Geong Sen Poh

Searchable Symmetric Encryption: Designs and Challenges

Searchable Symmetric Encryption (SSE) when deployed in the cloud allows one to query encrypted data without the risk of data leakage. Despite the widespread interest, existing surveys do not examine in detail how SSE’s underlying structures are designed and how these result in the many properties of a SSE scheme. This is the gap we seek to address, as well as presenting recent state-of-the-art advances on SSE. Specifically, we present a general framework and believe the discussions may lead to insights for potential new designs. We draw a few observations. First, most schemes use index table, where optimal index size and sublinear search can be achieved using an inverted index. Straightforward updating can only be achieved using direct index, but search time would be linear. A recent trend is the combinations of index table, and tree, deployed for efficient updating and storage. Secondly, mechanisms from related fields such as Oblivious RAM (ORAM) have been integrated to reduce leakages. However, using these mechanisms to minimise leakages in schemes with richer functionalities (e.g., ranked, range) is relatively unexplored. Thirdly, a new approach (e.g., multiple servers) is required to mitigate new and emerging attacks on leakage. Lastly, we observe that a proposed index may not be practically efficient when implemented, where I/O access must be taken into consideration.

Application of reinforcement learning for security enhancement in cognitive radio networks

Cognitive radio leverages on reinforcement learning (RL) to enhance network security.There is lack of reviews on the application of RL to based security schemes.We cover the challenges, characteristics, performance enhancements, and others. Cognitive radio network (CRN) enables unlicensed users (or secondary users, SUs) to sense for and opportunistically operate in underutilized licensed channels, which are owned by the licensed users (or primary users, PUs). Cognitive radio network (CRN) has been regarded as the next-generation wireless network centered on the application of artificial intelligence, which helps the SUs to learn about, as well as to adaptively and dynamically reconfigure its operating parameters, including the sensing and transmission channels, for network performance enhancement. This motivates the use of artificial intelligence to enhance security schemes for CRNs. Provisioning security in CRNs is challenging since existing techniques, such as entity authentication, are not feasible in the dynamic environment that CRN presents since they require pre-registration. In addition these techniques cannot prevent an authenticated node from acting maliciously. In this article, we advocate the use of reinforcement learning (RL) to achieve optimal or near-optimal solutions for security enhancement through the detection of various malicious nodes and their attacks in CRNs. RL, which is an artificial intelligence technique, has the ability to learn new attacks and to detect previously learned ones. RL has been perceived as a promising approach to enhance the overall security aspect of CRNs. RL, which has been applied to address the dynamic aspect of security schemes in other wireless networks, such as wireless sensor networks and wireless mesh networks can be leveraged to design security schemes in CRNs. We believe that these RL solutions will complement and enhance existing security solutions applied to CRN To the best of our knowledge, this is the first survey article that focuses on the use of RL-based techniques for security enhancement in CRNs.

Trust and reputation management in cognitive radio networks: a survey

Cognitive radio CR, which is the next generation wireless communication system, enables unlicensed users or secondary users SUs to exploit underutilized spectrum called white spaces owned by the licensed users or primary users PUs so that bandwidth availability improves at the SUs, which helps to improve overall spectrum utilization. Collaboration is an intrinsic characteristic of CR to improve network performance. For instance, in collaborative spectrum sensing, SU hosts generate sensing outcomes, and collaborate amongst themselves through making final decisions at a decision fusion center in order to improve the accuracy of spectrum sensing. The requirement to collaborate has inevitably opened doors to various forms of attacks by malicious SUs, and this critical issue can be addressed using trust and reputation management TRM, and so this is the focus of this article. Generally speaking, TRM detects malicious SUs, including honest SUs that turn malicious. Hence, TRM is of paramount importance in most kinds of schemes that require collaboration in CR networks. Our contribution in this article is as follows. This article provides an extensive survey on the application of TRM in various schemes in CR networks in order to ameliorate the effects of malicious SUs in collaboration. The discussion is presented with respect to a TRM taxonomy, various approaches to achieve TRM, various attack models, as well as the challenges and characteristics associated with TRM. Because of the significance of TRM in collaboration, this article presents a wide range of open issues to warrant further research in this area. Copyright

Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

An Efficient Buyer-Seller Watermarking Protocol Based on Chameleon Encryption

Buyer-seller watermarking protocols are designed to deter clients from illegally distributing copies of digital content. This is achieved by allowing a distributor to insert a unique watermark into content in such a way that the distributor does not know the final watermarked copy that is given to the client. This protects both the client and distributor from attempts by one to falsely accuse the other of misuse. Buyer-seller watermarking protocols are normally based on asymmetric cryptographic primitives known as homomorphic encryption schemes. However, the computational and communication overhead of this conventional approach is high. In this paper we propose a different approach, based on the symmetric Chameleon encryption scheme. We show that this leads to significant gains in computational and operational efficiency.

A Framework for Design and Analysis of Asymmetric Fingerprinting Protocols

We propose a framework for the design and analysis of asymmetric fingerprinting protocols. By fitting existing approaches within this framework, we are able to highlight strategic differences in design techniques. We then illustrate how the framework can be used to derive new models, which in turn lead to asymmetric fingerprinting schemes with new properties.

Structured Encryption for Conceptual Graphs

We investigate the problem of privately searching encrypted data that is structured in the form of knowledge. Our rationale in such an investigation lies on the potential emergence of knowledge-based search using natural language, which makes content searches more effective and is context-aware when compared with existing keyword searches. With knowledge-based search, indexes and databases will consist of data stored using knowledge representation techniques such as description logics and conceptual graphs. This leads naturally to the issue of how to privately search this data, especially when most existing searchable encryption schemes are keyword-based. We propose the first construction with CQA2-security for searching encrypted knowledge, where the knowledge is represented in a well-established formalism known as basic conceptual graphs. Our proposals are based on structured encryption schemes of Chase and Kamara [8].

Integrating public key cryptography into the simple network management protocol (SNMP) framework

The simple network management protocol (SNMP) is widely used for remote network resource management due to its simplicity and distributed management capabilities. However, the increased use of SNMP to manage and control network resources such as routers and servers also introduces security risks whereby unauthorized users can retrieve information or modify the given resources remotely. The basic security framework introduced in SNMPv3 only specifies the use of symmetric cryptography techniques to address the security concerns. This paper outlines a new methodology, public-key security model (PSM), to integrate public cryptography techniques into the SNMP framework. It extends the existing user-based security model (USM) to include per-session authentication and encryption keys, thus enhancing the security of the SNMPv3 protocol.

Searchable symmetric encryption over multiple servers

Searchable Symmetric Encryption (SSE) allows a user to store encrypted documents on server(s) and later efficiently searches these documents in a private manner. So far most existing works have focused on a single storage server. Therefore in this paper we consider the natural extension of SSE to multiple servers. We believe it is of practical interest, given that a user may choose to distribute documents to various cloud storage that are now readily available. The main benefit compared to a single server scheme is that a server can be set to hold only subset of encrypted documents/blocks. A server learns only content of documents/blocks that it stores in the event of successful leakage attack or ciphertext cryptanalysis, provided servers do not collude. We define formally an extension of single server SSE to multiserver and instantiate provably secure schemes that provide the above feature. Our main scheme hides total number of documents and document size even after retrieval, achieving less leakages compared to prior work, while maintaining sublinear search time for each server. We further study leakages under the new setting of non-colluding and colluding servers.

Classification Framework for Fair Content Tracing Protocols

Fair content tracing (FaCT) protocols have been proposed by many authors to allow content tracing based on digital watermarking to be performed in a manner that does not discriminate either the client who downloads content or the distributor who provides content. We propose a general design framework for fair content tracing (FaCT) protocols. This framework provides a means to address the ad hoc design issues arising for many existing protocols, several of which have been broken through poor design. We then classify existing FaCT protocols based on this framework, which allows for a more systematic approach to FaCT protocol analysis. We further provide general comparisons and evaluation criteria for FaCT protocols.