan Chandramohan, Hee Beng Kuan Tan, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. …
Audit Mechanisms For Provable Risk Management And Accountable Data Governance, Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Audit Mechanisms For Provable Risk Management And Accountable Data Governance, Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Organizations that collect and use large volumes of personal information are expected under the principle of accountable data governance to take measures to protect data subjects from risks that arise from inapproriate uses of this information. In this paper, we focus on a specific class of mechanisms—audits to identify policy violators coupled with punishments—that organizations such as hospitals, financial institutions, and Web services companies may adopt to protect data subjects from privacy and security risks stemming from inappropriate information use by insiders. We model the interaction between the organization (defender) and an insider (adversary) during the audit process as a …
An Improved Authentication Scheme For H.264/Svc And Its Performance Evaluation Over Non-Stationary Wireless Mobile Networks, Yifan Zhao, Swee-Won Lo, Robert H. Deng, Xuhua Ding
An Improved Authentication Scheme For H.264/Svc And Its Performance Evaluation Over Non-Stationary Wireless Mobile Networks, Yifan Zhao, Swee-Won Lo, Robert H. Deng, Xuhua Ding
Research Collection School Of Computing and Information Systems
In this paper, a bit stream-based authentication scheme for H.264/Scalable Video Coding (SVC) is proposed. The proposed scheme seamlessly integrates cryptographic algorithms and erasure correction codes (ECCs) to SVC video streams such that the authenticated streams are format compliant with the SVC specifications and preserve the three dimensional scalability (i. e., spatial, quality and temporal) of the original streams. We implement our scheme on a smart phone and study its performance over a realistic bursty packet-lossy wireless mobile network. Our analysis and experimental results show that the scheme achieves very high verification rates with lower communication overhead and much smaller …
(Strong) Multidesignated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Au, Guomin Yang, Willy Susilo
(Strong) Multidesignated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Au, Guomin Yang, Willy Susilo
Research Collection School Of Computing and Information Systems
Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …
Oto: Online Trust Oracle For User-Centric Trust Establishment, Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, Debin Gao
Oto: Online Trust Oracle For User-Centric Trust Establishment, Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, Debin Gao
Research Collection School Of Computing and Information Systems
Malware continues to thrive on the Internet. Besides automated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make informed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scalability and robustness. We design OTO, a system for communicating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE’s SmartScreen Filter (SSF). …
Predicting Common Web Application Vulnerabilities From Input Validation And Sanitization Code Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Predicting Common Web Application Vulnerabilities From Input Validation And Sanitization Code Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In …
Reputation As Public Policy For Internet Security, Leigh L. Linden, John S. Quarterman, Qian Tang, Andrew B. Whinston
Reputation As Public Policy For Internet Security, Leigh L. Linden, John S. Quarterman, Qian Tang, Andrew B. Whinston
Research Collection School Of Computing and Information Systems
Insufficient resource allocation causes an Internet information security (infosec) problem that public policy could improve. Lack of transparency lets organizations avoid addressing internal risks, leaving vulnerabilities that are exploited by botnets, threatening information security of other Internet participants. Their protection provides no economic benefit to the firm, so this negative externality causes underinvestment in infosec. Public policy could provide a partial solution by adding incentives for organizations to have well-configured infosec. Specifically, mandatory reporting of security issues plus presenting this information to the public, can impose shame and fame on organizations through publicity and peer influence by comparison with major …
No Tradeoff Between Confidentiality And Performance: An Analysis On H.264/Svc Partial Encryption, Zhuo Wei, Xuhua Ding, Robert H. Deng, Yongdong Wu
No Tradeoff Between Confidentiality And Performance: An Analysis On H.264/Svc Partial Encryption, Zhuo Wei, Xuhua Ding, Robert H. Deng, Yongdong Wu
Research Collection School Of Computing and Information Systems
Partial encryption is often used as a tradeoff between security and performance to protect scalable video data. In this paper, we argue that although partial encryption is strong enough for access control, it is not adequate for content confidentiality protection. We conduct experiments to show that partially encrypted H.264/SVC (scalable video coding) streams leak significant content information from the enhancement layers in all three scalability dimensions. Our analysis concludes that such leakage is caused by the underlying coding techniques used in H.264/SVC, and all layers should be encrypted to protect confidential video streams.
Learning Fine-Grained Structured Input For Memory Corruption Detection, Lei Zhao, Debin Gao, Lina Wang
Learning Fine-Grained Structured Input For Memory Corruption Detection, Lei Zhao, Debin Gao, Lina Wang
Research Collection School Of Computing and Information Systems
Inputs to many application and server programs contain rich and consistent structural information. The propagation of such input in program execution could serve as accurate and reliable signatures for detecting memory corruptions. In this paper, we propose a novel approach to detect memory corruptions at the binary level. The basic insight is that different parts of an input are usually processed in different ways, e.g., by different instructions. Identifying individual parts in an input and learning the pattern in which they are processed is an attractive approach to detect memory corruptions. We propose a fine-grained dynamic taint analysis system to …
Guest Editors’ Introduction: Methods Innovations For The Empirical Study Of Technology Adoption And Diffusion, Robert John Kauffman, Angsana A. Techatassanasoontorn
Guest Editors’ Introduction: Methods Innovations For The Empirical Study Of Technology Adoption And Diffusion, Robert John Kauffman, Angsana A. Techatassanasoontorn
Research Collection School Of Computing and Information Systems
The literature on technology adoption and diffusion is ahighly mature area of Information Systems (IS) research,which requires a deft hand in research to support the creationof new contributions of knowledge. In this specialissue, we focus on the application of various methods,including new ones, to shed light on research questions thathave not been understood fully in prior research. In particular,we will showcase research that involves theapplication of event history analysis and spatial econometrics,as well as count data models to study frequencyrelatedphenomena for changes and development in technologyadoption and diffusion. We also include an articlethat employs game theory, as well as another …
Defeating Sql Injection, Lwin Khin Shar, Hee Beng Kuan Tan
Defeating Sql Injection, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
The best strategy for combating SQL injection, which has emerged as the most widespread website security risk, calls for integrating defensive coding practices with both vulnerability detection and runtime attack prevention methods.
A Secure And Efficient Discovery Service System In Epcglobal Network, Jie Shi, Yingjiu Li, Robert H. Deng
A Secure And Efficient Discovery Service System In Epcglobal Network, Jie Shi, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In recent years, the Internet of Things (IOT) has drawn considerable attention from the industrial and research communities. Due to the vast amount of data generated through IOT devices and users, there is an urgent need for an effective search engine to help us make sense of this massive amount of data. With this motivation, we begin our initial works on developing a secure and efficient search engine (SecDS) based on EPC Discovery Services (EPCDS) for EPCglobal network, an integral part of IOT. SecDS is designed to provide a bridge between different partners of supply chains to share information while …
A Pollution Attack To Public-Key Watermarking Schemes, Yongdong Wu, Robert H. Deng
A Pollution Attack To Public-Key Watermarking Schemes, Yongdong Wu, Robert H. Deng
Research Collection School Of Computing and Information Systems
Public-key watermarking schemes are required to possess two desirable properties: allowing everyone to determine whether a watermark exists in an image or not and ensuring high detection probability in case of malicious modification. In this paper we propose an attack which pollutes the watermark embedded in an image with an optimal colored noise so as to fool the detector of the underlying public-key watermarking scheme. We further show how to apply the proposed pollution attack to public-key subspace watermarking schemes to generate pirated images of high quality but of low detection probability. Our experiment results demonstrate that the proposed pollution …
Mining Input Sanitization Patterns For Predicting Sql Injection And Cross Site Scripting Vulnerabilities, Lwin Khin Shar, Hee Beng Kuan Tan
Mining Input Sanitization Patterns For Predicting Sql Injection And Cross Site Scripting Vulnerabilities, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our …
Trurepec: A Trust-Behavior-Based Reputation And Recommender System For Mobile Applications, Zheng Yan, Peng Zhang, Robert H. Deng
Trurepec: A Trust-Behavior-Based Reputation And Recommender System For Mobile Applications, Zheng Yan, Peng Zhang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Mobile applications are software packages that can be installed and executed in a mobile device. Which mobile application is trustworthy for a user to purchase, download, install, execute or recommend becomes a crucial issue that impacts its final success. This paper proposes TruBeRepec, a trust-behavior-based reputation and recommender system for mobile applications. We explore a model of trust behavior for mobile applications based on the result of a large-scale user survey. We further develop a number of algorithms that are used to evaluate individual user’s trust in a mobile application through trust behavior observation, generate the application’s reputation by aggregating …
A New Framework For Privacy Of Rfid Path Authentication, Shaoying Cai, Robert H. Deng, Yingjiu Li, Yunlei Zhao
A New Framework For Privacy Of Rfid Path Authentication, Shaoying Cai, Robert H. Deng, Yingjiu Li, Yunlei Zhao
Research Collection School Of Computing and Information Systems
RFID-based path authentication enables supply chain managers to verify the exact path that a tag has taken. In this paper, we introduce a new oracle Move that models a tag's movement along a designed or an arbitrary path in a supply chain. With this oracle, we refine the existing security and privacy notions for RFID-based path authentication. In addition, we propose a new privacy notion, called path privacy, for RFID-based path authentication. Our privacy notion captures the privacy of both tag identity and path information in a single game. Compared to existing two-game based privacy notions, it is more rigorous, …
Where Should The Bugs Be Fixed? More Accurate Information Retrieval-Based Bug Localization Based On Bug Reports, Jian Zhou, Hongyu Zhang, David Lo
Where Should The Bugs Be Fixed? More Accurate Information Retrieval-Based Bug Localization Based On Bug Reports, Jian Zhou, Hongyu Zhang, David Lo
Research Collection School Of Computing and Information Systems
For a large and evolving software system, the project team could receive a large number of bug reports. Locating the source code files that need to be changed in order to fix the bugs is a challenging task. Once a bug report is received, it is desirable to automatically point out to the files that developers should change in order to fix the bug. In this paper, we propose BugLocator, an information retrieval based method for locating the relevant files for fixing a bug. BugLocator ranks all files based on the textual similarity between the initial bug report and the …
Active Malware Analysis Using Stochastic Games, Simon Williamson, Pradeep Reddy Varakantham, Debin Gao, Chen Hui Ong
Active Malware Analysis Using Stochastic Games, Simon Williamson, Pradeep Reddy Varakantham, Debin Gao, Chen Hui Ong
Research Collection School Of Computing and Information Systems
Cyber security is increasingly important for defending computer systems from loss of privacy or unauthorised use. One important aspect is threat analysis - how does an attacker infiltrate a system and what do they want once they are inside. This paper considers the problem of Active Malware Analysis, where we learn about the human or software intruder by actively interacting with it with the goal of learning about its behaviours and intentions, whilst at the same time that intruder may be trying to avoid detection or showing those behaviours and intentions. This game-theoretic active learning is then used to obtain …
Distributed Path Authentication For Dynamic Rfid-Enabled Supply Chains, Shaoying Cai, Yingjiu Li, Yunlei Zhao
Distributed Path Authentication For Dynamic Rfid-Enabled Supply Chains, Shaoying Cai, Yingjiu Li, Yunlei Zhao
Research Collection School Of Computing and Information Systems
In this paper, we propose a distributed path authentication solution for dynamic RFID-enabled supply chains to address the counterfeiting problem. Compared to existing general anti-counterfeiting solutions, our solution requires non sharing of item-level RFID information among supply chain parties, thus eliminating the requirement on high network bandwidth and fine-grained access control. Our solution is secure, privacy-preserving, and practical. It leverages on the standard EPCglobal network to share information about paths and parties in path authentication. Our solution can be implemented on standard EPC class 1 generation 2 tags with only 720 bits storage and no computational capability.
Expressive Cp-Abe With Partially Hidden Access Structures, Junzuo Lai, Robert H. Deng, Yingjiu Li
Expressive Cp-Abe With Partially Hidden Access Structures, Junzuo Lai, Robert H. Deng, Yingjiu Li
Research Collection School Of Computing and Information Systems
At Eurocrypt 2005, Sahai and Waters [7] introduced the concept of attribute-based encryption (ABE). ABE enables public key based one-to-many encryption and is envisioned as a promising cryptographic primitive for realizing scalable and fine-grained access control systems. There are two kinds of ABE schemes [1], key-policy ABE (KP-ABE) and ciphertext-policy ABE (CP-ABE) schemes. This paper, our concern is on the latter.
Coercion Resistance In Authentication Responsibility Shifting, Payas Gupta, Xuhua Ding, Debin Gao
Coercion Resistance In Authentication Responsibility Shifting, Payas Gupta, Xuhua Ding, Debin Gao
Research Collection School Of Computing and Information Systems
Responsibility shifting, a popular solution used in the event of failure of primary authentication where a human helper is involved in regaining access, is vulnerable to coercion attacks. In this work, we report our user study which investigates the helper’s emotional status when being coerced to assist in an attack. Results show that the coercion causes involuntary skin conductance fluctuation on the helper, which indicates that he/she is nervous and stressed. This response can be used to strengthen the security of the authentication system by providing coercion resistance.
Spalendar: Visualizing A Group's Calendar Events Over A Geographic Space On A Public Display, Chen Xiang, Sebastian Boring, Sheelagh Carpendale, Anthony Tang, Saul Greenberg
Spalendar: Visualizing A Group's Calendar Events Over A Geographic Space On A Public Display, Chen Xiang, Sebastian Boring, Sheelagh Carpendale, Anthony Tang, Saul Greenberg
Research Collection School Of Computing and Information Systems
Portable paper calendars (i.e., day planners and organizers) have greatly influenced the design of group electronic calendars. Both use time units (hours/days/weeks/etc.) to organize visuals, with useful information (e.g., event types, locations, attendees) usually presented as - perhaps abbreviated or even hidden - text fields within those time units. The problem is that, for a group, this visual sorting of individual events into time buckets conveys only limited information about the social network of people. For example, people’s whereabouts cannot be read ‘at a glance’ but require examining the text. Our goal is to explore an alternate visualization that can …
Hasbe: A Hierarchical Attribute-Based Solution For Flexible And Scalable Access Control In Cloud Computing, Zhiguo Wan, Jun'e Liu, Robert H. Deng
Hasbe: A Hierarchical Attribute-Based Solution For Flexible And Scalable Access Control In Cloud Computing, Zhiguo Wan, Jun'e Liu, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud computing has emerged as one of the most influential paradigms in IT industry in recent years. Since this new computing technology requires users to entrust their valuable data to cloud providers, there have been increasing security and privacy concerns on outsourced data. Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper we propose hierarchical attribute-set-based encryption (HASBE) by …
Evaluation Of Different Electronic Product Code Discovery Service Models, Su Mon Kywe, Jie Shi, Yingjiu Li, Raghuwanshi Kailash
Evaluation Of Different Electronic Product Code Discovery Service Models, Su Mon Kywe, Jie Shi, Yingjiu Li, Raghuwanshi Kailash
Research Collection School Of Computing and Information Systems
Electronic Product Code Discovery Service (EPCDS) is an important concept in supply chain processes and in Internet of Things (IOT). It allows supply chain participants to search for their partners, communicate with them and share product information using standardized interfaces securely. Many researchers have been proposing different EPCDS models, considering different requirements. In this paper, we describe existing architecture designs of EPCDS systems, namely Directory Service Model, Query Relay Model and Aggregating Discovery Service Model (ADS). We also briefly mention Secure Discovery Service (SecDS) Model, which is an improved version of Directory Service Model with a secure attribute-based access control …
A Comparative Study Of Cyberattacks, Seung Hyun Kim, Qiu-Hong Wang, Johannes B. Ullrich
A Comparative Study Of Cyberattacks, Seung Hyun Kim, Qiu-Hong Wang, Johannes B. Ullrich
Research Collection School Of Computing and Information Systems
Cyberattacks are computer-to-computer attacks undermining the confidentiality, integrity, and/or availability of computers and/or the information they hold. The importance of securing cyberspace is increasing, along with the sophistication and potential significance of the results of the attacks. Moreover, attacksb involve increasingly sophisticated coordination among multiple hackers across international boundaries, where the aim has shifted from fun and self-satisfaction to financial or military gain, with clear and self-reinforcing motivation; for example, the number of new malicious code threats worldwide increased more than 71% from 2008 to 2009.
Human: Creating Memorable Fingerprints Of Mobile Users, Gupta Payas, Kiat Wee Tan, Narayanasamy Ramasubbu, David Lo, Debin Gao, Rajesh Krishna Balan
Human: Creating Memorable Fingerprints Of Mobile Users, Gupta Payas, Kiat Wee Tan, Narayanasamy Ramasubbu, David Lo, Debin Gao, Rajesh Krishna Balan
Research Collection School Of Computing and Information Systems
In this paper, we present a new way of generating behavioral (not biometric) fingerprints from the cellphone usage data. In particular, we explore if the generated behavioral fingerprints are memorable enough to be remembered by end users. We built a system, called HuMan, that generates fingerprints from cellphone data. To test HuMan, we conducted an extensive user study that involved collecting about one month of continuous usage data (including calls, SMSes, application usage patterns etc.) from 44 Symbian and Android smartphone users. We evaluated the memorable fingerprints generated from this rich multi-context data by asking each user to answer various …
Secds: A Secure Epc Discovery Services System In Epcglobal Network, Jie Shi, Darren Sim, Yingjiu Li, Robert H. Deng
Secds: A Secure Epc Discovery Services System In Epcglobal Network, Jie Shi, Darren Sim, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
In recent years, the Internet of Things (IOT) has drawn considerable attention from the industrial and research communities. Due to the vast amount of data generated through IOT devices and users, there is an urgent need for an effective search engine to help us make sense of this massive amount of data. With this motivation, we begin our initial works on developing a secure and efficient search engine (SecDS) based on EPC Discovery Services (EPCDS) for EPCglobal network, an integral part of IOT. SecDS is designed to provide a bridge between different partners of supply chains to share information while …
A Survey On Privacy Frameworks For Rfid Authentication, Chunhua Su, Yingjiu Li, Yunlei Zhao, Robert H. Deng, Yiming Zhao, Jianying Zhou
A Survey On Privacy Frameworks For Rfid Authentication, Chunhua Su, Yingjiu Li, Yunlei Zhao, Robert H. Deng, Yiming Zhao, Jianying Zhou
Research Collection School Of Computing and Information Systems
Due to rapid growth of RFID system applications, the security and privacy problems become more and more important to guarantee the validity of RFID systems. Without introducing proper privacy protection mechanisms, widespread deployment of RFID could raise privacy concerns to both companies and individuals. As a fundamental issue for the design and analysis of secure RFID systems, some formal RFID privacy frameworks were proposed in recent years to give the principles for evaluating the security and privacy in RFID system. However, readers can be confused with so many proposed frameworks. In this paper, we make a comparative and survey study …