Authentication in public key encryption schemes

This thesis analyses authentication in public key encryption and makes contributions in two areas. Firstly, Compressed Nested PKI is proposed which improves the certificate validation process. Then an implicitly certified encryption scheme, Authenticated Public Key Encryption, which makes keys easier to manage, is introduced.

Further observations on certificateless public key encryption

Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †

The need for best practice standards in electronic governance of patient medical records to facilitate innovation

Background : Optimising the use of electronic data offers many opportunities to health services, particularly in rural and remote areas. These include reducing the effect of distance on access to clinical information and sharing information where there are multiple service providers for a single patient. The increasing compilation of large electronic databases of patient information and the ease with which electronic information can be transferred has raised concerns about the privacy and confidentiality of such records.
Aims & rationale/Objectives : This review aims to identify legal and ethical standards for areas of electronic governance where a lack of clarity may currently impede innovation in health service delivery.
Methods : This paper describes best practices for storage and transfer of electronic patient data based on an examination of Australian legislative requirements and a review of a number of current models. This will firstly allow us to identify basic legal requirements of electronic governance as well as areas of ambiguity not fully addressed by legislation. An examination of current models will suggest recommendations for best practice in areas lacking sufficient legal guidance.
Principal findings : We have identified the following four areas of importance, and shall discuss relevant details:
1) Patients' right of ownership to electronic patient records. 2) Custodial issues with data stored in centralised health care institutions 3) IT Security, including hierarchical level access, data encryption, data transfer standards and physical security 4) Software applications usage.
Discussion : Our examination of several models of best practice for the transfer of electronic patient data, both in Australia and internationally, identifies and clarifies many unresolved issues of electronic governance. This paper will also inform future policy in this area.
Implications : Clarification will facilitate the future development of beneficial technology-based innovations by rural health services.
Presentation type : Poster

In support of hydrocarbon exploration and discovery using clouds

Seismic data gathered from the Hydrocarbon Exploration and Discovery Operation is essential to identify possible hydrocarbon existence in a geologically surveyed area. However, the discovery operation takes a long time to be completed and computational processing of the acquired data is often delayed. Hydrocarbon exploration may end up needlessly covering an area without any hydrocarbon traces due to lack of immediate feedback from geophysical experts. This feedback can only be given when the acquired seismic data is computationally processed, analysed and interpreted. In response, we propose a comprehensive model to facilitate Hydrocarbon Exploration and Discovery Operation using encryption, decryption, satellite transmission and clouds. The model details the logical design of Seismic Data Processing (SDP) that exploits clouds and the ability for geophysical experts to provide on-line decisions on how to progress the hydrocarbon exploration operation at a remote location. Initial feasibility assessment was carried out to support our model. The SDP, data encryption and encryption for the assessment were carried out on a private cloud. The assessment shows that the overall process of hydrocarbon exploration from data acquisition, satellite data transmission through to SDP could be executed in a short time and at low costs.

Wireless broadcast encryption based on smart cards

Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.

A secure cloud storage system from threshold encryption

The confidentiality of data is one of the most important issues in cloud storage system. We address the privacy issue of decentralized cloud storage system using threshold cryptography. The major challenge of designing this cloud storage system is to provide a better privacy guarantee. To achieve this goal, we propose a threshold encryption scheme and integrate it with a secure decentralized erasure code to form a secure cloud storage system, where the user generates a secret parameter participated in system encryption and decryption of plaintext blocks in the combine process. Our cloud storage system meets the requirements of data robustness and confidentiality.

Image encryption based on compressed sensing and blind source separation

A novel image encryption scheme based on compressed sensing and blind source separation is proposed in this work, where there is no statistical requirement to plaintexts. In the proposed method, for encryption, the plaintexts and keys are mixed with each other using a underdetermined matrix first, and then compressed under a project matrix. As a result, it forms a difficult underdetermined blind source separation (UBSS) problem without statistical features of sources. Regarding the decryption, given the keys, a new model will be constructed, which is solvable under compressed sensing (CS) frame. Due to the usage of CS technology, the plaintexts are compressed into the data with smaller size when they are encrypted. Meanwhile, they can be decrypted from parts of the received data packets and thus allows to lose some packets. This is beneficial for the proposed encryption method to suit practical communication systems. Simulations are given to illustrate the availability and the superiority of our method.

Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption

Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.

A secure cloud computing based framework for big data information management of smart grid

Smart grid is a technological innovation that improves efficiency, reliability, economics, and sustainability of electricity services. It plays a crucial role in modern energy infrastructure. The main challenges of smart grids, however, are how to manage different types of front-end intelligent devices such as power assets and smart meters efficiently; and how to process a huge amount of data received from these devices. Cloud computing, a technology that provides computational resources on demands, is a good candidate to address these challenges since it has several good properties such as energy saving, cost saving, agility, scalability, and flexibility. In this paper, we propose a secure cloud computing based framework for big data information management in smart grids, which we call 'Smart-Frame.' The main idea of our framework is to build a hierarchical structure of cloud computing centers to provide different types of computing services for information management and big data analysis. In addition to this structural framework, we present a security solution based on identity-based encryption, signature and proxy re-encryption to address critical security issues of the proposed framework.

Engineering searchable encryption of mobile cloud networks : when QoE meets QoP

Mobile cloud computing can effectively address the resource limitations of mobile devices, and is therefore essential to enable extensive resource consuming mobile computing and communication applications. Of all the mobile cloud computing applications, data outsourcing, such as iCloud, is fundamental, which outsources a mobile user's data to external cloud servers and accordingly provides a scalable and always on approach for public data access. With the security and privacy issues related to outsourced data becoming a rising concern, encryption on outsourced data is often necessary. Although encryption increases the quality of protection (QoP) of data outsourcing, it significantly reduces data usability and thus harms the mobile user's quality of experience (QoE). How to strike a balance between QoP and QoE is therefore an important yet challenging task. In this article we focus on the fundamental problem of QoP and QoE provisioning in searchable encryption of data outsourcing. We develop a fine-grained data search scheme and discuss its implementation on encrypted mobile cloud data, which is an effective balance between QoE and QoP in mobile cloud data outsourcing.

Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data

Using cloud computing, individuals can store their data on remote servers and allow data access to public users through the cloud servers. As the outsourced data are likely to contain sensitive privacy information, they are typically encrypted before uploaded to the cloud. This, however, significantly limits the usability of outsourced data due to the difficulty of searching over the encrypted data. In this paper, we address this issue by developing the fine-grained multi-keyword search schemes over encrypted cloud data. Our original contributions are three-fold. First, we introduce the relevance scores and preference factors upon keywords which enable the precise keyword search and personalized user experience. Second, we develop a practical and very efficient multi-keyword search scheme. The proposed scheme can support complicated logic search the mixed “AND”, “OR” and “NO” operations of keywords. Third, we further employ the classified sub-dictionaries technique to achieve better efficiency on index building, trapdoor generating and query. Lastly, we analyze the security of the proposed schemes in terms of confidentiality of documents, privacy protection of index and trapdoor, and unlinkability of trapdoor. Through extensive experiments using the real-world dataset, we validate the performance of the proposed schemes. Both the security analysis and experimental results demonstrate that the proposed schemes can achieve the same security level comparing to the existing ones and better performance in terms of functionality, query complexity and efficiency.

Enabling efficient multi-keyword ranked search over encrypted mobile cloud data through blind storage

In mobile cloud computing, a fundamental application is to outsource the mobile data to external cloud servers for scalable data storage. The outsourced data, however, need to be encrypted due to the privacy and confidentiality concerns of their owner. This results in the distinguished difficulties on the accurate search over the encrypted mobile cloud data. To tackle this issue, in this paper, we develop the searchable encryption for multi-keyword ranked search over the storage data. Specifically, by considering the large number of outsourced documents (data) in the cloud, we utilize the relevance score and k-nearest neighbor techniques to develop an efficient multi-keyword search scheme that can return the ranked search results based on the accuracy. Within this framework, we leverage an efficient index to further improve the search efficiency, and adopt the blind storage system to conceal access pattern of the search user. Security analysis demonstrates that our scheme can achieve confidentiality of documents and index, trapdoor privacy, trapdoor unlinkability, and concealing access pattern of the search user. Finally, using extensive simulations, we show that our proposal can achieve much improved efficiency in terms of search functionality and search time compared with the existing proposals.

A secure and efficient data sharing framework with delegated capabilities in hybrid cloud

Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Big data storage security

The demand for data storage and processing is increasing at a rapid speed in the big data era. The management of such tremendous volume of data is a critical challenge to the data storage systems. Firstly, since 60% of the stored data is claimed to be redundant, data deduplication technology becomes an attractive solution to save storage space and traffic in a big data environment. Secondly, the security issues, such as confidentiality, integrity and privacy of the big data should also be considered for big data storage. To address these problems, convergent encryption is widely used to secure data deduplication for big data storage. Nonetheless, there still exist some other security issues, such as proof of ownership, key management and so on. In this chapter, we first introduce some major cyber attacks for big data storage. Then, we describe the existing fundamental security techniques, whose integration is essential for preventing data from existing and future security attacks. By discussing some interesting open problems, we finally expect to trigger more research efforts in this new research field.