Shunrong Jiang

Efficient Privacy-Preserving Authentication for Vehicular Ad Hoc Networks

In this paper, we present an efficient privacy-preserving authentication scheme based on group signature for vehicular ad hoc networks (VANETs). Although group signature is widely used in VANETs to realize anonymous authentication, the existing schemes based on group signatures suffer from long computation delay in the certificate revocation list (CRL) checking and in the signature verification process, leading to high message loss. As a result, they cannot meet the requirement of verifying hundreds of messages per second in VANETs. In our scheme, we first divide the precinct into several domains, in which roadside units (RSUs) are responsible for distributing group private keys and managing vehicles in a localized manner. Then, we use a hash message authentication code (HMAC) to avoid time-consuming CRL checking and to ensure the integrity of messages before batch group authentication. Finally, we adopt cooperative message authentication among entities, in which each vehicle only needs to verify a small number of messages, thus greatly alleviating the authentication burden. The security and performance analysis show that our scheme is more efficient in terms of authentication speed, while keeping conditional privacy in VANETs.

An Efficient Anonymous Batch Authentication Scheme Based on HMAC for VANETs

In vehicular ad hoc networks (VANETs), when a vehicle receives a message, the certificate revocation list (CRL) checking process will operate before certificate and signature verification. However, large communication sources, storage space, and checking time are needed for CRLs that cause the privacy disclosure issue as well. To address these issues, in this paper, we propose an efficient anonymous batch authentication scheme (ABAH) to replace the CRL checking process by calculating the hash message authentication code (HMAC). In our scheme, we first divide the precinct into several domains, in which road-side units (RSUs) manage vehicles in a localized manner. Then, we adopt pseudonyms to achieve privacy-preserving and realize batch authentication by using an identity-based signature (IBS). Finally, we use HMAC to avoid the time-consuming CRL checking and to ensure the integrity of messages that may get loss in previous batch authentication. The security and performance analysis are carried out to demonstrate that ABAH is more efficient in terms of verification delay than the conventional authentication methods employing CRLs. Meanwhile, our solution can keep conditional privacy in VANETs.

Privacy-preserving authentication based on group signature for VANETs

In this paper, we present an efficient privacy-preserving authentication scheme based on group signature for Vehicular Ad Hoc Networks (VANETs). Although group signature is widely used in VANETs to realize anonymous authentication, the existing schemes based on group signature suffer from long computation delay in the Certificate Revocation List (CRL) checking and signature verification process, leading to high message loss. As a result, they cannot meet the requirement of verifying hundreds of messages per second in VANETs. In our scheme, we first divide the precinct into several domains, in which road side units (RSUs) are responsible for distributing group private keys and managing vehicles in a localized manner. Then we use Hash Message Authentication Code (HMAC) to avoid the time-consuming CRL checking, and to ensure the integrity of messages before batch group authentication. At last, we adopt cooperative message authentication among entities, in which each vehicle just needs to verify a small number of messages, thus greatly alleviating the authentication burden. The security and performance analysis show that our scheme is more efficient in terms of authentication speed, while keeping conditional privacy in VANETs.

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Publicly Verifiable Boolean Query Over Outsourced Encrypted Data

Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations, while keeping privacy preservation and achieving the verification requirements: freshness, authenticity, and completeness. Finally, we extend our scheme by dividing the accumulation tree into different small accumulation trees to make our scheme scalable. The security analysis and performance evaluation show that the proposed scheme is secure and practical.

Privacy-preserving use of genomic data on mobile devices

The rapid development of genomic technologies, especially the DNA sequencing progress, greatly decreases the costs in genome sequencing, which leads to a high availability of genomic data in the near future (e.g., medical test and healthcare). Meanwhile, the increasing popularity of smartphones and mobile connectivity makes it an inevitable trend to use genomic data on mobile devices. However, since ones genomic information is the ultimate identifier of an individual and contains sensitive private data (e.g., disease predispositions, ancestry information, etc.), the use of genomic data may raise serious privacy concerns. Therefore, it is necessary to find ways of using genomic data on mobile devices without disclosure and abuse of the individuals privacy. In this paper, we provide a general framework for storing and processing genomic data privately, in which dynamic symmetric searchable encryption (DSSE) is employed for users to efficiently retrieve their needed genomic data from the Cloud Storage Provider (CSP). Then, users can implement the genetic disease susceptibility test with these genomic data on their mobile devices. Our proposed framework can achieve a higher privacy preserving level at a lower computation cost. Performance evaluation shows the effectiveness and practicality of the proposed scheme.

Publicly Verifiable Boolean Query over Outsourced Encrypted Data

Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.