Haomiao Yang

Identity-Based Authentication for Cloud Computing

Cloud computing is a recently developed new technology for complex systems with massive-scale services sharing among numerous users. Therefore, authentication of both users and services is a significant issue for the trust and security of the cloud computing. SSL Authentication Protocol (SAP), once applied in cloud computing, will become so complicated that users will undergo a heavily loaded point both in computation and communication. This paper, based on the identity-based hierarchical model for cloud computing (IBHMCC) and its corresponding encryption and signature schemes, presented a new identity-based authentication protocol for cloud computing and services. Through simulation testing, it is shown that the authentication protocol is more lightweight and efficient than SAP, specially the more lightweight user side. Such merit of our model with great scalability is very suited to the massive-scale cloud.

Secure and Distributed Data Discovery and Dissemination in Wireless Sensor Networks

A data discovery and dissemination protocol for wireless sensor networks (WSNs) is responsible for updating configuration parameters of, and distributing management commands to, the sensor nodes. All existing data discovery and dissemination protocols suffer from two drawbacks. First, they are based on the centralized approach; only the base station can distribute data items. Such an approach is not suitable for emergent multi-owner-multi-user WSNs. Second, those protocols were not designed with security in mind and hence adversaries can easily launch attacks to harm the network. This paper proposes the first secure and distributed data discovery and dissemination protocol named DiDrip. It allows the network owners to authorize multiple network users with different privileges to simultaneously and directly disseminate data items to the sensor nodes. Moreover, as demonstrated by our theoretical analysis, it addresses a number of possible security vulnerabilities that we have identified. Extensive security analysis show DiDrip is provably secure. We also implement DiDrip in an experimental network of resource-limited sensor nodes to show its high efficiency in practice.

An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system

The remote health monitoring system enables a doctor to diagnose and monitor health problems anywhere for a patient. However, since the patient health information is very sensitive and the Internet is unsecure and prone to many attacks, data can be easily compromised by adversaries. Worse, the mobile phone is also easy to be compromised. Clearly, these issues have brought different privacy and security requirements in wireless healthcare. To address these challenging issues, in this paper, we propose an efficient privacy-preserving authentication scheme with adaptive key evolution, which can prevent illegal access to the patient’s vital signs. Furthermore, we model the leakage process of the key information to set proper key renewal interval, which can adaptively control the key evolution to balance the trade-off between the communication efficiency and security level. The security analysis demonstrates that our scheme can achieve authenticated key agreement, perfect and strong key insulation, privacy preservation, and other important security goals, e.g. authenticity, integrity and freshness of transmitted messages. The performance evaluation shows that our scheme is computationally efficient for the typical mobile phone with limited resources, and it has low communication overhead.

A New Somewhat Homomorphic Encryption Scheme over Integers

At Eurocrypt 2010 van Dijk et al. presented a very simple somewhat homomorphic encryption scheme over the integers. However, this simplicity came at the cost of a public key size in Õ(λ¹⁰). Although at Crypto 2011 Coron et al. reduced the public key size to Õ(λ⁷), it was still too large for practical applications. In this paper we further reduce the public key size to Õ(λ³) by encrypting with a new form. The semantic security of our scheme is based on approximate-GCD problem of two integers. By using Gentrys techniques, we can easily convert the somewhat scheme into a practical fully homomorphic encryption scheme available in cloud computing.

Achieving efficient and privacy-preserving multi-feature search for mobile sensing

We propose a secure multi-feature search scheme with low cost on the mobile terminals.We propose an extended scheme to personalize query based on historical search information.We prove the security of the proposed scheme on privacy protection of index and trapdoor and unlinkability of trapdoor. Currently, more and more mobile terminals embed a number of sensors and generate massive data. Effective utilization to such information can enable people to get more personalized services, and also help service providers to sell their products accurately. As the information may contain privacy information of people, they are typically encrypted before transmitted to the service providers. This, however, significantly limits the usability of data due to the difficulty of searching over the encrypted data. To address the above issues, in this paper, we first leverage the secure kNN technique to propose an efficient and privacy-preserving multi-feature search scheme for mobile sensing. Furthermore, we propose an extended scheme, which can personalize query based on the historical search information and return more accurate result. Using analysis, we prove the security of the proposed scheme on privacy protection of index and trapdoor and unlinkability of trapdoor. Via extensive experiment on real-world cloud systems, we validate the performance of the proposed scheme in terms of functionalities, computation and communication overhead.

Identity-Based Privacy Preservation Framework over u-Healthcare System

The digitization of patient health information has brought many benefits and challenges for both the patient and doctor. But security and privacy preservation have remained important challenges for wireless health monitoring systems. Such concerns may result in reluctance and skepticism towards health systems by patients. The reason for this skepticism is mainly attributed to the lack of assurances about the way patient health information is handled and the implications that may result from it on patients’ privacy. This paper proposes an identity-based privacy preservation framework over u-healthcare systems. Our framework is based on the concepts of identity-based cryptography and non-interactive key agreement scheme using bilinear pairing. The proposed framework achieves authentication, patient anonymity, un-traceability, patient data privacy and session key secrecy, and resistance against impersonation and replay attacks.

Identity-based encryption with forward security

Standard identity-based encryption schemes typically rely on the assumption that secret keys are kept perfectly secure. However, with more and more cryptographic primitives are deployed on insecure devices, key exposure seems inevitable. In this paper, we propose an Identity-based encryption scheme with forward security. In the scheme, secret keys are updated at regular periods of time; furthermore, exposure of a secret key corresponding to a given time period does not enable an adversary to break the scheme for any prior time period. The scheme achieves security against chosen ciphertext attacks under the bilinear Diffie-Hellman assumption in the random oracle model.

A SCF-PEKS Scheme without Random Oracle under Simple Assumption

The model of public key encryption with keyword search (PEKS) proposed by Boneh et al. enables one to search encrypted keywords without revealing any information on the data. Baek et al. proposed an enhanced model called secure channel-free PEKS (SCF-PEKS) to removes the costly secure channel. However, most of the presented SCF-PEKS schemes were proved secure in the random oracle model. In 2009, Fang et al. presented a SCF-PEKS scheme without random oracles. But the scheme requires a strong and complicated assumption. In this paper, we propose a SCF-PEKS scheme that is under simple assumption in the standard model.

Privacy-Preserving Extraction of HOG Features Based on Integer Vector Homomorphic Encryption

Along with the growing popularity of social networks, the number of multimedia image grows explosively. For the resource constrained owners, dealing with tremendous number of images on their own is a challenging job. Therefore, there is a general trend to outsource the heavy image processing (e.g., feature extraction) to the cloud. Abundant contents in images may expose the owner’s sensitive information (e.g., face, location and event), and outsourcing the image data to the untrusted cloud directly has raised privacy concerns of public. In this work, we explore the outsourcing of the famous feature extraction algorithm-Histogram of Oriented Gradients (HOG) to the public cloud with privacy protection. In our proposed scheme, the image owner encrypts the original images by using the Vector Homomorphic Encryption (VHE) that encrypt vector directly and is much suitable for image processing. Then the image owner sends the encrypted images to the cloud which elaborately applies the linear transformation of VHE to the realization of the improved HOG algorithm in ciphertext domain. The security analysis based on the hardness of Learning with Error (LWE) Problem verifies that the extraction of HOG features is privacy-preserving in our scheme without leaking privacy contents to any other parties. We implement pedestrian detection by using the extracted HOG features to validate the efficiency and effectiveness of our proposed scheme, and the result shows that our solution can extract the HOG features correctly in ciphertext domain and approximate the original HOG in plaintext domain. Compared with existing solution, our scheme has less time and communication cost of HOG feature extraction.

EA-MTSP: Efficient Authentication for Multiple Third-Party Service Providers in Smart Grids

ABSTRACT With the evolution of traditional power grids into smart grids, utilities alone cannot yet provide all electricity services and thus third-party service providers (SPs) are required to help in service provision. Therefore, it is critical to secure third-party service provisions in smart grids. In particular, authentication is required to be done in the first place. However, authentication for multiple third-party SPs has not been well studied in smart grids. In this paper, we model the third-party service provision in smart grids for the first time which can capture specific cyber security threats with the existence of multiple third-party SPs. Furthermore, we propose an efficient authentication scheme for multiple third-party SPs. Security analysis shows that our scheme can achieve multiserver authentication, conditional anonymity, and other important security goals. Performance evaluation demonstrates that our scheme is well suited for smart meters (SMs) with limited resources, and each user only needs to do one registration for multiple SPs thus it has low communication overhead.