Wei-Chuen Yau

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction.

Off-Line Keyword Guessing Attacks on Recent Public Key Encryption with Keyword Search Schemes

The Public Key Encryption with Keyword Search Scheme (PEKS) was first proposed by Boneh et al. in 2004. This scheme solves the problem of searching on data that is encrypted using a public key setting. Recently, Baek et al. proposed a Secure Channel Free Public Key Encryption with Keyword Search (SCF-PEKS) scheme that removes the secure channel for sending trapdoors. They later proposed another improved PEKS scheme that integrates with a public key encryption (PKE) scheme, called PKE/PEKS. In this paper, we present off-line keyword guessing attacks on SCF-PEKS and PKE/PEKS schemes. We demonstrate that outsider adversaries that capture the trapdoors sent in a public channel can reveal encrypted keywords by performing off-line keyword guessing attacks. While, insider adversaries can perform the attacks regardless the trapdoors sent in a public or secure channel.

Design and Implementation of an XML Firewall

Web services provide a means to communicate easily between applications to exchange information. However, the lack in security features provided by Web services creates a window of opportunities for attackers. This paper presents the design of the architecture and filtering policies for an XML firewall. The firewall is implemented using Java language. We conduct a series of tests for verifying the functionality of the firewall. The results of the tests show that the firewall is capable of allowing valid SOAP messages while blocking malicious SOAP messages that contain attacks such as oversized payloads, recursive pay loads, and SQL injections

Proxy Re-encryption with Keyword Search: New Definitions and Algorithms

We propose a new definition for searchable proxy re-encryption scheme (Re-PEKS), define the first known searchable proxy re-encryption scheme with a designated tester (Re-dPEKS), and then give concrete constructions of both Re-PEKS and Re-dPEKS schemes that are secure in the random oracle model.

Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients’ medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

Efficient Secure-Channel Free Public Key Encryption with Keyword Search for EMRs in Cloud Storage

Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester

The first searchable public key encryption scheme with designated testers (dPEKS) known to be secure against keyword guessing attacks was due to Rhee et al. [H.S. Rhee, W. Susilo, and H.J. Kim, Secure searchable public key encryption scheme against keyword guessing attacks, IEICE Electron. Express 6(5) (2009), pp. 237–243]. Recently, some dPEKS schemes, including the Rhee et al. scheme, were found to be vulnerable to keyword guessing attacks by a malicious server. However, the Rhee et al. dPEKS scheme and its improved variants are still known to be secure against keyword guessing attack by the outsider attacker to date. In this paper, we present a keyword guessing attack by the outsider attacker on the existing dPEKS schemes. We first describe the attack scenario which is possible in the current nature of the Internet and public key encryption with keyword search applications, e.g. email routing. We then demonstrate the detailed attack steps on the Rhee et al. scheme as an attack instance. We emphasize that our attack is generic and it equally applies to all existing dPEKS schemes that claim to be secure against keyword guessing attacks by the outsider attacker.

Searchable Symmetric Encryption: Designs and Challenges

Searchable Symmetric Encryption (SSE) when deployed in the cloud allows one to query encrypted data without the risk of data leakage. Despite the widespread interest, existing surveys do not examine in detail how SSE’s underlying structures are designed and how these result in the many properties of a SSE scheme. This is the gap we seek to address, as well as presenting recent state-of-the-art advances on SSE. Specifically, we present a general framework and believe the discussions may lead to insights for potential new designs. We draw a few observations. First, most schemes use index table, where optimal index size and sublinear search can be achieved using an inverted index. Straightforward updating can only be achieved using direct index, but search time would be linear. A recent trend is the combinations of index table, and tree, deployed for efficient updating and storage. Secondly, mechanisms from related fields such as Oblivious RAM (ORAM) have been integrated to reduce leakages. However, using these mechanisms to minimise leakages in schemes with richer functionalities (e.g., ranked, range) is relatively unexplored. Thirdly, a new approach (e.g., multiple servers) is required to mitigate new and emerging attacks on leakage. Lastly, we observe that a proposed index may not be practically efficient when implemented, where I/O access must be taken into consideration.

Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage

Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

On the effective subkey space of some image encryption algorithms using external key

Show the importance of properly designing the key schedule of image encryption.A new rule to ensure that subkeys retain the key space security of image encryption.Attacks on three schemes to show how the rule is applied to concrete schemes. One of the general ways in designing a secure image encryption algorithm based on chaos theory is to derive a number of round subkeys from the Key Schedule algorithm under the control of an external secret key. A compulsory condition for the security of an image encryption algorithm is that the length of the external secret key should be sufficiently long in terms of bitlength. However, the sufficiently long secret key is not a guarantee that the algorithm is secure. In this paper, we emphasize the importance in designing a secure Key Schedule algorithm for such image based encryption techniques. Notably, we show why the effective space spanned by the subkeys should never be smaller than the external secret key space. To highlight the importance of this, we present our attacks on three recently proposed image encryption schemes.