Wireless broadcast encryption based on smart cards

Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.

Authentication in public key encryption schemes

This thesis analyses authentication in public key encryption and makes contributions in two areas. Firstly, Compressed Nested PKI is proposed which improves the certificate validation process. Then an implicitly certified encryption scheme, Authenticated Public Key Encryption, which makes keys easier to manage, is introduced.

Further observations on certificateless public key encryption

Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †

A secure cloud storage system from threshold encryption

The confidentiality of data is one of the most important issues in cloud storage system. We address the privacy issue of decentralized cloud storage system using threshold cryptography. The major challenge of designing this cloud storage system is to provide a better privacy guarantee. To achieve this goal, we propose a threshold encryption scheme and integrate it with a secure decentralized erasure code to form a secure cloud storage system, where the user generates a secret parameter participated in system encryption and decryption of plaintext blocks in the combine process. Our cloud storage system meets the requirements of data robustness and confidentiality.

A provably secure construction of certificate-based encryption from certificateless encryption

Certificate-based encryption (CBE) and certificateless encryption (CLE) are proposed to lessen the certificate management problem in a traditional public-key encryption setting. Although they are two different notions, CBE and CLE are closely related and possess several common features. The encryption in CBE and CLE does not require authenticity verification of the recipient's public key. The decryption in both notions requires two secrets that are generated by the third party and the public key owner, respectively. Recently a generic conversion from CLE to CBE was given, but unfortunately its security proof is flawed. This paper provides an elaborate security model of CBE, based on which a provably secure generic construction of CBE from CLE is proposed. A concrete instantiation is also presented to demonstrate the application of our generic construction.

Securely outsourcing attribute-based encryption with checkability

Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical. © 2013 IEEE.

Image encryption based on compressed sensing and blind source separation

A novel image encryption scheme based on compressed sensing and blind source separation is proposed in this work, where there is no statistical requirement to plaintexts. In the proposed method, for encryption, the plaintexts and keys are mixed with each other using a underdetermined matrix first, and then compressed under a project matrix. As a result, it forms a difficult underdetermined blind source separation (UBSS) problem without statistical features of sources. Regarding the decryption, given the keys, a new model will be constructed, which is solvable under compressed sensing (CS) frame. Due to the usage of CS technology, the plaintexts are compressed into the data with smaller size when they are encrypted. Meanwhile, they can be decrypted from parts of the received data packets and thus allows to lose some packets. This is beneficial for the proposed encryption method to suit practical communication systems. Simulations are given to illustrate the availability and the superiority of our method.

Certificate-based encryption resilient to key leakage

Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master secret key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic system is destroyed, so a new model called leakage-resilient (LR) cryptography is introduced to solve this problem. While some traditional public key encryption and identity-based encryption with resilient-leakage schemes have been constructed, as far as we know, there is no leakage-resilient scheme in certificate-based cryptosystems. This paper puts forward the first certificate-based encryption scheme which can resist not only the decryption key leakage but also the master secret key leakage. Based on composite order bilinear group assumption, the security of the scheme is proved by using dual system encryption. The relative leakage rate of key is close to 1/3.

Engineering searchable encryption of mobile cloud networks : when QoE meets QoP

Mobile cloud computing can effectively address the resource limitations of mobile devices, and is therefore essential to enable extensive resource consuming mobile computing and communication applications. Of all the mobile cloud computing applications, data outsourcing, such as iCloud, is fundamental, which outsources a mobile user's data to external cloud servers and accordingly provides a scalable and always on approach for public data access. With the security and privacy issues related to outsourced data becoming a rising concern, encryption on outsourced data is often necessary. Although encryption increases the quality of protection (QoP) of data outsourcing, it significantly reduces data usability and thus harms the mobile user's quality of experience (QoE). How to strike a balance between QoP and QoE is therefore an important yet challenging task. In this article we focus on the fundamental problem of QoP and QoE provisioning in searchable encryption of data outsourcing. We develop a fine-grained data search scheme and discuss its implementation on encrypted mobile cloud data, which is an effective balance between QoE and QoP in mobile cloud data outsourcing.

IP spoofing attack and its countermeasures

IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. It causes serious security problem in the cyber world, and is currently exploited widely in the information warfare. This paper at first introduces the IP spoofing attack through examples, technical issues and attacking types. Later its countermeasures are analysed in detail, which include authentication and encription, filtering and IP traceback. In particular, an IP traceback mechanism, Flexible Deterministic Packet Marking (FDPM) is presented. Since the IP spoofing problem can not be solved only by technology, but it also needs social regulation, the legal issues and economic impact are discussed in the later part.

The need for best practice standards in electronic governance of patient medical records to facilitate innovation

Background : Optimising the use of electronic data offers many opportunities to health services, particularly in rural and remote areas. These include reducing the effect of distance on access to clinical information and sharing information where there are multiple service providers for a single patient. The increasing compilation of large electronic databases of patient information and the ease with which electronic information can be transferred has raised concerns about the privacy and confidentiality of such records.
Aims & rationale/Objectives : This review aims to identify legal and ethical standards for areas of electronic governance where a lack of clarity may currently impede innovation in health service delivery.
Methods : This paper describes best practices for storage and transfer of electronic patient data based on an examination of Australian legislative requirements and a review of a number of current models. This will firstly allow us to identify basic legal requirements of electronic governance as well as areas of ambiguity not fully addressed by legislation. An examination of current models will suggest recommendations for best practice in areas lacking sufficient legal guidance.
Principal findings : We have identified the following four areas of importance, and shall discuss relevant details:
1) Patients' right of ownership to electronic patient records. 2) Custodial issues with data stored in centralised health care institutions 3) IT Security, including hierarchical level access, data encryption, data transfer standards and physical security 4) Software applications usage.
Discussion : Our examination of several models of best practice for the transfer of electronic patient data, both in Australia and internationally, identifies and clarifies many unresolved issues of electronic governance. This paper will also inform future policy in this area.
Implications : Clarification will facilitate the future development of beneficial technology-based innovations by rural health services.
Presentation type : Poster

Proceedings : 10th International Multimedia Modeling Conference : MMM 2004 : Brisbane, Australia, 5-7 January 2004

The International Multimedia Modelling conference series is an annual forum to discuss the efficient representation, processing, interaction, integration, communication, and retrieval of multimedia information.
In particular, the 10th International Multimedia Modelling Conference (MMM2004) concentrates on common modelling frameworks for integrating the diverse fields of visual, audio, video, and
virtual world information.
MMM2004 deals with emerging Multimedia Modelling topics including:
• Multimedia Databases
• Audio Processing, Coding and Encryption
• Network Games and Animation
• Video Applications
• Multimedia Frameworks and QoS
• Topological and 3D Geometric Modelling
• Image Applications
• Image Retrieval
• Modelling / Editing / Virtual Environment
• Video Retrieval and Browsing

Security of RFID systems - a hybrid approach

The use of RFID (Radio Frequency Identification) technology can be employed for tracking and detecting each container, pallet, case, and product uniquely in the supply chain. It connects the supply chain stakeholders (i.e.; suppliers, manufacturers, wholesalers/distributors, retailers and customers) and allows them to exchange data and product information. Despite these potential benefits, security issues are the key factor in the deployment of a RFID-enabled system in the global supply chain. This paper proposes a hybrid approach to secure RFID transmission in Supply Chain Management (SCM) systems using modified Wired Equivalent Encryption (WEP) and Rivest, Shamir and Adleman (RSA) cryptosystem. The proposed system also addresses the common loop hole of WEP key algorithm and makes it more secure compare to the existing modified WEP key process.