59 resultados para Authenticated Encryption
em Deakin Research Online - Australia
Resumo:
This thesis analyses authentication in public key encryption and makes contributions in two areas. Firstly, Compressed Nested PKI is proposed which improves the certificate validation process. Then an implicitly certified encryption scheme, Authenticated Public Key Encryption, which makes keys easier to manage, is introduced.
Resumo:
Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.
Resumo:
Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †
Resumo:
The confidentiality of data is one of the most important issues in cloud storage system. We address the privacy issue of decentralized cloud storage system using threshold cryptography. The major challenge of designing this cloud storage system is to provide a better privacy guarantee. To achieve this goal, we propose a threshold encryption scheme and integrate it with a secure decentralized erasure code to form a secure cloud storage system, where the user generates a secret parameter participated in system encryption and decryption of plaintext blocks in the combine process. Our cloud storage system meets the requirements of data robustness and confidentiality.
Resumo:
Certificate-based encryption (CBE) and certificateless encryption (CLE) are proposed to lessen the certificate management problem in a traditional public-key encryption setting. Although they are two different notions, CBE and CLE are closely related and possess several common features. The encryption in CBE and CLE does not require authenticity verification of the recipient's public key. The decryption in both notions requires two secrets that are generated by the third party and the public key owner, respectively. Recently a generic conversion from CLE to CBE was given, but unfortunately its security proof is flawed. This paper provides an elaborate security model of CBE, based on which a provably secure generic construction of CBE from CLE is proposed. A concrete instantiation is also presented to demonstrate the application of our generic construction.
Resumo:
Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical. © 2013 IEEE.
Further observations on smart-card-based password-authenticated key agreement in distributed systems
Resumo:
This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols. © 2013 IEEE.
Resumo:
A novel image encryption scheme based on compressed sensing and blind source separation is proposed in this work, where there is no statistical requirement to plaintexts. In the proposed method, for encryption, the plaintexts and keys are mixed with each other using a underdetermined matrix first, and then compressed under a project matrix. As a result, it forms a difficult underdetermined blind source separation (UBSS) problem without statistical features of sources. Regarding the decryption, given the keys, a new model will be constructed, which is solvable under compressed sensing (CS) frame. Due to the usage of CS technology, the plaintexts are compressed into the data with smaller size when they are encrypted. Meanwhile, they can be decrypted from parts of the received data packets and thus allows to lose some packets. This is beneficial for the proposed encryption method to suit practical communication systems. Simulations are given to illustrate the availability and the superiority of our method.
Resumo:
Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master secret key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic system is destroyed, so a new model called leakage-resilient (LR) cryptography is introduced to solve this problem. While some traditional public key encryption and identity-based encryption with resilient-leakage schemes have been constructed, as far as we know, there is no leakage-resilient scheme in certificate-based cryptosystems. This paper puts forward the first certificate-based encryption scheme which can resist not only the decryption key leakage but also the master secret key leakage. Based on composite order bilinear group assumption, the security of the scheme is proved by using dual system encryption. The relative leakage rate of key is close to 1/3.
Resumo:
Mobile cloud computing can effectively address the resource limitations of mobile devices, and is therefore essential to enable extensive resource consuming mobile computing and communication applications. Of all the mobile cloud computing applications, data outsourcing, such as iCloud, is fundamental, which outsources a mobile user's data to external cloud servers and accordingly provides a scalable and always on approach for public data access. With the security and privacy issues related to outsourced data becoming a rising concern, encryption on outsourced data is often necessary. Although encryption increases the quality of protection (QoP) of data outsourcing, it significantly reduces data usability and thus harms the mobile user's quality of experience (QoE). How to strike a balance between QoP and QoE is therefore an important yet challenging task. In this article we focus on the fundamental problem of QoP and QoE provisioning in searchable encryption of data outsourcing. We develop a fine-grained data search scheme and discuss its implementation on encrypted mobile cloud data, which is an effective balance between QoE and QoP in mobile cloud data outsourcing.
Resumo:
As a continually growing financial service of electronic commerce, Internet banking requires the development and implementation of a sound security procedure. This involves designing effective methods via which users can
be authenticated in a remote environment. Specifically for Internet banking there is areal need for away uniquely to identify and authenticate users without the possibility of their authenticity being cloned. Some technologies in use have been presented for meeting the security requirements for national, regional and global Internet banking assurance. However, there has been little research conducted particularly on the creation of secure
and trusted pathways. Concentrates on presenting a security framework for Internet banking based on discovering and defining these pathways in terms of adequate authentication mechanisms. Proposes a framework concerning how to identify security requirements for Internet banking such that the
transactions being conducted are secured within their respective environments.
Resumo:
Environmental factors may have an important influence on children’s physical activity, yet children’s perspectives of their home and neighborhood environments have not been widely assessed. The aim of this study was to investigate children’s perceptions of their environments, and to examine associations between these perceptions and objectively measured physical activity. The sample consisted of 147, 10-year-old Australian children, who drew maps of their home and neighborhood environments. A subsample of children photographed places and things in these environments that were important to them. The maps were analyzed for themes, and for the frequency with which particular objects and locations appeared. Physical activity was objectively measured using accelerometers. Six themes emerged from the qualitative analysis of the maps and photographs: the family home; opportunities for physical activity and sedentary pursuits; food items and locations; green space and outside areas; the school and opportunities for social interaction. Of the 11 variables established from these themes, one home and two neighborhood factors were associated with children’s physical activity. These findings contribute to a broader understanding of children’s perceptions of their environment, and highlight the potential importance of the home and neighborhood environments for promoting physical activity behavior.
Resumo:
Background Evidence on the relative influence of childhood vs adulthood socioeconomic conditions on obesity risk is limited and equivocal. The objective of this study was to investigate associations of several indicators of mothers', fathers', and own socioeconomic status, and intergenerational social mobility, with body mass index (BMI) and weight change in young women.
Methods This population-based cohort study used survey data provided by 8756 women in the young cohort (aged 18–23 years at baseline) of the Australian Longitudinal Study on Women's Health. In 1996 and 2000, women completed mailed surveys in which they reported their height and weight, and their own, mother's, and father's education and occupation.
Results Multiple linear regression models showed that both childhood and adulthood socioeconomic status were associated with women's BMI and weight change, generally in the hypothesized (inverse) direction, but the associations varied according to socioeconomic status and weight indicator. Social mobility was associated with BMI (based on father's socioeconomic status) and weight change (based on mother's socioeconomic status), but results were slightly less consistent.
Conclusions Results suggest lasting effects of childhood socioeconomic status on young women's weight status, independent of adult socioeconomic status, although the effect may be attenuated among those who are upwardly socially mobile. While the mechanisms underlying these associations require further investigation, public health strategies aimed at preventing obesity may need to target families of low socioeconomic status early in children's lives.
