Outsourcing scheme of ABE encryption secure against malicious adversary

In general, the IEEE 802.11 network identifiers used by wireless access points (APs) can be easily spoofed. Accordingly, a malicious adversary is able to clone the identity information of a legitimate AP (LAP) to launch evil twin attacks (ETAs). The evil twin is a class of rogue access point (RAP) that masquerades as a LAP and allures Wi-Fi victims’ traffic. It enables an attacker with little effort and expenditure to eavesdrop or manipulate wireless communications. Due to the characteristics of strong concealment, high confusion, great harmfulness, and easy implementation, the ETA has become one of the most severe security threats in Wireless Local Area Networks (WLANs). Here, we propose a novel client-side approach, Speical Length Frames Arrival Time (SLFAT), to detect the ETA, which utilizes the same gateway as the LAP. By monitoring the traffic emitted by target APs at a detection node, SLFAT extracts the arrival time of the special frames with the same length to determine the evil twin’s forwarding behavior. SLFAT is passive, lightweight, efficient, hard to be escaped. It allows users to independently detect ETA on ordinary wireless devices. Through implementation and evaluation in our study, SLFAT achieves a very high detection rate in distinguishing evil twins from LAPs.

Download Full-text

Key Substitution Attack and Malleability of a Short Signature Scheme with Batch Verification

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.55-57.1605 ◽

2011 ◽

Vol 55-57 ◽

pp. 1605-1608

Author(s):

Fan Yu Kong ◽

Jia Yu

Keyword(s):

Digital Signature ◽

Public Key ◽

Signature Scheme ◽

Batch Verification ◽

Malicious Adversary ◽

Short Signature ◽

Digital Signature Scheme

At IWSEC 2008, F. Guo et al. proposed an efficient short signature scheme with batch verification based on C. Gentry’s scheme. In this paper, we firstly propose the key substitution attack on F. Guo et al.’s digital signature scheme and show that the malicious adversary can forge a valid signature, which can be verified with a substituted public key. Secondly, we prove that F. Guo et al.’s scheme is malleable and the attacker can produce a new valid signature on the message if he/she has known some valid signatures on the same message.

Download Full-text

Machine Learning in the Hands of a Malicious Adversary: A Near Future If Not Reality 1

10.1002/9781119723950.ch15 ◽

2021 ◽

pp. 289-316

Author(s):

Keywhan Chung ◽

Xiao Li ◽

Peicheng Tang ◽

Zeran Zhu ◽

Zbigniew T. Kalbarczyk ◽

...

Keyword(s):

Machine Learning ◽

Malicious Adversary ◽

Near Future

Download Full-text

Practical generation of common random strings for secure multiparty computations over the Internet

Transactions on Networks and Communications ◽

10.14738/tnc.86.9447 ◽

2020 ◽

Vol 8 (6) ◽

pp. 01-15

Author(s):

István Vajda

Keyword(s):

Broadcast Channels ◽

Third Party ◽

The Internet ◽

Random String ◽

Coin Toss ◽

Trusted Third Party ◽

Malicious Adversary ◽

Radio Broadcast ◽

Secure Implementation ◽

Provably Secure

It is known that most of the interesting multiparty cryptographic tasks cannot be implemented securely without trusted setup in a general concurrent network environment like the Internet. We need an appropriate trusted third party to solve this problem. An important trusted setup is a public random string shared by the parties. We present a practical n-bit coin toss protocol for provably secure implementation of such setup. Our idea is inviting external peers into the execution of the protocol to establish an honest majority among the parties. We guarantee security in the presence of an unconditional, static, malicious adversary. Additionally, we present an original practical idea of using live public radio broadcast channels for the generation of common physical random source.

Download Full-text

Anonymous Spatial Query on Non-Uniform Data

International Journal of Data Warehousing and Mining ◽

10.4018/ijdwm.2013100103 ◽

2013 ◽

Vol 9 (4) ◽

pp. 44-61 ◽

Cited By ~ 1

Author(s):

Shyue-Liang Wang ◽

Chung-Yi Chen ◽

I-Hsien Ting ◽

Tzung-Pei Hong

Keyword(s):

Web Search ◽

Service System ◽

Data Distribution ◽

Data Encryption ◽

Third Party ◽

Lookup Table ◽

Space Filling Curve ◽

Malicious Adversary ◽

Secure Hardware ◽

Improved Performance

Location and local service is one of the hottest bunches of applications in recent years, due to the proliferation of Global Position System (GPS) and mobile web search technology. Spatial queries retrieving neighboring Point-Of-Interests (POI) require actual user locations for services. However, exposing the physical location of querier to service system may pose privacy threat to users, if malicious adversary has access to the system. To hinder the service system from obtaining the “true” location of querier, current obfuscation-based approach requires a trusted third party anonymizer. As for the data-encryption-based and cPIR-based approaches, they incur costly computation overheads. Although the secure hardware-aided PIR-based technique has been shown to be superior to formers, it did not consider the characteristics of data distribution of searching domain. To deal with the problem of non-uniform data distribution and efficient retrieval, we propose four schemes: MSQL, NSQL, MNSQL, MHBL, based on flexible multi-layer grids, non-empty lookup table and Hilbert space-filling curve for efficient storage and retrieval of POI data, so that improved performance of PIR-based techniques could be achieved. Numerical experiments demonstrate that the proposed techniques indeed deliver better efficiency under various criteria.

Download Full-text

A Proxy-Based Solution for Asynchronous Telemedical Systems

International Journal of E-Health and Medical Communications ◽

10.4018/ijehmc.2017070105 ◽

2017 ◽

Vol 8 (3) ◽

pp. 70-83 ◽

Cited By ~ 1

Author(s):

Sampsa Rauti ◽

Janne Lahtiranta ◽

Heidi Parisod ◽

Sami Hyrynsalmi ◽

Sanna Salanterä ◽

...

Keyword(s):

Patient Safety ◽

Quality Of Care ◽

Web Application ◽

Cyber Attacks ◽

Research Approach ◽

Sensitive Information ◽

Web Based ◽

Malicious Adversary ◽

Iot Devices

Asynchronous telemedicine systems face many challenges related to information security as the patient's sensitive information and data on medicine dosage is transmitted over a network when monitoring patients and controlling asynchronous telemedical IoT devices. This information may be modified or spied on by a malicious adversary. To make asynchronous telemedicine systems more secure, the authors present a proxy-based solution against data modification and spying attacks in web-based telemedical applications. By obfuscating the executable code of a web application and by continuously dynamically changing obfuscation, the authors' solution makes it more difficult for a piece of malware to attack its target. They use a constructive research approach. They characterize the threat and present an outline of a proposed solution. The benefits and limitations of the proposed solution are discussed. Cyber-attacks targeted at the information related to patient's care are a serious threat in today's telemedicine. If disregarded, these attacks have negative implications on patient safety and quality of care.

Download Full-text

Secure End-to-End Communication with Optimal Throughput and Resilience against Malicious Adversary

Lecture Notes in Computer Science - Distributed Computing ◽

10.1007/978-3-642-41527-2_28 ◽

2013 ◽

pp. 403-417

Author(s):

Paul Bunn ◽

Rafail Ostrovsky

Keyword(s):

Malicious Adversary ◽

End To End

Download Full-text

Communication Efficient Secret Sharing in the Presence of Malicious Adversary

2020 IEEE International Symposium on Information Theory (ISIT) ◽

10.1109/isit44484.2020.9174266 ◽

2020 ◽

Cited By ~ 1

Author(s):

Rawad Bitar ◽

Sidharth Jaggi

Keyword(s):

Secret Sharing ◽

Malicious Adversary

Download Full-text

Serial RRAM Cell for Secure Bit Concealing

Electronics ◽

10.3390/electronics10151842 ◽

2021 ◽

Vol 10 (15) ◽

pp. 1842

Author(s):

Binbin Yang ◽

Daniel Arumí ◽

Salvador Manich ◽

Álvaro Gómez-Pau ◽

Rosa Rodríguez-Montañés ◽

...

Keyword(s):

Reverse Engineering ◽

Experimental Results ◽

Side Channel ◽

Memory Cells ◽

Side Channel Attacks ◽

Sensitive Data ◽

Basic Cell ◽

Malicious Adversary ◽

Non Volatile Memory ◽

Volatile Memory

Non-volatile memory cells are exposed to adversary attacks since any active countermeasure is useless when the device is powered off. In this context, this work proposes the association of two serial RRAM devices as a basic cell to store sensitive data, which could solve this bothersome problem. This cell has three states: ‘1’, ‘0’, and masked. When the system is powered off or the data is not used, the cell is set to the masked state, where the cell still stores a ‘1’ or a ‘0’ but a malicious adversary is not capable of extracting the stored value using reverse engineering techniques. Before reading, the cell needs to be unmasked and it is masked afterwards until the next reading request. The operation of the cell also provides robustness against side-channel attacks. The presented experimental results confirm the validity of the proposal.

Download Full-text

Substring-Searchable Symmetric Encryption

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0014 ◽

2015 ◽

Vol 2015 (2) ◽

pp. 263-281 ◽

Cited By ~ 23

Author(s):

Melissa Chase ◽

Emily Shen

Keyword(s):

Asymptotic Efficiency ◽

Suffix Tree ◽

Encryption Scheme ◽

Symmetric Encryption ◽

Limited Information ◽

Suffix Trees ◽

Malicious Adversary ◽

Private Data ◽

Searchable Symmetric Encryption ◽

Access Patterns

AbstractIn this paper, we consider a setting where a client wants to outsource storage of a large amount of private data and then perform substring search queries on the data – given a data string s and a search string p, find all occurrences of p as a substring of s. First, we formalize an encryption paradigm that we call queryable encryption, which generalizes searchable symmetric encryption (SSE) and structured encryption. Then, we construct a queryable encryption scheme for substring queries. Our construction uses suffix trees and achieves asymptotic efficiency comparable to that of unencrypted suffix trees. Encryption of a string of length n takes O(λn) time and produces a ciphertext of size O(λn), and querying for a substring of length m that occurs k times takes O(λm+k) time and three rounds of communication. Our security definition guarantees correctness of query results and privacy of data and queries against a malicious adversary. Following the line of work started by Curtmola et al. (ACM CCS 2006), in order to construct more efficient schemes we allow the query protocol to leak some limited information that is captured precisely in the definition. We prove security of our substring-searchable encryption scheme against malicious adversaries, where the query protocol leaks limited information about memory access patterns through the suffix tree of the encrypted string.

Download Full-text

Outsourcing scheme of ABE encryption secure against malicious adversary

SLFAT: Client-Side Evil Twin Detection Approach Based on Arrival Time of Special Length Frames

Key Substitution Attack and Malleability of a Short Signature Scheme with Batch Verification

Machine Learning in the Hands of a Malicious Adversary: A Near Future If Not Reality 1

Practical generation of common random strings for secure multiparty computations over the Internet

Anonymous Spatial Query on Non-Uniform Data

A Proxy-Based Solution for Asynchronous Telemedical Systems

Secure End-to-End Communication with Optimal Throughput and Resilience against Malicious Adversary

Communication Efficient Secret Sharing in the Presence of Malicious Adversary

Serial RRAM Cell for Secure Bit Concealing

Substring-Searchable Symmetric Encryption

Export Citation Format