Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Li Jiang,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-540-76788-6_6

2007-01-01

Abstract:Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.

Zhe-Ming Lu,Zong-Hui Wang,Yong-Liang Liu

DOI: https://doi.org/10.24507/ijicic.17.04.1257

2021-01-01

Abstract:Nowadays, multimedia documents can be easily recreated or modified and then distributed over the Internet or via smart mobile phones; thus copyright protection, copy protection, content authentication and source tracing have become main issues in the big data era. In the past, many multipurpose information hiding schemes have been proposed to solve these problems. However, existing schemes are mainly designed for digital audiovisual documents, but seldom designed for office files, WEB pages, PDF files or software codes. Furthermore, there are few schemes considering how to embed multilevel fingerprints to trace multiple distribution processes. Based on above backgrounds, this paper presents a multipurpose framework based on multilevel multichannel information hiding to provide a more robust and conflict-prevented scheme with whole life cycle and full protection. This framework is developed for all kinds of multimedia documents to protect and/or authenticate and/or trace a multimedia document in its entire life time. In order to make our framework work better as an organic whole, we define a watermark information structure to discriminate and recognize different watermarks and also provide some required control information for watermark extraction or further embedding. To test the effectiveness of the proposed framework, we develop three simulation interfaces for images web pages and PPT files respectively. Experimental results demonstrate that our framework is effective and our scheme can embed multiple watermarks and can extract all watermarks correctly and independently.

Yun Feng,Baoxu Liu,Xiang Cui,Chaoge Liu,Xuebin Kang,Junwei Su

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00144

2018-08-01

Abstract:PDF is extensively employed worldwide in the current time. A vast number of PDF are disseminated over the Internet during people's exchange of documents. The private information that is hidden in PDF document structure is revealed with documents, which causes privacy leakage. To systematically analyze and address the issues, we conduct a series of studies. We find possible sources of PDF personal privacy leaks and design a methodology to extract and recognize sensitive information automatically. Our methodology is helpful for users to check whether their PDF documents contain privacy information prior to transmission via the Internet. We conduct an experiment, and the results indicate the effectiveness of our method. We then experiment tens of thousands of benign and malicious PDF documents gathered from multiple sources around the world to analyze the current privacy leakage situation of PDF documents. Our analysis demonstrates that nearly 70% of people lack the awareness of privacy protection when employing PDF documents. We also discuss the special usage of our method in cyberattack attribution.

Zongda Wu,Shigen Shen,Chenglang Lu,Huxiong Li,Xinning Su

DOI: https://doi.org/10.1108/lht-07-2020-0178

2020-01-01

Library Hi Tech

Abstract:PurposeIn this paper, the authors propose an effective mechanism for the protection of digital library readers' lending privacy under a cloud environment.Design/methodology/approachThe basic idea of the method is that for each literature circulation record, before being submitted to the untrusted cloud database of a digital library for storage, its reader number has to be encrypted strictly at a client, so as to make it unable for an attacker at the cloud to know the specific reader associated with each circulation record and thus protect readers' lending privacy. Moreover, the authors design an effective method for querying the encrypted literature circulation records, so as to ensure the accuracy and efficiency of each kind of database queries related to the encrypted reader number field of literature circulation records.FindingsFinally, both theoretical analysis and experimental evaluation demonstrate the effectiveness of the proposed methods.Originality/valueThis paper presents the first study attempt to the privacy protection of readers' literature circulations, which can improve the security of readers' lending privacy in the untrusted cloud, without compromising the accuracy and efficiency of each kind of database queries in the digital library. It is of positive significance to construct a privacy-preserving digital library platform.

YANG Chun,CAO Tian-jie,ZHANG Yong-ping

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.01.027

2006-01-01

Abstract:X.509v3 is the most wildly used standard of digital credentials in current days.But there still are some security limitations in it.On the base of its important reality significance,the background knowledge of digital credentials and their disadvantage was in-troduced.And the existing solution was analyzed.To fix the drawback of storage space,Merkle tree algorithm was proposed.And the demerit of Merkle tree was also analyzed.Considering the probability of each field in the digital credentials,the Huffman tree algorithm was proposed.At last,3 methods were simply compared.

Vy-An Phan

DOI: https://doi.org/10.48550/arXiv.1905.09478

2019-05-13

Cryptography and Security

Abstract:Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate. In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.

Zhichao Ruan,Wei Ye,Yankai Xie,Haixing Li,Chi Zhang,Lingbo Wei

DOI: https://doi.org/10.1109/icc45041.2023.10278733

2023-01-01

Abstract:Blockchain is the most promising technology to tackle the security challenges of certificate revocation schemes, such as vulnerability to the single point of failure and lack of accountability systems. However, current blockchain-based certificate revocation systems suffer from privacy problems as the blockchain nodes can learn which website the client is going to connect with and infer the end-user's private information, such as identity, location, and health condition. In this paper, we propose a decentralized certificate revocation scheme that allows clients to securely and privately verify revocation information. We not only take advantage of blockchain to provide security guarantees but also further craft a novel multi-server offline/online private information retrieval (PIR) protocol named MOO-PIR to preserve query privacy for clients even if a subset of servers collude. Finally, we provide security analysis and performance evaluation, demonstrating that our scheme can protect client privacy without compromising efficiency.

Eric Ke Wang,Yunming Ye,S. M. Yiu,L. C. K. Hui

DOI: https://doi.org/10.7763/ijcce.2013.v2.200

2013-01-01

International Journal of Computer and Communication Engineering

Abstract:—The wide use of mobile social networks has made it easier for people to share and exchange information with others anywhere, anytime. However, sharing operations of personal data on mobile social networks has put individual privacy under risk in unprecedented ways. We propose a protocol for privacy-preserving P2P information sharing for mobile social networking; because of the limitation of computation and communication for mobile devices, traditional privacy-preserving information sharing for private data sources cannot be applied in mobile social networks. Therefore, we designed a lightweight obfuscation and encryption model to defend against honest-but-curious behavior attack. The protocol is practical for mobile devices and the simulation performance is encouraging.

Tong Zhou,Lein Harn

DOI: https://doi.org/10.1109/ccece.2008.4564549

2008-01-01

Abstract:In nonhierarchical public key infrastructure (PKI), any user can be a certificate authority (CA) to issue digital certificates to other users. As there is no single root CA, it is difficult to check the validity of certificates issued by unknown CAs. It is very risky to trust them without in-depth analysis. How users issue certificates in the real world has not been studied. Solomon Aschpsilas conformity experiment reveals that peoplespsila decisions are influenced by others. To reduce the risk of trusting malicious certificate issuers, we propose two novel methods, micro method and macro method, for users to make trust decisions based on the relationships among the CAs. They will improve the security in ad hoc networks and peer-to-peer (P2P) communications.

Yingjiu Li,Sushil Jajodia,X. Sean Wang

2003-01-01

Abstract:This thesis reports a systematic study of data protection in three different, yet related, scenarios. The first scenario is to guard relational data against unauthorized redistribution or data piracy. In this scenario, the data is released to users who have full control over the use of data but are restricted from any redistribution. A novel technique is presented for embedding fingerprints in database relations so that the original recipient of the data can be identified. In our scheme, one secret key (with or without primary key attributes in database relations) is used to decide the way how a fingerprint is embedded. Rigorous analysis shows that, with high probability, a detected fingerprint is indeed the fingerprint originally embedded, and embedded fingerprints cannot be modified or erased by a variety of attacks, including bits flipping, tuple addition and deletion; secret key guessing, and collusion among multiple recipients of the same relation. In addition, as a special case of fingerprinting, a robust watermarking scheme is also presented for relational databases. The second scenario is to protect the privacy of individual data value against interval-based inference from aggregation queries. Different from the first scenario in which the data is released to users, this scenario is about data that are controlled by its owner. Users are allowed to access the data through aggregation queries. An individual data value is said to be compromised if an accurate enough interval, called inference interval, is obtained from aggregation results such that the actual data value must fall into the interval. Our study shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem has a polynomial time complexity involving mathematical programming with a large number of constraints and/or variables. The last scenario is to detect anomaly from usage log data. Different from the first scenario in which the data are released to users as well as the second scenario in which the data are allowed to be queried by users, this scenario is about using log data to build profiles for user normal behaviors and detect suspicious anomalies that deviate from the profiles. Experiments show that our proposed method is more flexible and precise than previous methods that do not use time information or simply use fixed partition of time intervals in profiling. (Abstract shortened by UMI.)

Leo Yu Zhang,Yifeng Zheng,Jian Weng,Cong Wang,Zihao Shan,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2018.2864748

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The wide adoption of cloud greatly facilitates the sharing of explosively generated media content today, yet deprives content providers' direct control over the outsourced media content. Thus, it is pivotal to build an encrypted cloud media center where only authorized access is allowed. Enforcing access control alone, however, cannot fully protect content providers' interests, as authorized users may later become traitors that illegally redistribute media content to the public. Such realistic threat should have been seriously treated yet is largely overlooked in the literature. In this paper, we initiate the first study on secure media sharing with fair traitor tracing in the encrypted cloud media center, through a new marriage of proxy re-encryption (for secure media sharing) and fair watermarking (for fair traitor tracing). Our key insight is to fully leverage the homomorphic properties residing in proxy re-encryption to embrace operations in fair watermarking. Two protocols are proposed for different application scenarios. We also provide complexity analysis for performance, showing that our work can also be treated as secure outsourcing of fair watermarking, and thus kills two birds with one stone. We thoroughly analyze the security strengths and conduct extensive experiments to validate the effectiveness of our design.

Andrea Flamini,Giada Sciarretta,Mario Scuro,Amir Sharif,Alessandro Tomasi,Silvio Ranise

2024-01-16

Abstract:Verifiable credentials are a digital analogue of physical credentials. Their authenticity and integrity are protected by means of cryptographic techniques, and they can be presented to verifiers to reveal attributes or even predicates about the attributes included in the credential. One way to preserve privacy during presentation consists in selectively disclosing the attributes in a credential. In this paper we present the most widespread cryptographic mechanisms used to enable selective disclosure of attributes identifying two categories: the ones based on hiding commitments - e.g., mdl ISO/IEC 18013-5 - and the ones based on non-interactive zero-knowledge proofs - e.g., BBS signatures. We also include a description of the cryptographic primitives used to design such cryptographic mechanisms. We describe the design of the cryptographic mechanisms and compare them by performing an analysis on their standard maturity in terms of standardization, cryptographic agility and quantum safety, then we compare the features that they support with main focus on the unlinkability of presentations, the ability to create predicate proofs and support for threshold credential issuance. Finally we perform an experimental evaluation based on the Rust open source implementations that we have considered most relevant. In particular we evaluate the size of credentials and presentations built using different cryptographic mechanisms and the time needed to generate and verify them. We also highlight some trade-offs that must be considered in the instantiation of the cryptographic mechanisms.

Cryptography and Security

Shouhuai Xu,Xiaohu Li,T. Paul Parker

DOI: https://doi.org/10.1145/1368310.1368358

2008-01-01

Abstract:ABSTRACTDigital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected --- an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).

Shaoqi Yuan,Wenzhong Yang,Xiaodan Tian,Wenjie Tang

DOI: https://doi.org/10.3390/sym16050622

2024-05-18

Symmetry

Abstract:With the continuous advancement of information technology, a growing number of works, including articles, paintings, and music, are being digitized. Digital content can be swiftly shared and disseminated via the Internet. However, it is also vulnerable to malicious plagiarism, which can seriously infringe upon the rights of creators and dampen their enthusiasm. To protect creators' rights and interests, a sophisticated method is necessary to authenticate digital intellectual property rights. Traditional authentication methods rely on centralized, trustworthy organizations that are susceptible to single points of failure. Additionally, these methods are prone to network attacks that can lead to data loss, tampering, or leakage. Moreover, the circulation of copyright information often lacks transparency and traceability in traditional systems, which leads to information asymmetry and prevents creators from controlling the use and protection of their personal information during the authentication process. Blockchain technology, with its decentralized, tamper-proof, and traceable attributes, addresses these issues perfectly. In blockchain technology, each node is a peer, ensuring the symmetry of information. However, the transparent feature of blockchains can lead to the leakage of user privacy data. Therefore, this study designs and implements an Ethereum blockchain-based intellectual property authentication scheme with privacy protection. Firstly, we propose a method that combines elliptic curve cryptography (ECC) encryption with digital signatures to achieve selective encryption of user personal information. Subsequently, an authentication algorithm based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is adopted to complete the authentication of intellectual property ownership while encrypting personal privacy data. Finally, we adopt the InterPlanetary File System (IPFS) to store large files, solving the problem of blockchain storage space limitations.

multidisciplinary sciences

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Yanan Sun,Xiaohong Guan,Ting Liu

DOI: https://doi.org/10.1007/978-3-642-24403-2_13

2011-01-01

Abstract:Authentication is of great importance in information security. Traditional method only focus on encryption of the content itself, which is the same with the later proposed methods named information hiding and digital watermark. Since data transmission is in the open network, it can easily be detected and intercepted by the malicious party. In this paper, we put forward a new method which utilize the communication channel, not the content, as the data carrier, and guarantee the validation of the user's identity during the common data transmission. Specifically, by manipulating the inter-packet delays, we implement a prototype system for authentication and embed the authentication tag within the packet intervals based on network covert channel. By conducting a series of experiments, we prove that our method performs well in LAN and Campus Network.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Notice of Violation of IEEE Publication Principles "Privacy Protection in Outsourced Database Services" by Yonghong Yu and Wenyang Bai in the Proceedings of the International Conference on Mechatronic Science, Electric Engineering and Computer, August 2011, pp. 1726-1731 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles. This paper contains substantial duplication of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article: "Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 23rd Annula IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 2009 "Fragmentation and Encryption to Enforce Privacy in Data Storage" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), September 2007 "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 29th International Conference on Distributed Computing Systems (ICDCS), June 2009 Technical consideratio- s and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously.

Hongyang Yan,Li Hu,Xiaoyu Xiang,Zheli Liu,Xu Yuan

DOI: https://doi.org/10.1016/j.ins.2020.09.064

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Collaborative learning and related techniques such as federated learning, allow multiple clients to train a model jointly while keeping their datasets at local. <em>Secure Aggregation</em> in most existing works focus on protecting model gradients from the server. However, an dishonest user could still easily get the privacy information from the other users. It remains a challenge to propose an effective solution to prevent information leakage against dishonest users.</p><p>To tackle this challenge, we propose a novel and effective privacy-preserving collaborative machine learning scheme, targeting at preventing information leakage agains adversaries. Specifically, we first propose a privacy-preserving network transformation method by utilizing Random-Permutation in Software Guard Extensions(SGX), which protects the model parameters from being inferred by a curious server and dishonest clients. Then, we apply Partial-Random Uploading mechanism to mitigate the information inference through visualizations. To further enhance the efficiency, we introduce network pruning operation and employ it to accelerate the convergence of training. We present the formal security analysis to demonstrate that our proposed scheme can preserve privacy while ensuring the convergence and accuracy of secure aggregation. We conduct experiments to show the performance of our solution in terms of accuracy and efficiency. The experimental results show that the proposed scheme is practical.</p>

computer science, information systems

Qing Fan,Yumeng Xie,Chuan Zhang,Ximeng Liu,Liehuang Zhu

DOI: https://doi.org/10.1109/tsc.2024.3451145

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:The e-health system enables online healthcare by supporting health data transmission services on medical platforms. Considering the frequent privacy breaches in e-health systems and the issuance of relevant regulations, it is important to ensure the authenticity and privacy of health data. Existing e-health systems either fail to provide data authenticity or neglect privacy protection after patients leave the system. In this article, we put forward a secure and efficient e-health system for data transmission, named PPED, to solve this dilemma. In PPED, we explore a regular signature and a forward-secure signature, which guarantee data authenticity and give the signature a valid period. Then, a specific epochal signature scheme is designed by combining two signature schemes with the time-lock puzzle. Since expired epochal signatures are forgeable, patients after leaving the e-health system can forge expired signatures to deny their relationship with the signed data, thus achieving privacy protection. Detailed security analysis demonstrates the PPED realizes data authenticity and user privacy. Extensive experiments evaluate our system and the results show it is practical in terms of running time.

computer science, information systems, software engineering