Your search keyword '"Huang, Xinyi"' showing total 45 results

1. An Improved Lightweight RFID Authentication Protocol for Internet of Things

Author

Yang, Xu, Yi, Xun, Zeng, Yali, Khalil, Ibrahim, Huang, Xinyi, Nepal, Surya, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Hacid, Hakim, editor, Cellary, Wojciech, editor, Wang, Hua, editor, Paik, Hye-Young, editor, and Zhou, Rui, editor

Published

2018

2. A Practical Authentication Protocol for Anonymous Web Browsing

Author

Yang, Xu, Yi, Xun, Cui, Hui, Yang, Xuechao, Nepal, Surya, Huang, Xinyi, Zeng, Yali, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Liu, Joseph K., editor, and Samarati, Pierangela, editor

Published

2017

3. OLBS: Oblivious Location-Based Services.

Author

Han, Jinguang, Susilo, Willy, Li, Nan, and Huang, Xinyi

Abstract

With the growing use of mobile devices, location-based services (LBS) are becoming increasingly popular. BLS deliver accurate services to individuals according to their geographical locations, but privacy issues have been the primary concerns of users. Privacy-preserving LBS (PPLBS) were proposed to protect location privacy, but there are still some problems: 1) a semi-trusted third party (STTP) is required to blur users’ locations; 2) both the computation and communication costs of generating a query are linear with the size of queried areas; 3) the schemes were not formally treated, in terms of definition, security model, security proof, etc. In this paper, to protect location privacy and improve query efficiency, an oblivious location-based services (OLBS) scheme is proposed. Our scheme captures the following features: 1) an STTP is not required; 2) users can query services without revealing their exact location information; 3) the service provider only knows the size of queried areas and nothing else; and 4) both the computation and communication costs of generating a query is constant, instead of linear with the size of queried areas. We formalise both the definition and security model of our OLBS scheme, and propose a concrete construction. Furthermore, the implementation is conducted to show its efficiency. The security of our scheme is reduced to well-known complexity assumptions. The novelty is to reduce the computation and communication costs of generating a query and enable the service provider to obliviously generate decrypt keys for queried services. This contributes to the growing work of formalising PPLBS schemes and improving query efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

4. An Adaptively Secure and Efficient Data Sharing System for Dynamic User Groups in Cloud.

Author

Xu, Guowen, Xu, Shengmin, Ma, Jinhua, Ning, Jianting, and Huang, Xinyi

Abstract

Cloud computing has been widely accepted as a computing paradigm to offer high-quality data services on demand. However, it suffers from various attacks as the cloud service provider and data owners are not in the same trusted domain. To support data confidentiality, existing cloud-based systems apply cryptographic tools to issue the decryption key to data users to share data in a controlled way. However, fine-grained cloud data sharing still faces many challenges, especially when dealing with dynamic user groups. In this paper, we introduce a secure and efficient cloud-based data-sharing system with fine-grained access control and dynamic user groups. Our system enjoys 1) adaptive security in prime-order groups, 2) forward secrecy against revoked user fetches data generated before being revoked, and 3) decryption key exposure resistance against the compromise of the frequently used decryption key, where the previous solutions only concentrate on one or two above-mentioned properties. More specifically, we introduce two timestamp management mechanisms that manage the timestamp in each ciphertext to support dynamic user groups with forward secrecy. By applying the proposed timestamp management mechanisms, we introduce two novel designs of attribute-based encryption schemes with formal definition and security analyses. The proposed schemes are adaptively secure in prime-order groups under a standard assumption and support decryption key exposure resistance. We conduct theoretical analysis and experimental simulation to demonstrate the outperformance of our solutions. [ABSTRACT FROM AUTHOR]

Published

2023

5. A secure remote data integrity checking cloud storage system from threshold encryption

Author

Yao, Chuan, Xu, Li, Huang, Xinyi, and Liu, Joseph K.

Published

2014

6. Efficient and Anonymous Authentication for Healthcare Service With Cloud Based WBANs.

Author

Yang, Xu, Yi, Xun, Nepal, Surya, Khalil, Ibrahim, Huang, Xinyi, and Shen, Jian

Abstract

As a promising technology in the development of human healthcare services, the wireless body area networks (WBANs) technology has attracted widespread attention in recent years from both industry and academia. However, due to the sensitiveness of the medical system and the capability limitation of the wearable devices, security, privacy, and efficiency of the healthcare services in WBANs are remained as major challenges. Although different authentication mechanisms have been designed to meet the challenges in recent years, most of them suffer from some functional defects or security problems. In this article, we firstly provide a review and cryptanalysis on the state-of-the-art authentication scheme. In order to meet the challenges and address the drawbacks in previous works, we then propose a new efficient and anonymous authentication scheme for cloud based WBANs. Through the security analysis, we show that our scheme could overcome the weaknesses in previous schemes and meet all the security requirements. Besides, we show the advantages of the proposed scheme through performance evaluation in terms of functionality features, computation overhead, communication overhead and storage overhead, which shows our scheme is more appropriate for practical applications on healthcare services. [ABSTRACT FROM AUTHOR]

Published

2022

7. Data Access Control in Cloud Computing: Flexible and Receiver Extendable.

Author

Lai, Jianchang, Guo, Fuchun, Susilo, Willy, Huang, Xinyi, Jiang, Peng, and Zhang, Futai

Abstract

Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to access the data. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant decryption right for more users. The existing broadcast encryption systems cannot support receiver extension. In this article, we for the first time take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized user to extend the receiver set $S$ S stated in the IBBE ciphertext by adding a new receiver set $S^{\prime }$ S ' without re-encryption. Both the users in $S$ S and $S^{\prime }$ S ' can access the data successfully. Moreover, the data uploader determines the maximum number of extended receivers. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility. [ABSTRACT FROM AUTHOR]

Published

2022

8. Subversion-Resistant and Consistent Attribute-Based Keyword Search for Secure Cloud Storage.

Author

Zhang, Kai, Jiang, Zhe, Ning, Jianting, and Huang, Xinyi

Abstract

Secure cloud search service allows resource-constrained clients to effectively search over encrypted cloud storage. Towards enabling owner-enforced search authorization, the notion of attribute-based keyword search (ABKS) has been introduced and widely deployed in practice. To enhance traditional security of ABKS, two state-of-the-art solutions are presented to address keyword guessing attacks or setup inconsistency for secret key. Nevertheless, they have not simultaneously considered the following threats to a data user: (i) inconsistent secret key/cipher-index caused by outside dishonest authority and/or data owner; (ii) algorithm substitution attacks (ASA) launched by inside adversarial eavesdropping. These attacks may unfortunately lead to cloud data breach and user information exposure. To tackle such outside and inside threats, we introduce subversion-resistance and consistency for secure and fine-grained cloud document search services. In particular, we propose a consistent ABKS system with cryptographic reverse firewalls (CRF). Technically, we refer to verifiable functional encryption and employ non-interactive zero-knowledge proofs of discrete logarithm equality to ensure strong input consistency for ABKS. In addition, we build a trusted CRF zone for sanitizing algorithm outputs against ASA attacks. Moreover, we formalize the security model and formally prove security of our system. To clarify practical performance, we implement state-of-the-art solutions and our system in real cloud environment based on Enron dataset. The results show that our system achieves more enhanced security properties without obviously sacrificing performance. In particular, our system achieves comparable time and storage cost for document-index encryption and document search, as compared to state-of-the-art solutions. [ABSTRACT FROM AUTHOR]

Published

2022

9. VILS: A Verifiable Image Licensing System.

Author

Chen, Haixia, Huang, Xinyi, Ning, Jianting, Zhang, Futai, and Lin, Chao

Abstract

Image licensing regulates the scope, type, and limitations of using an image through an agreement. However, it is challenging to verify whether an agreement has been fulfilled honestly. Existing techniques, such as watermarking and perceptual hashing, help check image originality and editing operations specified in the agreement, but fail to achieve editor designation. In this paper, we propose a verifiable image licensing system (VILS) which provides an effective solution to verify if a received image is used legally according to its licensing agreement. The core building block of our design is a new kind of cryptographic primitive, called accumulator with a designated entity. The new accumulator helps achieve not only editing restriction, but also editor designation in image authentication. Our VILS has the following two appealing features: (1) Authorization: Only an authorized licensee who edits an image with operations declared in a licensing agreement can produce valid images; (2) Efficiency: The verification of VILS is efficient and independent of the number of operations or image size. Compared with the most relevant schemes from the state-of-the-art, the new design enriches the functionality of image authentication but reduces the verification time by 40%. [ABSTRACT FROM AUTHOR]

Published

2022

10. Server-Aided Bilateral Access Control for Secure Data Sharing With Dynamic User Groups.

Author

Xu, Shengmin, Ning, Jianting, Huang, Xinyi, Zhou, Jianying, and Deng, Robert H.

Abstract

As a versatile technique, cloud-fog computing extends the traditional cloud server to offer various on-demand data services. Maintaining data confidentiality is one of the most crucial requirements for data services, many cryptosystems have been proposed to reserve information privacy against such an untrusted environment. However, in cloud-fog computing, how to confidentially and efficiently share data and fetch desirable data without expensive data decryption for resource-constrained end-devices is challenging. In this paper, we propose a cloud-fog system for the Internet-of-Things (IoT) ecosystem by introducing a cryptographic primitive called server-aided revocable bilateral attribute-based encryption (SRB-ABE). Our solution is a secure and lightweight bilateral access control system with dynamic user groups, including (1) fine-grained data user and data owner access control simultaneously; (2) outsourced data source identification; (3) server-aided user revocation with publicly updatable ciphertexts; and (4) lightweight data decryption mechanism with one exponentiation computation. We present the formal definition and concrete construction of SRB-ABE with security proofs to build cloud-fog systems. The extensive comparison and experimental analysis demonstrate that our construction has superior functionality and comparable performance than the most relevant solutions. [ABSTRACT FROM AUTHOR]

Published

2021

11. Efficient Verifiable Databases With Insertion/Deletion Operations From Delegating Polynomial Functions.

Author

Miao, Meixia, Ma, Jianfeng, Huang, Xinyi, and Wang, Qian

Abstract

The notion of verifiable database with updates (VDB) enables a resource-limited client to securely outsource a very large database to an untrusted server, and the client could later retrieve a database record and update it efficiently. In addition, the client could detect any misbehavior of tampering with the data record by the server. To the best of our knowledge, the existing VDB schemes cannot efficiently support all updating operations (i.e., insertion, deletion, and replacement) simultaneously. In this paper, we introduce a new primitive called Merkle sum hash tree and then use it to design a new VDB scheme that supports for all updating operations from delegating polynomial functions. An interesting property of our scheme is that all updating operations can be viewed as a special case of “replacement” in the Benabbas–Gennaro–Vahlis VDB scheme. Thus, our construction is very efficient for real-world applications. Furthermore, we formally prove that the proposed construction can achieve the desired security properties when the subgroup member assumption holds. [ABSTRACT FROM PUBLISHER]

Published

2018

12. Security and Privacy for the Internet of Drones: Challenges and Solutions.

Author

Lin, Chao, He, Debiao, Kumar, Neeraj, Choo, Kim-Kwang Raymond, Vinel, Alexey, and Huang, Xinyi

Subjects

DRONE surveillance, INTERNET privacy, DATA security, PUBLIC safety

Abstract

A recent trend in both industry and research is the Internet of Drones, which has applications in both civilian and military settings. However, drones (also known as unmanned aerial vehicles) are generally not designed with security in mind, and there are fundamental security and privacy issues that need study. Hence, in this article, we study the architecture and its security and privacy requirements. We also outline potential solutions to address challenging issues such as privacy leakage, data confidentiality protection, and flexible accessibility, with the hope that this article will provide the basis for future research in this emerging area. [ABSTRACT FROM PUBLISHER]

Published

2018

13. Recursive Matrix Oblivious RAM: An ORAM Construction for Constrained Storage Devices.

Author

Gordon, Steven, Huang, Xinyi, Miyaji, Atsuko, Su, Chunhua, Sumongkayothin, Karin, and Wipusitwarakun, Komwut

Abstract

Oblivious random access machine (ORAM) constructions can be used to hide a client’s access pattern from a trusted but curious storage server. The privacy provided comes at the cost of increasing communication overhead, storage overhead, and computation overhead of the system. Recursive matrix-based ORAM (RM-ORAM) is a new ORAM construction, which is designed for constrained storage space devices. RM-ORAM significantly reduces the client storage usage by using recursion, while the computational and bandwidth overhead are slightly increased as a tradeoff. However, it can achieve better overall asymptotic performance than other existing ORAM schemes, e.g., recursive Path ORAM. In this paper, we present the construction and its theoretical analysis. In addition, we present how to select the appropriate number of data blocks, which are being downloaded per level of recursion and the appropriate size of reserved space on the client. We provide theoretical security and performance analysis, as well as experimental results to illustrate how RM-ORAM satisfies security requirements and provides improved performance compared with other ORAM schemes. [ABSTRACT FROM PUBLISHER]

Published

2017

14. An overview of Fog computing and its security issues.

Author

Stojmenovic, Ivan, Wen, Sheng, Huang, Xinyi, and Luan, Hao

Subjects

COMPUTER systems, CLOUD computing, APPLICATION software, COMPUTER software, COMPUTER science

Abstract

Fog computing is a paradigm that extends Cloud computing and services to the edge of the network. Similar to Cloud, Fog provides data, compute, storage and application services to end users. In this article, we elaborate the motivation and advantages of Fog computing and analyse its applications in a series of real scenarios, such as Smart Grid, smart traffic lights in vehicular networks and software defined networks. We discuss the state of the art of Fog computing and similar work under the same umbrella. Distinguished from other reviewing work of Fog computing, this paper further discloses the security and privacy issues according to current Fog computing paradigm. As an example, we study a typical attack, man-in-the-middle attack, for the discussion of system security in Fog computing. We investigate the stealthy features of this attack by examining its CPU and memory consumption on Fog device. In addition, we discuss the authentication and authorization techniques that can be used in Fog computing. An example of authentication techniques is introduced to address the security scenario where the connection between Fog and Cloud is fragile. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

15. Improved handover authentication and key pre-distribution for wireless mesh networks.

Author

Yang, Xu, Huang, Xinyi, Han, Jinguang, and Su, Chunhua

Subjects

WIRELESS mesh networks, AD hoc computer networks, COMMUNICATION, ROAMING (Telecommunication), WIRELESS communications

Abstract

Ticket-based authentication is a critical technology to secure wireless mesh networks (WMN), which enable efficient communication among laptops, cell phones and other wireless devices. In this paper, we provide a new design of handoff authentication for WMN to reduce the delay caused by handoff. Our major improvement is on the key pre-distribution for handoff authentication. We apply the attribute-based encryption to encrypt key pre-distribution messages for neighbor mesh routers. As a result, key pre-distribution has constant computation and communication costs, which are independent of the number of neighbor mesh routers. Another advantage of our design is that it can perform immediate handoff authentication once the login authentication is complete, even before key pre-distribution messages reach the foreign mesh router. The security of our handoff authenticator protocol is also improved by employing home mesh router's digital signature in the handoff ticket and key pre-distribution messages. Our scheme can efficiently thwart forgery attacks. The proposed scheme provides an efficient and secure solution that meets the requirements of WMN in the era of Big Data. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

16. New Algorithms for Secure Outsourcing of Large-Scale Systems of Linear Equations.

Author

Chen, Xiaofeng, Huang, Xinyi, Li, Jin, Ma, Jianfeng, Lou, Wenjing, and Wong, Duncan S.

Abstract

With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. In this paper, we investigate secure outsourcing for large-scale systems of linear equations, which are the most popular problems in various engineering disciplines. For the first time, we utilize the sparse matrix to propose a new secure outsourcing algorithm of large-scale linear equations in the fully malicious model. Compared with the state-of-the-art algorithm, the proposed algorithm only requires (optimal) one round communication (while the algorithm requires $L$ rounds of interactions between the client and cloud server, where $L$ denotes the number of iteration in iterative methods). Furthermore, the client in our algorithm can detect the misbehavior of cloud server with the (optimal) probability 1. Therefore, our proposed algorithm is superior in both efficiency and checkability. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of our algorithm. [ABSTRACT FROM PUBLISHER]

Published

2015

17. Secure Outsourced Attribute-Based Signatures.

Author

Chen, Xiaofeng, Li, Jin, Huang, Xinyi, Li, Jingwei, Xiang, Yang, and Wong, Duncan S.

Subjects

CLOUD computing, RADIO frequency identification systems, ATTRIBUTE focusing (Data mining), DIGITAL signatures, EMAIL, POLYNOMIALS

Abstract

Attribute-based signature (ABS) enables users to sign messages over attributes without revealing any information other than the fact that they have attested to the messages. However, heavy computational cost is required during signing in existing work of ABS, which grows linearly with the size of the predicate formula. As a result, this presents a significant challenge for resource-constrained devices (such as mobile devices or RFID tags) to perform such heavy computations independently. Aiming at tackling the challenge above, we first propose and formalize a new paradigm called Outsourced ABS, i.e., OABS, in which the computational overhead at user side is greatly reduced through outsourcing intensive computations to an untrusted signing-cloud service provider (S-CSP). Furthermore, we apply this novel paradigm to existing ABS schemes to reduce the complexity. As a result, we present two concrete OABS schemes: i) in the first OABS scheme, the number of exponentiations involving in signing is reduced from O(d) to O(1) (nearly three), where d is the upper bound of threshold value defined in the predicate; ii) our second scheme is built on Herranz et al.’s construction with constant-size signatures. The number of exponentiations in signing is reduced from O(d^2) to O(d) and the communication overhead is O(1). Security analysis demonstrates that both OABS schemes are secure in terms of the unforgeability and attribute-signer privacy definitions specified in the proposed security model. Finally, to allow for high efficiency and flexibility, we discuss extensions of OABS and show how to achieve accountability as well. [ABSTRACT FROM AUTHOR]

Published

2014

18. Provably Secure Group Key Management Approach Based upon Hyper-Sphere.

Author

Tang, Shaohua, Xu, Lingling, Liu, Niu, Huang, Xinyi, Ding, Jintai, and Yang, Zhiming

Subjects

PSEUDONOISE sequences (Digital communications), FINITE fields, DATA encryption, RANDOM numbers, COMPUTER network security

Abstract

Secure group communication systems have become increasingly important for many emerging network applications. An efficient and robust group key management approach is indispensable to a secure group communication system. Motivated by the theory of hyper-sphere, this paper presents a new group key management approach with a group controller (GC). In our new design, a hyper-sphere is constructed for a group and each member in the group corresponds to a point on the hyper-sphere, which is called the member’s private point. The GC computes the central point of the hyper-sphere, intuitively, whose “distance” from each member’s private point is identical. The central point is published such that each member can compute a common group key, using a function by taking each member’s private point and the central point of the hyper-sphere as the input. This approach is provably secure under the pseudo-random function (PRF) assumption. Compared with other similar schemes, by both theoretical analysis and experiments, our scheme (1) has significantly reduced memory and computation load for each group member; (2) can efficiently deal with massive membership change with only two re-keying messages, i.e., the central point of the hyper-sphere and a random number; and (3) is efficient and very scalable for large-size groups. [ABSTRACT FROM AUTHOR]

Published

2014

19. A Provably Secure Construction of Certificate-Based Encryption from Certificateless Encryption.

Author

Wu, Wei, Mu, Yi, Susilo, Willy, Huang, Xinyi, and Xu, Li

Subjects

COMPUTER security, PUBLIC key cryptography, COMPUTER access control, DATA transmission systems, DATA protection, COMPUTER architecture, COMPUTER networks, SCALABILITY, DATA encryption

Abstract

Certificate-based encryption (CBE) and certificateless encryption (CLE) are proposed to lessen the certificate management problem in a traditional public-key encryption setting. Although they are two different notions, CBE and CLE are closely related and possess several common features. The encryption in CBE and CLE does not require authenticity verification of the recipient's public key. The decryption in both notions requires two secrets that are generated by the third party and the public key owner, respectively. Recently a generic conversion from CLE to CBE was given, but unfortunately its security proof is flawed. This paper provides an elaborate security model of CBE, based on which a provably secure generic construction of CBE from CLE is proposed. A concrete instantiation is also presented to demonstrate the application of our generic construction. [ABSTRACT FROM AUTHOR]

Published

2012

20. A new privacy‐preserving authentication protocol for anonymous web browsing.

Author

Yang, Xu, Yi, Xun, Khalil, Ibrahim, Cui, Hui, Yang, Xuechao, Nepal, Surya, Huang, Xinyi, and Zeng, Yali

Subjects

WEB browsing, ELLIPTIC curve cryptography, PERSONALLY identifiable information, INTERNET protocol address, INTERNET servers, WORLD Wide Web

Abstract

Summary: Anonymous authentication technique receives wide attention in recent years since it can protect users' privacy. Anonymous web browsing refers to utilization of the World Wide Web that hides a user's personally identifiable information from the websites visited. Even if a user can hide the IP address and other physical information with anonymity programs such as Tor, the web server can always monitor the user on the basis of the identity. In this paper, we firstly give an overview and cryptanalysis on the protocol of Yang et al and point out the security weaknesses of their protocol. Then, we propose a new authentication protocol for anonymous web browsing. In the proposed protocol, we take the advantages of a pseudo identity mechanism and an identity‐based elliptic curve cryptography algorithm to achieve user anonymity, robust security, and high efficiency. The result of security analysis and performance evaluation indicate the feasibility and practicality of our proposed anonymous authentication protocol. [ABSTRACT FROM AUTHOR]

Published

2019

21. A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems.

Author

Huang, Xinyi, Xiang, Yang, Chonka, Ashley, Zhou, Jianying, and Deng, Robert H.

Subjects

*AUTHENTICATION (Law), *COMPUTER network protocols, *CLIENT/SERVER computing, *COMPUTER network security, *COMPUTER passwords, *SMART cards, *BIOMETRIC identification, *COMPUTER network resources

Abstract

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. [ABSTRACT FROM AUTHOR]

Published

2011

22. Optimistic Fair Exchange with Strong Resolution-Ambiguity.

Author

Huang, Xinyi, Mu, Yi, Susilo, Willy, Wu, Wei, and Xiang, Yang

Subjects

ELECTRONIC commerce, DIGITAL rights management, COMPUTER network protocols, COMPUTER security, COMPUTER users, GAME theory, PUBLIC key infrastructure (Computer security)

Abstract

Optimistic fair exchange (OFE) allows two parties to exchange their digital items in a fair way. As one of the fundamental problems in secure electronic business and digital rights management, OFE has been studied intensively since its introduction. This paper introduces and defines a new property for OFE: Strong Resolution-Ambiguity. We show that many existing OFE protocols have the new property, but its formal investigation has been missing in those protocols. We prove that in the certified-key model, an OFE protocol is secure in the multi-user setting if it is secure in the single-user setting and has the property of strong resolution-ambiguity. Our result not only simplifies the security analysis of OFE protocols in the multi-user setting but also provides a new approach for the design of multi-user secure OFE protocols. Following this approach, a new OFE protocol with strong resolution-ambiguity is proposed. Our analysis shows that the protocol is setup-free, stand-alone and multi-user secure without random oracles. [ABSTRACT FROM AUTHOR]

Published

2011

23. Secure Data Storage Scheme of Judicial System Based on Blockchain

Author

Jing, Zhaoxing, Cao, Chunjie, Wang, Longjuan, Sang, Yulian, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Chen, Xiaofeng, editor, Huang, Xinyi, editor, and Kutyłowski, Mirosław, editor

Published

2022

24. A Secure and Privacy-Preserving Authentication Scheme in IoMT

Author

Zhou, Yuxiang, Tan, Haowen, Iroshan, Karunarathina Chandrathilaka Appuhamilage Asiria, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Chen, Xiaofeng, editor, Huang, Xinyi, editor, and Kutyłowski, Mirosław, editor

Published

2022

25. A matrix-based cross-layer key establishment protocol for smart homes.

Author

Zhang, Yuexin, Xiang, Yang, Huang, Xinyi, Chen, Xiaofeng, and Alelaiwi, Abdulhameed

Subjects

*MATRICES (Mathematics), *WIRELESS communications, *HOME automation, *COMPUTER network protocols, *ENERGY consumption

Abstract

Wireless communications in smart homes are vulnerable to many adversarial attacks such as eavesdropping. To secure the communications, secret session keys need to be established between home appliances. In existing symmetric key establishment protocols, it is assumed that devices are pre-loaded with secrets. In practice, however, home appliances are manufactured by different companies. As a result, it is not a practical assumption that the appliances are pre-loaded with certain secrets when they leave companies. Motivated by these observations, this paper presents a matrix-based cross-layer key establishment protocol without the secret sharing assumption. Specifically, in our protocol, home appliances extract master keys (shared with the home gateway) at the physical layer using the wireless fading channels. Then, the home gateway distributes key seeds for home appliances by making use of the extracted master keys. Completing these operations, any two appliances can directly establish a secret session key at higher layers. Additionally, we prove the security of the proposed protocol and analyse the performance of it by comparing the new protocol with other closely related protocols. The comparison shows that appliances in our protocol can establish secret session keys when they do not pre-share any secrets, and it is achieved without introducing significant energy consumptions. [ABSTRACT FROM AUTHOR]

Published

2018

26. Concealed Communication in Online Social Networks

Author

Schillinger, Fabian, Schindelhauer, Christian, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Chen, Bo, editor, and Huang, Xinyi, editor

Published

2021

27. A Thieves Identification Scheme for Prepaid Systems in Smart Grids

Author

Sui, Zhiyuan, Jia, Hengyue, Chen, Fu, Zhu, Jianming, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Chen, Bo, editor, and Huang, Xinyi, editor

Published

2021

28. Anchor: An NDN-Based Blockchain Network

Author

Yu, Shucheng, Ahmed, Noor, Wang, Ruiran, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Chen, Bo, editor, and Huang, Xinyi, editor

Published

2021

29. A Privacy-Enhancing Framework for Internet of Things Services

Author

Malina, Lukas, Srivastava, Gautam, Dzurenda, Petr, Hajny, Jan, Ricci, Sara, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Joseph K., editor, and Huang, Xinyi, editor

Published

2019

30. Difficulty of Decentralized Structure Due to Rational User Behavior on Blockchain

Author

Imamura, Mitsuyoshi, Omote, Kazumasa, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Joseph K., editor, and Huang, Xinyi, editor

Published

2019

31. Indoor Security Localization Algorithm Based on Location Discrimination Ability of AP

Author

Luo, Juan, Yang, Lei, Wang, Chun, Zhao, Huan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Joseph K., editor, and Huang, Xinyi, editor

Published

2019

32. Blockchain Based Owner-Controlled Secure Software Updates for Resource-Constrained IoT

Author

Solomon, Gabriel Jerome, Zhang, Peng, Liu, Yuhong, Brooks, Rachael, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Joseph K., editor, and Huang, Xinyi, editor

Published

2019

33. An Efficient Anonymous Authentication Scheme Based on Double Authentication Preventing Signature for Mobile Healthcare Crowd Sensing

Author

Liu, Jinhui, Yu, Yong, Li, Yannan, Zhao, Yanqi, Du, Xiaojiang, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Guo, Fuchun, editor, Huang, Xinyi, editor, and Yung, Moti, editor

Published

2019

34. Preserving User Location Privacy for Location-Based Service

Author

Chen, Xiaojuan, Mu, Yi, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Huang, Xinyi, editor, Xiang, Yang, editor, and Li, Kuan-Ching, editor

Published

2016

35. A Methodology for Hook-Based Kernel Level Rootkits

Author

Chen, Chien-Ming, Wu, Mu-En, He, Bing-Zhe, Zheng, Xinying, Hsing, Chieh, Sun, Hung-Min, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Kobsa, Alfred, editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Weikum, Gerhard, editor, Huang, Xinyi, editor, and Zhou, Jianying, editor

Published

2014

36. On Secure and Power-Efficient RFID-Based Wireless Body Area Network

Author

Ullah, Sana, Alsalih, Waleed, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

37. Towards a More Secure Apache Hadoop HDFS Infrastructure : Anatomy of a Targeted Advanced Persistent Threat against HDFS and Analysis of Trusted Computing Based Countermeasures

Author

Cohen, Jason, Acharya, Subatra, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

38. Using Trusted Platform Modules for Location Assurance in Cloud Networking

Author

Krauß, Christoph, Fusenig, Volker, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

39. Marlin: A Fine Grained Randomization Approach to Defend against ROP Attacks

Author

Gupta, Aditi, Kerr, Sam, Kirkpatrick, Michael S., Bertino, Elisa, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

40. Using the Smart Card Web Server in Secure Branchless Banking

Author

Cobourne, Sheila, Mayes, Keith, Markantonakis, Konstantinos, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

41. Leveraging String Kernels for Malware Detection

Author

Pfoh, Jonas, Schneider, Christian, Eckert, Claudia, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

42. X-TIER: Kernel Module Injection

Author

Vogl, Sebastian, Kilic, Fatih, Schneider, Christian, Eckert, Claudia, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

43. MADS: Malicious Android Applications Detection through String Analysis

Author

Sanz, Borja, Santos, Igor, Nieves, Javier, Laorden, Carlos, Alonso-Gonzalez, Iñigo, Bringas, Pablo G., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lopez, Javier, editor, Huang, Xinyi, editor, and Sandhu, Ravi, editor

Published

2013

44. Fine-grained information flow control using attributes.

Author

Han, Jinguang, Chen, Liqun, Susilo, Willy, Huang, Xinyi, Castiglione, Aniello, and Liang, Kaitai

Subjects

*TRANSBORDER data flow, *SET theory, *MATHEMATICAL constants, *DATA privacy, *DATA encryption

Abstract

Highlights • IFC policies are defined over a universe set of attributes. • The computation cost to determine whether a communication request shoul be permitted or denied is constant, instead of linear with the number of required attributes or receivers. • Weak attribute privacy is achieved; • Fine-grained access policies on encrypted data are supported. • The communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes. Abstract Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes. [ABSTRACT FROM AUTHOR]

Published

2019

45. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms

Author

Frank Piessens, Leonardo S. Cardoso, Célestin Matte, Mathy Vanhoef, Mathieu Cunche, Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven), CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria), Privacy Models, Architectures and Tools for the Information Society (PRIVATICS), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria), Software and Cognitive radio for telecommunications (SOCRATE), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Inria Lyon, Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA), Chen, Xiaofeng, Wang, XiaoFeng, and Huang, Xinyi

Subjects

Access network, MAC address, business.industry, Computer science, Fingerprint (computing), 020206 networking & telecommunications, 02 engineering and technology, Unique identifier, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Information Elements, Privacy, 0202 electrical engineering, electronic engineering, information engineering, ARP spoofing, Security, 020201 artificial intelligence & image processing, scrambler seed, business, Mobile device, Wi-Fi, Computer network

Abstract

We present several novel techniques to track (unassociated) mobile devices by abusing features of the Wi-Fi standard. This shows that using random MAC addresses, on its own, does not guarantee privacy. First, we show that information elements in probe requests can be used to fingerprint devices. We then combine these fingerprints with incremental sequence numbers, to create a tracking algorithm that does not rely on unique identifiers such as MAC addresses. Based on real-world datasets, we demonstrate that our algorithm can correctly track as much as 50% of devices for at least 20 minutes. We also show that commodity Wi-Fi devices use predictable scrambler seeds. These can be used to improve the performance of our tracking algorithm. Finally, we present two attacks that reveal the real MAC address of a device, even if MAC address randomization is used. In the first one, we create fake hotspots to induce clients to connect using their real MAC address. The second technique relies on the new 802.11u standard, commonly referred to as Hotspot 2.0, where we show that Linux and Windows send Access Network Query Protocol (ANQP) requests using their real MAC address. ispartof: pages:413-424 ispartof: Proceedings of the 11th ACM SIGSAC Symposium on Information, Computer and Communications Security (AsiaCCS 2016) pages:413-424 ispartof: ACM SIGSAC Symposium on Information, Computer and Communications Security (AsiaCCS 2016) location:Xi'an, China date:31 May - 3 Jun 2016 status: published

Published

2016