Predicate encryption with various properties

Predicate encryption (PE) is a new primitive which supports exible control over access to encrypted data. In PE schemes, users' decryption keys are associated with predicates f and ciphertexts encode attributes a that are specified during the encryption procedure. A user can successfully decrypt if and only if f(a) = 1. In this thesis, we will investigate several properties that are crucial to PE. We focus on expressiveness of PE, Revocable PE and Hierarchical PE (HPE) with forward security. For all proposed systems, we provide a security model and analysis using the widely accepted computational complexity approach. Our first contribution is to explore the expressiveness of PE. Existing PE supports a wide class of predicates such as conjunctions of equality, comparison and subset queries, disjunctions of equality queries, and more generally, arbitrary combinations of conjunctive and disjunctive equality queries. We advance PE to evaluate more expressive predicates, e.g., disjunctive comparison or disjunctive subset queries. Such expressiveness is achieved at the cost of computational and space overhead. To improve the performance, we appropriately revise the PE to reduce the computational and space cost. Furthermore, we propose a heuristic method to reduce disjunctions in the predicates. Our schemes are proved in the standard model. We then introduce the concept of Revocable Predicate Encryption (RPE), which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created. We propose two RPE schemes. Our first scheme, termed Attribute- Hiding RPE (AH-RPE), offers attribute-hiding, which is the standard PE property. Our second scheme, termed Full-Hiding RPE (FH-RPE), offers even stronger privacy guarantees, i.e., apart from possessing the Attribute-Hiding property, the scheme also ensures that no information about revoked users is leaked from a given ciphertext. The proposed schemes are also proved to be secure under well established assumptions in the standard model. Secrecy of decryption keys is an important pre-requisite for security of (H)PE and compromised private keys must be immediately replaced. The notion of Forward Security (FS) reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. We present the first Forward-Secure Hierarchical Predicate Encryption (FS-HPE) that is proved secure in the standard model. Our FS-HPE scheme offers some desirable properties: time-independent delegation of predicates (to support dynamic behavior for delegation of decrypting rights to new users), local update for users' private keys (i.e., no master authority needs to be contacted), forward security, and the scheme's encryption process does not require knowledge of predicates at any level including when those predicates join the hierarchy.

Twitter and Sports : Football Fandom in Emerging and Established Markets

Twitter and other social media have become increasingly important tools for maintaining the relationships between fans and their idols across a range of activities, from politics and the arts to celebrity and sports culture. Twitter, Inc. itself has initiated several strategic approaches, especially to entertainment and sporting organisations; late in 2012, for example, a Twitter, Inc. delegation toured Australia in order to develop formal relationships with a number of key sporting bodies covering popular sports such as Australian Rules Football, A-League football (soccer), and V8 touring car racing, as well as to strengthen its connections with key Australian broadcasters and news organisations (Jackson & Christensen, 2012). Similarly, there has been a concerted effort between Twitter Germany and the German Bundesliga clubs and football association to coordinate the presence of German football on Twitter ahead of the 2012–2013 season: the Twitter accounts of almost all first-division teams now bear the official Twitter verification mark, and a system of ‘official’ hashtags for tweeting about individual games (combining the abbreviations of the two teams, e.g. #H96FCB) has also been instituted (Twitter auf Deutsch, 2012).

Talking Turkey : digital storytelling goes to Ankara in 2013

In the last fifteen years digital storytelling has come to stand for considerably more than a specific form of collaborative media production. It is also an international network of new media artists, creative practitioners, curators, scholars, and facilitating community media organisations. In May this year the movement will converge on Ankara, Turkey for its Fifth International Conference and Exhibition. The event will draw together key adopters, adapters and innovators in community-based methods of collaborative media production from around the world. Researchers from the Queensland University of Technology will lead a delegation that will include key players in the Australian digital storytelling movement.

Key-private proxy re-encryption under LWE

Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow a proxy with the capacity to change ciphertext recipients from Alice to Bob, without the proxy itself being able to decrypt, thereby providing delegation of decryption authority. Key-private PRE (KP-PRE) specifies an additional level of confidentiality, requiring pseudo-random proxy keys that leak no information on the identity of the delegators and delegatees. In this paper, we propose a CPA-secure PK-PRE scheme in the standard model (which we then transform into a CCA-secure scheme in the random oracle model). Both schemes enjoy highly desirable properties such as uni-directionality and multi-hop delegation. Unlike (the few) prior constructions of PRE and KP-PRE that typically rely on bilinear maps under ad hoc assumptions, security of our construction is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or “post-quantum”. Of independent interest, we further examine the practical hardness of the LWE assumption, using Kannan’s exhaustive search algorithm coupling with pruning techniques. This leads to state-of-the-art parameters not only for our scheme, but also for a number of other primitives based on LWE published the literature.

On secure outsourcing of cryptographic computations to cloud

For the past few years, research works on the topic of secure outsourcing of cryptographic computations has drawn significant attention from academics in security and cryptology disciplines as well as information security practitioners. One main reason for this interest is their application for resource constrained devices such as RFID tags. While there has been significant progress in this domain since Hohenberger and Lysyanskaya have provided formal security notions for secure computation delegation, there are some interesting challenges that need to be solved that can be useful towards a wider deployment of cryptographic protocols that enable secure outsourcing of cryptographic computations. This position paper brings out these challenging problems with RFID technology as the use case together with our ideas, where applicable, that can provide a direction towards solving the problems.

An analysis of TLS handshake proxying

Content delivery networks (CDNs) are an essential component of modern website infrastructures: edge servers located closer to users cache content, increasing robustness and capacity while decreasing latency. However, this situation becomes complicated for HTTPS content that is to be delivered using the Transport Layer Security (TLS) protocol: the edge server must be able to carry out TLS handshakes for the cached domain. Most commercial CDNs require that the domain owner give their certificate's private key to the CDN's edge server or abandon caching of HTTPS content entirely. We examine the security and performance of a recently commercialized delegation technique in which the domain owner retains possession of their private key and splits the TLS state machine geographically with the edge server using a private key proxy service. This allows the domain owner to limit the amount of trust given to the edge server while maintaining the benefits of CDN caching. On the performance front, we find that latency is slightly worse compared to the insecure approach, but still significantly better than the domain owner serving the content directly. On the security front, we enumerate the security goals for TLS handshake proxying and identify a subtle difference between the security of RSA key transport and signed-Diffie--Hellman in TLS handshake proxying; we also discuss timing side channel resistance of the key server and the effect of TLS session resumption.

Multiple roles of transfer prices: One vs. two books

This paper investigates multiple roles of transfer prices for shipments of goods and services between entities of a multinational enterprise. At the center is the role of transfer pricing (TP) in tax manipulation, but other roles having to do with internal operations or strategic delegation, etc. are also considered. The interesting question is to what extent and how the different roles of TPs interfere with each other. The answer depends on whether companies use one or two books, i.e. whether they (can) apply different TPs for different purposes. We illustrate, in a stylized model, the competing aims of tax manipulation and strategic delegation. Finally, we briefly look at selected reform proposals, concluding that either TP problems are not addressed, or else new distortions will be introduced instead.

Perioperative Nursing

This chapter introduces the beginning perioperative nurse to the key concepts and principles informing perioperative practice within Australasia. It describes the patient care roles of the nurse as well as the perioperative context and culture that inform the delivery of care during the surgical patient's journey. Aspects of the regulatory environment are examined, such as advocacy, accountability, delegation and scope of practice. In addition, the chapter explores the role of professional associations and highlights the importance of practice standards for perioperative nursing. The role of evidence-based practice (EBP) is also acknowledged. As this dynamic nursing speciality continues to evolve, the chapter concludes with a discussion of emerging advanced-practice roles for perioperative nurses.