Stelvio Cimato

Optimal colored threshold visual cryptography schemes

Visual cryptography schemes allow the encoding of a secret image into n shares which are distributed to the participants. The shares are such that only qualified subsets of participants can “visually” recover the secret image. Usually the secret image consist of black and white pixels. In colored threshold visual cryptography schemes the secret image is composed of pixels taken from a given set of c colors. The pixels expansion and the contrast of a scheme are two measures of the goodness of the scheme.In this paper, we study c-color (k,n)-threshold visual cryptography schemes and provide a characterization of contrast-optimal schemes. More specifically we prove that there exists a contrast-optimal scheme that is a member of a special set of schemes, which we call canonical schemes, and that satisfy strong symmetry properties.Then we use canonical schemes to provide a constructive proof of optimality, with respect to the pixel expansion, of c-color (n,n)-threshold visual cryptography schemes.Finally, we provide constructions of c-color (2,n)-threshold schemes whose pixels expansion improves on previously proposed schemes.

Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System

A serious concern in the design and use of biometric authentication systems is the privacy protection of the information derived from human biometric traits, especially since such traits cannot be replaced. Combining cryptography and biometrics, several recent works proposed to build the protection in the biometric templates themselves. While these solutions can increase the confidence in biometric systems when biometric information is stored for verification, they have been shown difficult to apply to real biometrics. In this work we present a biometric authentication technique that exploits multiple biometric traits. It is privacy-aware as it ensures privacy protection and allows the extraction of secure identifiers by means of cryptographic primitives. We also discuss the implementation of our approach by considering, as a significant example, the combination of iris and fingerprint biometrics and present experimental results obtained from real data. The implementation shows the feasibility of the scheme in practical applications.

Secure Collaborative Supply-Chain Management

The SecureSCM project demonstrates the practical applicability of secure multiparty computation to online business collaboration. A prototype supply-chain management system protects the confidentiality of private data while rapidly adapting to changing business needs.

Secure E-Coupons

As the Internet is getting easier and faster to use, electronic coupon (e-coupon) distribution is becoming a more and more popular advertising technique. E-coupons are the digital analogue of paper coupons which are used to provide customers with discounts or gift in order to incentive the purchase of some products. Nowadays, the potential of digital coupons has not been fully exploited on the web. This is mostly due to the lack of “efficient” techniques to handle the generation and distribution of e-coupons. In this paper we discuss models and protocols for e-coupons satisfying a number of security requirements. Furthermore we present a lightweight implementation of our protocol, which preserves the privacy of the users, since it does not require any registration phase.

Towards the Certification of Cloud Services

The need of a certification process for cloud-based services is emerging as a way to address some of the remaining obstacles facing the effective development and diffusion of the cloud-computing paradigm. In this paper we move the first steps towards a complete approach containing a conceptual framework where the specifications of basic, hybrid and incremental certification models for cloud-based services can be given. Specifically, we focus on the definition of a unifying meta-model to provide representational guidelines for (i) the definition of the security properties to be certified, (ii) the types of evidence underlying them, (iii) the phases of the certificate life cycle, as well as of all mechanisms for generating supporting evidence.

A Multi-biometric Verification System for the Privacy Protection of Iris Templates

Biometric systems have been recently developed and used for authentication or identification in several scenarios, ranging from institutional purposes (border control) to commercial applications (point of sale). Two main issues are raised when such systems are applied: reliability and privacy for users. Multi-biometric systems, i.e. systems involving more than a biometric trait, increase the security of the system, but threaten users’ privacy, which are compelled to release an increased amount of sensible information. In this paper, we propose a multi-biometric system, which allows the extraction of secure identifiers and ensures that the stored information does not compromise the privacy of users’ biometrics. Furthermore, we show the practicality of our approach, by describing an effective construction, based on the combination of two iris templates and we present the resulting experimental data.

AS5 : a secure searchable secret sharing scheme for privacy preserving database outsourcing

Researchers have been studying security challenges of database outsourcing for almost a decade. Privacy of outsourced data is one of the main challenges when the “Database As a Service” model is adopted in the service oriented trend of the cloud computing paradigm. This is due to the insecurity of the network environment or even the untrustworthiness of the service providers. This paper proposes a method to preserve privacy of outsourced data based on Shamir’s secret sharing scheme. We split attribute values into several parts and distribute them among untrusted servers. The problem of using secret sharing in data outsourcing scenario is how to search efficiently within the randomly generated pool of shares. In this paper, at first, we customize Shamir’s scheme to have A Searchable Secret Sharing Scheme (AS4) that enables the efficient execution of different kinds of queries over distributed shares. Then, we extend our method for sharing values to A Secure Searchable Secret Sharing Scheme (AS5) to tolerate statistical attacks based on adversary’s knowledge about outsourced data distribution. In AS5 data shares are generated uniformly across a domain to prevent information leakage about the outsourced data.

Overcoming the obfuscation of Java programs by identifier renaming

Decompilation is the process of translating object code to source code and is usually the first step towards the reverse-engineering of an application. Many obfuscation techniques and tools have been developed, with the aim of modifying a program, such that its functionalities are preserved, while its understandability is compromised for a human reader or the decompilation is made unsuccessful. Some approaches rely on malicious identifiers renaming, i.e., on the modification of the program identifiers in order to introduce confusion and possibly prevent the decompilation of the code. In this work we introduce a new technique to overcome the obfuscation of Java programs by identifier renaming. Such a technique relies on the intelligent modification of identifiers in Java bytecode. We present a new software tool which implements our technique and allows the processing of an obfuscated program in order to rename the identifiers as required by our technique. Moreover, we show how to use the existing tools to provide a partial implementation of the technique we propose. Finally, we discuss the feasibility of our approach by showing how to contrast the obfuscation techniques based on malicious identifier renaming recently presented in literature.

Efficient Key Management for Enforcing Access Control in Outsourced Scenarios

Data outsourcing is emerging today as a successful paradigm allowing individuals and organizations to exploit external servers for storing and distributing data. While trusted to properly manage the data, external servers are often not authorized to read them, therefore requiring data to be encrypted. In such a context, the application of an access control policy requires different data to be encrypted with different keys so to allow the external server to directly enforce access control and support selective dissemination and access.

Toward Cloud-Based Key Management for Outsourced Databases

A major drawback of implementing Database-as-a-Service (DaaS) on untrusted servers is the complexity of key management required for handling revocation. In this paper we put forward the idea of using the cloud for decoupling the management of local, user-specific encryption keys from the one of role-specific protection keys, obtaining simple key management and revocation schemes.Compact reactive lumped-element circuits fabricated using a single thick metal-layer deep X-ray lithography process are presented. Vertically oriented capacitive features are combined with inductive features in >0.25-mm-thick metal layers to realize lumped-element filter and coupler microstructures operating at up to 12 GHz. Measurements for separate thick metal reactive structures are also presented, including variable capacitors and single-turn square loop inductors. Devices feature impressive vertical structure, including a 77:1 aspect ratio, 1.3-μm-wide cantilever gap structure in 100-μm-thick photoresist. A 0.6-pF capacitor has -factors of 95 at 5.6 GHz and 214 at 3.5 GHz, and a structurally compatible 1.2-nH loop inductor has a -factor of 47 at 6.8 GHz and a self-resonant frequency of 18.8 GHz. Together, these types of devices could form the building blocks for various integrated reactive lumped-element-based circuits.