Qiang Tang

An application of the Goldwasser-Micali cryptosystem to biometric authentication

This work deals with the security challenges in authentication protocols employing volatile biometric features, where the authentication is indeed a comparison between a fresh biometric template and that enrolled during the enrollment phase. We propose a security model for biometric-based authentication protocols by assuming that the biometric features to be public. Extra attention is paid to the privacy issues related to the sensitive relationship between a biometric feature and the relevant identity. Relying on the Goldwasser-Micali encryption scheme, we introduce a protocol for biometric-based authentication and prove its security in our security model.

Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes

With a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme, a users private key is associated with a set of attributes and the data is encrypted under an access policy defined by the message sender. A user can decrypt a ciphertext if and only if her attributes satisfy the access policy. In CP-ABE, since the message sender enforces the access policy during the encryption phase, the policy moves with the encrypted data. In this paper, we provide an efficient CP-ABE scheme which can express any access policy represented by a formula involving the and (***) and or (***) operators. The scheme is secure under Decision Bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we extend the expressiveness of the scheme by including the of operator in addition to *** and ***. We provide a comparison with some existing CP-ABE schemes and show that our schemes are more efficient.

Extended private information retrieval and its application in biometrics authentications

In this paper we generalize the concept of Private Information Retrieval (PIR) by formalizing a new cryptographic primitive, named Extended Private Information Retrieval (EPIR). Instead of enabling a user to retrieve a bit (or a block) from a database as in the case of PIR, an EPIR protocol enables a user to evaluate a function f which takes a string chosen by the user and a block from the database as input. Like PIR, EPIR can also be considered as a special case of the secure two-party computation problem (and more specifically the oblivious function evaluation problem). We propose two EPIR protocols, one for testing equality and the other for computing Hamming distance. As an important application, we show how to construct strong privacy-preserving biometric-based authentication schemes by employing these EPIR protocols.

Privacy in Online Social Networks

Online social networks (OSNs) have become part of daily life for millions of users. Users building explicit networks that represent their social relationships and often share a wealth of personal information to their own benefit. The potential privacy risks of such behavior are often underestimated or ignored. The problem is exacerbated by lacking experience and awareness in users, as well as poorly designed tools for privacy management on the part of the OSN. Furthermore, the centralized nature of OSNs makes users dependent and puts the service provider in a position of power. Because service providers are not by definition trusted or trustworthy, their practices need to be taken into account when considering privacy risks. This chapter aims to provide insight into privacy in OSNs. First, a classification of different types of OSNs based on their nature and purpose is made. Next, different types of data contained in OSNs are distinguished. The associated privacy risks in relation to both users and service providers are identified, and finally, relevant research areas for privacy-protecting techniques are discussed. Clear mappings are made to reflect typical relations that exist between OSN type, data type, particular privacy risks, and privacy-preserving solutions.

Privacy in Recommender Systems

In many online applications, the range of content that is offered to users is so wide that a need for automated recommender systems arises. Such systems can provide a personalized selection of relevant items to users. In practice, this can help people find entertaining movies, boost sales through targeted advertisements, or help social network users meet new friends. To generate accurate personalized recommendations, recommender systems rely on detailed personal data on the preferences of users. Examples are ratings, consumption histories, and personal profiles. Recommender systems are useful, however the privacy risks associated to gathering and processing personal data are often underestimated or ignored. Many users are not sufficiently aware if and how much of their data is collected, if such data is sold to third parties, or how securely it is stored and for how long. This chapter aims to provide insight into privacy in recommender systems. First, we discuss different types of existing recommender systems. Second, we give an overview of the data that is used in recommender systems. Third, we examine the associated risks to data privacy. Fourth, relevant research areas for privacy-protection techniques and their applicability to recommender systems are discussed. Finally, we conclude with a discussion on applying and combining different privacy-protection techniques in real-world settings, making clear mappings to reflect typical relations between recommender system types, information types, particular privacy risks, and privacy-protection techniques.

A Type-and-Identity-Based Proxy Re-encryption Scheme and Its Application in Healthcare

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatees private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme.

Embedding Renewable Cryptographic Keys into Continuous Noisy Data

Fuzzy extractor is a powerful but theoretical tool to extract uniform strings from discrete noisy data. Before it can be used in practice, many concerns need to be addressed in advance, such as making the extracted strings renewable and dealing with continuous noisy data. We propose a primitive fuzzy embedderas a practical replacement for fuzzy extractor. Fuzzy embedder naturally supports renewability because it allows a randomly chosen string to be embedded. Fuzzy embedder takes continuous noisy data as input and its performance directly links to the property of the input data. We give a general construction for fuzzy embedder based on the technique of Quantization Index Modulation ( QIM ) and derive the performance result in relation to that of the underlying QIM . In addition, we show that quantization in 2-dimensional space is optimal from the perspective of the length of the embedded string. We also present a concrete construction for fuzzy embedder in 2-dimensional space and compare its performance with that obtained by the 4-square tiling method of Linnartz, et al.[13].

Inter-domain Identity-Based Proxy Re-encryption

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). So far, research efforts have only been devoted to the intra-domain setting, where the delegator and the delegatee are registered in the same domain. In this paper, we investigate the proxy re-encryption in the inter-domain setting, where the delegator and the delegatee are from different domains, and focus on the identity-based case. We analyze the trust relationships and possible threats to the plaintext privacy, and provide rigorous security definitions. We propose a new inter-domain identity-based proxy re-encryption scheme and prove its security in our security model. An interesting property of the proposed scheme is that, to achieve the chosen plaintext security for the delegator, the delegatees IBE only needs to be one-way.

Privacy-preserving collaborative filtering based on horizontally partitioned dataset

Nowadays, recommender systems have been increasingly used by companies to improve their services. Such systems are employed by companies in order to satisfy their existing customers and attract new ones. However, many small or medium companies do not possess adequate customer data to generate satisfactory recommendations. To solve this problem, we propose that the companies should generate recommendations based on a joint set of customer data. For this purpose, we present a privacy-preserving collaborative filtering algorithm, which allows one company to generate recommendations based on its own customer data and the customer data from other companies. The security property is based on rigorous cryptographic techniques, and guarantees that no company will leak its customer data to others. In practice, such a guarantee not only protects companies business incentives but also makes the operation compliant with privacy regulations. To obtain precise performance figures, we implement a prototype of the proposed solution in C++. The experimental results show that the proposed solution achieves significant accuracy difference in the generated recommendations.

Embedding renewable cryptographic keys into noisy data

A fuzzy extractor is a powerful but theoretical tool that can be used to extract uniform strings from (discrete) noisy sources. However, when using a fuzzy extractor in practice, extra features are needed, such as the renewability of the extracted strings and the ability to use the fuzzy extractor directly on continuous input data instead of discrete data. Our contribution is threefold. Firstly, we propose a fuzzy embedder as a generalization of the fuzzy extractor. A fuzzy embedder naturally supports renewability, as it allows a string to be embedded instead of extracted. It also supports direct analysis of quantization effects, as it makes no limiting assumptions about the nature of the input source. Secondly, we give a general construction for fuzzy embedders based on the technique of quantization index modulation (QIM). We show that the performance measures of a QIM, as proposed by the watermarking community, translate directly to the security properties of the corresponding fuzzy embedder. Finally, we show that from the perspective of the length of the embedded string, quantization in two dimensions is optimal. We present two practical constructions for a fuzzy embedder in two-dimensional space. The first construction is optimal from reliability perspective, and the second construction is optimal in the length of the embedded string.