Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...最新文献
S. F. Abdul-Latip, Reza Reyhanitabar, W. Susilo, J. Seberry
In this paper, we propose an efficient method for extracting simple low-degree equations (e.g. quadratic ones) in addition to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosystems in which the original cube attack may fail due to the attacker's inability in finding sufficiently many independent linear equations. As an application of our extended method, we exhibit a side channel cube attack against the PRESENT block cipher using the Hamming weight leakage model. Our side channel attack improves upon the previous work of Yang, Wang and Qiao at CANS 2009 from two aspects. First, we use the Hamming weight leakage model which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assumption that the adversary has access to the "exact" value of the internal state bits as used by Yang et al. Thanks to applying the extended cube method, our attack has also a reduced complexity compared to that of Yang et al. Namely, for PRESENT-80 (80-bit key variant) as considered by Yang et al., our attack has a time complexity 216 and data complexity of about 213 chosen plaintexts; whereas, that of Yang et al. has time complexity of 232 and needs about 215 chosen plaintexts. Furthermore, our method directly applies to PRESENT-128 (i.e. 128-bit key variant) with time complexity of 264 and the same data complexity of 213 chosen plaintexts.
{"title":"Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations","authors":"S. F. Abdul-Latip, Reza Reyhanitabar, W. Susilo, J. Seberry","doi":"10.1145/1966913.1966952","DOIUrl":"https://doi.org/10.1145/1966913.1966952","url":null,"abstract":"In this paper, we propose an efficient method for extracting simple low-degree equations (e.g. quadratic ones) in addition to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosystems in which the original cube attack may fail due to the attacker's inability in finding sufficiently many independent linear equations. As an application of our extended method, we exhibit a side channel cube attack against the PRESENT block cipher using the Hamming weight leakage model. Our side channel attack improves upon the previous work of Yang, Wang and Qiao at CANS 2009 from two aspects. First, we use the Hamming weight leakage model which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assumption that the adversary has access to the \"exact\" value of the internal state bits as used by Yang et al. Thanks to applying the extended cube method, our attack has also a reduced complexity compared to that of Yang et al. Namely, for PRESENT-80 (80-bit key variant) as considered by Yang et al., our attack has a time complexity 216 and data complexity of about 213 chosen plaintexts; whereas, that of Yang et al. has time complexity of 232 and needs about 215 chosen plaintexts. Furthermore, our method directly applies to PRESENT-128 (i.e. 128-bit key variant) with time complexity of 264 and the same data complexity of 213 chosen plaintexts.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"12 1","pages":"296-305"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78667335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV, or eCK security models. The exact relation between these security models, and hence the relation between the security guarantees provided by the protocols, is unclear. We show first that the CK, CK-HMQV, and eCK security models are formally incomparable. Second, we show that these models are also practically incomparable, by providing for each model attacks on protocols from the literature that are not considered by the other models. Third, our analysis enables us to find previously unreported flaws in protocol security proofs from the literature. We identify the causes of these flaws and show how they can be avoided.
{"title":"Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK","authors":"C. Cremers","doi":"10.1145/1966913.1966925","DOIUrl":"https://doi.org/10.1145/1966913.1966925","url":null,"abstract":"Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV, or eCK security models. The exact relation between these security models, and hence the relation between the security guarantees provided by the protocols, is unclear. We show first that the CK, CK-HMQV, and eCK security models are formally incomparable. Second, we show that these models are also practically incomparable, by providing for each model attacks on protocols from the literature that are not considered by the other models. Third, our analysis enables us to find previously unreported flaws in protocol security proofs from the literature. We identify the causes of these flaws and show how they can be avoided.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"1 1","pages":"80-91"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79000149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Huang Lin, Z. Cao, Yuguang Fang, Muxing Zhou, Haojin Zhu
Since there always exists a possibility that some users' private keys are stolen or expired in practice, it is important for identity based encryption (IBE) system to provide a solution to revocation. The current most efficient revocable IBE system has a private key of size O(log ns) and update information of size O(r log(n/r)) where r is the number of revoked users. In this paper, we present a new revocable IBE system in which the private key only contains two group elements and the update information size is O(r). We show that the proposed constructions for the revocation mechanism are more efficient in terms of space cost and provide a generic methodology to transform a non-monotonic attribute based encryption into a revocable IBE. We also demonstrate how the proposed method can be employed to develop an efficient hierarchical revocable IBE system.
{"title":"How to design space efficient revocable IBE from non-monotonic ABE","authors":"Huang Lin, Z. Cao, Yuguang Fang, Muxing Zhou, Haojin Zhu","doi":"10.1145/1966913.1966963","DOIUrl":"https://doi.org/10.1145/1966913.1966963","url":null,"abstract":"Since there always exists a possibility that some users' private keys are stolen or expired in practice, it is important for identity based encryption (IBE) system to provide a solution to revocation. The current most efficient revocable IBE system has a private key of size O(log ns) and update information of size O(r log(n/r)) where r is the number of revoked users. In this paper, we present a new revocable IBE system in which the private key only contains two group elements and the update information size is O(r). We show that the proposed constructions for the revocation mechanism are more efficient in terms of space cost and provide a generic methodology to transform a non-monotonic attribute based encryption into a revocable IBE. We also demonstrate how the proposed method can be employed to develop an efficient hierarchical revocable IBE system.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"67 1","pages":"381-385"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76401356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce the concept of Separation of Duties (SoD) as a Service, an approach to enforcing SoD requirements on workflows and thereby preventing fraud and errors. SoD as a Service facilitates a separation of concern between business experts and security professionals. Moreover, it allows enterprises to address the need for internal controls and to quickly adapt to organizational, regulatory, and technological changes. In this paper, we describe an implementation of SoD as a Service, which extends a widely used, commercial workflow system, and discuss its performance. We present a drug dispensation workflow deployed in a hospital as case study to demonstrate the feasibility and benefits of our proof-of-concept implementation.
{"title":"Separation of duties as a service","authors":"D. Basin, Samuel J. Burri, G. Karjoth","doi":"10.1145/1966913.1966972","DOIUrl":"https://doi.org/10.1145/1966913.1966972","url":null,"abstract":"We introduce the concept of Separation of Duties (SoD) as a Service, an approach to enforcing SoD requirements on workflows and thereby preventing fraud and errors. SoD as a Service facilitates a separation of concern between business experts and security professionals. Moreover, it allows enterprises to address the need for internal controls and to quickly adapt to organizational, regulatory, and technological changes. In this paper, we describe an implementation of SoD as a Service, which extends a widely used, commercial workflow system, and discuss its performance. We present a drug dispensation workflow deployed in a hospital as case study to demonstrate the feasibility and benefits of our proof-of-concept implementation.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"14 1","pages":"423-429"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82276357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Junjie Zhang, Xiapu Luo, R. Perdisci, G. Gu, Wenke Lee, N. Feamster
Botnets pose a serious threat to the health of the Internet. Most current network-based botnet detection systems require deep packet inspection (DPI) to detect bots. Because DPI is a computational costly process, such detection systems cannot handle large volumes of traffic typical of large enterprise and ISP networks. In this paper we propose a system that aims to efficiently and effectively identify a small number of suspicious hosts that are likely bots. Their traffic can then be forwarded to DPI-based botnet detection systems for fine-grained inspection and accurate botnet detection. By using a novel adaptive packet sampling algorithm and a scalable spatial-temporal flow correlation approach, our system is able to substantially reduce the volume of network traffic that goes through DPI, thereby boosting the scalability of existing botnet detection systems. We implemented a proof-of-concept version of our system, and evaluated it using real-world legitimate and botnet-related network traces. Our experimental results are very promising and suggest that our approach can enable the deployment of botnet-detection systems in large, high-speed networks.
{"title":"Boosting the scalability of botnet detection using adaptive traffic sampling","authors":"Junjie Zhang, Xiapu Luo, R. Perdisci, G. Gu, Wenke Lee, N. Feamster","doi":"10.1145/1966913.1966930","DOIUrl":"https://doi.org/10.1145/1966913.1966930","url":null,"abstract":"Botnets pose a serious threat to the health of the Internet. Most current network-based botnet detection systems require deep packet inspection (DPI) to detect bots. Because DPI is a computational costly process, such detection systems cannot handle large volumes of traffic typical of large enterprise and ISP networks. In this paper we propose a system that aims to efficiently and effectively identify a small number of suspicious hosts that are likely bots. Their traffic can then be forwarded to DPI-based botnet detection systems for fine-grained inspection and accurate botnet detection. By using a novel adaptive packet sampling algorithm and a scalable spatial-temporal flow correlation approach, our system is able to substantially reduce the volume of network traffic that goes through DPI, thereby boosting the scalability of existing botnet detection systems. We implemented a proof-of-concept version of our system, and evaluated it using real-world legitimate and botnet-related network traces. Our experimental results are very promising and suggest that our approach can enable the deployment of botnet-detection systems in large, high-speed networks.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"89 1","pages":"124-134"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90063383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents the first formalization of partial key leakage security of a two-pass two-party authenticated key exchange (AKE) protocol on the extended Canetti-Krawczyk (eCK) security model. Our formalization, λ-leakage resilient eCK security, is a (stronger) generalization of the eCK security model with enhanced by the notion of λ-leakage resilient security recently introduced by Akavia, Goldwasser and Vaikuntanathan. We present a PKI-based two-pass key exchange protocol with Hash Proof System (HPS), that is λ-leakage resilient eCK secure without random oracles.
{"title":"Leakage resilient eCK-secure key exchange protocol without random oracles","authors":"D. Moriyama, T. Okamoto","doi":"10.1145/1966913.1966976","DOIUrl":"https://doi.org/10.1145/1966913.1966976","url":null,"abstract":"This paper presents the first formalization of partial key leakage security of a two-pass two-party authenticated key exchange (AKE) protocol on the extended Canetti-Krawczyk (eCK) security model. Our formalization, λ-leakage resilient eCK security, is a (stronger) generalization of the eCK security model with enhanced by the notion of λ-leakage resilient security recently introduced by Akavia, Goldwasser and Vaikuntanathan. We present a PKI-based two-pass key exchange protocol with Hash Proof System (HPS), that is λ-leakage resilient eCK secure without random oracles.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"108 1","pages":"441-447"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79384281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent years have witnessed an increasing threat from kernel rootkits. A common feature of such attack is hiding malicious objects to conceal their presence, including processes, sockets, and kernel modules. Scanning memory with object signatures to detect the stealthy rootkit has been proven to be a powerful approach only when it is hard for adversaries to evade. However, it is difficult, if not impossible, to select fields from a single data structure as robust signatures with traditional techniques. In this paper, we propose the concepts of inter-structure signature and imported signature, and present techniques to detect stealthy malware based on these concepts. The key idea is to use cross-reference relationships of multiple data structures as signatures to detect stealthy malware, and to import some extra information into regions attached to target data structures as signatures. We have inferred four invariants as signatures to detect hidden processes, sockets, and kernel modules in Linux respectively and implemented a prototype detection system called DeepScanner. Meanwhile, we have also developed a hypervisor-based monitor to protect imported signatures. Our experimental result shows that our DeepScanner can effectively and efficiently detect stealthy objects hidden by seven real-world rootkits without any false positives and false negatives, and an adversary can hardly evade DeepScanner if he/she does not break the normal functions of target objects and the system.
{"title":"Detecting stealthy malware with inter-structure and imported signatures","authors":"Bin Liang, Wei You, Wenchang Shi, Zhaohui Liang","doi":"10.1145/1966913.1966941","DOIUrl":"https://doi.org/10.1145/1966913.1966941","url":null,"abstract":"Recent years have witnessed an increasing threat from kernel rootkits. A common feature of such attack is hiding malicious objects to conceal their presence, including processes, sockets, and kernel modules. Scanning memory with object signatures to detect the stealthy rootkit has been proven to be a powerful approach only when it is hard for adversaries to evade. However, it is difficult, if not impossible, to select fields from a single data structure as robust signatures with traditional techniques. In this paper, we propose the concepts of inter-structure signature and imported signature, and present techniques to detect stealthy malware based on these concepts. The key idea is to use cross-reference relationships of multiple data structures as signatures to detect stealthy malware, and to import some extra information into regions attached to target data structures as signatures. We have inferred four invariants as signatures to detect hidden processes, sockets, and kernel modules in Linux respectively and implemented a prototype detection system called DeepScanner. Meanwhile, we have also developed a hypervisor-based monitor to protect imported signatures. Our experimental result shows that our DeepScanner can effectively and efficiently detect stealthy objects hidden by seven real-world rootkits without any false positives and false negatives, and an adversary can hardly evade DeepScanner if he/she does not break the normal functions of target objects and the system.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"48 1","pages":"217-227"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86132877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Securing Windows is a challenge because of its large attack surface which can lead to many ways where binaries can be loaded and subsequently executed. Furthermore, the software in the system is itself dynamic as binaries need to be installed, updated and uninstalled. Binaries can also be created dynamically during software development as well as other situations. We present a new binary security model called BinInt which provides integrity for binaries and prevents the use of unauthorized binaries. We have implemented a BinInt prototype designed with usability in mind to be compatible with existing software in binary form. It has low overhead and thus can be permanently on.
{"title":"Towards a binary integrity system for windows","authors":"Yongzheng Wu, R. Yap","doi":"10.1145/1966913.1966987","DOIUrl":"https://doi.org/10.1145/1966913.1966987","url":null,"abstract":"Securing Windows is a challenge because of its large attack surface which can lead to many ways where binaries can be loaded and subsequently executed. Furthermore, the software in the system is itself dynamic as binaries need to be installed, updated and uninstalled. Binaries can also be created dynamically during software development as well as other situations. We present a new binary security model called BinInt which provides integrity for binaries and prevents the use of unauthorized binaries. We have implemented a BinInt prototype designed with usability in mind to be compatible with existing software in binary form. It has low overhead and thus can be permanently on.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"56 1","pages":"503-507"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74118642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qiang Yan, Jin Han, Yingjiu Li, R. Deng, Tieyan Li
Software-based root-of-trust has been proposed to overcome the disadvantage of hardware-based root-of-trust, which is the high cost in deployment and upgrade (when vulnerabilities are discovered). However, prior research on software-based root-of-trust only focuses on uniprocessor platforms. The essential security properties of such software-based root-of-trust, as analyzed and demonstrated in our paper, can be violated on multicore platforms. Since multicore processors are becoming increasingly popular, it is imperative to explore the feasibility of software-based root-of-trust on them.� In this paper, we analyze the challenges of designing software-based root-of-trust on multicore platforms and present two practical attacks that utilize the parallel computing capability to break the existing schemes. We then propose a timing-based primitive, called MT-SRoT, as the first step towards software-based root-of-trust on multicore platforms. MT-SRoT is able to ensure untam-pered execution of a critical security task, such as remote software attestation, on homogeneous shared-memory multicore platforms without the support of tamper-resistant hardware. We implement MT-SRoT and show its effectiveness on both Intel dual-core and quad-core processors.
{"title":"A software-based root-of-trust primitive on multicore platforms","authors":"Qiang Yan, Jin Han, Yingjiu Li, R. Deng, Tieyan Li","doi":"10.1145/1966913.1966957","DOIUrl":"https://doi.org/10.1145/1966913.1966957","url":null,"abstract":"Software-based root-of-trust has been proposed to overcome the disadvantage of hardware-based root-of-trust, which is the high cost in deployment and upgrade (when vulnerabilities are discovered). However, prior research on software-based root-of-trust only focuses on uniprocessor platforms. The essential security properties of such software-based root-of-trust, as analyzed and demonstrated in our paper, can be violated on multicore platforms. Since multicore processors are becoming increasingly popular, it is imperative to explore the feasibility of software-based root-of-trust on them.\u0000 In this paper, we analyze the challenges of designing software-based root-of-trust on multicore platforms and present two practical attacks that utilize the parallel computing capability to break the existing schemes. We then propose a timing-based primitive, called MT-SRoT, as the first step towards software-based root-of-trust on multicore platforms. MT-SRoT is able to ensure untam-pered execution of a critical security task, such as remote software attestation, on homogeneous shared-memory multicore platforms without the support of tamper-resistant hardware. We implement MT-SRoT and show its effectiveness on both Intel dual-core and quad-core processors.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"8 1","pages":"334-343"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81814344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A promising approach to mitigate the privacy risks in Online Social Networks (OSNs) is to shift access control enforcement from the OSN provider to the user by means of encryption. However, this creates the challenge of key management to support complex policies involved in OSNs and dynamic groups. To address this, we propose EASiER, an architecture that supports fine-grained access control policies and dynamic group membership by using attribute-based encryption. A key and novel feature of our architecture, however, is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by creating a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users. We describe EASiER architecture and construction, provide performance evaluation, and prototype application of our approach on Facebook.
{"title":"EASiER: encryption-based access control in social networks with efficient revocation","authors":"Sonia Jahid, Prateek Mittal, N. Borisov","doi":"10.1145/1966913.1966970","DOIUrl":"https://doi.org/10.1145/1966913.1966970","url":null,"abstract":"A promising approach to mitigate the privacy risks in Online Social Networks (OSNs) is to shift access control enforcement from the OSN provider to the user by means of encryption. However, this creates the challenge of key management to support complex policies involved in OSNs and dynamic groups. To address this, we propose EASiER, an architecture that supports fine-grained access control policies and dynamic group membership by using attribute-based encryption. A key and novel feature of our architecture, however, is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by creating a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users. We describe EASiER architecture and construction, provide performance evaluation, and prototype application of our approach on Facebook.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":"63 1","pages":"411-415"},"PeriodicalIF":0.0,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85686113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: