Reihaneh Safavi-Naini

Information security and privacy

Stream Ciphers.- Algebraic Attacks on Clock-Controlled Stream Ciphers.- Cache Based Power Analysis Attacks on AES.- Distinguishing Attack on SOBER-128 with Linear Masking.- Evaluating the Resistance of Stream Ciphers with Linear Feedback Against Fast Algebraic Attacks.- Symmetric Key Ciphers.- Ensuring Fast Implementations of Symmetric Ciphers on the Intel Pentium 4 and Beyond.- Improved Cryptanalysis of MAG.- On Exact Algebraic [Non-]Immunity of S-Boxes Based on Power Functions.- Network Security.- Augmented Certificate Revocation Lists.- Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security.- Towards an Invisible Honeypot Monitoring System.- Cryptographic Applications.- Adaptively Secure Traitor Tracing Against Key Exposure and Its Application to Anywhere TV Service.- Fingercasting-Joint Fingerprinting and Decryption of Broadcast Messages.- More on Stand-Alone and Setup-Free Verifiably Committed Signatures.- Secure Implementation.- API Monitoring System for Defeating Worms and Exploits in MS-Windows System.- Hiding Circuit Topology from Unbounded Reverse Engineers.- The Role of the Self-Defending Object Concept in Developing Distributed Security-Aware Applications.- Signatures.- Efficient and Provably Secure Multi-receiver Identity-Based Signcryption.- Efficient Identity-Based Signatures Secure in the Standard Model.- Event-Oriented k-Times Revocable-iff-Linked Group Signatures.- Key Replacement Attack Against a Generic Construction of Certificateless Signature.- Theory.- A Novel Range Test.- Efficient Primitives from Exponentiation in ? p .- PA in the Two-Key Setting and a Generic Conversion for Encryption with Anonymity.- Statistical Decoding Revisited.- Invited Talk.- Towards Provable Security for Ubiquitous Applications.- Security Applications.- Oblivious Scalar-Product Protocols.- On Optimizing the k-Ward Micro-aggregation Technique for Secure Statistical Databases.- Provable Security.- Direct Chosen-Ciphertext Secure Identity-Based Key Encapsulation Without Random Oracles.- Generic Transforms to Acquire CCA-Security for Identity Based Encryption: The Cases of FOpkc and REACT.- Tag-KEM from Set Partial Domain One-Way Permutations.- Protocols.- An Extension to Bellare and Rogaway (1993) Model: Resetting Compromised Long-Term Keys.- Graphical Representation of Authorization Policies for Weighted Credentials.- Secure Cross-Realm C2C-PAKE Protocol.- Hashing and Message Authentication.- Constructing Secure Hash Functions by Enhancing Merkle-Damgard Construction.- Forgery and Key Recovery Attacks on PMAC and Mitchells TMAC Variant.- Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions.

An efficient signature scheme from bilinear pairings and its applications

In Asiacrypt2001, Boneh, Lynn, and Shacham [8] proposed a short signature scheme (BLS scheme) using bilinear pairing on certain elliptic and hyperelliptic curves. Subsequently numerous cryptographic schemes based on BLS signature scheme were proposed. BLS short signature needs a special hash function [6,1,8]. This hash function is probabilistic and generally inefficient. In this paper, we propose a new short signature scheme from the bilinear pairings that unlike BLS, uses general cryptographic hash functions such as SHA-1 or MD5, and does not require special hash functions. Furthermore, the scheme requires less pairing operations than BLS scheme and so is more efficient than BLS scheme. We use this signature scheme to construct a ring signature scheme and a new method for delegation. We give the security proofs for the new signature scheme and the ring signature scheme in the random oracle model.

Certificateless public key encryption without pairing

“Certificateless Public Key Cryptography” has very appealing features, namely it does not require any public key certification (cf. traditional Public Key Cryptography) nor having key escrow problem (cf. Identity-Based Cryptography). Unfortunately, construction of Certificateless Public Key Encryption (CLPKE) schemes has so far depended on the use of Identity-Based Encryption, which results in the bilinear pairing-based schemes that need costly operations. In this paper, we consider a relaxation of the original model of CLPKE and propose a new CLPKE scheme that does not depend on the bilinear pairings. We prove that in the random oracle model, our scheme meets the strong security requirements of the new model of CLPKE such as security against public key replacement attack and chosen ciphertext attack, assuming that the standard Computational Diffie-Hellman problem is intractable.

Privacy preserving EHR system using attribute-based infrastructure

Secure management of Electronic Health Records (EHR) in a distributed computing environment such as cloud computing where computing resources including storage is provided by a third party service provider is a challenging task. In this paper, we explore techniques which guarantees security and privacy of medical data stored in the cloud. We show how new primitives in attribute-based cryptography can be used to construct a secure and privacy-preserving EHR system that enables patients to share their data among healthcare providers in a flexible, dynamic and scalable manner.

Efficient multi-receiver identity-based encryption and its application to broadcast encryption

In this paper, we construct an efficient “multi-receiver identity-based encryption scheme”. Our scheme only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklins identity-based encryption scheme, considered previously in the literature. We extend our scheme to give adaptive chosen ciphertext security. We support both schemes with security proofs under precisely defined formal security model. Finally, we discuss how our scheme can lead to a highly efficient public key broadcast encryption scheme based on the “subset-cover” framework.

Threshold Attribute-Based Signatures and Their Application to Anonymous Credential Systems

In this paper we propose threshold attribute-based signatures (t-ABS). A t-ABS scheme enables a signature holder to prove possession of signatures by revealing only the relevant attributes of the signer, hence providing signer-attribute privacy for the signature holder. We define t-ABS schemes, formalize their security and propose two t-ABS schemes: a basic scheme secure against selective forgery and a second one secure against existential forgery, both provable in the standard model, assuming hardness of the CDH problem. We show that our basic t-ABS scheme can be augmented with two extra protocols that are used for efficiently issuing and verifying t-ABS signatures on committed values. We call the augmented scheme a threshold attribute based c-signature scheme (t-ABCS). We show how a t-ABCS scheme can be used to realize a secure threshold attribute-based anonymous credential system (t-ABACS) providing issuer-attribute privacy. We propose a security model for t-ABACS, give a concrete scheme using t-ABCS scheme, and prove that the credential system is secure if the t-ABCS scheme is secure.

Advances in Cryptology – CRYPTO 2012

We introduce the swap-or-not shuffle and show that the technique gives rise to a new method to convert a pseudorandom function (PRF) into a pseudorandom permutation (PRP) (or, alternatively, to directly build a confusion/diffusion blockcipher). We then prove that swap-or-not has excellent quantitative security bounds, giving a LubyRackoff type result that ensures security (assuming an ideal round function) to a number of adversarial queries that is nearly the size of the construction’s domain. Swap-or-not provides a direct solution for building a small-domain cipher and achieving format-preserving encryption, yielding the best bounds known for a practical scheme for enciphering credit-card numbers. The analysis of swap-or-not is based on the theory of mixing times of Markov chains.

Cancelable key-based fingerprint templates

Biometric based authentication can provide strong security guarantee about the identity of users. Security of biometric data is particularly important as compromise of the data will be permanent. Cancelable biometrics store a non–invertible transformed version of the biometric data and so if the storage is compromised the biometric data remains safe. Cancelable biometrics also provide a higher level of privacy by allowing many templates for the same biometric data and hence non-linkability of user’s data stored in different databases. We define how to measure the success of a particular transformation and matching algorithm for fingerprints. We consider a key–dependent geometric transform that is applied to the features extracted from a fingerprint, to generate a key–dependent cancelable template for the fingerprint. We investigate performance of an authentication system that uses this cancelable fingerprint when a fingerprint matching algorithm is used for detection. We evaluate performance of the system and show the challenges of achieving good performance if the matching algorithm is not modified.

Sequential traitor tracing

We consider a new type of traitor tracing scheme, called sequential traitor tracing, that protects against rebroadcasting of decrypted content. Sequential traceability (TA) schemes trace all up to c traitors and remove the shortcomings of dynamic tracing schemes. We give two general constructions and show the relationship between c-TA codes and sequential tracing schemes.

Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings

Verifiably encrypted signatures are used when Alice wants to sign a message for Bob but does not want Bob to possess her signature on the message until a later date. Such signatures are used in optimistic contact signing to provide fair exchange. Partially blind signature schemes are an extension of blind signature schemes that allows a signer to sign a partially blinded message that include pre-agreed information such as expiry date or collateral conditions in unblinded form. These signatures are used in applications such as electronic cash (e-cash) where the signer requires part of the message to be of certain form. In this paper, we propose a new verifiably encrypted signature scheme and a partially blind signature scheme, both based on bilinear pairings. We analyze security and efficiency of these schemes and show that they are more efficient than the previous schemes of their kind.