Junbeom Hur

Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

Improving Security and Efficiency in Attribute-Based Data Sharing

With the recent adoption and diffusion of the data sharing paradigm in distributed systems such as online social networks or cloud computing, there have been increasing demands and concerns for distributed data security. One of the most challenging issues in data sharing systems is the enforcement of access policies and the support of policies updates. Ciphertext policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution to this issue. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. However, the advantage comes with a major drawback which is known as a key escrow problem. The key generation center could decrypt any messages addressed to specific users by generating their private keys. This is not suitable for data sharing scenarios where the data owner would like to make their private data only accessible to designated users. In addition, applying CP-ABE in the data sharing system introduces another challenge with regard to the user revocation since the access policies are defined only over the attribute universe. Therefore, in this study, we propose a novel CP-ABE scheme for a data sharing system by exploiting the characteristic of the system architecture. The proposed scheme features the following achievements: 1) the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the key generation center and the data-storing center, and 2) fine-grained user revocation per each attribute could be done by proxy encryption which takes advantage of the selective attribute group key distribution on top of the ABE. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the data distributed in the data sharing system.

Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage

The cloud storage based information retrieval service is a promising technology that will form a vigorous market in the near future. Although there have been numerous studies proposed about secure data retrieval over encrypted data in cloud services, most of them focus on providing the strict security for the data stored in a third party domain. However, those approaches require stupendous costs centralized on the cloud service provider, which could be a principal impediment to achieve efficient data retrieval in cloud storage. In this paper, we propose an efficient data retrieval scheme using attribute-based encryption. The proposed scheme is best suited for cloud storage systems with massive amount of data. It provides rich expressiveness as regards access control and fast searches with simple comparisons of searching entities. The proposed scheme also guarantees data security and user privacy during the data retrieval process.

Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks

Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution to the access control issues. However, the problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges with regard to the attribute revocation, key escrow, and coordination of attributes issued from different authorities. In this paper, we propose a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network.

Security Considerations for Handover Schemes in Mobile WiMAX Networks

IEEE 802.16e uses EAP-based authentication and key management for link layer security. Due to the lack of ability to support mobility, however, EAP-based key management becomes a principal impediment to the achievement of an efficient and secure handover in IEEE 802.16e mobile WiMAX networks. In this paper, an overview of the EAP-based handover procedures of the latest IEEE 802.16e standard is given and their security flaws are analyzed. Possible solutions for secure handover in IEEE 802.16e networks are also proposed in this paper. The proposed handover protocol guarantees a backward/forward secrecy while gives little burden over the previous handover protocols.

Privacy-preserving identity-based broadcast encryption

Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of receivers in S and system parameters. However, previous identity-based broadcast encryption schemes have not been concerned about preserving the privacy of receivers. Consequently, all of the identities of broadcast receivers in S are exposed to the public in the previous schemes, which may be subject to attacks on user privacy in lots of pragmatic applications. We propose a novel privacy-preserving identity-based broadcast encryption scheme against an active attacker. The proposed scheme protects the privacy of receivers of broadcasted messages by hiding the identities of receivers in S. Additionally, it achieves less storage and computation costs required to encrypt and decrypt the broadcast message, compared to the previous identity-based broadcast encryption schemes that do not provide user privacy.

Trust management for resilient wireless sensor networks

Utilities of wireless sensor networks are standing out in bold relief in various fields such as home environmental, industrial, and military applications. Compared with the vivid applications of the sensor networks, however, the security and privacy issues of the sensor networks are still in their infancy because unique features of the sensor networks make it difficult to adopt conventional security policies. Especially, false reports are critical threats because they can drain out the finite amount of energy resources in a battery-powered sensor networks; thus, a novel trust management scheme is necessary to make resilient wireless sensor networks. Cryptographic authentication mechanisms and key management schemes cannot suggest solutions for the real root of the problem. In this paper, we propose a trust management scheme which can identify trustworthiness of sensor nodes and suggest a defensible approach against insider attacks beyond conventional cryptographic approaches.

Using a dynamic backbone for efficient data delivery in solar-powered WSNs

The periodic nature of solar power requires a different approach to energy consumption in wireless sensor networks (WSNs) from battery-based WSNs. Based on the energy model of a solar-powered node, we develop efficient energy-aware topology-control and routing schemes which utilize a backbone network consisting of energy-rich nodes within the WSN. This backbone handles most of the traffic with low latency, while reconfiguring itself dynamically in response to changes in the availability of energy at each node. Simulation results demonstrate that our schemes can achieve a balance between latency and energy consumption.

A new binary image authentication scheme with small distortion and low false negative rates

SUMMARY In this study, a novel binary image authentication scheme is proposed, which can be used to detect any alteration of the host image. In the proposed scheme, the watermark is embedded into a host image using a Hamming-code-based embedding algorithm. A performance analysis shows that the proposed scheme achieves both smaller distortion and lower false negative rates than the previous schemes.

Fine-grained data access control for distributed sensor networks

Distributed sensor networks are becoming a robust solution that allows users to directly access data generated by individual sensors. In many practical scenarios, fine-grained access control is a pivotal security requirement to enhance usability and protect sensitive sensor information from unauthorized access. Recently, there have been proposed many schemes to adapt public key cryptosystems into sensor systems consisting of high-end sensor nodes in order to enforce security policy efficiently. However, the drawback of these approaches is that the complexity of computation increases linear to the expressiveness of the access policy. Key-policy attribute-based encryption is a promising cryptographic solution to enforce fine-grained access policies on the sensor data. However, the problem of applying it to distributed sensor networks introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control scheme using KP-ABE with efficient attribute and user revocation capability for distributed sensor networks that are composed of high-end sensor devices. They can be achieved by the proxy encryption mechanism which takes advantage of attribute-based encryption and selective group key distribution. The analysis results indicate that the proposed scheme achieves efficient user access control while requiring the same computation overhead at each sensor as the previous schemes.