Fangming Zhao

Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems

We consider the problem of constructing a secure cloud storage service to which users outsource sensitive data for sharing with others where, in particular, the service provider is not completely trusted by the customer. Cloud storage service denotes an architectural shift toward thin clients and conveniently centralized provision of both computing and storage resources. When utilizing cloud storage for secure data sharing, one of the main motivating problems of this architecture is providing thin clients with both strong data confidentiality and flexible fine-grained access control without imposing additional cost on them (clients). To achieve this goal, we propose a novel data sharing protocol by combining and exploiting two of the latest attribute based cryptographic techniques, attribute-based encryption (ABE) and attribute-based signature (ABS). Furthermore, we also give a detailed comparison of our scheme with several latest existing schemes.

Secure authenticated key exchange with revocation for smart grid

Using cryptographic technologies to provide security solutions in smart grid is extensively discussed in NISTIR 7628 [1] and IEC 62351 standards series [2]. Both series identify cryptographic key management for Intelligent Electronic Devices (IEDs) communication as one of the most important issues. In this paper, considering the system constraints and the security requirements in the smart grid, we propose an authenticated key exchange scheme with revocation by exploiting a well-known cryptographic protocol: Broadcast encryption [3], [11], [12] using a media key block(MKB) [15]. Furthermore, we show that our scheme is efficient in comparison with the PKI-signature based Internet Key Exchange(IKE) protocol, [4], [8] in terms of the following points of view: (1) communication cost; (2) compuation cost; (3) device revocation cost. The comparison results show that our scheme is efficient and cost-effective in most cases for devices and systems in smart grid.

Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving

With the explosion of Web information, how to immediately and exactly find the needed information for each user has become a tough problem. To meet the personalized needs of users in information service, a new personalized recommendation algorithm based on support vector machine was proposed in the paper. First, user profile was organized hierarchically into field information and atomic information needs, considering similar information needs in the group users. Support vector machine was adopted for collaborative recommendation in classification mode, and then vector space model was used for content-based recommendation according to atomic information needs. The algorithm had overcome the demerit of using collaborative or content-based recommendation solely, which improved the precision and recall in a large degree. It also fits for large scale group recommendation. The algorithm was also used in personalized information recommendation service system. The system could support information recommendation better. The results manifested that the algorithm was effective.

Searchable Symmetric Encryption Supporting Queries with Multiple-Character Wildcards

We consider the problem of searchable encryption scheme which allows a user to search over encrypted data without decrypting it. Existing schemes in the symmetric setting only deal with equality search or a limited similarity keyword search. In this paper, we study Bloom filter-based searchable symmetric encryption schemes which make search on encrypted keywords more expressive and flexible, i.e., support fuzzy search or wildcard search by using multiple wildcard characters. Our schemes are more efficient than previous solutions on both computation cost and communication cost. Security of our main construction is analyzed based on a formal, strong security model for searchable symmetric encryption.

Analysis of Methods for Detecting Compromised Nodes and its Countermeasures

The increased application of sensor network introduces new security challenges. In this paper, we analyze the detection methods of compromised nodes and its countermeasure in the sensor network. We first review common attacks in the sensor network application which can compromise a valid, resource-constrained node (or called device). Then, we introduce several standard detection approaches to show their characteristics in different applications of the sensor network. Finally, we summarize and discuss existing countermeasures to the compromised nodes.

A peer-to-peer content-distribution scheme resilient to key leakage

We consider a problem of key leakage in peer-to-peer (P2P) content distribution. In content-distribution services, content is encrypted so that only legitimate users can access the content. Users (peers) cannot be fully trusted in a P2P network because malicious ones might leak their decryption keys. If the redistribution of decryption keys occurs, copyright holders may incur great losses caused by free riders who access content without purchasing it. Therefore, it is essential to solve this problem. In this paper, we propose a P2P content-distribution scheme resilient to the key leakage, and show its feasibility by conducting a large-scale experiment in a real network.