Lei Fan

An enhancement of timestamp-based password authentication scheme

Yang and Shieh proposed a timestamp-based password authentication scheme. Chan and Cheng proved that it is insecure. In this paper, we will give a further cryptanalysis of the scheme, and give an easier attack on it. Finally, we will propose an improved scheme that can withstand both of the attacks. Compared to other authentication schemes, this improved scheme allows the host to authenticate a user only with his login request. The host need not keep any secret or information of the user.

TwinsCoin: A Cryptocurrency via Proof-of-Work and Proof-of-Stake

We design and implement TwinsCoin, the first cryptocurrency based on a provably secure and scalable public blockchain design using both proof-of-work and proof-of-stake mechanisms. Different from the proof-of-work based Bitcoin, our construction uses two types of resources, computing power and coins (i.e., stake). The blockchain in our system is more robust than that in a pure proof-of-work based system; even if the adversary controls the majority of mining power, we can still have the chance to secure the system by relying on honest stake. In contrast, Bitcoin blockchain will be insecure if the adversary controls more than 50% of mining power. Our design follows a recent provably secure proof-of-work/proof-of-stake hybrid blockchain[11]. In order to make our construction practical, we considerably enhance its design. In particular, we introduce a new strategy for difficulty adjustment in the hybrid blockchain and provide a theoretical analysis of it. We also show how to construct a light client for proof-of-stake cryptocurrencies and evaluate the proposal practically. We implement our new design. Our implementation uses a recent modular development framework for blockchains, called Scorex. It allows us to change only certain parts of an application leaving other codebase intact. In addition to the blockchain implementation, a testnet is deployed. Source code is publicly available.

Traitor Tracing and Revocation Mechanisms with Privacy-Preserving

Content distribution systems are vulnerable to the attack of rebroadcasting: pirate publishes the content or the decoding key in violation of the licensing agreement. Traitor tracing and revocation mechanisms can trace the traitors and revoke malicious users. We argue that privacy is another important feature in digital rights management technologies, and the proper balance between DRM and user privacy is an important question in its own right. Our scheme adds this important privacy-preserving feature into the existing content distribution system, and with the help of a trusted third party it can efficiently trace and revoke the pirate users while still preserve the privacy of honest users.

Efficient Password-Based Authenticated Key Exchange from Lattices

Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. One must ensure that protocols are immune to off-line dictionary attacks in which an adversary exhaustively enumerates all possible passwords in an attempt to determine the correct one. Recently Katz, et al. [6] gave a new framework for realizing PAKE without random oracles, in the common reference string model. In this paper, we instantiate the framework of [6] under the lattices assumptions. Specifically, we modified the lattice-based approximate projective hashing introduced in [11] and plug it into the framework of [6], and we prove our new PAKE is efficient and secure based on the security of GKs PAKE framework [6] in the standard model.

Implementing quasi-parallel breadth-first search in MapReduce for large-scale social network mining

Online social networks like Weibo and Twitter consist of billions of users and connections, and traditional approaches which are based on serial algorithms and leveraged only a single node or even a single core cannot suffice the that scale of data any more. We propose new distributed quasi-parallel breadth-first search scheme, the common graph traversal algorithm, based on the MapReduce framework, which has better performance (up to one scale of magnitude less time complexity for single-source cases or even better for multiple-source cases) than Pegasus, the state-of-the-art graph mining library, in terms of the complexity of computation and the I/O load. We apply our algorithms on the Weibo dataset, crawled from its website, which contains 135 million users and 10.2 billion directed connections among them, and occupies up to 400 gigabytes. The dataset is by far the largest one of online social networks in research. Based on the Weibo dataset with extremely skewed degree distribution, we give the empirical time complexity and I/O load analysis in each iteration of our proposed methods. Also, We ran the experiments on a 20-node Hadoop cluster to validate our analysis, and the results conform to our predicted empirical results.

Evaluating attack time expenses for network security alert causal correlation

Network security alert causal correlation aims at correlating causal related security alerts into comprehensible attack scenarios. In this paper, we propose a novel correlation criterion by evaluating the time expenses of the attacks that trigger security alerts. By taking the attack time expenses as random variables and studying their probabilistic distribution, we can calculate the temporal correlation belief metric of any two candidate alerts. To testify the feasibility, a prototype system is designed, implemented and tested with the DARPA 2000 IDS evaluation dataset. Result shows that our method is effective and efficient, providing a strong complementary support for attack scenario construction.

Generating network attack graphs for security alert correlation

Most network administrators have got the unpleasant experience of being overwhelmed by tremendous unstructured network security alerts produced by heterogeneous network devices. To date, various approaches have been proposed to correlate security alerts, including the adoption of network attack graphs to clarify their causal relationship. However, there still lacks an operational method to generate attack graphs tailored for alert correlation, especially in large scale network environments. In this paper, we propose a kind of attack graph which can be built in polynomial time using an intuitive object-oriented method. Based on the graph, a criterion is given out to correlate security alerts into scenarios. As practice, a prototype system is implemented to testify the feasibility of the approaches.