Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.
{"title":"Checking Intent-based Communication in Android with Intent Space Analysis","authors":"Yiming Jing, Gail-Joon Ahn, Adam Doupé, J. Yi","doi":"10.1145/2897845.2897904","DOIUrl":"https://doi.org/10.1145/2897845.2897904","url":null,"abstract":"Intent-based communication is an inter-application communication mechanism in Android. While its importance has been proven by plenty of security extensions that protect it with policy-driven mandatory access control, an overlooked problem is the verification of the security policies. Checking one security extension's policy is indeed complex. Furthermore, intent-based communication introduces even more complexities because it is mediated by multiple security extensions that respectively enforce their own incompatible, distributed, and dynamic policies. This paper seeks a systematic approach to address the complexities involved in checking intent-based communication. To this end, we propose intent space analysis. Intent space analysis formulates the intent forwarding functionalities of security extensions as transformations on a geometric intent space. We further introduce a policy checking framework called IntentScope that proactively and automatically aggregates distributed policies into a holistic and verifiable view. We evaluate our approach against customized Android OSs and commodity Android devices. In addition, we further conduct experiments with four security extensions to demonstrate how our approach helps identify potential vulnerabilities in each extension.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130173271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
W. Susilo, Rongmao Chen, F. Guo, Guomin Yang, Y. Mu, Yang-Wai Chow
In this paper, we present the notion of recipient-revocable identity-based broadcast encryption scheme. In this notion, a content provider will produce encrypted content and send them to a third party (which is a broadcaster). This third party will be able to revoke some identities from the ciphertext. We present a security model to capture these requirements, as well as a concrete construction. The ciphertext consists of k+3 group elements, assuming that the maximum number of revocation identities is k. That is, the ciphertext size is linear in the maximal size of R, where R is the revocation identity set. However, we say that the additional elements compared to that from an IBBE scheme are only for the revocation but not for decryption. Therefore, the ciphertext sent to the users for decryption will be of constant size (i.e.,3 group elements). Finally, we present the proof of security of our construction.
{"title":"Recipient Revocable Identity-Based Broadcast Encryption: How to Revoke Some Recipients in IBBE without Knowledge of the Plaintext","authors":"W. Susilo, Rongmao Chen, F. Guo, Guomin Yang, Y. Mu, Yang-Wai Chow","doi":"10.1145/2897845.2897848","DOIUrl":"https://doi.org/10.1145/2897845.2897848","url":null,"abstract":"In this paper, we present the notion of recipient-revocable identity-based broadcast encryption scheme. In this notion, a content provider will produce encrypted content and send them to a third party (which is a broadcaster). This third party will be able to revoke some identities from the ciphertext. We present a security model to capture these requirements, as well as a concrete construction. The ciphertext consists of k+3 group elements, assuming that the maximum number of revocation identities is k. That is, the ciphertext size is linear in the maximal size of R, where R is the revocation identity set. However, we say that the additional elements compared to that from an IBBE scheme are only for the revocation but not for decryption. Therefore, the ciphertext sent to the users for decryption will be of constant size (i.e.,3 group elements). Finally, we present the proof of security of our construction.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130884852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is our great pleasure to present you the proceedings of the 11th Asia CCS (held in Xi'an, China), an ACM SIGSAC venue just renamed ACM Asia Conference on Computer and Communications Security to reflect its leadership stance in the Asia security community and world-wide impact on security research. This name change also comes with a new high in the conference's academic excellence, thanks to the unprecedented number of high-quality submissions. � �This year, we received 350 submissions from 34 countries, a new record in the conference's decade-long history. These papers were reviewed by 104 security researchers from 17 countries, assisted by 218 external reviewers, based upon their novelty, technical quality and presentation. First time in the conference's history, we adopted a two-round review mechanism with early notifications, together with a three-week online discussion. This thoughtful and rigorous review process has led to 73 full papers selected for the program, representing an acceptance rate of 20.8%, and additional 8 short papers. � �This wonderful program was made possible by a team effort. Most important here are the authors, to whom we are grateful for submitting their best research outcomes to the conference. Also, we thank the Program Committee and external reviewers who worked very hard to provide valuable feedbacks to the authors. On average, each PC member reviewed 11 papers and actively participated in the discussion and some also volunteered to shepherd accepted papers to ensure their qualities. Their professionalism exemplifies the volunteer peer-review process that is so important to moving the security science forward. � �This year's technical program comes together with 5 workshops: CPSS'16, AsiaPKC'16, SCC'16, WTMC'16 and IoTPTS'16, also a new record. We thank the workshop organizers for their hard work for building up their individual programs. Also, we are so fortunate to have three distinguished speakers, Giovanni Vigna, Michael Backes and Yang Xiang, from three continents, to share with us their visions of security and privacy research.
我们很高兴向您介绍第11届亚洲计算机与通信安全会议(在中国西安举行)的会议记录,这是ACM SIGSAC的会场,刚刚更名为ACM亚洲计算机与通信安全会议,以反映其在亚洲安全界的领导地位和全球安全研究的影响。由于提交了数量空前的高质量论文,这次更名也使会议的学术成就达到了一个新的高度。今年,我们收到了来自34个国家的350份意见书,创下了大会十年来的新纪录。这些论文由来自17个国家的104名安全研究人员在218名外部审稿人的协助下,根据其新颖性、技术质量和表达方式进行了审查。我们在大会历史上首次采用了提前通知的两轮审议机制,并进行了为期三周的在线讨论。经过深思熟虑和严格的审查过程,73篇完整论文入选该项目,录取率为20.8%,另外还有8篇短文。这个精彩的节目是团队努力的结果。这里最重要的是作者,我们感谢他们向会议提交了他们最好的研究成果。同时,我们感谢项目委员会和外部审稿人,他们非常努力地为作者提供了有价值的反馈。每位委员平均审阅11篇论文,并积极参与讨论,有些委员还自愿指导论文,以确保论文的质量。他们的专业精神体现了志愿者同行评审过程,这对推动安全科学的发展至关重要。今年的技术计划包括5个研讨会:CPSS'16, AsiaPKC'16, SCC'16, WTMC'16和IoTPTS'16,也是一个新的纪录。我们感谢研讨会组织者为建立他们的个人项目所做的辛勤工作。此外,我们很荣幸邀请到三位杰出的演讲者,Giovanni Vigna, Michael Backes和Yang Xiang,他们来自三个大洲,与我们分享他们对安全和隐私研究的看法。
{"title":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","authors":"Xiaofeng Chen, Xiaofeng Wang, Xinyi Huang","doi":"10.1145/2897845","DOIUrl":"https://doi.org/10.1145/2897845","url":null,"abstract":"It is our great pleasure to present you the proceedings of the 11th Asia CCS (held in Xi'an, China), an ACM SIGSAC venue just renamed ACM Asia Conference on Computer and Communications Security to reflect its leadership stance in the Asia security community and world-wide impact on security research. This name change also comes with a new high in the conference's academic excellence, thanks to the unprecedented number of high-quality submissions. \u0000 \u0000This year, we received 350 submissions from 34 countries, a new record in the conference's decade-long history. These papers were reviewed by 104 security researchers from 17 countries, assisted by 218 external reviewers, based upon their novelty, technical quality and presentation. First time in the conference's history, we adopted a two-round review mechanism with early notifications, together with a three-week online discussion. This thoughtful and rigorous review process has led to 73 full papers selected for the program, representing an acceptance rate of 20.8%, and additional 8 short papers. \u0000 \u0000This wonderful program was made possible by a team effort. Most important here are the authors, to whom we are grateful for submitting their best research outcomes to the conference. Also, we thank the Program Committee and external reviewers who worked very hard to provide valuable feedbacks to the authors. On average, each PC member reviewed 11 papers and actively participated in the discussion and some also volunteered to shepherd accepted papers to ensure their qualities. Their professionalism exemplifies the volunteer peer-review process that is so important to moving the security science forward. \u0000 \u0000This year's technical program comes together with 5 workshops: CPSS'16, AsiaPKC'16, SCC'16, WTMC'16 and IoTPTS'16, also a new record. We thank the workshop organizers for their hard work for building up their individual programs. Also, we are so fortunate to have three distinguished speakers, Giovanni Vigna, Michael Backes and Yang Xiang, from three continents, to share with us their visions of security and privacy research.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"465 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125852109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An anonymous identification scheme for ad hoc group allows a participant to identify himself as a member of a group of users in a way that his actual identity is not revealed. We propose a highly efficient construction of this cryptographic primitive in the symmetric key setting based on the idea of program obfuscation. The salient feature of our scheme is that only hash evaluations are needed. Consequently, our scheme outperforms all existing constructions for a reasonably large ad hoc group size (of around 50000 users) since no exponentiation nor pairing operation is involved. Technically, the participant only needs to evaluate one hash operation to identify himself. While the time complexity of the verifier is linearly in the size of the ad hoc group, the actual running time is rather insignificant since the constant factor of this linear dependence is the time of a single hash evaluation. To analyse the security of our proposal, we develop a security model to capture the security requirements of this primitive and prove that our construction satisfies these requirements in the random oracle model against unbounded attackers. Similar to other identification schemes secure in the random oracle model, our proposed protocol requires only two message flow.
{"title":"Anonymous Identification for Ad Hoc Group","authors":"Xingye Lu, M. Au","doi":"10.1145/2897845.2897903","DOIUrl":"https://doi.org/10.1145/2897845.2897903","url":null,"abstract":"An anonymous identification scheme for ad hoc group allows a participant to identify himself as a member of a group of users in a way that his actual identity is not revealed. We propose a highly efficient construction of this cryptographic primitive in the symmetric key setting based on the idea of program obfuscation. The salient feature of our scheme is that only hash evaluations are needed. Consequently, our scheme outperforms all existing constructions for a reasonably large ad hoc group size (of around 50000 users) since no exponentiation nor pairing operation is involved. Technically, the participant only needs to evaluate one hash operation to identify himself. While the time complexity of the verifier is linearly in the size of the ad hoc group, the actual running time is rather insignificant since the constant factor of this linear dependence is the time of a single hash evaluation. To analyse the security of our proposal, we develop a security model to capture the security requirements of this primitive and prove that our construction satisfies these requirements in the random oracle model against unbounded attackers. Similar to other identification schemes secure in the random oracle model, our proposed protocol requires only two message flow.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122494157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Changhai Ou, Zhu Wang, J. Ai, Xinping Zhou, Degang Sun, V. DeBrunner
The efficiency can be significantly improved if the attacker uses interesting points to perform Correlation Power Analysis (CPA). The prerequisite for this is that the attacker knows the positions of interesting points. However, it is difficult for the attacker to accurately find the locations of interesting points if he only has a small number of power traces. In this paper, we propose a Frequency based Interesting Points Selection algorithm (FIPS) to select interesting points under the condition that the attacker only has a very small number of power traces. Moreover, an error tolerant Single Interesting Point based CPA (SIP-CPA) is proposed. Experiments on AES algorithm implemented on an AT89S52 single chip and power trace set of DPA contest v1 of DES algorithm implemented on the Side Channel Attack Standard Evaluation Board (SASEBO) show that, our SIP-CPA can significantly improve the efficiency of CPA.
{"title":"Error Tolerance based Single Interesting Point Side Channel CPA Distinguisher","authors":"Changhai Ou, Zhu Wang, J. Ai, Xinping Zhou, Degang Sun, V. DeBrunner","doi":"10.1145/2897845.2897902","DOIUrl":"https://doi.org/10.1145/2897845.2897902","url":null,"abstract":"The efficiency can be significantly improved if the attacker uses interesting points to perform Correlation Power Analysis (CPA). The prerequisite for this is that the attacker knows the positions of interesting points. However, it is difficult for the attacker to accurately find the locations of interesting points if he only has a small number of power traces. In this paper, we propose a Frequency based Interesting Points Selection algorithm (FIPS) to select interesting points under the condition that the attacker only has a very small number of power traces. Moreover, an error tolerant Single Interesting Point based CPA (SIP-CPA) is proposed. Experiments on AES algorithm implemented on an AT89S52 single chip and power trace set of DPA contest v1 of DES algorithm implemented on the Side Channel Attack Standard Evaluation Board (SASEBO) show that, our SIP-CPA can significantly improve the efficiency of CPA.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122914776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, D. Song, D. Wagner
We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers. We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks. Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access. To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present. One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate. Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systems.
{"title":"Smart Locks: Lessons for Securing Commodity Internet of Things Devices","authors":"Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, D. Song, D. Wagner","doi":"10.1145/2897845.2897886","DOIUrl":"https://doi.org/10.1145/2897845.2897886","url":null,"abstract":"We examine the security of home smart locks: cyber-physical devices that replace traditional door locks with deadbolts that can be electronically controlled by mobile devices or the lock manufacturer's remote servers. We present two categories of attacks against smart locks and analyze the security of five commercially-available locks with respect to these attacks. Our security analysis reveals that flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access. To guide future development of smart locks and similar Internet of Things devices, we propose several defenses that mitigate the attacks we present. One of these defenses is a novel approach to securely and usably communicate a user's intended actions to smart locks, which we prototype and evaluate. Ultimately, our work takes a first step towards illuminating security challenges in the system design and novel functionality introduced by emerging IoT systems.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126496863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kaoutar Elkhiyaoui, Melek Önen, Monir Azraoui, R. Molva
With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server the evaluation of high-degree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach. Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under well-studied assumptions.
{"title":"Efficient Techniques for Publicly Verifiable Delegation of Computation","authors":"Kaoutar Elkhiyaoui, Melek Önen, Monir Azraoui, R. Molva","doi":"10.1145/2897845.2897910","DOIUrl":"https://doi.org/10.1145/2897845.2897910","url":null,"abstract":"With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server the evaluation of high-degree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach. Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under well-studied assumptions.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116035275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding fix patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average runtime to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average.
{"title":"CDRep: Automatic Repair of Cryptographic Misuses in Android Applications","authors":"Siqi Ma, D. Lo, Teng Li, R. Deng","doi":"10.1145/2897845.2897896","DOIUrl":"https://doi.org/10.1145/2897845.2897896","url":null,"abstract":"Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research efforts indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding fix patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average runtime to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121117854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shifeng Sun, Dawu Gu, Joseph K. Liu, P. Udaya, Tsz Hon Yuen
Non-malleability is an important and intensively studied security notion for many cryptographic primitives. In the context of public key encryption, this notion means it is infeasible for an adversary to transform an encryption of some message m into one of a related message m' under the given public key. Although it has provided a strong security property for many applications, it still does not suffice for some scenarios like the system where the users could issue keys on-the-fly. In such settings, the adversary may have the power to transform the given public key and the ciphertext. To withstand such attacks, Fischlin introduced a stronger notion, known as complete non-malleability, which requires that the non-malleability property be preserved even for the adversaries attempting to produce a ciphertext of some related message under the transformed public key. To date, many schemes satisfying this stronger security have been proposed, but they are either inefficient or proved secure in the random oracle model. In this work, we put forward a new encryption scheme in the common reference string model. Based on the standard DBDH assumption, the proposed scheme is proved completely non-malleable secure against adaptive chosen ciphertext attacks in the standard model. In our scheme, the well-formed public keys and ciphertexts could be publicly recognized without drawing support from unwieldy techniques like non-interactive zero knowledge proofs or one-time signatures, thus achieving a better performance.
{"title":"Efficient Construction of Completely Non-Malleable CCA Secure Public Key Encryption","authors":"Shifeng Sun, Dawu Gu, Joseph K. Liu, P. Udaya, Tsz Hon Yuen","doi":"10.1145/2897845.2897921","DOIUrl":"https://doi.org/10.1145/2897845.2897921","url":null,"abstract":"Non-malleability is an important and intensively studied security notion for many cryptographic primitives. In the context of public key encryption, this notion means it is infeasible for an adversary to transform an encryption of some message m into one of a related message m' under the given public key. Although it has provided a strong security property for many applications, it still does not suffice for some scenarios like the system where the users could issue keys on-the-fly. In such settings, the adversary may have the power to transform the given public key and the ciphertext. To withstand such attacks, Fischlin introduced a stronger notion, known as complete non-malleability, which requires that the non-malleability property be preserved even for the adversaries attempting to produce a ciphertext of some related message under the transformed public key. To date, many schemes satisfying this stronger security have been proposed, but they are either inefficient or proved secure in the random oracle model. In this work, we put forward a new encryption scheme in the common reference string model. Based on the standard DBDH assumption, the proposed scheme is proved completely non-malleable secure against adaptive chosen ciphertext attacks in the standard model. In our scheme, the well-formed public keys and ciphertexts could be publicly recognized without drawing support from unwieldy techniques like non-interactive zero knowledge proofs or one-time signatures, thus achieving a better performance.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"407 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114936848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In mobile platforms and their app markets, controlling app permissions and preventing abuse of private information are crucial challenges. Information Flow Control (IFC) is a powerful approach for formalizing and answering user concerns such as: "Does this app send my geolocation to the Internet?" Yet despite intensive research efforts, IFC has not been widely adopted in mainstream programming practice. Abstract We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC. In Android, an app consists of a collection of a few dozen "components", each in charge of some high-level functionality. Most components do not require access to most resources. These components are a natural and effective granularity at which to apply IFC (as opposed to the typical process-level or language-level granularity). By assigning different permission labels to each component, and limiting information flow between components, it is possible to express and enforce IFC constraints. Yet nuances of the Android platform, such as its multitude of discretionary (and somewhat arcane) communication channels, raise challenges in defining and enforcing component boundaries. Abstract We build a system, DroidDisintegrator, which demonstrates the viability of component-level IFC for expressing and controlling app behavior. DroidDisintegrator uses dynamic analysis to generate IFC policies for Android apps, repackages apps to embed these policies, and enforces the policies at runtime. We evaluate DroidDisintegrator on dozens of apps.
{"title":"DroidDisintegrator: Intra-Application Information Flow Control in Android Apps","authors":"Eran Tromer, R. Schuster","doi":"10.1145/2897845.2897888","DOIUrl":"https://doi.org/10.1145/2897845.2897888","url":null,"abstract":"In mobile platforms and their app markets, controlling app permissions and preventing abuse of private information are crucial challenges. Information Flow Control (IFC) is a powerful approach for formalizing and answering user concerns such as: \"Does this app send my geolocation to the Internet?\" Yet despite intensive research efforts, IFC has not been widely adopted in mainstream programming practice. Abstract We observe that the typical structure of Android apps offers an opportunity for a novel and effective application of IFC. In Android, an app consists of a collection of a few dozen \"components\", each in charge of some high-level functionality. Most components do not require access to most resources. These components are a natural and effective granularity at which to apply IFC (as opposed to the typical process-level or language-level granularity). By assigning different permission labels to each component, and limiting information flow between components, it is possible to express and enforce IFC constraints. Yet nuances of the Android platform, such as its multitude of discretionary (and somewhat arcane) communication channels, raise challenges in defining and enforcing component boundaries. Abstract We build a system, DroidDisintegrator, which demonstrates the viability of component-level IFC for expressing and controlling app behavior. DroidDisintegrator uses dynamic analysis to generate IFC policies for Android apps, repackages apps to embed these policies, and enforces the policies at runtime. We evaluate DroidDisintegrator on dozens of apps.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"170 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116594127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: