Shi-Feng Sun

An Efficient Non-interactive Multi-client Searchable Encryption with Support for Boolean Queries

Motivated by the recent searchable symmetric encryption protocol of Cash et al., we propose a new multi-client searchable encryption protocol in this work. By tactfully leveraging the RSA-function, our protocol avoids the per-query interaction between the data owner and the client, thus reducing the communication overhead significantly and eliminating the need of the data owner to provide the online services to clients at all times. Furthermore, our protocol manages to protect the query privacy of clients to some extent, meaning that our protocol hides the exact queries from the data owner. In terms of the leakage to server, it is exactly the same as Cash et al., thus achieving the same security against the adversarial server. In addition, by employing attribute-based encryption technique, our protocol also realizes the fine-grained access control on the stored data. To be compatible with our RSA-based approach, we also present a deterministic and memory-efficient ‘keyword to prime’ hash function, which may be of independent interest.

Efficient, fast and scalable authentication for VANETs

Vehicular Ad Hoc Networks (VANETs) enable vehicle-to-vehicle communication to enhance road safety and improve driving experience. To secure periodic single-hop beacon messages for VANET applications, digital signature is one of the fundamental security approaches. However, it is vulnerable as excessive signatures would exhaust the computational resources of vehicles. In this paper, we propose a novel authentication mechanism VSPT, VANET authentication with Signatures and Prediction-based TESLA, which combines the advantages of both Elliptic Curve Digital Signature Algorithm (ECDSA) and Prediction-based TESLA. Although ECDSA is computationally expensive, it provides authentication and non-repudiation. Prediction-based TESLA enables fast and efficient verification by exploiting the senders ability to predict its own future beacons. Both theoretical analysis and simulation results show that VSPT outperforms either the signature or TESLA in not only lossless situations but also lossy environments.

SGOR: Secure and scalable geographic opportunistic routing with received signal strength in WSNs

Abstract Wireless sensor networks (WSNs) are inherently susceptible to attacks as malicious nodes can disrupt the communication from any other node to the sink. To address a wide range of attacks, we propose a novel and comprehensive approach called Secure and Scalable Geographic Opportunistic Routing with received signal strength (SGOR), satisfying the requirements of both security and scalability in WSNs. Unlike most of previous secure protocols relying on infrastructure like anchor nodes, a distributed location verification algorithm is presented to utilize the received signal strength to address the location spoofing attack. As one of opportunistic geographic routings, SGOR provides the property of robustness by taking full advantage of the broadcast nature of wireless channels, and scalability for being inherited from geographic routing. Moreover, an ambient-sensitive trust model is proposed to defend against more kinds of attackers in SGOR. The theoretical results are given to demonstrate the effectiveness and robustness of SGOR to survive more severe attacks. In extensive simulations, we compare SGOR with four other representative protocols. The results show that SGOR achieves about two times higher packet delivery rate with acceptable overhead, particularly in large and highly hostile networks.

Efficient Leakage-Resilient Identity-Based Encryption with CCA Security

Due to the proliferation of side-channel attacks, lots of efforts have been made to construct cryptographic systems that are still secure even if part of the secret information is leaked to the adversary. Recently, many identity-based encryption IBE schemes have been proposed in this context, almost all of which, however, are only proved CPA secure. As far as we know, the IBE scheme presented by Alwen et al. is the unique CCA secure and the most practical one in the standard model. Unfortunately, this scheme suffers from an undesirable shortcoming that the leakage parameter λ and the message length m are subject to λ+m≤logp-ωlogi¾?, where i¾? is the security parameter and p is the prime order of the underlying group. To overcome this drawback, we designed a new IBE scheme based on Gentrys IBE in this paper, which is λ-leakage resilient CCA2 secure in the standard model where λ≤logp-ωlogi¾?. In contrast, the leakage parameter λ in our proposal is independent of the size of the message space. Moreover, our scheme is quite practical and almost as efficient as the original scheme. To the best of our knowledge, it is the first practical leakage-resilient fully CCA2 secure IBE scheme in the standard model, tolerating up to logp-ωlogi¾?-bit leakage of the private key, the leakage parameter of which is independent of the message length.

RingCT 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency Monero

In this work, we initially study the necessary properties and security requirements of Ring Confidential Transaction (RingCT) protocol deployed in the popular anonymous cryptocurrency Monero. Firstly, we formalize the syntax of RingCT protocol and present several formal security definitions according to its application in Monero. Based on our observations on the underlying (linkable) ring signature and commitment schemes, we then put forward a new efficient RingCT protocol (RingCT 2.0), which is built upon the well-known Pedersen commitment, accumulator with one-way domain and signature of knowledge (which altogether perform the functions of a linkable ring signature). Besides, we show that it satisfies the security requirements if the underlying building blocks are secure in the random oracle model. In comparison with the original RingCT protocol, our RingCT 2.0 protocol presents a significant space saving, namely, the transaction size is independent of the number of groups of input accounts included in the generalized ring while the original RingCT suffers a linear growth with the number of groups, which would allow each block to process more transactions.

Towards Multi-user Searchable Encryption Supporting Boolean Query and Fast Decryption

The single-writer/multi-reader searchable encryption (SMSE) allows an arbitrary authorized user to submit a valid search token and get the corresponding encrypted identifiers. In order to achieve fine-grained access control, the identifiers are encrypted by the attribute-based encryption. In this case, the user can decrypt a ciphertext only when the access policy in it matches the user’s attribute set. However, the server unable to determine whether the user can decrypt a certain ciphertext without the knowledge of the user’s attribute set. As a result, all the ciphertexts based on a search token have to be returned to the user, which causes unnecessary communication and decryption costs. In this paper, we propose a new SMSE scheme, in which the server just needs to return the ones which can be decrypted by the user rather than the whole search results. In order to achieve this goal, we present a server-side match technique with which the server can test whether the user can decrypt a ciphertext without knowing the user’s attribute set. Furthermore, the decryption computation is very efficient, irrespective of the structure of access policy. Therefore, both the communication and decryption overheads are dramatically reduced in our scheme.

Efficient chosen ciphertext secure identity‐based encryption against key leakage attacks

Due to the proliferation of side-channel attacks, many efforts have been made to construct cryptographic systems that remain provably secure even if part of the secret information is leaked to the adversary. Recently, there have been many identity-based encryption (IBE) schemes proposed in this context, almost all of which, however, can only achieve chosen plaintext attack (CPA) security. As far as we know, Alwen et al.s IBE is the unique practical scheme secure against adaptive chosen ciphertext attacks (CCA2) in the standard model. Unfortunately, this scheme suffers from an undesirable shortcoming that the leakage parameter λ and the message length m are subject to λ + m≤ logp − ω(logκ), where κ and p denote the security parameter and the prime order of the underlying group, respectively. Beyond that, the leakage ratio in this scheme is very low, which can just reach 1/6. In this work, we put forward two new IBE schemes, both of which are λ-leakage-resilient CCA2 secure in the standard model. Specifically, the first construction is proposed based on Gentrys IBE, which is quite practical and almost as efficient as the original scheme. Moreover, its leakage parameter, λ≤ logp − ω(logκ), is independent of the size of the message space. To the best of our knowledge, it is the first practical leakage-resilient fully CCA2 secure IBE scheme in the standard model, tolerating up to (logp − ω(logκ))-bit leakage of the private key and its leakage parameter being independent of the message length. As to the second construction, it is proposed based on the scheme of Alwen et al., which has the same leakage parameter as Alwen et al., but has a better efficiency performance and a higher leakage ratio. As far as we know, it is the first practical and fully CCA2 secure leakage-resilient IBE scheme with leakage ratio up to 1/4. Copyright

Dynamic Searchable Symmetric Encryption Schemes Supporting Range Queries with Forward (and Backward) Security

Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

Anonymizing Bitcoin Transaction

Bitcoin is a new online decentralised payment system equipped by a cryptographic system which runs in a peer-to-peer network. While it denies any central authority, it can still verify and validate the transactions by its protocol. To make the transactions accountable, Bitcoin uses an open database which can be seen and checked by anyone. Despite no direct relationship between the Bitcoin transactions and the identity of the users, the information about the users can still be gathered by analysing the information contained in the transactions. We propose a protocol which minimises the relationship between the transactions to protect the information of the payer from the curious payee.

Towards Efficient, Secure, and Fine-Grained Access Control System in MSNs with Flexible Revocations

With the pervasiveness of mobile communications, MSNs have become a promising networking paradigm for users to share contents with others through mobile devices. This convenience comes at the cost of some serious security and privacy issues. In this work, we propose a novel privacy-preserving scheme for MSNs, which can efficiently solve some of the most serious security and privacy issues such as data confidentiality, fine-grained access control, and flexible revocation. In particular, we leverage the attribute based encryption technique to realize fine-grained access control over encrypted data. Moreover, we enhance this technique and design a flexible and fine-grained revocation mechanism which enables not only efficient user revocation but also efficient attribute revocation. As we show, our system can achieve both forward secrecy and backward secrecy using such mechanism. We compare our scheme with other related works and show that not only most of the previous works suffer from larger size of encrypted data but also their decryption time grows linearly with the complexity of access policies. In comparison, our scheme achieves higher efficiency and smaller computation time while consuming lesser storage space. We provide extensive analysis and performance evaluation to demonstrate the security, scalability, and efficiency of our proposed framework.