Showing papers on "Trusted third party published in 2013"

Lightweight Sybil Attack Detection in MANETs

Abstract: Fully self-organized mobile ad hoc networks (MANETs) represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop lightweight security solutions. Since MANETs require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a lightweight scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations and real-world testbed experiments, we are able to demonstrate that our proposed scheme detects Sybil identities with good accuracy even in the presence of mobility.

Providing privacy-aware incentives for mobile sensing

Abstract: Mobile sensing exploits data contributed by mobile users (e.g., via their smart phones) to make sophisticated inferences about people and their surrounding and thus can be applied to environmental monitoring, traffic monitoring and healthcare. However, the large-scale deployment of mobile sensing applications is hindered by the lack of incentives for users to participate and the concerns on possible privacy leakage. Although incentive and privacy have been addressed separately in mobile sensing, it is still an open problem to address them simultaneously. In this paper, we propose two privacy-aware incentive schemes for mobile sensing to promote user participation. These schemes allow each mobile user to earn credits by contributing data without leaking which data it has contributed, and at the same time ensure that dishonest users cannot abuse the system to earn unlimited amount of credits. The first scheme considers scenarios where a trusted third party (TTP) is available. It relies on the TTP to protect user privacy, and thus has very low computation and storage cost at each mobile user. The second scheme removes the assumption of TTP and applies blind signature and commitment techniques to protect user privacy.

Smart meter aggregation via secret-sharing

Abstract: We design and prototype protocols for processing smart-meter readings while preserving user privacy We provide support for computing non-linear functions on encrypted readings, implemented by adapting to our setting efficient secret-sharing-based secure multi-party computation techniques Meter readings are jointly processed by a (public) storage service and a few independent authorities, each owning an additive share of the readings For non-linear processing, these parties consume pre-shared materials, produced by an off-line trusted third party This party never processes private readings; it may be implemented using trusted hardware or somewhat homomorphic encryption The protocol involves minimal, off-line support from the meters---a few keyed hash computations and no communication overhead

A Novel Privacy Preserving Location-Based Service Protocol With Secret Circular Shift for K-NN Search

Abstract: Location-based service (LBS) is booming up in recent years with the rapid growth of mobile devices and the emerging of cloud computing paradigm. Among the challenges to establish LBS, the user privacy issue becomes the most important concern. A successful privacy-preserving LBS must be secure and provide accurate query [e.g., -nearest neighbor (NN)] results. In this work, we propose a private circular query protocol (PCQP) to deal with the privacy and the accuracy issues of privacy-preserving LBS. The protocol consists of a space filling curve and a public-key homomorphic cryptosystem. First, we connect the points of interest (POIs) on a map to form a circular structure with the aid of a Moore curve. And then the homomorphism of Paillier cryptosystem is used to perform secret circular shifts of POI-related information (POI-info), stored on the server side. Since the POI-info after shifting and the amount of shifts are encrypted, LBS providers (e.g., servers) have no knowledge about the user's location during the query process. The protocol can resist correlation attack and support a multiuser scenario as long as the predescribed secret circular shift is performed before each query; in other words, the robustness of the proposed protocol is the same as that of a one-time pad encryption scheme. As a result, the security level of the proposed protocol is close to perfect secrecy without the aid of a trusted third party and simulation results show that the k-NN query accuracy rate of the proposed protocol is higher than 90% even when is large.

Dongle facilitated wireless consumer payments

Abstract: Computing systems and methods for facilitating consumer transactions in retail and other establishments include communication interfaces adapted to couple a computing system to a plurality of third party mobile electronic devices, storage components adapted to store user information, participating merchant information, or any combination thereof, and processors in communication with the communication interfaces and storage components. The processors are adapted to facilitate automatic wireless transactions between third party users of the third party mobile electronic devices and the participating merchants when the third party devices are present at the participating merchants without any affirmative activity by the third party users.

Enterprise security system

Abstract: A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.

Systems and methods for validated secure data access

Abstract: Methods, systems, and techniques for securing access to stored data are provided. Example embodiments provide a Storage Management System (“SMS”) that is configured to facilitate protected information sharing. The SMS may restrict access to shared information based on one or more criteria that validate an entity's right to access the information. For example, the SMS may restrict access to entities that are located in a particular geographic region, that are using a particular type of hardware or software, that hold particular credentials, or the like. In some cases, the SMS may require that an entity's claim to meet on or more required criteria be validated by a trusted third party.

Privacy Preserving Context Aware Publish Subscribe Systems

Abstract: Modern pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. Both content and context encode sensitive information which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context, such as location, are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a novel group key management scheme. The former construct is used to perform privacy preserving matching, and the latter construct is used to enforce fine-grained encryption-based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.

Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique (Extended Abstract)

Abstract: A secure two-party computation (S2PC) protocol allows two parties to compute over their combined private inputs, as if intermediated by a trusted third party. In the malicious model, this can be achieved with a cut-and-choose of garbled circuits (C&C-GCs), where some GCs are verified for correctness and the remaining are evaluated to determine the circuit output. This paper presents a new C&C-GCs-based S2PC pro- tocol, with significant advantages in efficiency and applicability. First, in contrast with prior protocols that require a majority of evaluated GCs to be correct, the new protocol only requires that at least one evalu- ated GC is correct. In practice this reduces the total number of GCs to approximately one third, for the same statistical security goal. This is accomplished by augmenting the C&C with a new forge-and-lose tech- nique based on bit commitments with trapdoor. Second, the output of the new protocol includes reusable XOR-homomorphic bit commitments of all circuit input and output bits, thereby enabling efficient linkage of several S2PCs in a reactive manner. The protocol has additional inter- esting characteristics (which may allow new comparison tradeoffs), such as needing a low number of exponentiations, using a 2-out-of-1 type of oblivious transfer, and using the C&C structure to statistically verify the consistency of input wire keys.

Privacy preserving association rule mining over distributed databases using genetic algorithm

Abstract: Privacy preservation in distributed database is an active area of research. With the advancement of technology, massive amounts of data are continuously being collected and stored in distributed database applications. Indeed, temporal associations and correlations among items in large transactional datasets of distributed database can help in many business decision-making processes. One among them is mining frequent itemset and computing their association rules, which is a nontrivial issue. In a typical situation, multiple parties may wish to collaborate for extracting interesting global information such as frequent association, without revealing their respective data to each other. This may be particularly useful in applications such as retail market basket analysis, medical research, academic, etc. In the proposed work, we aim to find frequent items and to develop a global association rules model based on the genetic algorithm (GA). The GA is used due to its inherent features like robustness with respect to local maxima/minima and domain-independent nature for large space search technique to find exact or approximate solutions for optimization and search problems. For privacy preservation of the data, the concept of trusted third party with two offsets has been used. The data are first anonymized at local party end, and then, the aggregation and global association is done by the trusted third party. The proposed algorithms address various types of partitions such as horizontal, vertical, and arbitrary.

RAC: A Freerider-Resilient, Scalable, Anonymous Communication Protocol

Abstract: Enabling anonymous communication over the Internet is crucial. The first protocols that have been devised for anonymous communication are subject to freeriding. Recent protocols have thus been proposed to deal with this issue. However, these protocols do not scale to large systems, and some of them further assume the existence of trusted servers. In this paper, we present RAC, the first anonymous communication protocol that tolerates freeriders and that scales to large systems. Scalability comes from the fact that the complexity of RAC in terms of the number of message exchanges is independent from the number of nodes in the system. Another important aspect of RAC is that it does not rely on any trusted third party. We theoretically prove, using game theory, that our protocol is a Nash equilibrium, i.e, that freeriders have no interest in deviating from the protocol. Further, we experimentally evaluate RAC using simulations. Our evaluation shows that, whatever the size of the system (up to 100.000 nodes), the nodes participating in the system observe the same throughput.

Security and Privacy Issues in Wireless Mesh Networks: A Survey

Abstract: This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.

Efficient two-party private blocking based on sorted nearest neighborhood clustering

Abstract: Integrating data from diverse sources with the aim to identify similar records that refer to the same real-world entities without compromising privacy of these entities is an emerging research problem in various domains. This problem is known as privacy-preserving record linkage (PPRL). Scalability of PPRL is a main challenge due to growing data size in real-world applications. Private blocking techniques have been used in PPRL to address this challenge by reducing the number of record pair comparisons that need to be conducted. Many of these private blocking techniques require a trusted third party to perform the blocking. One main threat with three-party solutions is the collusion between parties to identify the private data of another party.We introduce a novel two-party private blocking technique for PPRL based on sorted nearest neighborhood clustering. Privacy is addressed by a combination of the privacy techniques k-anonymous clustering and public reference values. Experiments conducted on two real-world databases validate that our approach is scalable to large databases and effective in generating candidate record pairs that correspond to true matches, while preserving k-anonymous privacy characteristics. Our approach also performs equal or superior compared to three other state-of-the-art private blocking techniques in terms of scalability, blocking quality, and privacy. It can achieve private blocking up-to two magnitudes faster than other state-of-the art private blocking approaches.

Fine-grained access control method for data in cloud storage

Abstract: The invention discloses a fine-grained access control method for data in cloud storage. The method includes the steps: firstly, a data owner blocking files and formulating an external access strategy of file blocks and an internal access strategy of the file blocks according an access control policy, and a trusted third party generating a public key and a master key according to an attribute password mechanism; the data owner utilizing a symmetric password mechanism to encipher the file blocks, utilizing the attribute password mechanism to encipher a symmetric key, and sending a cypher text of the file blocks and a cypher text of a secret key to the cloud; the data owner and the trusted third party utilizing the attribute password mechanism to authorize a user, and generating an attribute key and an attribute processed by an attribute encryption function for each attribute of the user; the data owner sending an user permission change statement to the trusted third party; and the trusted third party judging whether adding or deleting the user permission or not for the user according to the user permission change statement. Compared with the prior art, the method for the fine-grained data access control in the cloud storage has the access control with more fine-grained data under the condition of not increasing additional costs.

3PLUS: Privacy-preserving pseudo-location updating system in location-based services

Abstract: Location-Based Services (LBSs) are becoming increasingly popular with rapid developments of social networks and location aware devices, such as smartphones and tablets Users query the LBSs server and get service information about their surroundings Unfortunately, these queries may lead to serious security and privacy concerns It is very hard for users to access LBSs while keeping their privacy at the same time To deal with this problem, we propose a novel scheme, called 3PLUS It can significantly improve users' location privacy without reliance on the Trusted Third Party (TTP) Further more, it is simple to implement, and does not require changing the current structure of LBSs server Users use a buffer to record the pseudo-locations, which come from both the history locations of herself and the encountered users When two users encounter, by using their pseudonyms, they randomly choose a pseudo-location from their buffers and exchange with each other Then she can find and submit k valid locations together to un-trusted LBSs server easily when the service is needed Our evaluation results indicate us a hidden relationship between k, the buffer size S and exchanging number N

Protecting Data Privacy and Security for Cloud Computing Based on Secret Sharing

Abstract: Cloud computing is an Internet-based computing. Computing services, such as data, storage, software, computing, and application, are delivered to local devices through Internet. The major security issue of cloud computing is that the cloud provider must ensure that their infrastructure is secure, and that prevent illegal data accesses from outsiders, other clients, or even the unauthorized cloud employees. In this paper, we deal with cloud security services including key agreement and authentication. By using Elliptic Curve Diffie-Hellman (ECDH) and symmetric bivariate polynomial based secret sharing, we design the secure cloud computing (SCC). Two types of SCC are proposed. One requires a trusted third party (TTP), and the other does not need a TTP. Also, our SCC can be extended to multi-server SCC (MSCC) to fit an environment, where each multi-server system contains multiple servers to collaborate for serving applications. Due to the strong security and operation efficiency, the proposed SCC and MSCC are extremely suitable for use in cloud computing.

Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique

Abstract: A secure two-party computation (S2PC) protocol allows two parties to compute over their combined private inputs, as if intermediated by a trusted third party. In the malicious model, this can be achieved with a cut-and-choose of garbled circuits (C&C-GCs), where some GCs are verified for correctness and the remaining are evaluated to determine the circuit output. This paper presents a new C&C-GCs-based S2PC protocol, with significant advantages in efficiency and applicability. First, in contrast with prior protocols that require a majority of evaluated GCs to be correct, the new protocol only requires that at least one evaluated GC is correct. In practice this reduces the total number of GCs to approximately one third, for the same statistical security goal. This is accomplished by augmenting the C&C with a new forge-and-lose technique based on bit commitments with trapdoor. Second, the output of the new protocol includes reusable XOR-homomorphic bit commitments of all circuit input and output bits, thereby enabling efficient linkage of several S2PCs in a reactive manner. The protocol has additional interesting characteristics (which may allow new comparison tradeoffs), such as needing a low number of exponentiations, using a 2-out-of-1 type of oblivious transfer, and using the C&C structure to statistically verify the consistency of input wire keys.

Aggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles.

Abstract: Aggregate signatures provide bandwidth-saving aggregation of ordinary signatures. We present the first unrestricted instantiation in the standard model, Moreover, our construction yields a multisignature scheme where a single message is signed by a number of signers. Our second result is an application to verifiably encrypted signatures. There, signers encrypt their signature under the public key of a trusted third party and output a proof that the signature is inside. Upon dispute between signer and verifier, the trusted third party is able to recover the signature. These schemes are provably secure in the standard model.

Towards practical communication in Byzantine-resistant DHTs

Abstract: There are several analytical results on distributed hash tables (DHTs) that can tolerate Byzantine faults. Unfortunately, in such systems, operations such as data retrieval and message sending incur significant communication costs. For example, a simple scheme used in many Byzantine fault-tolerant DHT constructions of n nodes requires O(log3 n) messages; this is likely impractical for real-world applications. The previous best known message complexity is O(log2 n) in expectation. However, the corresponding protocol suffers from prohibitive costs owing to hidden constants in the asymptotic notation and setup costs. In this paper, we focus on reducing the communication costs against a computationally bounded adversary. We employ threshold cryptography and distributed key generation to define two protocols, both of which are more efficient than existing solutions. In comparison, our first protocol is deterministic with O(log2 n) message complexity, and our second protocol is randomized with expected O(log n) message complexity. Furthermore, both the hidden constants and setup costs for our protocols are small, and no trusted third party is required. Finally, we present results from microbenchmarks conducted over PlanetLab showing that our protocols are practical for deployment under significant levels of churn and adversarial behavior.

Method and system for traffic engineering in secured networks

Abstract: Aspects of a method and system for traffic engineering in an IPSec secured network are provided. In this regard, a node in a network may be authenticated as a trusted third party and that trusted third party may be enabled to acquire security information shared between or among a plurality of network entities. In this manner, the trusted third party may parse, access and operate on IPSec encrypted traffic communicated between or among the plurality of network entities. Shared security information may comprise one or more session keys utilized for encrypting and/or decrypting the IPSec secured traffic. The node may parse IPSec traffic and identify a flow associated with the IPsec traffic. In this manner, the node may generate and/or communicate statistics pertaining to said IPSec secured traffic based on the flow with which the traffic is associated.

Weight-aware private matching scheme for Proximity-based Mobile Social Networks

Abstract: Making new social interactions with other users in vicinity is a crucial service in Proximity-based Mobile Social Networks (PMSNs), where a user can find a best matching friend directly through the Bluetooth/WiFi interfaces built in her mobile device. In existing work for such services, users have to publish their interests to do the matching. However, it conflicts with users' growing privacy concerns about revealing their interests to strangers. To tackle this problem, we propose Weighted Average Similarity (WAS) algorithm, which considers both the number of common interests and the corresponding weights on them, to protect users' privacy without reliance on any Trusted Third Party (TTP). Users set their interests into several priority levels with different weights, then WAS can provide a high level similarity value among these participants without revealing any information about their common interests. The security and computation/communication overhead of our scheme are thoroughly analyzed and evaluated via detailed simulations.

Pseudonymous Smart Metering without a Trusted Third Party

Abstract: Privacy concerns in smart metering are one of the most discussed challenges encountered by introducing the smart grid. Several approaches to tackle this problem exist. One of these approaches is the usage of pseudonyms to protect the privacy of customers. Existing solutions to pseudonymous smart metering require a trusted third party to manage the pseudonyms and often neglect the risk of transmitting pseudonymized data through direct connections. This provides the data sink with a mapping from pseudonym to network address which can be used to break pseudonymization. In this paper, we propose a pseudonymous smart metering protocol that does not require a trusted third party. It provides authenticated but anonymous pseudonyms and solves the transmission problem by using a lightweight anonymity network based on a peer-to-peer overlay.

Cyberspace Trusted Identity (CTI) Module

Abstract: The Cyberspace Trusted Identity (CTI) module provides secure storage of a cyberspace user's personal identity information and a security infrastructure to guarantee the integrity and privacy of a cyberspace transaction. When the owner of an electronic device registers their biometric samples on the CTI module the module becomes locked and the information stored on the module can only be accessed when the device owner provides a live biometric sample, which matches the registered biometric sample. When the CTI Module is registered under a trusted third party system; a Cyberspace Identification Trust Authority (CITA) system, the module provides a secure mechanism for storing a cyberspace user's digital identity tokens and for conducting safe and reliable cyberspace transactions between two cyberspace users. The CTI Module eliminates the need to carry man-made identity tokens, or the need to remember and/or openly exchange personal identity information, when conducting a cyberspace transaction.

A Quantum Protocol for (t,n)-Threshold Identity Authentication Based on Greenberger-Horne-Zeilinger States

Abstract: A quantum protocol for (t,n)-threshold identity authentication based on Greenberger-Horne-Zeilinger states is presented. A trusted third party (TTP) can authenticate the users simultaneously when and only when t or more users among n apply for authentication. Compared with the previous multiparty simultaneous quantum identity authentication (MSQIA) protocols, the proposed scheme is more flexible and suitable for practical applications.

EPS: Encounter-Based Privacy-Preserving Scheme for Location-Based Services

Abstract: Location-Based Services (LBSs) gain increasing popularity with the development of social networks and mobile devices. The mobile users enjoy convenience by submitting their private information. Nonetheless, the users' sensitive information may be abused by an un-trusted LBS server. Privacy concerned in LBSs can be categorized into two major types: location privacy and query privacy. In this paper, we propose a novel scheme, called Encounter-Based Privacy-Preserving Scheme (EPS), which allows a user to access an LBS server under the protection of k-anonymity on both her location privacy and query privacy. Without reliance on any Trusted Third Party (TTP), EPS uses a buffer on each user's mobile device to collect the queried information of the encountered users. To achieve k-anonymity, a user needs to choose k-1 records from her buffer, with the help of our location obfuscating algorithm and querying algorithm, the user's privacy can be protected. Evaluation results show the effectiveness and efficiency of our proposed EPS.

On the security of arbitrated quantum signature schemes

Abstract: Due to the potential capability of providing unconditional security, arbitrated quantum signature (AQS) schemes, whose implementation depends on the participation of a trusted third party, received intense attention in the past decade. Recently, some typical AQS schemes were cryptanalyzed and improved. In this paper, we analyze the security property of some AQS schemes and show that all the previous AQS schemes, no matter whether original or improved, are still insecure in the sense that the messages and the corresponding signatures can be exchanged among different receivers, allowing the receivers to deny having accepted the signature of an appointed message. Some further improved methods on the AQS schemes are also discussed.

User-centered mobile internet identity managing and identifying method

Abstract: Disclosed is a user-centered mobile internet identity managing and identifying method. User identity agency which is in charge of managing user identity information is set on a mobile platform by the method. An identity information card of a user can be created by the user through the user identity agency. Identity information can also be issued by a trusted third party through request and management of the user identity agency. The identity information of the user is shown in the form of a virtual card. The identity information of the user is managed by the user, and the user only needs to submit essential identity information needed by a website to the website. The submission of the identity information of the user needs to acquire authorization of the user, and therefore the user-centered characteristic and characteristic of user controlled identity information are shown in identity management. Identity authentication is conducted through a public and private key when the user needs to register or login on the website, and no longer relies on the identity authentication method of username/password. If a repeater (RP) is provided with a legal digital certificate, the digital certificate of the RP can be checked through the user identity agency by the system, and therefore phishing is prevented.

Social networking groups as a platform for third party integration

Abstract: Exemplary methods, apparatuses, and systems receive a request from a user to access content for a group of users of a social networking system, and send the content to the user including an interface to a third party system. The interface is to enable the user to retrieve information related to a third party service from the third party system to share with the group. The user sends the information related to the third party service to share with the group to the social networking system. The social networking system sends the shared information related to the third party service to a group member based on the group member requesting access to the content. In one embodiment, the third party service stores a file or folder on a third party server and the shared information includes a link to the shared file or folder.