Martin Gagné

Privacy preserving EHR system using attribute-based infrastructure

Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees security and privacy of medical data stored in the cloud. We show how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.

Threshold attribute-based signcryption

In this paper, we propose a new threshold attribute-based signcryption scheme secure in the standard model. The scheme provides message confidentiality, and authenticity of a message in addition to attesting the attributes of the sender. Such a property is useful in applications such as electronic card, digital prescription carrier devices, secure and authentic email service, etc. Our scheme relies on the intractability of the hashed modified decisional Diffie-Hellman and modified computational Diffie-Hellman assumptions, and is proven secure under adaptive chosen ciphertext attack and chosen message attack security notions of signcryption. Further, we achieve a tight reduction for both the security notions in the standard model.

A content-driven access control system

Protecting identity in the Internet age requires the ability to go beyond the identification of explicitly identifying information like social security numbers, to also find the broadly-held attributes that, when taken together, are identifying. We present a system that can work in conjunction with natural language processing algorithms or user-generated tags, to protect identifying attributes in text. The system uses a new attribute-based encryption protocol to control access to such identifying attributes and thus protects identity. The system supports the definition of user access rights based on role or identity. We extend the existing model of attribute-based encryption to support threshold access rights and provide a heuristic instantiation of revocation.

Short pairing-efficient threshold-attribute-based signature

In this paper, we construct a new threshold-attribute-based signature (t-ABS) scheme that is significantly more efficient than all previous t-ABS schemes. The verification algorithm requires the computation of only 3 pairing operations, independently of the attribute set of the signature, and the size of the signature is also independent of the number of attributes. The security of all our schemes is reduced to the computational Diffie-Hellman problem. We also show how to achieve shorter public parameters based on the intractability of computational Diffie-Hellman assumption in the random oracle model.

Automated security proof for symmetric encryption modes

We presents a compositional Hoare logic for proving semantic security of modes of operation for symmetric key block ciphers. We propose a simple programming language to specify encryption modes and an assertion language that allows to state invariants and axioms and rules to establish such invariants. The assertion language consists of few atomic predicates. We were able to use our method to verify semantic security of several encryption modes including Cipher Block Chaining (CBC), Cipher Feedback mode (CFB), Output Feedback (OFB), and Counter mode (CTR).

Automated verification of block cipher modes of operation, an improved method

In this paper, we improve on a previous result by Gagne et al. [9] for automatically proving the semantic security of symmetric modes of operation for block ciphers. We present a richer assertion language that uses more flexible invariants, and a more complete set of rules for establishing the invariants. In addition, all our invariants are given a meaningful semantic definition, whereas some invariants of the previous result relied on more ad hoc definitions. Our method can be used to verify the semantic security of all the encryption modes that could be proven secure in [9], in addition to other modes, such as Propagating Cipher-Block Chaining (PCBC).

Fully Secure Inner-Product Proxy Re-Encryption with Constant Size Ciphertext

In this paper, we present a new inner product proxy re-encryption scheme. The scheme can easily be converted into a threshold attribute-based proxy re-encryption scheme, and can be used to provide fine-grained access control in cloud storage systems. Our scheme is very efficient, requiring a linear number of exponentiations and a constant number of pairing computations for encryption and decryption. The length of the ciphertext is also independent of the length of the vector. The scheme is proven adaptively secure under standard assumptions in groups of composite orders.

Automated Security Proofs for Almost-Universal Hash for MAC Verification

Message authentication codes (MACs) are an essential primitive in cryptography. They are used to ensure the integrity and authenticity of a message, and can also be used as a building block for larger schemes, such as chosen-ciphertext secure encryption, or identity-based encryption. MACs are often built in two steps: first, the ‘front end’ of the MAC produces a short digest of the long message, then the ‘back end’ provides a mixing step to make the output of the MAC unpredictable for an attacker. Our verification method follows this structure. We develop a Hoare logic for proving that the front end of the MAC is an almost-universal hash function. The programming language used to specify these functions is fairly expressive and can be used to describe many block-cipher and compression function-based MACs. We implemented this method into a prototype that can automatically prove the security of almost-universal hash functions. This prototype can prove the security of the front-end of many CBC-based MACs (DMAC, ECBC, FCBC and XCBC to name only a few), PMAC and HMAC. We then provide a list of options for the back end of the MAC, each consisting of only two or three instructions, each of which can be composed with an almost-universal hash function to obtain a secure MAC.

Automated Proofs of Block Cipher Modes of Operation

We present a Hoare logic for proving semantic security and determining exact security bounds of a block cipher mode of operation. We propose a simple yet expressive programming language to specify encryption modes, semantic functions for each command (statement) in the language, an assertion language that allows to state predicates and axioms, and rules to propagate the predicates through the commands of a program. We also provide heuristics for finding loop invariants that are necessary for the application of our rule on for-loops. This enables us to prove the security of protocols that take arbitrary length messages as input. We implemented a prototype that uses this logic to automatically prove the security of block cipher modes of operation. This prototype can prove the security of many standard modes of operation, such as Cipher Block Chaining (CBC), Cipher FeedBack mode (CFB), Output FeedBack (OFB), and CounTeR mode (CTR).

Using mobile device communication to strengthen e-Voting protocols

Remote e-voting protocols strive to achieve sophisticated security properties. However, the inherent complexity of this level of sophistication typically comes at a cost: Protocols must either accept trade-offs in terms of security or are impractical. In this paper, we show how the additional communication capabilities given by the pervasive availability of mobile phones today can be used to strengthen the security offered by remote e-voting protocols. More precisely, the presence of two separate channels between the voter and the election authorities, namely the possibility for voters to communicate with authorities using both their computers and their mobile phones, opens up useful possibilities to significantly improve the security of remote e-voting with little cost in practicality. We discuss three mobile building blocks that can be plugged into many existing protocols from the literature, and that yield important security properties such as eligibility, resistance against impersonation attacks, inalterability, vote independence and coercion resistance, and even privacy and integrity of votes in the presence of malicious computers, under realistic assumptions.