Mande Xie

CCA-secure ABE with outsourced decryption for fog computing

Fog computing is not a replacement but an extension of cloud computing for the prevalence of the Internet of Things (IoT) applications. In particular, fog computing inserts a middle layer named fog into the infrastructure of cloud computing to obtain the low latency, mobility and location-awareness. Due to the fog layer, the sensitive data stored in fog computing is facing more sophisticated attacks, such as chosen ciphertext attacks, than that in cloud computing. Currently, the attribute-based encryption (ABE) with outsourced decryption is the best solution for data protection in cloud computing for IoT applications. However, none of the existing schemes are CCA secure. To fill this gap, we firstly propose the CCA security model for ABE with outsourced decryption, and then present a concrete CCA-secure ABE scheme with outsourced decryption. The security analysis and experimental results show that our proposal is secure and practical for fog computing. The CCA security model for ABE with outsourced decryption is proposed.A concrete CCA-secure ABE scheme with outsourced decryption is proposed.The security analysis and experimental results show that our proposal is secure and practical for fog computing.

Identity-Based Conditional Proxy Re-Encryption

This paper proposes a new cryptographic primitive, named identity-based conditional proxy re-encryption (IBCPRE). In this primitive, a proxy with some information (a.k.a. re-encryption key) is allowed to transform a subset of ciphertexts under an identity to other ciphertexts under another identity. Due to the specific transformation, IBCPRE is very useful in encrypted email forwarding. Furthermore, we propose a concrete IBCPRE scheme based on Boneh-Franklin identity-based encryption. The proposed IBCPRE scheme is secure against the chosen ciphertext and identity attack in the random oracle.

Fog-based storage technology to fight with cyber threat

Abstract The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastructure architectures, data transmission and other aspects. With the advent of both mobile networks and cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s mobile device is used as an interface to access these services. However, cyber threats are also becoming various and sophisticated, which will endanger the security of users’ private data. In traditional service mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers. By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series of mechanisms. Extensive experiments results also validate the proposed scheme and methods.

Receiving-peer-driven multi-video-source scheduling algorithms in mobile P2P overlay networks

This paper proposes two algorithms for multi-video-source in a new mobile P2P architecture for streaming media systems. One is serial, and the other is parallel. When the service peer set providing expected QoS is not empty, the former is called, otherwise the latter is called. The former triggers the video source change event, re-selects a video source, and synchronizes the multi-video-source by the time model of the streaming sequence when QoS is degraded. The latter allows the multiple video sources to concurrently send the data to the receiving peer according to the assigned transmission. Compared to the existing papers, the contribution of this paper is fourfold: (1) the serial and parallel scheduling algorithms, correctly switched according to the actual situation, are firstly proposed; (2) the mobile feature of peers are firstly considered and validated; (3) the client nodes have better and smoother video quality; (4) our algorithms have shorter run time, which is a crucial factor for an on-line system.

SecNRCC: a loss-tolerant secure network reprogramming with confidentiality consideration for wireless sensor networks

Network reprogramming faces lots of threats from both external attackers and potentially compromised nodes. Security thus becomes a critical requirement for network reprogramming protocols. This paper describes a secure network reprogramming system called SecNRCC for dynamically reprogramable wireless sensor network. In SecNRCC, a light weight authentication method is firstly introduced for the reboot control command. Secondly, a program image preprocess method with security and loss‐tolerance consideration is proposed. Furthermore, a novel immediate packet authentication algorithm with confidentiality consideration is also presented to resist the denial of service attacks exploiting the authentication delay, and finally, a weak authentication operation is performed before the digital signature verification to mitigate denial of service attacks against signature packets. The experimental results show that SecNRCC can securely disseminate the program image to all of node in the wireless sensor networks with acceptable latency and message cost. Copyright

LDSCD: A loss and DoS resistant secure code dissemination algorithm supporting multiple authorized tenants

Abstract Code dissemination protocol faces lots of threats from both the external and potentially internal attackers. Security thus becomes a critical requirement for code dissemination protocols in the wireless sensor networks (WSNs). This paper proposes a loss and denial of service (DoS) resistant secure code dissemination algorithm that supports multiple authorized tenants, referred in this work as a loss and DoS resistant secure code dissemination (LDSCD) for WSNs. In LDSCD, a social role-based distributed online code dissemination framework is proposed. In the proposed framework, the owner of WSNs is not directly involved in the code dissemination and a conditional proxy re-signature technique is utilized to authorize different tenants. The algorithm also proposes a detailed conditional proxy re-signature scheme for the online code dissemination with a security proof. Furthermore, a novel immediate packet authentication algorithm with loss-resilient consideration is also presented in this work to resist the DoS attacks exploiting the authentication delay. The experimental results show that the proposed LDSCD securely disseminates the Program Image to all nodes in the WSNs with acceptable latency and message cost. Furthermore, the experimental results also demonstrate that the proposed LDSCD outperforms the existing code dissemination algorithms in terms of dissemination cost and latency.

Chosen Ciphertext Secure Attribute-Based Encryption with Outsourced Decryption

Although attribute-based encryption ABE is a useful cryptographic tool to realize expressive access policy on ciphertexts, it is not quite suitable for mobile devices. The root cause lies in that the size of the ciphertext and the decryption cost are usually proportional to the complexity of the access policy. To solve this problem, a variant of ABE, named attribute-based encryption with outsourced decryption OD-ABE, was proposed by Green, Hohenberger and Waters. Especially, OD-ABE allows a proxy with a transformation key delegated from the user to simplify ABE ciphertexts satisfied by the users attributes. On the other hand, this transformation also makes it tricky to design an OD-ABE scheme achieving the CCA security that is generally considered as the standard notion of security for a cryptosystem. However, the existing OD-ABE schemes only achieve the re-randomizable replayable CCA security. In this paper, we propose the CCA security model for OD-ABE and a concrete scheme secure in our proposed security model. We believe that this improvement on the security of OD-ABE will lead to a wider spectrum of applications.

Unidirectional Identity-Based Proxy Re-Signature

To construct a suitable and secure proxy re-signature scheme is not an easy job, up to now, there exist only a few schemes. None of these schemes is unidirectional identity-based proxy re-signature, where a semi-trusted proxy can transform a signature under an identity to another signature under another identity on the same message, while the proxy cannot generate any signature on behalf of any of these two identities. In this paper, based on Schnorrs signature and Libert-Vergnaud proxy re-signature, we propose the first unidirectional identity-based proxy re-signature, which is existentially unforgeable in the random oracle model based on the extended computational Diffie-Hellman assumption.

Social role-based secure large data objects dissemination in mobile sensing environment

Social role based distributed Large Data Object dissemination framework is proposed.XOR network coding method is introduced in the proposed algorithm.XOR network coding and security framework are seamlessly integrated into PRXeluge.PRXeluge does not bring any additional load to the subscriber nodes. At present, in mobile sensing environment, almost all the existing secure large data objects dissemination algorithms are centralized. The centralized servers publicize the sensing tasks and are also the authorized parties to initiate sensed data dissemination. This paper proposes a novel social role and network coding based security distributed data dissemination algorithm referred as PRXeluge to overcome the shortcomings of existing centralized data dissemination algorithms. Unlike the existing participatory sensing applications, in PRXeluge, service provider just publicizes the sensing tasks and utilizes a conditional proxy re-signature technique to authorize different social roles such as authorized smartphone users to be utilized as a contracted picture reporters, which sense the data and directly disseminate the sensed large data. Furthermore, PRXeluge proposes the XOR (Exclusive-OR) network coding scheme on the basis of Seluge security framework. To maximize the number of successfully decoded packets, PRXeluge introduces a neighbor node table to determine the optimal coding scheme. Experimental results reveal that the proposed PRXeluge shows better performance in terms of lower data packet transmission and dissemination delay compared to that of Seluge. Furthermore, it is observed from the experiment that the proposed algorithm is stronger as compared to that of centralized scheme and performs the fine grain access control without giving any additional load to subscriber nodes.

An Exhaustive Resource Search Algorithm Based on Ping-Pang Mapping

A resource search algorithm gravely affects the performance of P2P system. This paper proposes a probabilistic and exhaustive search algorithm, which has the merits of structured and unstructured P2P system. The topology of system employs a relaxed random multigraph which is scalable. The algorithm firstly evaluates the desired number of replica of data and query by the birthday paradox theory, which is determined by the userpsilas reliable requirement, and then maps the replica of data and query onto peers in the network by Ping-Pang mapping to perform the exhaustive search. This algorithm overcomes the drawback that the search range is limited and some existing resources can not be found in the unstructured P2P.