Pub Date : 2019-07-01DOI: 10.22042/ISECURE.2019.11.0.6
Omed Hassan Ahmed, Joan Lu, Qiang Xu, M. Al-Ani
Standard face recognition algorithms that use standard feature extraction techniques always suffer from image performance degradation. Recently, singular value decomposition and low-rank matrix are applied in many applications,including pattern recognition and feature extraction. The main objective of this research is to design an efficient face recognition approach by combining many techniques to generate efficient recognition results. The implemented facerecognition approach is concentrated on obtaining significant rank matrix via applying a singular value decomposition technique. Measures of dispersion are used to indicate the distribution of data. According to the applied ranks, thereis an adequate reasonable rank that is important to reach via the implemented procedure. Interquartile range, mean absolute deviation, range, variance, and standard deviation are applied to select the appropriate rank. Rank 24, 12, and 6reached an excellent 100% recognition rate with data reduction up to 2 : 1, 4 : 1 and 8 : 1 respectively. In addition, properly selecting the adequate rank matrix is achieved based on the dispersion measures. Obtained results on standard face databases verify the efficiency and effectiveness of the implemented approach.
{"title":"Face Recognition Based Rank Reduction SVD Approach","authors":"Omed Hassan Ahmed, Joan Lu, Qiang Xu, M. Al-Ani","doi":"10.22042/ISECURE.2019.11.0.6","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.11.0.6","url":null,"abstract":"Standard face recognition algorithms that use standard feature extraction techniques always suffer from image performance degradation. Recently, singular value decomposition and low-rank matrix are applied in many applications,including pattern recognition and feature extraction. The main objective of this research is to design an efficient face recognition approach by combining many techniques to generate efficient recognition results. The implemented facerecognition approach is concentrated on obtaining significant rank matrix via applying a singular value decomposition technique. Measures of dispersion are used to indicate the distribution of data. According to the applied ranks, thereis an adequate reasonable rank that is important to reach via the implemented procedure. Interquartile range, mean absolute deviation, range, variance, and standard deviation are applied to select the appropriate rank. Rank 24, 12, and 6reached an excellent 100% recognition rate with data reduction up to 2 : 1, 4 : 1 and 8 : 1 respectively. In addition, properly selecting the adequate rank matrix is achieved based on the dispersion measures. Obtained results on standard face databases verify the efficiency and effectiveness of the implemented approach.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124129092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.22042/ISECURE.2019.11.0.7
A. Fatima, Muhammad Adnan Khan, Sagheer Abbas, M. Waqas, Leena Anum, Muhammad Asif
Internet of Things (IoT) approach is empowering smart city creativities all over the world. There is no specific tool or criteria for the evaluation of the services offered by the smart city. In this paper, a new Multilayer Fuzzy Inference System (MFIS) is proposed for the assessment of the Planet Factors of smart city (PFSC). The PFSC system is categorized into two levels. The proposed MFIS based expert system can categories the evaluation level of planet factors of the smart city into low, satisfied, or good.
{"title":"Evaluation of Planet Factors of Smart City through Multi-layer Fuzzy Logic (MFL)","authors":"A. Fatima, Muhammad Adnan Khan, Sagheer Abbas, M. Waqas, Leena Anum, Muhammad Asif","doi":"10.22042/ISECURE.2019.11.0.7","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.11.0.7","url":null,"abstract":"Internet of Things (IoT) approach is empowering smart city creativities all over the world. There is no specific tool or criteria for the evaluation of the services offered by the smart city. In this paper, a new Multilayer Fuzzy Inference System (MFIS) is proposed for the assessment of the Planet Factors of smart city (PFSC). The PFSC system is categorized into two levels. The proposed MFIS based expert system can categories the evaluation level of planet factors of the smart city into low, satisfied, or good.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134141799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-06-26DOI: 10.22042/ISECURE.2019.140663.424
S. Ahmadi, M. Aref
GOST block cipher designed in the 1970s and published in 1989 as the Soviet and Russian standard GOST 28147-89. In order to enhance the security of GOST block cipher after proposing various attacks on it, designers published a modified version of GOST, namely GOST2, in 2015 which has a new key schedule and explicit choice for S-boxes. In this paper, by using three exactly identical portions of GOST2 and fixed point idea, more enhanced fixed point attacks for filtration of wrong keys are presented. More precisely, the focus of the new attacks is on reducing memory complexity while keeping other complexities unchanged as well. The results show a significant reduction in the memory complexity of the attacks, while the time complexity slightly increased in comparison to the previous fixed point attacks. To the best of our knowledge, the lowest memory complexity for an attack on full-round GOST2 block cipher is provided here.
{"title":"New Fixed Point Attacks on GOST2 Block Cipher","authors":"S. Ahmadi, M. Aref","doi":"10.22042/ISECURE.2019.140663.424","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.140663.424","url":null,"abstract":"GOST block cipher designed in the 1970s and published in 1989 as the Soviet and Russian standard GOST 28147-89. In order to enhance the security of GOST block cipher after proposing various attacks on it, designers published a modified version of GOST, namely GOST2, in 2015 which has a new key schedule and explicit choice for S-boxes. In this paper, by using three exactly identical portions of GOST2 and fixed point idea, more enhanced fixed point attacks for filtration of wrong keys are presented. More precisely, the focus of the new attacks is on reducing memory complexity while keeping other complexities unchanged as well. The results show a significant reduction in the memory complexity of the attacks, while the time complexity slightly increased in comparison to the previous fixed point attacks. To the best of our knowledge, the lowest memory complexity for an attack on full-round GOST2 block cipher is provided here.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127066421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2018.138036.420
S. Ahmadi, Z. Ahmadian, J. Mohajeri, M. Aref
In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amount of this complexity the same and reduce the data complexity enormously by a shorter biclique. With this approach, we analysed full-round of LBlock, and also LBlock with modified key schedule (which was designed to resist biclique attack) both with data complexity 2^12, while the data complexity of the best biclique attack on the former was 2^52 and for the latter there is no attack on the full-round cipher, so far. Then we proposed a new key schedule that is more resistant against biclique cryptanalysis, though the low diffusion of the cipher makes it vulnerable to this attack regardless of the strength of the key schedule. Also using this method, we analyzed TWINE-80 with 2^12 data complexity. The lowest data complexity for the prior attack on the TWINE-80 was 2^60. In all the attacks presented in this paper, the computational complexities are slightly improved in comparison to the existing attacks.
{"title":"Biclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity","authors":"S. Ahmadi, Z. Ahmadian, J. Mohajeri, M. Aref","doi":"10.22042/ISECURE.2018.138036.420","DOIUrl":"https://doi.org/10.22042/ISECURE.2018.138036.420","url":null,"abstract":"In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amount of this complexity the same and reduce the data complexity enormously by a shorter biclique. With this approach, we analysed full-round of LBlock, and also LBlock with modified key schedule (which was designed to resist biclique attack) both with data complexity 2^12, while the data complexity of the best biclique attack on the former was 2^52 and for the latter there is no attack on the full-round cipher, so far. Then we proposed a new key schedule that is more resistant against biclique cryptanalysis, though the low diffusion of the cipher makes it vulnerable to this attack regardless of the strength of the key schedule. Also using this method, we analyzed TWINE-80 with 2^12 data complexity. The lowest data complexity for the prior attack on the TWINE-80 was 2^60. In all the attacks presented in this paper, the computational complexities are slightly improved in comparison to the existing attacks.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"138 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131426437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2019.148637.430
Javad Ghareh Chamani, Mohammad Sadeq Dousti, R. Jalili, D. Papadopoulos
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison. In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts. At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme. The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).
{"title":"SESOS: A Verifiable Searchable Outsourcing Scheme for Ordered Structured Data in Cloud Computing","authors":"Javad Ghareh Chamani, Mohammad Sadeq Dousti, R. Jalili, D. Papadopoulos","doi":"10.22042/ISECURE.2019.148637.430","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.148637.430","url":null,"abstract":"While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison. In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts. At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme. The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129919910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2019.143657.427
Mansoureh Labbafniya, R. Saeidi
Nowadays there are different kinds of attacks on Field Programmable Gate Array (FPGA). As FPGAs are used in many different applications, its security becomes an important concern, especially in Internet of Things (IoT) applications. Hardware Trojan Horse (HTH) insertion is one of the major security threats that can be implemented in unused space of the FPGA. This unused space is unavoidable to meet the place and route requirements. In this paper, we introduce an efficient method to fill this space and thus to leave no free space for inserting HTHs. Using a shift register in combination with gate-chain is the best way of filling unused space, which incurs a no increase in power consumption of the main design. Experimental results of implementing a set of IWLS benchmarks on Xilinx Virtex devices show that the proposed prevention and detection scheme imposes a no power overhead with no degradation to performance and critical path delay of the main design
{"title":"Secure FPGA Design by Filling Unused Spaces","authors":"Mansoureh Labbafniya, R. Saeidi","doi":"10.22042/ISECURE.2019.143657.427","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.143657.427","url":null,"abstract":"Nowadays there are different kinds of attacks on Field Programmable Gate Array (FPGA). As FPGAs are used in many different applications, its security becomes an important concern, especially in Internet of Things (IoT) applications. Hardware Trojan Horse (HTH) insertion is one of the major security threats that can be implemented in unused space of the FPGA. This unused space is unavoidable to meet the place and route requirements. In this paper, we introduce an efficient method to fill this space and thus to leave no free space for inserting HTHs. Using a shift register in combination with gate-chain is the best way of filling unused space, which incurs a no increase in power consumption of the main design. Experimental results of implementing a set of IWLS benchmarks on Xilinx Virtex devices show that the proposed prevention and detection scheme imposes a no power overhead with no degradation to performance and critical path delay of the main design","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130422580","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2018.138301.421
A. M. Rishakani, M. R. M. Shamsabad, S. M. Dehnavi, M. Amiri, H. Maimani, N. Bagheri
Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number of XORs. Firstly, we mathematically characterize the MDS property of a class of matrices (derived from the product of binary matrices and companion matrices of $sigma$-LFSRs aka recursive diffusion layers) whose implementation cost is $10m+4$ XORs for 4 <= m <= 8, where $m$ is the bit length of inputs. Then, based on the mathematical investigation, we further extend the search space and propose new families of 4x 4 MDS matrices with 8m+4 and 8m+3 XOR implementation cost. The lightest MDS matrices by our new approach have the same implementation cost as the lightest existent matrix.
{"title":"Lightweight 4x4 MDS Matrices for Hardware-Oriented Cryptographic Primitives","authors":"A. M. Rishakani, M. R. M. Shamsabad, S. M. Dehnavi, M. Amiri, H. Maimani, N. Bagheri","doi":"10.22042/ISECURE.2018.138301.421","DOIUrl":"https://doi.org/10.22042/ISECURE.2018.138301.421","url":null,"abstract":"Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number of XORs. Firstly, we mathematically characterize the MDS property of a class of matrices (derived from the product of binary matrices and companion matrices of $sigma$-LFSRs aka recursive diffusion layers) whose implementation cost is $10m+4$ XORs for 4 <= m <= 8, where $m$ is the bit length of inputs. Then, based on the mathematical investigation, we further extend the search space and propose new families of 4x 4 MDS matrices with 8m+4 and 8m+3 XOR implementation cost. The lightest MDS matrices by our new approach have the same implementation cost as the lightest existent matrix.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128846226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2018.141655.426
Simin Ghasemi, M. A. Hadavi, Mina Niknafs
Correctness verification of query results is a significant challenge in database outsourcing. Most of the proposed approaches impose high overhead, which makes them impractical in real scenarios. Probabilistic approaches are proposed in order to reduce the computation overhead pertaining to the verification process. In this paper, we use the notion of trust as the basis of our probabilistic approach to efficiently verify the correctness of query results. The trust is computed based on observing the history of interactions between clients and the service provider. Our approach exploits Merkle Hash Tree as an authentication data structure. The amount of trust value towards the service provider leads to investigating just an appropriate portion of the tree. Implementation results of our approach show that considering the trust, derived from the history of interactions, provides a trade-off between performance and security, and reduces the imposed overhead for both clients and the service provider in database outsourcing scenario.
{"title":"A Trust Based Probabilistic Method for Efficient Correctness Verification in Database Outsourcing","authors":"Simin Ghasemi, M. A. Hadavi, Mina Niknafs","doi":"10.22042/ISECURE.2018.141655.426","DOIUrl":"https://doi.org/10.22042/ISECURE.2018.141655.426","url":null,"abstract":"Correctness verification of query results is a significant challenge in database outsourcing. Most of the proposed approaches impose high overhead, which makes them impractical in real scenarios. Probabilistic approaches are proposed in order to reduce the computation overhead pertaining to the verification process. In this paper, we use the notion of trust as the basis of our probabilistic approach to efficiently verify the correctness of query results. The trust is computed based on observing the history of interactions between clients and the service provider. Our approach exploits Merkle Hash Tree as an authentication data structure. The amount of trust value towards the service provider leads to investigating just an appropriate portion of the tree. Implementation results of our approach show that considering the trust, derived from the history of interactions, provides a trade-off between performance and security, and reduces the imposed overhead for both clients and the service provider in database outsourcing scenario.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131778678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-30DOI: 10.22042/ISECURE.2018.109810.398
R. E. Atani, S. E. Atani, A. Karbasi
emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based PAKE using the Learning With Errors ( LWE ) problem. In this work, we present a new efficient emph { ring-based } smooth projectice hash function `` ( Ring - SPHF ) " using Lyubashevsky, Peikert, and Regev's dual-style cryptosystem based on the Learning With Errors over Rings ( Ring - LWE ) problem. Then, using our ring-SPHF, we propose the first efficient password-based authenticated key exchange ` ` ( Ring - PAKE ) " protocol over emph{ rings } whose security relies on ideal lattice assumptions.
{"title":"A New Ring-Based SPHF and PAKE Protocol On Ideal Lattices","authors":"R. E. Atani, S. E. Atani, A. Karbasi","doi":"10.22042/ISECURE.2018.109810.398","DOIUrl":"https://doi.org/10.22042/ISECURE.2018.109810.398","url":null,"abstract":"emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based PAKE using the Learning With Errors ( LWE ) problem. In this work, we present a new efficient emph { ring-based } smooth projectice hash function `` ( Ring - SPHF ) \" using Lyubashevsky, Peikert, and Regev's dual-style cryptosystem based on the Learning With Errors over Rings ( Ring - LWE ) problem. Then, using our ring-SPHF, we propose the first efficient password-based authenticated key exchange ` ` ( Ring - PAKE ) \" protocol over emph{ rings } whose security relies on ideal lattice assumptions.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133698800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-07-15DOI: 10.22042/ISECURE.2018.126294.414
Naeimeh Soltani, Ramin Bohlooli, R. Jalili
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, overhead of accessing/processing data at the user/owner side. Most of the existing solutions address only some of the challenges, while imposing high overhead on both owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions address only enforcement of policies in the form of access control matrix. In this paper, we propose an approach to enforce RBAC policies on encrypted data outsourced to a service provider. We utilize Chinese Remainder Theorem for key management and role/permission assignment. Efficient user revocation, efficient role hierarchical structure updating, availability of authorized resources for users of new roles, and enforcement of write access control policies as well as static separation of duties, are of advantages of the proposed solution.
{"title":"Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)","authors":"Naeimeh Soltani, Ramin Bohlooli, R. Jalili","doi":"10.22042/ISECURE.2018.126294.414","DOIUrl":"https://doi.org/10.22042/ISECURE.2018.126294.414","url":null,"abstract":"One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, overhead of accessing/processing data at the user/owner side. Most of the existing solutions address only some of the challenges, while imposing high overhead on both owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions address only enforcement of policies in the form of access control matrix. In this paper, we propose an approach to enforce RBAC policies on encrypted data outsourced to a service provider. We utilize Chinese Remainder Theorem for key management and role/permission assignment. Efficient user revocation, efficient role hierarchical structure updating, availability of authorized resources for users of new roles, and enforcement of write access control policies as well as static separation of duties, are of advantages of the proposed solution.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126506908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: