Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Towards Thwarting Template Side-Channel Attacks in Secure Cloud Deduplications

Abstract: As one of a few critical technologies to cloud storage service, deduplication allows cloud servers to save storage space by deleting redundant file copies. However, it often leaks side channel information regarding whether an uploading file gets deduplicated or not. Exploiting this information, adversaries can easily launch a template side-channel attack and severely harm cloud users’ privacy. To thwart this kind of attack, we resort to the k-anonymity privacy concept to design secure threshold deduplication protocols. Specifically, we have devised a novel cryptographic primitive called “dispersed convergent encryption” (DCE) scheme, and proposed two different constructions of it. With these DCE schemes, we successfully construct secure threshold deduplication protocols that do not rely on any trusted third party. Our protocols not only support confidentiality protections and ownership verifications, but also enjoy formal security guarantee against template side-channel attacks even when the cloud server could be a “covert adversary” who may violate the predefined threshold and perform deduplication covertly. Experimental evaluations show our protocols enjoy very good performance in practice.

Private discovery of common social contacts

Abstract: Digital services that are offered, and consumed, on the basis of social relationships form the backbone of social clouds--an emerging new concept that finds its roots in online social networks. The latter have already taken an essential role in people's daily life, helping users to build and reflect their social relationships to other participants. A key step in establishing new links entails the reconciliation of shared contacts and friends. However, for many individuals, personal relationships belong to the private sphere, and, as such, should be concealed from potentially prying eyes of strangers. Consequently, the transition toward social clouds cannot set aside mechanisms to control the disclosure of social links. This paper motivates and introduces the concept of Private Discovery of Common Social Contacts, which allows two users to assess their social proximity through interaction and learn the set of contacts (e.g., friends) that are common to both users, while hiding contacts that they do not share. We realize private contact discovery using a new cryptographic primitive, called contact discovery scheme (CDS), whose functionality and privacy is formalized in this work. To this end, we define a novel privacy feature, called contact-hiding, that captures our strong privacy goals. We also propose the concept of contact certification and show that it is essential to thwart impersonation attacks on social relationships. We build provably private and realistically efficient CDS protocols for private discovery of mutual contacts. Our constructions do not rely on a trusted third party (TTP)--all contacts are managed independently by the users. The practicality of our proposals is confirmed both analytically and experimentally on different computing platforms. We show that they can be efficiently deployed on smartphones, thus allowing ad hoc and ubiquitous contact discovery outside of existing social networks. Our CDS constructions allow users to select their (certified) contacts to be included in individual protocol executions. That is, users may perform context-dependent contact discovery using any subset (circle) of their contacts.

Online Social Network with flexible and dynamic privacy policies

Abstract: Online Social Networks (OSN) have become widely popular in recent years. OSN enable people to connect with their friends based on sharing information about their personal life. There are some serious privacy problems that need to be resolved in existing OSN: Firstly, there has to be a method to protect user-generated data from OSN providers. Secondly, a fully flexible and dynamic access control mechanism should exist to protect private data against attackers and unauthorized friends. Thirdly, the aforementioned access control system should be efficient in managing the privacy policies of OSN users. To meet these requirements, this paper presents a privacy protection solution for OSN with a customizable privacy control. In the proposed approach, the users keep control of their data without any help from the OSN provider or a trusted third party. The introduced scheme employs identity based broadcast encryption (IBBE) system to communicate the private data to intended OSN users. The privacy and efficiency analysis show the proposed architecture is a great improvement over existing approaches in preserving the privacy of OSN users.

A Hybrid Key Management Protocol for Wireless Sensor Networks

Abstract: Wireless Sensor Networks (WSNs) are wireless ad-hoc networks of tiny battery-operated wireless sensors. They are usually deployed in unsecured, open, and, harsh environments where it is difficult for humans to perform continuous monitoring. Due to its nature of deployment it is very crucial to provide security mechanisms for authenticating data. Key management is a pre-requisite for any security mechanism. Due to memory, computation, and communication constraints of sensor nodes, distribution and management of key in WSNs is a challenging task. Because of its lightweight feature, symmetric crypto-systems are a natural choice for key management in WSNs. However, they often fail to provide a good trade-off between resilience and storage. On the other hand, Public Key Infrastructure (PKI) is infeasible in WSNs because of its continuous availability of trusted third party and heavy computational requirements for certificate verification. Pairing-Based Cryptography (PBC) has paved a way for how parties can agree on keys without any interaction. It has relaxed the requirement of expensive certificate verification on PKI system. In this paper, we propose a new hybrid ID based non-interactive key management protocol for WSNs, which leverages the benefits from both symmetric key based cryptosystems and PBC by combining them together. The proposed protocol is very flexible and suits many applications. We also provide mechanisms for key refresh when the network changes.

Secure user authentication mechanism in digital home network environments

Abstract: The home network is a new IT technology environment for making an offer of convenient, safe, pleasant, and blessed lives to people, making it possible to be provided with various home network services by constructing home network infrastructure regardless of devices, time, and places. This can be done by connecting home devices based on wire and wireless communication networks, such as mobile communication, Internet, and sensor network. However, there are many risks involved, for example user privacy violations and service interference. Therefore, security service is required to block these risk elements, and user authentication is an essential component for secure home network service. It enables non-authorized persons not to use home network. In this paper, an authentication protocol for secure communications is proposed for secure home network environments. The proposed authentication protocol is designed to accept existing home networks based on public key infrastructure (PKI) and Authentication, Authorization, and Accounting (AAA), which both use Kerberos