Physical Sciences and Mathematics Commons^™

Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen

Research Collection School Of Computing and Information Systems

Public key encryption with keyword search (PEKS) allows users to search on encrypted data without leaking the keyword information from the ciphertexts. But it does not preserve keyword privacy within the trapdoors, because an adversary (e.g., untrusted server) might launch inside keyword-guessing attacks (IKGA) to guess keywords from the trapdoors. In recent years, public key authenticated encryption with keyword search (PAEKS) has become a promising primitive to counter the IKGA. However, existing PAEKS schemes focus on the concrete construction of PAEKS, making them unable to support modular construction, intuitive proof, or flexible extension. In this paper, our proposal called “StopGuess” …

Anonymity And Gender Effects On Online Trolling And Cybervictimization, Gang Lee, Annalyssia Soonah

Journal of Cybersecurity Education, Research and Practice

The purpose of this study was to investigate the effects of the anonymity of the internet and gender differences in online trolling and cybervictimization. A sample of 151 college students attending a southeastern university completed a survey to assess their internet activities and online trolling and cybervictimization. Multivariate analyses of logistic regression and ordinary least squares regression were used to analyze online trolling and cybervictimization. The results indicated that the anonymity measure was not a significant predictor of online trolling and cybervictimization. Female students were less likely than male students to engage in online trolling, but there was no gender …

Privacy In Blockchain Systems, Murat Osmanoğlu, Ali̇ Aydin Selçuk

Turkish Journal of Electrical Engineering and Computer Sciences

Privacy of blockchains has been a matter of discussion since the inception of Bitcoin. Various techniques with a varying degree of privacy protection and complexity have been proposed over the past decade. In this survey, we present a systematic analysis of these proposals in four categories: (i) identity, (ii) transaction, (iii) consensus, and (iv) smart contract privacy. Each of these categories have privacy requirements of its own, and various solutions have been proposed to meet these requirements. Almost every technique in the literature of privacy enhancing technologies have been applied to blockchains: mix networks, zero-knowledge proofs, blind signatures, ring signatures, …

Broadcast Authenticated Encryption With Keyword Search, Xueqiao Liu, Kai He, Guomin Yang, Willy Susilo, Joseph Tonien, Qiong Huang

Research Collection School Of Computing and Information Systems

The emergence of public-key encryption with keyword search (PEKS) has provided an elegant approach to enable keyword search over encrypted content. Due to its high computational complexity proportional to the number of intended receivers, the trivial way of deploying PEKS for data sharing with multiple receivers is impractical, which motivates the development of a new PEKS framework for broadcast mode. However, existing works suffer from either the vulnerability to keyword guessing attacks (KGA) or high computation and communication complexity. In this work, a new primitive for keyword search in broadcast mode, named broadcast authenticated encryption with keyword search (BAEKS), is …

Unlinkable And Revocable Secret Handshake, Yangguang Tian, Yingliu Li, Guomin Yang, Guomin Yang

Research Collection School Of Computing and Information Systems

In this paper, we introduce a new construction for unlinkable secret handshake that allows a group of users to perform handshakes anonymously. We define formal security models for the proposed construction and prove that it can achieve session key security, anonymity and affiliation hiding. In particular, the proposed construction ensures that (i) anonymity against protocol participants (including group authority) is achieved since a hierarchical identity-based signature is used in generating group user's pseudonym-credential pairs and (ii) revocation is achieved using a secret sharing-based revocation mechanism.

The Communicative Effects Of Anonymity Online: A Natural Language Analysis Of The Faceless, Caleb Johnson

Undergraduate Honors Theses

An ever-increasing number of Americans have an active social media

presence online. As of March 2020, an estimated 79% of Americans were active

monthly users of some sort. Many of these online platforms allow users to

operate anonymously which could potentially lead to shifts in communicative

behavior. I first discuss my compilation process of the Twitter Anonymity

Dataset (TAD), a human-classified dataset of 100,000 Twitter accounts that are

categorized by their level of identifiability to their real-world agent. Next, I

investigate some of the structural differences between the classification levels

and employ a variety of Natural Language Processing models and …

Traceable Monero: Anonymous Cryptocurrency With Enhanced Accountability, Yannan Li, Guomin Yang, Wily Susilo, Yong Yu, Man Ho Au, Dongxi Liu

Research Collection School Of Computing and Information Systems

Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named Traceable Monero to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model …

Crowdsourcing Atop Blockchains, Yuan Lu

Dissertations

Traditional crowdsourcing systems, such as Amazon's Mechanical Turk (MTurk), though once acquiring great economic successes, have to fully rely on third-party platforms to serve between the requesters and the workers for basic utilities. These third-parties have to be fully trusted to assist payments, resolve disputes, protect data privacy, manage user authentications, maintain service online, etc. Nevertheless, tremendous real-world incidents indicate how elusive it is to completely trust these platforms in reality, and the reduction of such over-reliance becomes desirable.

In contrast to the arguably vulnerable centralized approaches, a public blockchain is a distributed and transparent global "consensus computer" that is …

A New Construction For Linkable Secret Handshake, Yangguang Tian, Yingjiu Li, Robert H. Deng, Nan Li, Guomin Yang, Zheng Yang

Research Collection School Of Computing and Information Systems

In this paper, we introduce a new construction for linkable secret handshake that allows authenticated users to perform handshake anonymously within allowable times. We define formal security models for the new construction, and prove that it can achieve session key security, anonymity, untraceability and linkable affiliation-hiding. In particular, the proposed construction ensures that (i) anyone can trace the real identities of dishonest users who perform handshakes for more than k times; and (ii) an optimal communication cost between authorized users is achieved by exploiting the proof of knowledges.

Security Analysis Of A Large-Scale Concurrent Data Anonymous Batch Verification Scheme For Mobile Healthcare Crowd Sensing, Yinghui Zhang, Jiangang Shu, Ximeng Liu, Jin Li, Dong Zheng

Research Collection School Of Computing and Information Systems

As an important application of the Internet of Things (IoT) technologies, mobile healthcare crowd sensing (MHCS) still has challenging issues, such as privacy protection and efficiency. Quite recently in IEEE Internet of Things Journal (DOI: 10.1109/JIOT.2018.2828463), Liu et al. proposed a large-scale concurrent data anonymous batch verification scheme for mobile healthcare crowd sensing, claiming to provide batch authentication, non-repudiation, and anonymity. However, after a close look at the scheme, we point out that the scheme suffers two types of signature forgery attacks and hence fails to achieve the claimed security properties. In addition, a reasonable and rigorous probability analysis indicates …

Privacy-Preserving Remote User Authentication With K-Times Untraceability, Yangguang Tian, Yingjiu Li, Binanda Sengupta, Robert H. Deng, Albert Ching, Weiwei Liu

Research Collection School Of Computing and Information Systems

Remote user authentication has found numerous real-world applications, especially in a user-server model. In this work, we introduce the notion of anonymous remote user authentication with k-times untraceability (k-RUA) for a given parameter k, where authorized users authenticate themselves to an authority (typically a server) in an anonymous and k-times untraceable manner. We define the formal security models for a generic k-RUA construction that guarantees user authenticity, anonymity and user privacy. We provide a concrete instantiation of k-RUA having the following properties: (1) a third party cannot impersonate an authorized user by producing valid transcripts for the user while conversing …

Architecture Of Aggression In Cyberspace. Testing Cyber Aggression In Young Adults In Hungary, Katalin Parti, Tibor Kiss, Gergely Koplányi

International Journal of Cybersecurity Intelligence & Cybercrime

In order to test whether and how violence is exacerbated in online social networking sites, we utilized the BryantSmith Aggression Scale (Bryant & Smith, 2001), and included examples in the questionnaire offering solutions for 7 different hypothetical cases occurring online (Kiss, 2017). The questionnaire was sent to social work and law school students in Hungary. Prevalence and levels of aggression and its manifestation as violence online proved to be not more severe than in offline social relations. Law students were more aware than students of social work that online hostile acts are discrediting. Students of social work were significantly more …

Anonymous Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Xiaohua Jia, Kan Yang, Robert H. Deng

Research Collection School Of Computing and Information Systems

With the development of sharing economy, crowdsourcing as a distributed computing paradigm has become increasingly pervasive. As one of indispensable services for most crowdsourcing applications, task matching has also been extensively explored. However, privacy issues are usually ignored during the task matching and few existing privacy-preserving crowdsourcing mechanisms can simultaneously protect both task privacy and worker privacy. This paper systematically analyzes the privacy leaks and potential threats in the task matching and proposes a single-keyword task matching scheme for the multirequester/multiworker crowdsourcing with efficient worker revocation. The proposed scheme not only protects data confidentiality and identity anonymity against the crowd-server, …

Attribute-Based Cloud Storage With Secure Provenance Over Encrypted Data, Hui Cui, Robert H. Deng, Yingjiu Li

Research Collection School Of Computing and Information Systems

To securely and conveniently enjoy the benefits of cloud storage, it is desirable to design a cloud data storage system which protects data privacy from storage servers through encryption, allows fine-grained access control such that data providers can expressively specify who are eligible to access the encrypted data, enables dynamic user management such that the total number of data users is unbounded and user revocation can be carried out conveniently, supports data provider anonymity and traceability such that a data provider’s identity is not disclosed to data users in normal circumstances but can be traced by a trusted authority if …

Monitoring The Dark Web And Securing Onion Services, John Schriner

Publications and Research

This paper focuses on how researchers monitor the Dark Web. After defining what onion services and Tor are, we discuss tools for monitoring and securing onion services. As Tor Project itself is research-driven, we find that the development and use of these tools help us to project where use of the Dark Web is headed.

Anonpri: A Secure Anonymous Private Authentication Protocol For Rfid Systems, Farzana Rahman, Md. Endadul Hoque, Sheikh Iqbal Ahamed

Mathematics, Statistics and Computer Science Faculty Research and Publications

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users' privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags …

Generic Anonymous Identity-Based Broadcast Encryption With Chosen-Ciphertext Security, Kai He, Jian Weng, Man Ho Au, Yijun Mao, Deng, Robert H.

Research Collection School Of Computing and Information Systems

In a broadcast encryption system, a broadcaster can encrypt a message to a group of authorized receivers S and each authorized receiver can use his/her own private key to correctly decrypt the broadcast ciphertext, while the users outside S cannot. Identity-based broadcast encryption (IBBE) system is a variant of broadcast encryption system where any string representing the user’s identity (e.g., email address) can be used as his/her public key. IBBE has found many applications in real life, such as pay-TV systems, distribution of copyrighted materials, satellite radio communications. When employing an IBBE system, it is very important to protect the …

Anonymous Proxy Signature With Hierarchical Traceability, Jiannan Wei, Guomin Yang, Yi Mu, Kaitai Liang

Research Collection School Of Computing and Information Systems

Anonymous proxy signatures are very useful in the construction of anonymous credential systems such as anonymous voting and anonymous authentication protocols. As a basic requirement, we should ensure an honest proxy signer is anonymous. However, in order to prevent the proxy signer from abusing the signing right, we should also allow dishonest signers to be traced. In this paper, we present three novel anonymous proxy signature schemes with different levels of (namely, public, internal and original signer) traceability. We define the formal definitions and security models for these three different settings, and prove the security of our proposed schemes under …

E-Mail Authorship Attribution Using Customized Associative Classification, Michael R. Schmid, Farkhund Iqbal, Benjamin C.M. Fung

All Works

E-mail communication is often abused for conducting social engineering attacks including spamming, phishing, identity theft and for distributing malware. This is largely attributed to the problem of anonymity inherent in the standard electronic mail protocol. In the literature, authorship attribution is studied as a text categorization problem where the writing styles of individuals are modeled based on their previously written sample documents. The developed model is employed to identify the most plausible writer of the text. Unfortunately, most existing studies focus solely on improving predictive accuracy and not on the inherent value of the evidence collected. In this study, we …

Privacy Preservation Using Spherical Chord, Doyal Tapan Mukherjee

Masters Theses

"Structured overlay networks are primarily used in data storage and data lookup, but they are vulnerable against many kinds of attacks. Within the realm of security, overlay networks have demonstrated applicability in providing privacy, availability, integrity, along with scalability. The thesis first analyses the Chord and the SALSA protocols which are organized in structured overlays to provide data with a certain degree of privacy, and then defines a new protocol called Spherical Chord which provides data lookup with privacy, while also being scalable, and addresses critical existing weaknesses in Chord and SALSA protocols. Spherical Chord is a variant of the …

Determining What Characteristics Constitute A Darknet, Symon Aked, Christopher Bolan, Murray Brand

Australian Information Security Management Conference

Privacy on the Internet has always been a concern, but monitoring of content by both private corporations and Government departments has pushed people to search for ways to communicate over the Internet in a more secure manner. This has given rise to the creations of Darknets, which are networks that operate “inside” the Internet, and allow anonymous participation via a de‐centralised, encrypted, peer‐to‐peer network topology. This research investigates some sources of known Internet content monitoring, and how they provided the template for the creation of a system to avoid such surveillance. It then highlights how communications on the Clearnet is …

Simulation Of Circuit Creation In Tor: Preliminary Results, William Boyd, Norman Danner, Danny Krizanc

Norman Danner

We describe a methodology for simulating Tor relay up/down behavior over time and give some preliminary results.

Effectiveness And Detection Of Denial Of Service Attacks In Tor, Norman Danner, Samuel Defabbia-Kane, Danny Krizanc, Marc Liberatore

Norman Danner

Tor is one of the more popular systems for anonymizing near-real-time communications on the Internet. Borisov et al. [2007] proposed a denial-of-service-based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this article, we analyze the effectiveness of the attack using both an analytic model and simulation. We also describe two algorithms for detecting such attacks, one deterministic and proved correct, the other probabilistic and verified in simulation.

Location Privacy In Emerging Network-Based Applications, Yong Xi

Wayne State University Dissertations

With the wide spread of computer systems and networks, privacy has become an issue that increasingly attracts attention. In wireless sensor networks, the location of an event source may be subject to unintentional disclosure through traffic analysis by the attacker. In vehicular networks, authentication leaves a trail to tie a driver to a sequence of time and space coordinates. In a cloud-based navigation system, the location information of a sensitive itinerary is disclosed. Those scenarios have shown that privacy protection is a far-reaching problem that could span many different aspects of a computer/network system, especially on a diversified landscape of …

Dynamic Secure Cloud Storage With Provenance, Sherman S. M. Chow, Cheng-Kang Chu, Xinyi Huang, Jianying Zhou, Robert H. Deng

Research Collection School Of Computing and Information Systems

One concern in using cloud storage is that the sensitive data should be confidential to the servers which are outside the trust domain of data owners. Another issue is that the user may want to preserve his/her anonymity in the sharing or accessing of the data (such as in Web 2.0 applications). To fully enjoy the benefits of cloud storage, we need a confidential data sharing mechanism which is fine-grained (one can specify who can access which classes of his/her encrypted files), dynamic (the total number of users is not fixed in the setup, and any new user can decrypt …

Anonysense: A System For Anonymous Opportunistic Sensing, Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos

Dartmouth Scholarship

We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emphtasks\/ to be distributed across participating mobile devices, later receiving verified, yet anonymized, sensor data \emphreports\/ back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our security goals, threat model, and the architecture and protocols of AnonySense. We also describe how AnonySense can support extended security features that can be useful for different applications. We evaluate the security and feasibility of AnonySense through security analysis and prototype …

Fast Mobility Control Protocols With Sink Location Protection In Wireless Sensor Networks, Xiao Chen, Qijun Gu, Zhen Jiang, Jie Wu

Computer Science Faculty Publications

No abstract provided.

Privacy-Preserving Pki Design Based On Group Signature, Sokjoon Lee, Hyeok Chan Kwon, Dong-Il Seo

Australian Information Security Management Conference

Nowadays, Internet becomes a part of our life. We can make use of numerous services with personal computer, Lap-top, tablet, smart phone or smart TV. These devices with network make us enjoy ubiquitous computing life. Sometimes, on-line services request us authentication or identification for access control and authorization, and PKI technology is widely used because of its security. However the possibility of privacy invasion will increase, if We’re identified with same certificate in many services and these identification data are accumulated. For privacy-preserving authentication or anonymous authentication, there have been many researches such as Group signatures, anonymous credentials, etc. Among …

Enabling Accurate Analysis Of Private Network Data, Michael Hay

Open Access Dissertations

This dissertation addresses the challenge of enabling accurate analysis of network data while ensuring the protection of network participants' privacy. This is an important problem: massive amounts of data are being collected (facebook activity, email correspondence, cell phone records), there is huge interest in analyzing the data, but the data is not being shared due to concerns about privacy. Despite much research in privacy-preserving data analysis, existing technologies fail to provide a solution because they were designed for tables, not networks, and cannot be easily adapted to handle the complexities of network data. We develop several technologies that advance us …

An Efficient Signcryption Scheme With Key Privacy And Its Extension To Ring Signcryption, Chung Ki Li, Guomin Yang, Duncan S. Wong, Xiaotie Deng, Sherman S. M. Chow

Research Collection School Of Computing and Information Systems

In Information Processing Letters (2006), Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentiality nor anonymity. However, no discussion has been made on how a secure scheme can be made and there is no secure scheme available to date. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. We also give a variation …