Qian Wang, Jingjun Wang, Shengshan Hu, Qin Zou, K. Ren
Abundant multimedia data generated in our daily life has intrigued a variety of very important and useful real-world applications such as object detection and recognition etc. Accompany with these applications, many popular feature descriptors have been developed, e.g., SIFT, SURF and HOG. Manipulating massive multimedia data locally, however, is a storage and computation intensive task, especially for resource-constrained clients. In this work, we focus on exploring how to securely outsource the famous feature extraction algorithm--Histogram of Oriented Gradients (HOG) to untrusted cloud servers, without revealing the data owner's private information. For the first time, we investigate this secure outsourcing computation problem under two different models and accordingly propose two novel privacy-preserving HOG outsourcing protocols, by efficiently encrypting image data by somewhat homomorphic encryption (SHE) integrated with single-instruction multiple-data (SIMD), designing a new batched secure comparison protocol, and carefully redesigning every step of HOG to adapt it to the ciphertext domain. Explicit Security and effectiveness analysis are presented to show that our protocols are practically-secure and can approximate well the performance of the original HOG executed in the plaintext domain. Our extensive experimental evaluations further demonstrate that our solutions achieve high efficiency and perform comparably to the original HOG when being applied to human detection.
{"title":"SecHOG: Privacy-Preserving Outsourcing Computation of Histogram of Oriented Gradients in the Cloud","authors":"Qian Wang, Jingjun Wang, Shengshan Hu, Qin Zou, K. Ren","doi":"10.1145/2897845.2897861","DOIUrl":"https://doi.org/10.1145/2897845.2897861","url":null,"abstract":"Abundant multimedia data generated in our daily life has intrigued a variety of very important and useful real-world applications such as object detection and recognition etc. Accompany with these applications, many popular feature descriptors have been developed, e.g., SIFT, SURF and HOG. Manipulating massive multimedia data locally, however, is a storage and computation intensive task, especially for resource-constrained clients. In this work, we focus on exploring how to securely outsource the famous feature extraction algorithm--Histogram of Oriented Gradients (HOG) to untrusted cloud servers, without revealing the data owner's private information. For the first time, we investigate this secure outsourcing computation problem under two different models and accordingly propose two novel privacy-preserving HOG outsourcing protocols, by efficiently encrypting image data by somewhat homomorphic encryption (SHE) integrated with single-instruction multiple-data (SIMD), designing a new batched secure comparison protocol, and carefully redesigning every step of HOG to adapt it to the ciphertext domain. Explicit Security and effectiveness analysis are presented to show that our protocols are practically-secure and can approximate well the performance of the original HOG executed in the plaintext domain. Our extensive experimental evaluations further demonstrate that our solutions achieve high efficiency and perform comparably to the original HOG when being applied to human detection.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122497919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cloud service providers offer storage outsourcing facility to their clients. In a secure cloud storage (SCS) protocol, the integrity of the client's data is maintained. In this work, we construct a publicly verifiable secure cloud storage protocol based on a secure network coding (SNC) protocol where the client can update the outsourced data as needed. To the best of our knowledge, our scheme is the first SNC-based SCS protocol for dynamic data that is secure in the standard model and provides privacy-preserving audits in a publicly verifiable setting. Furthermore, we discuss, in details, about the (im)possibility of providing a general construction of an efficient SCS protocol for dynamic data (DSCS protocol) from an arbitrary SNC protocol. In addition, we modify an existing DSCS scheme (DPDP I) in order to support privacy-preserving audits. We also compare our DSCS protocol with other SCS schemes (including the modified DPDP I scheme). Finally, we figure out some limitations of an SCS scheme constructed using an SNC protocol.
{"title":"Publicly Verifiable Secure Cloud Storage for Dynamic Data Using Secure Network Coding","authors":"Binanda Sengupta, S. Ruj","doi":"10.1145/2897845.2897915","DOIUrl":"https://doi.org/10.1145/2897845.2897915","url":null,"abstract":"Cloud service providers offer storage outsourcing facility to their clients. In a secure cloud storage (SCS) protocol, the integrity of the client's data is maintained. In this work, we construct a publicly verifiable secure cloud storage protocol based on a secure network coding (SNC) protocol where the client can update the outsourced data as needed. To the best of our knowledge, our scheme is the first SNC-based SCS protocol for dynamic data that is secure in the standard model and provides privacy-preserving audits in a publicly verifiable setting. Furthermore, we discuss, in details, about the (im)possibility of providing a general construction of an efficient SCS protocol for dynamic data (DSCS protocol) from an arbitrary SNC protocol. In addition, we modify an existing DSCS scheme (DPDP I) in order to support privacy-preserving audits. We also compare our DSCS protocol with other SCS schemes (including the modified DPDP I scheme). Finally, we figure out some limitations of an SCS scheme constructed using an SNC protocol.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126837352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Despite the rise of interpreted languages and the World Wide Web, binary analysis has remained the focus of much research in computer security. There are several reasons for this. First, interpreted languages are either interpreted by binary programs or Just-In-Time compiled down to binary code. Second, "core" OSconstructs and performance-critical applications are still writtenin languages (usually, C or C++) that compile down to binary code. Third, the rise of the Internet of Things is powered by devices that are, in general, very resource-constrained. Without cycles to waste on interpretation or Just-In-Time compilation, the firmware of these devices tends to be written in languages (again, usually C) that compile to binary. Unfortunately, many of these languages provide few security guarantees, often leading to vulnerabilities. For example, buffer overflows stubbornly remain as one of the most common discovered software flaws despite efforts to develop technologies to mitigate such vulnerabilities. Worse, the wider class of memory corruption vulnerabilities", the vast majority of which also stem from the use of unsafe languages, make up a substantial portion of the most common vulnerabilities. This problem is not limited to software on general-purpose computing devices: remotely exploitable vulnerabilities have been discovered in devices ranging from smart locks, to pacemakers, to automobiles. However, finding vulnerabilities in binaries and generating patches that fix exploitable flaws is challenging because of the lack of high-level abstractions, such as type information and control ow constructs. Current approaches provide tools to support the manual analysis of binaries, but are far from being completely automated solutions to the vulnerability analysis of binary programs. To foster research in automated binary analysis, in October of 2013, DARPA announced the DARPA Cyber Grand Challenge (CGC). Like DARPA Grand Challenges in other fields (such as robotics and autonomous vehicles), the CGC pits teams from around the world against each other in a competition in which the participants are autonomous systems. During the CGC competition, these systems must identify, exploit, and patch vulnerabilities in binary programs, without any human in the loop. Millions of dollars in prize money were announced: the top 7 teams to complete the CGC Qualifying Event (held in June, 2015) received 750,000 USD, and the top 3 teams in the CGC Final Event (held in August, 2016) will receive 2,000,000 USD, 1,000,000 USD, and 750,000 USD, respectively. The Shellphish hacking team is one of the qualified teams. This talk presents some insights into the field of automated binary analysis exploitation and patching, gained through the participation in the CGC competition. In addition, the talk provides a discussion of the use of competitions to foster both research and education, based on the experience in designing and running a large-scale live security hacking compe
{"title":"Binary Analysis for Autonomous Hacking: Invited Abstract","authors":"G. Vigna","doi":"10.1145/2897845.2901788","DOIUrl":"https://doi.org/10.1145/2897845.2901788","url":null,"abstract":"Despite the rise of interpreted languages and the World Wide Web, binary analysis has remained the focus of much research in computer security. There are several reasons for this. First, interpreted languages are either interpreted by binary programs or Just-In-Time compiled down to binary code. Second, \"core\" OSconstructs and performance-critical applications are still writtenin languages (usually, C or C++) that compile down to binary code. Third, the rise of the Internet of Things is powered by devices that are, in general, very resource-constrained. Without cycles to waste on interpretation or Just-In-Time compilation, the firmware of these devices tends to be written in languages (again, usually C) that compile to binary. Unfortunately, many of these languages provide few security guarantees, often leading to vulnerabilities. For example, buffer overflows stubbornly remain as one of the most common discovered software flaws despite efforts to develop technologies to mitigate such vulnerabilities. Worse, the wider class of memory corruption vulnerabilities\", the vast majority of which also stem from the use of unsafe languages, make up a substantial portion of the most common vulnerabilities. This problem is not limited to software on general-purpose computing devices: remotely exploitable vulnerabilities have been discovered in devices ranging from smart locks, to pacemakers, to automobiles. However, finding vulnerabilities in binaries and generating patches that fix exploitable flaws is challenging because of the lack of high-level abstractions, such as type information and control ow constructs. Current approaches provide tools to support the manual analysis of binaries, but are far from being completely automated solutions to the vulnerability analysis of binary programs. To foster research in automated binary analysis, in October of 2013, DARPA announced the DARPA Cyber Grand Challenge (CGC). Like DARPA Grand Challenges in other fields (such as robotics and autonomous vehicles), the CGC pits teams from around the world against each other in a competition in which the participants are autonomous systems. During the CGC competition, these systems must identify, exploit, and patch vulnerabilities in binary programs, without any human in the loop. Millions of dollars in prize money were announced: the top 7 teams to complete the CGC Qualifying Event (held in June, 2015) received 750,000 USD, and the top 3 teams in the CGC Final Event (held in August, 2016) will receive 2,000,000 USD, 1,000,000 USD, and 750,000 USD, respectively. The Shellphish hacking team is one of the qualified teams. This talk presents some insights into the field of automated binary analysis exploitation and patching, gained through the participation in the CGC competition. In addition, the talk provides a discussion of the use of competitions to foster both research and education, based on the experience in designing and running a large-scale live security hacking compe","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127342318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kai Zhang, Junqing Gong, Shaohua Tang, Jie Chen, Xiangxue Li, Hai-feng Qian, Z. Cao
In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the $d$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using $textsf{Python}$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.
{"title":"Practical and Efficient Attribute-Based Encryption with Constant-Size Ciphertexts in Outsourced Verifiable Computation","authors":"Kai Zhang, Junqing Gong, Shaohua Tang, Jie Chen, Xiangxue Li, Hai-feng Qian, Z. Cao","doi":"10.1145/2897845.2897858","DOIUrl":"https://doi.org/10.1145/2897845.2897858","url":null,"abstract":"In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the $d$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using $textsf{Python}$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126124272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.
{"title":"Dealerless Corporate Key Generation for Identity-Based Encryption Schemes","authors":"Z. Liu, D. Wong, Jack Poon","doi":"10.1145/2897845.2897849","DOIUrl":"https://doi.org/10.1145/2897845.2897849","url":null,"abstract":"In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126780070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In practice, the greatest threat against the security of a digital signature scheme is the exposure of signing key, since the forward security of past signatures and the backward security of future signatures could be compromised. There are some attempts in the literature, addressing forward-secure signature for preventing forgeries of signatures in the past time; however, few studies addressed the backward-security of signatures, which prevents forgeries in the future time. In this paper, we introduce the concept of key-evolving signature with bilateral security, i.e., both forward security and backward security. We first define the bilateral security formally for preventing the adversaries from forging a valid signature of the past and the future time periods in the case of key exposure. We then provide a novel construction based on hub-and-spoke updating structure and the random oracle model, and show that the construction achieves bilateral security and unbounded number of time periods. Finally, we compare our scheme with the existing work by rigorous analysis and experimental evaluation, and demonstrate that our construction is more secure and efficient for practical applications.
{"title":"Bilateral-secure Signature by Key Evolving","authors":"Tao Xiang, Xiaoguo Li, Fei Chen, Y. Mu","doi":"10.1145/2897845.2897864","DOIUrl":"https://doi.org/10.1145/2897845.2897864","url":null,"abstract":"In practice, the greatest threat against the security of a digital signature scheme is the exposure of signing key, since the forward security of past signatures and the backward security of future signatures could be compromised. There are some attempts in the literature, addressing forward-secure signature for preventing forgeries of signatures in the past time; however, few studies addressed the backward-security of signatures, which prevents forgeries in the future time. In this paper, we introduce the concept of key-evolving signature with bilateral security, i.e., both forward security and backward security. We first define the bilateral security formally for preventing the adversaries from forging a valid signature of the past and the future time periods in the case of key exposure. We then provide a novel construction based on hub-and-spoke updating structure and the random oracle model, and show that the construction achieves bilateral security and unbounded number of time periods. Finally, we compare our scheme with the existing work by rigorous analysis and experimental evaluation, and demonstrate that our construction is more secure and efficient for practical applications.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130491894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack. We use remote attestation of the server to obtain guarantees about the programming of the service. On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do. Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.
{"title":"Attestation Transparency: Building secure Internet services for legacy clients","authors":"J. Beekman, John Manferdelli, D. Wagner","doi":"10.1145/2897845.2897895","DOIUrl":"https://doi.org/10.1145/2897845.2897895","url":null,"abstract":"Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack. We use remote attestation of the server to obtain guarantees about the programming of the service. On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do. Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131872923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Changhai Ou, Zhu Wang, J. Ai, Xinping Zhou, Degang Sun, V. DeBrunner
The efficiency can be significantly improved if the attacker uses interesting points to perform Correlation Power Analysis (CPA). The prerequisite for this is that the attacker knows the positions of interesting points. However, it is difficult for the attacker to accurately find the locations of interesting points if he only has a small number of power traces. In this paper, we propose a Frequency based Interesting Points Selection algorithm (FIPS) to select interesting points under the condition that the attacker only has a very small number of power traces. Moreover, an error tolerant Single Interesting Point based CPA (SIP-CPA) is proposed. Experiments on AES algorithm implemented on an AT89S52 single chip and power trace set of DPA contest v1 of DES algorithm implemented on the Side Channel Attack Standard Evaluation Board (SASEBO) show that, our SIP-CPA can significantly improve the efficiency of CPA.
{"title":"Error Tolerance based Single Interesting Point Side Channel CPA Distinguisher","authors":"Changhai Ou, Zhu Wang, J. Ai, Xinping Zhou, Degang Sun, V. DeBrunner","doi":"10.1145/2897845.2897902","DOIUrl":"https://doi.org/10.1145/2897845.2897902","url":null,"abstract":"The efficiency can be significantly improved if the attacker uses interesting points to perform Correlation Power Analysis (CPA). The prerequisite for this is that the attacker knows the positions of interesting points. However, it is difficult for the attacker to accurately find the locations of interesting points if he only has a small number of power traces. In this paper, we propose a Frequency based Interesting Points Selection algorithm (FIPS) to select interesting points under the condition that the attacker only has a very small number of power traces. Moreover, an error tolerant Single Interesting Point based CPA (SIP-CPA) is proposed. Experiments on AES algorithm implemented on an AT89S52 single chip and power trace set of DPA contest v1 of DES algorithm implemented on the Side Channel Attack Standard Evaluation Board (SASEBO) show that, our SIP-CPA can significantly improve the efficiency of CPA.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122914776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An anonymous identification scheme for ad hoc group allows a participant to identify himself as a member of a group of users in a way that his actual identity is not revealed. We propose a highly efficient construction of this cryptographic primitive in the symmetric key setting based on the idea of program obfuscation. The salient feature of our scheme is that only hash evaluations are needed. Consequently, our scheme outperforms all existing constructions for a reasonably large ad hoc group size (of around 50000 users) since no exponentiation nor pairing operation is involved. Technically, the participant only needs to evaluate one hash operation to identify himself. While the time complexity of the verifier is linearly in the size of the ad hoc group, the actual running time is rather insignificant since the constant factor of this linear dependence is the time of a single hash evaluation. To analyse the security of our proposal, we develop a security model to capture the security requirements of this primitive and prove that our construction satisfies these requirements in the random oracle model against unbounded attackers. Similar to other identification schemes secure in the random oracle model, our proposed protocol requires only two message flow.
{"title":"Anonymous Identification for Ad Hoc Group","authors":"Xingye Lu, M. Au","doi":"10.1145/2897845.2897903","DOIUrl":"https://doi.org/10.1145/2897845.2897903","url":null,"abstract":"An anonymous identification scheme for ad hoc group allows a participant to identify himself as a member of a group of users in a way that his actual identity is not revealed. We propose a highly efficient construction of this cryptographic primitive in the symmetric key setting based on the idea of program obfuscation. The salient feature of our scheme is that only hash evaluations are needed. Consequently, our scheme outperforms all existing constructions for a reasonably large ad hoc group size (of around 50000 users) since no exponentiation nor pairing operation is involved. Technically, the participant only needs to evaluate one hash operation to identify himself. While the time complexity of the verifier is linearly in the size of the ad hoc group, the actual running time is rather insignificant since the constant factor of this linear dependence is the time of a single hash evaluation. To analyse the security of our proposal, we develop a security model to capture the security requirements of this primitive and prove that our construction satisfies these requirements in the random oracle model against unbounded attackers. Similar to other identification schemes secure in the random oracle model, our proposed protocol requires only two message flow.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122494157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named ε-authentication codes, is proposed, and a modular construction of HLA schemes from ε-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying ε-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some ε-authentication codes. Following this line, an algebraic-curves-based ε-authentication code yields a new HLA scheme.
{"title":"Homomorphic Linear Authentication Schemes from (ε)-Authentication Codes","authors":"Shuai Han, Shengli Liu, Fangguo Zhang, Kefei Chen","doi":"10.1145/2897845.2897859","DOIUrl":"https://doi.org/10.1145/2897845.2897859","url":null,"abstract":"Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named ε-authentication codes, is proposed, and a modular construction of HLA schemes from ε-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying ε-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some ε-authentication codes. Following this line, an algebraic-curves-based ε-authentication code yields a new HLA scheme.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121341872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: