Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Remote attestation (2)
- Trusted computing (2)
- Access control (1)
- Active attack (1)
- Bilinear pairing (1)
-
- Certificate revocation (1)
- Chosen-ciphertext security (1)
- Client-to-client applications (1)
- Client-to-client setting (1)
- Concurrent attack (1)
- Cryptography (1)
- Cryptology ePrint Archive (1)
- Data security (1)
- Dictionary attack (1)
- Distributed Denial of Service (1)
- Dynamic trust (1)
- Efficient client-to-client pake protocol (1)
- Empirical analysis (1)
- Flash Event (1)
- Formal security model (1)
- Generic construction (1)
- Guessing attack (1)
- Identification scheme (1)
- Identity-based Encryption (1)
- Identity-based cryptography (1)
- Intelligent sensors (1)
- Key exchange (1)
- Malware proliferation (1)
- Network Security (1)
- P2P systems (1)
Articles 1 - 15 of 15
Full-Text Articles in Physical Sciences and Mathematics
Ambiguous Optimistic Fair Exchange, Qiong Huang, Guomin Yang, Duncan S. Wong, Willy Susilo
Ambiguous Optimistic Fair Exchange, Qiong Huang, Guomin Yang, Duncan S. Wong, Willy Susilo
Research Collection School Of Computing and Information Systems
Optimistic fair exchange (OFE) is a protocol for solving the problem of exchanging items or services in a fair manner between two parties, a signer and a verifier, with the help of an arbitrator which is called in only when a dispute happens between the two parties. In almost all the previous work on OFE, after obtaining a partial signature from the signer, the verifier can present it to others and show that the signer has indeed committed itself to something corresponding to the partial signature even prior to the completion of the transaction. In some scenarios, this capability given …
Chosen-Ciphertext Secure Proxy Re-Encryption Without Pairing, Robert H. Deng, Jian Weng, Shengli Liu, Kefei Chen
Chosen-Ciphertext Secure Proxy Re-Encryption Without Pairing, Robert H. Deng, Jian Weng, Shengli Liu, Kefei Chen
Research Collection School Of Computing and Information Systems
In a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such as encrypted email forwarding, secure distributed file systems, and outsourced filtering of encrypted spam. In ACM CCS'07, Canetti and Hohenberger presented a proxy re-encryption scheme with chosen-ciphertext security, and left an important open problem to construct a chosen-ciphertext secure proxy re-encryption scheme without pairings. In this paper, we solve this open problem by proposing a new proxy re-encryption scheme without resort to bilinear pairings. Based …
Efficient Client-To-Client Password Authenticated Key Exchange, Yanjiang Yang, Feng Bao, Robert H. Deng
Efficient Client-To-Client Password Authenticated Key Exchange, Yanjiang Yang, Feng Bao, Robert H. Deng
Research Collection School Of Computing and Information Systems
With the rapid proliferation of client-to-client applications, PAKE (password authenticated key exchange) protocols in the client-to-client setting become increasingly important. In this paper, we propose an efficient client-to client PAKE protocol, which has much better performance than existing generic constructions. We also show that the proposed protocol is secure under a formal security model.
A New Framework For The Design And Analysis Of Identity-Based Identification Schemes, Guomin Yang, Jing Chen, Duncan S. Wong, Xiaotie Deng, Dongsheng Wang
A New Framework For The Design And Analysis Of Identity-Based Identification Schemes, Guomin Yang, Jing Chen, Duncan S. Wong, Xiaotie Deng, Dongsheng Wang
Research Collection School Of Computing and Information Systems
Constructing an identification scheme is one of the fundamental problems in cryptography, and is very useful in practice. An identity-based identification (IBI) scheme allows a prover to identify himself to a public verifier who knows only the claimed identity of the prover and some public information. In this paper, we propose a new framework for both the design and analysis of IBI schemes. Our approach works in an engineering way. We first identify an IBI scheme as the composition of two building blocks, and then show that, with different security properties of these building blocks, the corresponding IBI schemes can …
Two-Factor Mutual Authentication Based On Smart Cards And Passwords, Guomin Yang, Duncan S. Wong, Huaxiong Wang, Xiaotie Deng
Two-Factor Mutual Authentication Based On Smart Cards And Passwords, Guomin Yang, Duncan S. Wong, Huaxiong Wang, Xiaotie Deng
Research Collection School Of Computing and Information Systems
One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart-card and password. A scheme of this type is called a smart-card-based password authentication scheme. The core feature of such a scheme is to enforce two-factor authentication in the sense that the client must have the smart-card and know the password in order to gain access to the server. In this paper, we scrutinize the security requirements of this kind of schemes, and propose a new scheme and a generic construction framework for smart-card-based password authentication. We show that a secure password based key exchange protocol …
Model-Driven Remote Attestation: Attesting Remote System From Behavioral Aspect, Liang Gu, Xuhua Ding, Robert H. Deng, Yanzhen Zou, Bing Xie, Weizhong Shao, Hong Mei
Model-Driven Remote Attestation: Attesting Remote System From Behavioral Aspect, Liang Gu, Xuhua Ding, Robert H. Deng, Yanzhen Zou, Bing Xie, Weizhong Shao, Hong Mei
Research Collection School Of Computing and Information Systems
Remote attestation was introduced in TCG specifications to determine whether a remote system is trusted to behave in a particular manner for a specific purpose; however, most of the existing approaches attest only the integrity state of a remote system and hence have a long way to go in achieving the above attestation objective. Behavior-based attestation and semantic attestation were recently introduced as solutions to approach the TCG attestation objective. In this paper, we extend behavior-based attestation to a model-driven remote attestation to prove that a remote system is trusted as defined by TCG. Our model-driven remote attestation verifies two …
Using Trusted Computing Technology To Facilitate Security Enforcement In Wireless Sensor Networks, Yanjiang Yang, Robert H. Deng, Feng Bao, Jianying Zhou
Using Trusted Computing Technology To Facilitate Security Enforcement In Wireless Sensor Networks, Yanjiang Yang, Robert H. Deng, Feng Bao, Jianying Zhou
Research Collection School Of Computing and Information Systems
Security enforcement in wireless sensor networks is by no means an easy task, due to the inherent resource-constrained nature of sensor nodes. To facilitate security enforcement, we propose to incorporate more powerful high-end Security Enforcement Facilitators (SEFs) into wireless sensor networks. In particular, the SEFs are equipped with TCG-compliant Trusted Platform Modules (TPMs) to protect cryptographic secrets, perform authenticated booting and attest their platform state to a remote base station.As such, the SEFs act as online trusted third parties toeffectively monitor the states of sensor nodes, help in keymanagement, simplify secure routing, and facilitate accesscontrol.
Remote Attestation On Program Execution, Liang Gu, Xuhua Ding, Robert H. Deng, Bing Xie, Hong Mei
Remote Attestation On Program Execution, Liang Gu, Xuhua Ding, Robert H. Deng, Bing Xie, Hong Mei
Research Collection School Of Computing and Information Systems
Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a …
Distinguishing Between Fe And Ddos Using Randomness Check, Hyundo Park, Peng Li, Debin Gao, Heejo Lee, Robert H. Deng
Distinguishing Between Fe And Ddos Using Randomness Check, Hyundo Park, Peng Li, Debin Gao, Heejo Lee, Robert H. Deng
Research Collection School Of Computing and Information Systems
Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. …
An Efficient Pir Construction Using Trusted Hardware, Yanjiang Yang, Xuhua Ding, Robert H. Deng, Feng Bao
An Efficient Pir Construction Using Trusted Hardware, Yanjiang Yang, Xuhua Ding, Robert H. Deng, Feng Bao
Research Collection School Of Computing and Information Systems
For a private information retrieval (PIR) scheme to be deployed in practice, low communication complexity and low computation complexity are two fundamental requirements it must meet. Most existing PIR schemes only focus on the communication complexity. The reduction on the computational complexity did not receive the due treatment mainly because of its O(n) lower bound. By using the trusted hardware based model, we design a novel scheme which breaks this barrier. With constant storage, the computation complexity of our scheme, including offline computation, is linear to the number of queries and is bounded by after optimization.
Empirical Analysis Of Certificate Revocation Lists, Daryl Walleck, Yingjiu Li, Shouhuai Xu
Empirical Analysis Of Certificate Revocation Lists, Daryl Walleck, Yingjiu Li, Shouhuai Xu
Research Collection School Of Computing and Information Systems
Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from VeriSign. Our study enables us to understand how long a revoked certificate lives and what the difference is in the lifetime of revoked certificates by certificate types, geographic locations, and organizations. Our study also provides a solid foundation for future research …
Traceable And Retrievable Identity-Based Encryption, Man Ho Au, Qiong Huang, Joseph K. Liu, Willy Susilo, Duncan S. Wong, Guomin Yang
Traceable And Retrievable Identity-Based Encryption, Man Ho Au, Qiong Huang, Joseph K. Liu, Willy Susilo, Duncan S. Wong, Guomin Yang
Research Collection School Of Computing and Information Systems
Very recently, the concept of Traceable Identity-based Encryption (IBE) scheme (or Accountable Authority Identity based Encryption scheme) was introduced in Crypto 2007. This concept enables some mechanisms to reduce the trust of a private key generator (PKG) in an IBE system. The aim of this paper is threefold. First, we discuss some subtleties in the first traceable IBE scheme in the Crypto 2007 paper. Second, we present an extension to this work by having the PKG’s master secret key retrieved automatically if more than one user secret key are released. This way, the user can produce a concrete proof of …
A Dynamic Trust Management Scheme To Mitigate Malware Proliferation In P2p Networks, Xuhua Ding, Wei Yu, Ying Pan
A Dynamic Trust Management Scheme To Mitigate Malware Proliferation In P2p Networks, Xuhua Ding, Wei Yu, Ying Pan
Research Collection School Of Computing and Information Systems
The surge of peer-to-peer (P2P) networks consisting of thousands of of hosts makes them a breeding ground for malware proliferation. Although some existing studies have shown that malware proliferation can pose significant threats to P2P networks, defending against such an attack is largely an open problem. This paper aims to develop the countermeasure that can effectively mitigate the malware proliferation while preserving P2P networks' performance. To this end, we propose a dynamic trust management scheme based upon localized trust evaluation and alert propagation which prevents innocent peers from downloading files from infected peers. Our analysis and experimental results show that …
Efficient Optimistic Fair Exchange Secure In The Multi-User Setting And Chosen-Key Model Without Random Oracles, Qiong Huang, Guomin Yang, Duncan S. Wong, Willy Susilo
Efficient Optimistic Fair Exchange Secure In The Multi-User Setting And Chosen-Key Model Without Random Oracles, Qiong Huang, Guomin Yang, Duncan S. Wong, Willy Susilo
Research Collection School Of Computing and Information Systems
Optimistic fair exchange is a kind of protocols to solve the problem of fair exchange between two parties. Almost all the previous work on this topic are provably secure only in the random oracle model. In PKC 2007, Dodis et al. considered optimistic fair exchange in a multi-user setting, and showed that the security of an optimistic fair exchange in a single-user setting may no longer be secure in a multi-user setting. Besides, they also proposed one and reviewed several previous construction paradigms and showed that they are secure in the multi-user setting. However, their proofs are either in the …
Private Query On Encrypted Data In Multi-User Setting, Feng Bao, Robert H. Deng, Xuhua Ding, Yanjiang Yang
Private Query On Encrypted Data In Multi-User Setting, Feng Bao, Robert H. Deng, Xuhua Ding, Yanjiang Yang
Research Collection School Of Computing and Information Systems
Searchable encryption schemes allow users to perform keyword based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multi-user setting. Our results include a set of security notions for multi-user searchable encryption as well as a construction which is provably secure under the newly introduced security notions.