Ji-Jian Chin

An Efficient and Provable Secure Identity-Based Identification Scheme in the Standard Model

We present an efficient and provable secure identity-based identification scheme in the standard model. Our proposed scheme is secure against impersonation under passive attack based on the Computational Diffie-Hellman assumption, and secure under active and concurrent attacks based on the One-More Computational Diffie-Hellman assumption.

Searchable Symmetric Encryption: Designs and Challenges

Searchable Symmetric Encryption (SSE) when deployed in the cloud allows one to query encrypted data without the risk of data leakage. Despite the widespread interest, existing surveys do not examine in detail how SSE’s underlying structures are designed and how these result in the many properties of a SSE scheme. This is the gap we seek to address, as well as presenting recent state-of-the-art advances on SSE. Specifically, we present a general framework and believe the discussions may lead to insights for potential new designs. We draw a few observations. First, most schemes use index table, where optimal index size and sublinear search can be achieved using an inverted index. Straightforward updating can only be achieved using direct index, but search time would be linear. A recent trend is the combinations of index table, and tree, deployed for efficient updating and storage. Secondly, mechanisms from related fields such as Oblivious RAM (ORAM) have been integrated to reduce leakages. However, using these mechanisms to minimise leakages in schemes with richer functionalities (e.g., ranked, range) is relatively unexplored. Thirdly, a new approach (e.g., multiple servers) is required to mitigate new and emerging attacks on leakage. Lastly, we observe that a proposed index may not be practically efficient when implemented, where I/O access must be taken into consideration.

Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

Hierarchical Identity-Based Identification Schemes

Hierarchical identity-based cryptography was introduced with the purpose of reducing the burden of a single Private Key Generator (PKG) and to limit damage to only domains whose lower-level PKGs are compromised. However, until now only security models and concrete schemes for hierarchical identity-based encryption and signature schemes are found in literature. In this paper, we propose the initial idea for hierarchical identity-based identification (HIBI) schemes. We provide the formal definition and security model for HIBI schemes and then proceed to propose a concrete HIBI scheme secure against passive attacks in the random oracle model under the Computational Diffie-Hellman assumption. We also prove the HIBI scheme secure against active and concurrent attacks in the random oracle model under the One-More Computational Diffie-Hellman assumption.

Cryptanalysis of a certificateless identification scheme

In 2013, Dehkordi and Alimoradi proposed a certificateless identification scheme using supersingular elliptic curves. This proposal came independent of the parallel work of Chin et al. in proposing the first known security models for certificateless identification with provable security. In this paper, we show that there are some design flaws in the Dehkordi-Alimoradi scheme, which lead one to conclude that their scheme is insecure. Copyright

Searchable symmetric encryption over multiple servers

Searchable Symmetric Encryption (SSE) allows a user to store encrypted documents on server(s) and later efficiently searches these documents in a private manner. So far most existing works have focused on a single storage server. Therefore in this paper we consider the natural extension of SSE to multiple servers. We believe it is of practical interest, given that a user may choose to distribute documents to various cloud storage that are now readily available. The main benefit compared to a single server scheme is that a server can be set to hold only subset of encrypted documents/blocks. A server learns only content of documents/blocks that it stores in the event of successful leakage attack or ciphertext cryptanalysis, provided servers do not collude. We define formally an extension of single server SSE to multiserver and instantiate provably secure schemes that provide the above feature. Our main scheme hides total number of documents and document size even after retrieval, achieving less leakages compared to prior work, while maintaining sublinear search time for each server. We further study leakages under the new setting of non-colluding and colluding servers.

Reset-Secure Identity-Based Identification Schemes Without Pairings

Identity-based identification IBI schemes are generally insecure against reset attacks since they are commonly constructed from three-move

An Efficient and Provable Secure Security-Mediated Identity-Based Identification Scheme

\varSigma