Dalia Khader

Public key encryption with keyword search based on k-resilient IBE

An encrypted email is sent from Bob to Alice. A gateway wants to check whether a certain keyword exists in an email or not for some reason (e.g. routing). Nevertheless Alice does not want the email to be decrypted by anyone except her including the gateway itself. This is a scenario where public key encryption with keyword search (PEKS) is needed. In this paper we construct a new scheme (KR-PEKS) the K-Resilient Public Key Encryption with Keyword Search. The new scheme is secure under a chosen keyword attack without the random oracle. The ability of constructing a Public Key Encryption with Keyword Search from an Identity Based Encryption was used in the construction of the KR-PEKS. The security of the new scheme was proved by showing that the used IBE has a notion of key privacy. The scheme was then modified in two different ways in order to fulfill each of the following: the first modification was done to enable multiple keyword search and the other was done to remove the need of secure channels.

Decentralized Traceable Attribute-Based Signatures

We provide a formal security model for traceable attribute-based signatures. Our focus is on the more practical case where attribute management is distributed among different authorities rather than relying on a single central authority. By specializing our model to the single attribute authority setting, we overcome some of the shortcomings of the existing model for the same setting.

REACTIVE MONITORING OF SERVICE LEVEL AGREEMENTS

Service Level Agreements require a monitoring system that checks that no party violates the agreement. Current monitoring techniques either have a high perfor- mance overhead or are not reliable enough. This paper proposes a new hybrid monitoring system that we call reactive monitoring. It tries to balance the disad- vantages of established monitoring techniques, in particular online and offline monitoring. Online monitoring has a relatively high performance overhead and offline monitoring does not identify all possible violations. Reactive monitoring combines online monitoring, which is used for reactively checking continuous SLA properties with a new passive monitoring scheme. This scheme is used for monitoring discrete SLA properties. It is based on cryptographic primitives that provide proof that either a certain stage in an interaction has been reached correctly with all participants in compliance of the service level agreements or that a violation has occurred. In the latter case the violating party can be identified. A theoretical analysis shows that in the worst case scenario this new approach has the same overhead as online monitoring techniques and in most cases the overhead will be significantly lower.

Certificate-Free Attribute Authentication

In this paper we propose the concept of Certificate-free Attribute Authentication (C-AA), which holds a few interesting features, such as a user can demonstrate (1) he owns sufficient attributes to pass an attribute verification without showing his full attribute details, (2) he has been authorized by a number of authorities without revealing his identity, and (3) no certification of the users public key is required, and his secret key as a whole is not escrowed by any authority. Although these features have individually been used in various of cryptographic primitives, in this paper we combine them together and demonstrate a Certificate-free Attribute Authentication Scheme (C-AAS) is useful in practice. We provide a formal definition of a C-AAS and four security notions: full anonymity, full traceability, non-frameability and attribute unforgeability. We also construct a concrete C-AAS and prove it is correct and secure under the definition and security notions.

Attribute-Based Signatures with Controllable Linkability

We introduce Attribute-Based Signatures with Controllable Linkability ABS-CL. In general, Attribute-Based Signatures allow a signer who possesses enough attributes to satisfy a predicate to sign a message without revealing either the attributes utilized for signing or the identity of the signer. These signatures are an alternative to Identity-Based Signatures for more fine-grained policies or enhanced privacy. On the other hand, the Controllable Linkability notion introduced by Hwang et al.i¾?[14] allows an entity in possession of the linking key to determine if two signatures were created by the same signer without breaking anonymity. This functionality is useful in applications where a lower level of anonymity to enable linkability is acceptable, such as some cases of vehicular ad-hoc networks, data mining, and voting schemes. The ABS-CL scheme we present allows a signer with enough attributes satisfying a predicate to sign a message, while an entity with the linking key may test if two such signatures were created by the same signer, all without revealing the satisfying attributes or the identity of the signer.

SPN 2 : Single-sided privacy preserving nearest neighbor and its application to face recognition

We address the privacy concerns that raise when running a nearest neighbor (NN) search on confidential data in a surveillance system composed of a client and a server. The proposed privacy preserving NN search uses Boneh-Goh-Nissim encryption to hide both the query data captured by the client and the database records stored in the server. As opposed to state-of-the-art approaches which rely on a large number of interactions, this encryption enables the client to fully outsource the NN computation to the server; hence, ensuring a single-sided private computation, and resulting in a one-round protocol between the server and the client. We analyze the practical feasibility of this algorithm on a face recognition problem. We formally prove and experimentally show that the resulting system maintains the recognition rate while fully preserving the privacy of both the database and the acquired faces1.

Chapter e49 – Password-Based Authenticated Key Establishment Protocols

If two parties wish to safely communicate over an insecure channel, one method they may use is to first run an authenticated key exchange protocol over this channel so as to jointly and secretly construct a cryptographically strong session key that can serve to subsequently secure further bulk communication. This chapter is an introduction to the design of such key exchange protocols when the only secret information shared a priori by both parties is a simple, short password. After a brief description of authenticated key exchange in general, we explain the security challenges faced in the password-based case and illustrate our exposition with three concrete password-authenticated key exchange protocols.

Password-Based Authenticated Key Establishment Protocols

If two parties wish to safely communicate over an insecure channel, one method they may use is to first run an authenticated key exchange protocol over this channel so as to jointly and secretly construct a cryptographically strong session key that can serve to subsequently secure further bulk communication. This chapter is an introduction to the design of such key exchange protocols when the only secret information shared a priori by both parties is a simple, short password. After a brief description of authenticated key exchange in general, we explain the security challenges faced in the password-based case and illustrate our exposition with three concrete password-authenticated key exchange protocols.