Visible to the public Digital Signatures and Privacy 2015

SoS Newsletter- Advanced Book Block


SoS Logo

Digital Signatures and Privacy


A digital signature is one of the most common ways to authenticate. Using a mathematical scheme, the signature assures the reader that the message was created and sent by a known sender. But not all signature schemes are secure. The research challenge is to find new and better ways to protect, transfer, and utilize digital signatures. The articles cited here were published in 2015, and discuss both theory and practice related to privacy issues.

Jalalzai, M.H.; Shahid, W.B.; Iqbal, M.M.W., “DNS Security Challenges and Best Practices to Deploy Secure DNS with Digital Signatures,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no.,
pp. 280–285, 13–17 Jan. 2015. doi:10.1109/IBCAST.2015.7058517
Abstract: This paper is meant to discuss the DNS security vulnerabilities and best practices to address DNS security challenges. The Domain Name System (DNS) is the foundation of internet which translates user friendly domains, named based Resource Records (RR) into corresponding IP addresses and vice-versa. Nowadays usage of DNS services are not merely for translating domain names, but it is also used to block spam, email authentication like DKIM and the latest DMARC, the TXT records found in DNS are mainly about improving the security of services. So, virtually almost every internet application is using DNS. If not works properly then whole internet communication will collapse. Therefore security of DNS infrastructures is one of the core requirements for any organization in current cyber security arena. DNS are favorite place for attackers due to huge loss of its outcome. So breach in DNS security will in resultant affects the trust worthiness of whole internet. Therefore security of DNS is paramount, in case DNS infrastructure is vulnerable and compromised, organizations lose their revenue, they face downtime, customer dissatisfaction, privacy loss, confront legal challenges and many more. As we know that DNS is now become the largest distributed database, but initially at the time of DNS design the only goal was to provide scalable and available name resolution service but its security perspectives were not focused and overlooked at that time. So there are number of security flaws exist and there is an urgent requirement to provide some additional mechanism for addressing known vulnerabilities. From these security challenges, most important one is DNS data integrity and availability. For this purpose we introduced cryptographic framework that is configured on open source platform by incorporating DNSSEC with Bind DNS software which addresses integrity and availability issues of DNS by establishing DNS chain of trust using digitally signed DNS data.
Keywords: Internet; computer network security; cryptography; data integrity; data privacy; digital signatures; distributed databases; public domain software; Bind DNS software; DKIM; DMARC; DNS availability issues; DNS chain; DNS data integrity; DNS design; DNS infrastructures; DNS security; DNS security vulnerabilities; DNS services; DNSSEC; IP addresses; Internet application; Internet communication; Internet trustworthiness; cryptographic framework; customer dissatisfaction; cyber security arena; digitally signed DNS data; distributed database; domain name system; email authentication; index TXT services; named based resource records; open source platform; privacy loss; secure DNS; security flaws; user friendly domains; Best practices; Computer crime; Cryptography; Internet; Servers; Software; DNS Security; DNS Vulnerabilities; Digital Signatures; Network and Computer Security; PKI (ID#: 15-7413)


Vegh, L.; Miclea, L., “A Simple Scheme for Security and Access Control in Cyber-Physical Systems,” in Control Systems and Computer Science (CSCS), 2015 20th International Conference on, vol., no., pp. 294–299, 27–29 May 2015. doi:10.1109/CSCS.2015.13
Abstract: In a time when technology changes continuously, where things you need today to run a certain system, might not be needed tomorrow anymore, security is a constant requirement. No matter what systems we have, or how we structure them, no matter what means of digital communication we use, we are always interested in aspects like security, safety, privacy. An example of the ever-advancing technology are cyber-physical systems. We propose a complex security architecture that integrates several consecrated methods such as cryptography, steganography and digital signatures. This architecture is designed to not only ensure security of communication by transforming data into secret code, it is also designed to control access to the system and detect and prevent cyber attacks.
Keywords: authorisation; cryptography; digital signatures; steganography; access control; cyber attacks; cyber-physical system; security architecture; security requirement; system security; Computer architecture; Digital signatures; Encryption; Public key; access control; cyber-physical systems; digital signatures; multi-agent systems  (ID#: 15-7414)


Cattaneo, Giuseppe; Catuogno, Luigi; Petagna, Fabio; Roscigno, Gianluca, “Reliable Voice-Based Transactions over VoIP Communications,” in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, vol., no., pp. 101–108, 8–10 July 2015. doi:10.1109/IMIS.2015.20
Abstract: Nowadays, plenty of sensitive transactions are provided through call centers such as bank operations, goods purchase and contracts signing. Beside communication confidentiality, two major issues are raised within this scenario: (1) each peer should be ensured about the identity of the other, (2) each peer should be guaranteed that the other could not cheat about the communication contents. Current telecommunication (TLC) networks offer (built-in) or allow several mechanisms to enhance security and reliability of human conversations, leveraging strong authentication mechanisms and cryptography. However, in most cases these solutions require complex deployments, mainly based on proprietary technologies which are often characterized by high costs and low flexibility. In this paper we present a solution for strong peers authentication and non-repudiability of human conversations through Voice over IP (VoIP) networks. Our solution achieves low costs and high interoperability as it is built on top of open standard technologies. Authentication and key-agreement mechanism are based on X.509 digital certificates and full PKCS#11 compliant cryptographic tokens. As proof of concept, we present and discuss a prototype implementation.
Keywords: Authentication; Cryptography; Digital signatures; Protocols; Prototypes; Standards; Non-repudiable Communication; Peer Authentication; Privacy; Smart Card; VoIP (ID#: 15-7415)


Qu, F.; Wu, Z.; Wang, F.-Y.; Cho, W., “A Security and Privacy Review of VANETs,” in Intelligent Transportation Systems, IEEE Transactions on, vol. 16, no. 6, pp. 2985–2966, Dec. 2015. doi:10.1109/TITS.2015.2439292
Abstract: Vehicular ad hoc networks (VANETs) have stimulated interest in both academic and industry settings because, once deployed, they would bring a new driving experience to drivers. However, communicating in an open-access environment makes security and privacy issues a real challenge, which may affect the large-scale deployment of VANETs. Researchers have proposed many solutions to these issues. We start this paper by providing background information of VANETs and classifying security threats that challenge VANETs. After clarifying the requirements that the proposed solutions to security and privacy problems in VANETs should meet, on the one hand, we present the general secure process and point out authentication methods involved in these processes. Detailed survey of these authentication algorithms followed by discussions comes afterward. On the other hand, privacy preserving methods are reviewed, and the tradeoff between security and privacy is discussed. Finally, we provide an outlook on how to detect and revoke malicious nodes more efficiently and challenges that have yet been solved.
Keywords: Authentication; Cryptography; Digital signatures; Privacy; Vehicles; Vehicular ad hoc networks; VANETs; privacy; security; survey (ID#: 15-7416)


Bos, J.W.; Costello, C.; Naehrig, M.; Stebila, D., “Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem,” in Security and Privacy (SP), 2015 IEEE Symposium on, vol., no., pp. 553–570, 17–21 May 2015. doi:10.1109/SP.2015.40
Abstract: Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today’s commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.
Keywords: cryptographic protocols; digital signatures; public key cryptography; quantum cryptography; 2-core desktop computer; Apache Web server; R-LWE cipher suites; RLWE-ECDSA-AES128-GCM-SHA256 HTTPS; RSA keys; TLS protocol; authentication; commercial certificate authority; elliptic curve Diffie-Hellman; elliptic curve digital signatures; handshake size; lattice-based cryptographic primitives; lattice-based key exchange; nonquantum-safe key exchange; open SSL library; post-quantum key exchange; quantum attackers; quantum computers; ring learning with error problem; security level; transport layer security protocol; Authentication; Computers; Cryptography; Lattices; Protocols; Quantum computing; Transport Layer Security (TLS); key exchange; learning with errors; post-quantum (ID#: 15-7417)


Arifeen, F.U.; Siddiqui, R.A.; Ashraf, S.; Waheed, S., “Inter-Cloud Authentication through X.509 for Defense Organization,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 299–306, 13–17 Jan. 2015. doi:10.1109/IBCAST.2015.7058520
Abstract: Over the recent years of research in cloud computing, different approaches are adopted for Inter-Cloud Authentication. These approaches give successful results in identifying the authentic request. Defense organization communicate with each other's through legitimate requests. For establishing a security and privacy, a PKI based authentication model is needed. This paper signifies a new approach in implementing cloud based PKI authentication inside the existing infrastructure of defense organization. As security is the prime concern for any organization and its implementation requirement varies from organization to organization, each and every organization embrace their own policies to implement it. The problem of understanding each other’s security policies is a huge barrier and challenge for existing IT infrastructure for implementation purposes. Requirement to establish Inter-Cloud Authentication is made possible through this PKI based model which ensures all five security services i.e. confidentiality, integrity, authentication, digital signature and non-repudiation. This PKI model is a multi-domain atmosphere between various defense organization and their Data Centers (DC) for the facilitation and resource provisioning inside the cloud platform. This model utilizes the existing network infrastructure composed of high intercommunication traffic between various Data Centers of defense organization. In this model, a nationwide Certification Authority (CA) is implemented in the Inter-Cloud infrastructure and all other Data Centers are inter-communicated through this mechanism having different authentication approaches for legitimate access through the X.509 Certificates.
Keywords: cloud computing; computer centres; computer network security; data integrity; data privacy; digital signatures; organisational aspects; public key cryptography; telecommunication traffic; IT infrastructure; PKI based authentication model; X.509 certification authority; cloud based PKI authentication; cloud platform; data center; data confidentiality; defense organization; digital signature; intercloud authentication; intercloud infrastructure; intercommunication traffic; multidomain atmosphere; network infrastructure; non-repudiation; resource provisioning; security policies; security services; Hardware; Organizations; Public key cryptography; Software; Virtual private networks; Certification Authority (CA); Data Centers; Inter-Cloud; Master CA; Public Key Infrastructure (PKI); VPN; X.509 Certificate Services (ID#: 15-7418)


Rashid, F.; Miri, A.; Woungang, I., “A Secure Video Deduplication Scheme in Cloud Storage Environments Using H.264 Compression,” in Big Data Computing Service and Applications (BigDataService), 2015 IEEE First International Conference on, vol., no., pp. 138–146, March 30 2015–April 2 2015. doi:10.1109/BigDataService.2015.15
Abstract: Due to the rapidly increasing amounts of digital data produced worldwide, multi-user cloud storage systems are becoming very popular and Internet users are approaching cloud storage providers (CSPs) to upload their data in the clouds. Among these data, digital videos are fairly huge in terms of storage cost and size, and techniques that can help reducing the cloud storage cost and size are always desired. This paper argues that data reduplication can ease the problem of BigData storage by identifying and removing the duplicate copies from the cloud storages. Although reduplication maximizes the storage space and minimizes the storage costs, it comes with serious issues of data privacy and security. Though the users desire to save some cost by allowing the CSP to deduplicate their data, they do not want the CSP to wane the privacy of their data. In this paper, a scheme is proposed that achieves a secure video reduplication in cloud storage environments. Its design consists of embedding a partial convergent encryption along with a unique signature generation scheme into a H.264 video compression scheme. The partial convergent encryption scheme is meant to ensure that the proposed scheme is secured against a semi-honest CSP, the unique signature generation scheme is meant to enable a classification of the encrypted compressed video data in such a way that the reduplication can be efficiently performed on them. Experimental results and security analysis are provided to validate the stated goals.
Keywords: Big Data; cloud computing; cryptography; data compression; digital signatures; video coding; Big Data storage; CSP; H.264 video compression; cloud storage provider; data reduplication; partial convergent encryption scheme; signature generation scheme; video deduplication scheme security; Cloud computing; Compression algorithms; Encryption; Streaming media; Transforms; BigData security; cloud storage provider; group of pictures (GOP); partial convergent encryption; signature generation; video deduplication (ID#: 15-7419)


Jung Yeon Hwang; Liqun Chen; Hyun Sook Cho; DaeHun Nyang, “Short Dynamic Group Signature Scheme Supporting Controllable Linkability,” in Information Forensics and Security, IEEE Transactions on, vol. 10, no. 6, pp.1109–1124, June 2015. doi:10.1109/TIFS.2015.2390497
Abstract: The controllable linkability of group signatures introduced by Hwang et al. enables an entity who has a linking key to find whether or not two group signatures were generated by the same signer, while preserving the anonymity. This functionality is very useful in many applications that require the linkability but still need the anonymity, such as sybil attack detection in a vehicular ad hoc network and privacy-preserving data mining. In this paper, we present a new group signature scheme supporting the controllable linkability. The major advantage of this scheme is that the signature length is very short, even shorter than this in the best-known group signature scheme without supporting the linkability. We have implemented our scheme in both a Linux machine with an Intel Core2 Quad and an iPhone4. We compare the results with a number of existing group signature schemes. We also prove security features of our scheme, such as anonymity, traceability, nonframeability, and linkability, under a random oracle model.
Keywords: data privacy; digital signatures; Intel Core2 Quad; Linux machine; anonymity feature; anonymity preservation; controllable linkability; iPhone4; linkability feature; linking key; nonframeability feature; random oracle model; security features; short dynamic group signature scheme; signature length; traceability feature; Indexes; Joining processes; Privacy; Protocols; Public key; Synchronous digital hierarchy; Anonymity; Group signature; Linkability; group signature; linkability; privacy (ID#: 15-7420)


Jun Zhou; Xiaodong Lin; Xiaolei Dong; Zhenfu Cao, “PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributed m-Healthcare Cloud Computing System,” in Parallel and Distributed Systems, IEEE Transactions on, vol. 26, no. 6, pp.1693–1703, June 1 2015. doi:10.1109/TPDS.2014.2314119
Abstract: Distributed m-healthcare cloud computing system significantly facilitates efficient patient treatment for medical consultation by sharing personal health information among healthcare providers. However, it brings about the challenge of keeping both the data confidentiality and patients’ identity privacy simultaneously. Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited. To solve the problem, in this paper, a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self-controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients’ identities by satisfying the access tree with their own attribute sets. Finally, the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.
Keywords: authorisation; cloud computing; data privacy; digital signatures; health care; mobile computing; patient treatment; AAPM; PSMPA; access tree; attribute sets; attribute-based designated verifier signature; authorized accessible privacy model; data confidentiality; distributed m-healthcare cloud computing system; formal security proof; healthcare providers; medical consultation; patient identity privacy; patient self-controllable and multilevel privacy-preserving cooperative authentication; personal health information sharing; privacy requirement; security requirement; threshold predicates; Authentication; Cloud computing; Computational modeling; Medical services; Privacy; Public key; access control; distributed cloud computing; m-healthcare system; security and privacy (ID#: 15-7421)


Han Yiliang; Lu Wanyi, “Attribute Based Generalized Signcryption for Online Social Network,” in Control Conference (CCC), 2015 34th Chinese, pp. 6434–6439, 28–30 July 2015. doi:10.1109/ChiCC.2015.7260653
Abstract: Online social network has brought varies and flexible secure demands. Attribute based generalized signcryption (ABGSC) could bring the combined or separate confidentiality and authentication adaptively, and eliminate the bottleneck of traditional public key encryption. We proposed an attribute based generalized signcryption with non-monotonic access structures, which can perform signcryption, encryption and signature adaptively. The non-monotonic access structure is used to realize the “OR”, “AND”, “NEG” and “Threshold” operations; the Inner Product is used to achieve constant cipher text. Under the encryption mode, the cipher text length is 2|G|+nm, under the signature mode it is 3|G|+nm, and under the signcryption mode is 5|G|+nm, so we can improve the efficiency greatly. Under the q-DBDHE assumption in the stand model, the scheme is proved confidential under the signcryption and encryption mode, and is proved unforgeable under the signcryption and signature mode.
Keywords: digital signatures; public key cryptography; social networking (online); ABGSC; attribute based generalized signcryption; authentication; cipher text length; combined confidentiality; constant cipher text; encryption mode; nonmonotonic access structure; online social network; public key encryption; q-DBDHE assumption; separate confidentiality; signature mode; signcryption mode; Ciphers; Encryption; Games; Privacy; Social network services; attribute based encryption; generalized signcryption; signcryption (ID#: 15-7422)


Hefeeda, M.; ElGamal, T.; Calagari, K.; Abdelsadek, A., “Cloud-Based Multimedia Content Protection System,” in IEEE Transactions on Multimedia, vol. 17, no. 3, pp. 420–433, March 2015. doi:10.1109/TMM.2015.2389628
Abstract: We propose a new design for large-scale multimedia content protection systems. Our design leverages cloud infrastructures to provide cost efficiency, rapid deployment, scalability, and elasticity to accommodate varying workloads. The proposed system can be used to protect different multimedia content types, including 2-D videos, 3-D videos, images, audio clips, songs, and music clips. The system can be deployed on private and/or public clouds. Our system has two novel components: (i) method to create signatures of 3-D videos, and (ii) distributed matching engine for multimedia objects. The signature method creates robust and representative signatures of 3-D videos that capture the depth signals in these videos and it is computationally efficient to compute and compare as well as it requires small storage. The distributed matching engine achieves high scalability and it is designed to support different multimedia objects. We implemented the proposed system and deployed it on two clouds: Amazon cloud and our private cloud. Our experiments with more than 11,000 3-D videos and 1 million images show the high accuracy and scalability of the proposed system. In addition, we compared our system to the protection system used by YouTube and our results show that the YouTube protection system fails to detect most copies of 3-D videos, while our system detects more than 98% of them. This comparison shows the need for the proposed 3-D signature method, since the state-of-the-art commercial system was not able to handle 3-D videos.
Keywords: cloud computing; data privacy; digital signatures; image matching; video signal processing; 3D video handling; 3D video signature; Amazon cloud; YouTube protection system; cloud infrastructure; cloud-based multimedia content protection system; distributed matching engine; multimedia content types; private cloud; public cloud; Cloud computing; Engines; Multimedia communication; Streaming media; Three-dimensional displays; Videos; 3-D video; cloud applications; depth signatures; video copy detection; video fingerprinting (ID#: 15-7423)


Alzahrani, A.J.; Ghorbani, A.A., “Real-Time Signature-Based Detection Approach for SMS Botnet,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 157–164, 21–23 July 2015. doi:10.1109/PST.2015.7232968
Abstract: As an open platform for mobile electronic devices, Android is experiencing a steady growth in the number of published applications (apps). Features of the Android platform have caught the attention of malicious users who have targeted the Short Message Service (SMS) to abuse its permissions. Various types of attack, referred to as botnets, can be executed without the user’s knowledge by taking advantage of SMS messages, such as sending text message spam, transferring all command and control (C&C) instructions, launching denial-of-service (DoS) attacks, sending premium-rate SMS messages, or distributing malicious applications via URLs embedded in text messages. In this paper, we propose a real-time signature-based detection mechanism to combat SMS botnets, in which we first apply pattern-matching detection approaches for incoming and outgoing SMS text messages, and then use rule-based techniques to label unknown SMS messages as suspicious or normal. This approach was evaluated using over 12,000 test messages. It was able to detect all 747 malicious SMS messages in the dataset (100% detection rate with no false negatives). It also flagged 351 SMS messages as suspicious.
Keywords: computer crime; computer network security; digital signatures; electronic messaging; invasive software; mobile computing; pattern matching; smart phones; Android platform; C&C instructions; DoS attacks; SMS botnets; SMS messages labelling; URL; attack types; command and control instructions; denial-of-service attacks; malicious applications distribution; malicious users; mobile electronic devices; pattern-matching detection; premium-rate SMS messages; real-time signature-based detection approach; rule-based techniques; short message service; text message spam; Feature extraction; Malware; Mobile communication; Pattern matching; Smart phones; Android; Botnet Detection; Mobile Malware; SMS (ID#: 15-7424)


Xinyi Huang; Liu, J.K.; Shaohua Tang; Yang Xiang; Kaitai Liang; Li Xu; Jianying Zhou, “Cost-Effective Authentic and Anonymous Data Sharing with Forward Security,” in IEEE Transactions on Computers, vol. 64, no. 4, pp. 971–983, April 1 2015. doi:10.1109/TC.2014.2315619
Abstract: Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to reauthenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.
Keywords: cloud computing; data analysis; digital signatures; public key cryptography; storage management; ID-based ring signature; PKI; analysis purpose; anonymous data sharing; certificate verification; cost-effective authentic data sharing; forward security; identity-based ring signature; public key infrastructure; shared data analysis; storage; Data handling; Educational institutions; Information management; Public key; Smart grids; Authentication; data sharing; smart grid (ID#: 15-7425)


Yan Liu; Xiaoming Hu; Xiaojun Zhang; Jian Wang; Yinchun Yang, “Efficient Strong Designated Verifier Proxy Signature Scheme with Low Cost,” in Advanced Communication Technology (ICACT), 2015 17th International Conference on, vol., no.,
pp. 568–572, 1–3 July 2015. doi:10.1109/ICACT.2015.7224860
Abstract: Designated verifier proxy signature is a special proxy signature where only the designated verifier can verify the validity. So far, numerous strong designated verifier proxy signature (DVPST) schemes have been proposed. However, many of them have been pointed out to be vulnerable to the forgery attack or have high computational cost. In 2012, Lin et al. proposed a highly efficient and strong DVPST scheme in the random oracle model. However, in this paper, we address that Lin et al.’s strong DVPST scheme does not satisfy the unforgeability. In order to overcome this problem, based on the hardness of discrete logarithm problem, we present a new strong DVPST scheme. We also make a detail analysis and comparison on the security and efficiency with other related schemes including Lin et al.’s scheme. The analysis shows that our scheme not only has excellent performance in terms of computation cost and communication cost but also possesses unforgeability, non-transferability and privacy of signer’s identity.
Keywords: computational complexity; data privacy; digital signatures; DVPST scheme; communication cost; computation cost; designated verifier proxy signature scheme; discrete logarithm problem hardness; forgery attack; random oracle model; signer identity privacy; Computational efficiency; Computers; Forgery; Privacy; Public key; Voltage control; information security; proxy signature; strong designated verifier signature (ID#: 15-7426)


Jun Zhou; Zhenfu Cao; Xiaolei Dong; Xiaodong Lin, “TR-MABE: White-Box Traceable and Revocable Multi-Authority Attribute-Based Encryption and Its Applications to Multi-Level Privacy-Preserving E-Healthcare Cloud Computing Systems,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2398–2406, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218628
Abstract: Cloud-assisted e-healthcare systems significantly facilitate the patients to outsource their personal health information (PHI) for medical treatment of high quality and efficiency. Unfortunately, a series of unaddressed security and privacy issues dramatically impede its practicability and popularity. In e-healthcare systems, it is expected that only the primary physicians responsible for the patients treatment can not only access the PHI content but verify the real identity of the patient. Secondary physicians participating in medical consultation and/or research tasks, however, are only permitted to view or use the content of the protected PHI, while unauthorized entities cannot obtain anything. Existing work mainly focuses on patients conditional identity privacy by exploiting group signatures, which are very computationally costly. In this paper, we propose a white-box traceable and revocable multi-authority attribute-based encryption named TR-MABE to efficiently achieve multilevel privacy preservation without introducing additional special signatures. It can efficiently prevent secondary physicians from knowing the patients identity. Also, it can efficiently track the physicians who leak secret keys used to protect patients identity and PHI. Finally, formal security proof and extensive simulations demonstrate the effectiveness and practicability of our proposed TR-MABE in e-healthcare cloud computing systems.
Keywords: cloud computing; cryptography; data privacy; digital signatures; health care; medical information systems; PHI; TR-MABE encryption; cloud-assisted e-healthcare systems; e-healthcare cloud computing systems; electronic health care; formal security proof; group signatures; medical consultation; medical research; medical treatment; multilevel privacy-preserving e-healthcare; patient identity; patient treatment; patients conditional identity privacy; personal health information; privacy issue; security issue; white-box traceable revocable multiauthority attribute-based encryption; Access control; Cloud computing; Encryption; Medical services; Privacy; Cloud computing system; attribute-based encryption; multi-authority; traceability and revocability (ID#: 15-7427)


Zhang, A.; Chen, J.; Hu, R.Q.; Qian, Y., “SeDS: Secure Data Sharing Strategy for D2D Communication in LTE-Advanced Networks,” in IEEE Transactions on Vehicular Technology, vol. PP, no. 99, pp.1–1, 23 March 2015. doi:10.1109/TVT.2015.2416002
Abstract: Security and availability are two crucial issues in Device-to-Device (D2D) communication with its fast development in 4G LTE-Advanced network. In this paper, we propose a secure data sharing protocol, which merges the advantages of public key cryptography and symmetric encryption, to achieve data security in D2D communication. Specifically, public key based digital signature combing with mutual authentication mechanism of cellular network guarantees the entity authentication, transmission non-repudiation, traceability, data authority as well as integrity. Meanwhile, symmetric encryption is employed to ensure data confidentiality. A salient feature of the proposed protocol is that it can detect free-riding attack by keeping a record of the current status for the user equipments (UEs) and realize reception non-repudiation by key hint transmission between the UE and evolved NodeB, thus improving the system availability. Furthermore, various delay models are established in different application scenarios to seek the optimal initial service providers for achieving tradeoff between cost and availability. Extensive analysis and simulations demonstrate that the proposed protocol is indeed an efficient and practical solution for secure data sharing mechanism for D2D communication.
Keywords: Authentication; Availability; Data privacy; Encryption; Indexes; Protocols; D2D; LTE-Advanced network; availability (ID#: 15-7428)


Yu, C.-M.; Chen, C.-Y.; Chao, H.-C., “Privacy-Preserving Multikeyword Similarity Search over Outsourced Cloud Data,” in IEEE Systems Journal, vol. PP, no. 99, pp.1–10, March 2015. doi:10.1109/JSYST.2015.2402437
Abstract: The amount of data generated by individuals and enterprises is rapidly increasing. With the emerging cloud computing paradigm, the data and corresponding complex management tasks can be outsourced to the cloud for the management flexibility and cost savings. Unfortunately, as the data could be sensitive, the direct data outsourcing would have the problem of privacy leakage. The encryption can be used, before the data outsourcing, with the concern that the operations can still be accomplished by the cloud. We consider the multikeyword similarity search over outsourced cloud data. In particular, with the consideration of the text data only, multiple keywords are specified by the user. The cloud returns the files containing more than a threshold number of input keywords or similar keywords, where the similarity here is defined according to the edit distance metric. We propose three solutions, where blind signature provides the user access privacy, and a novel use of Bloom filter’s bit pattern provides the speedup of search task at the cloud side. Our final design to achieve the search is secure against insider threats and efficient in terms of the search time at the cloud side. Performance evaluation and analysis are used to demonstrate the practicality of our proposed solutions.
Keywords: Authorization; Data privacy; Educational institutions; Encryption; Keyword search; Privacy; Cloud computing; counterintelligence; outsourced data; privacy; similarity search (ID#: 15-7429)


Xiaochuan Lin; Ruizhong Wei, “Vector Signature for Face Recognition,” in Computer Supported Cooperative Work in Design (CSCWD), 2015 IEEE 19th International Conference on, vol., no., pp. 413–418, 6–8 May 2015. doi:10.1109/CSCWD.2015.7230995
Abstract: In this paper, we proposed a vector signature scheme for face recognition. Using the signature, both the database size and communication bandwidth can be reduced. And the privacy of the face image is also improved. Some experimental implementation shows the potential of the new proposal.
Keywords: data privacy; digital signatures; face recognition; communication bandwidth; database size; face image privacy; face recognition; vector signature; Calibration; Databases; Euclidean distance; Active Appearance Model; Face recognition; Signature (ID#: 15-7430)


Petit, J.; Schaub, F.; Feiri, M.; Kargl, F., “Pseudonym Schemes in Vehicular Networks: A Survey,” in IEEE Communications Surveys & Tutorials,  vol. 17, no. 1, pp. 228–255, Firstquarter 2015. doi:10.1109/COMST.2014.2345420
Abstract: Safety-critical applications in cooperative vehicular networks require authentication of nodes and messages. Yet, privacy of individual vehicles and drivers must be maintained. Pseudonymity can satisfy both security and privacy requirements. Thus, a large body of work emerged in recent years, proposing pseudonym solutions tailored to vehicular networks. In this survey, we detail the challenges and requirements for such pseudonym mechanisms, propose an abstract pseudonym lifecycle, and give an extensive overview and categorization of the state of the art in this research area. Specifically, this survey covers pseudonym schemes based on public key and identity-based cryptography, group signatures and symmetric authentication. We compare the different approaches, give an overview of the current state of standardization, and identify open research challenges.
Keywords: data privacy; digital signatures; intelligent transportation systems; public key cryptography; vehicular ad hoc networks; abstract pseudonym lifecycle; cooperative vehicular networks; group signatures; identity-based cryptography; intelligent transport systems; message authentication; node authentication; privacy requirements; pseudonym mechanisms; pseudonym solutions; public key cryptography; safety-critical applications; security requirements; symmetric authentication; vehicular networks; Authentication; Licenses; Privacy; Tutorials; Vehicles; Vehicular ad hoc networks; Anonymity; ITS; V2X communications; VANET; authentication; privacy; pseudonym; unlinkability; untraceability (ID#: 15-7431)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.