Xuhua Ding

Private query on encrypted data in multi-user settings

Searchable encryption schemes allow users to perform keyword based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multi-user setting. Our results include a set of security notions for multi-user searchable encryption as well as a construction which is provably secure under the newly introduced security notions.

Protecting RFID communications in supply chains

Recent years have seen much growing attention on RFID security. However, little work has been performed to address the security issues in the context of supply chain management, which is exactly the major field for RFID applications. Existing RFID solutions cannot be applied directly in this field because of a set of special RFID security requirements to be addressed for supply chain management. The major contribution of this paper is to identify the unique set of security requirements in supply chains and to propose a practical design of RFID communication protocols that satisfy the security requirements.

Conditional proxy re-encryption secure against chosen-ciphertext attack

In a proxy re-encryption (PRE) system [4], a proxy, authorized by Alice, can convert a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. PRE has found many practical applications requiring delegation. However, it is inadequate to handle scenarios where a fine-grained delegation is demanded. To overcome the limitation of existing PRE systems, we introduce the notion of conditional proxy re-encryption (C-PRE), whereby only ci-phertext satisfying a specific condition set by Alice can be transformed by the proxy and then decrypted by Bob. We formalize its security model and propose an efficient C-PRE scheme, whose chosen-ciphertext security is proven under the 3-quotient bilinear Diffie-Hellman assumption. We further extend the construction to allow multiple conditions with a slightly higher overhead.

Private information retrieval using trusted hardware

Many theoretical PIR (Private Information Retrieval) constructions have been proposed in the past years. Though information theoretically secure, most of them are impractical to deploy due to the prohibitively high communication and computation complexity. The recent trend in outsourcing databases fuels the research on practical PIR schemes. In this paper, we propose a new PIR system by making use of trusted hardware. Our system is proven to be information theoretically secure. Furthermore, we derive the computation complexity lower bound for hardware-based PIR schemes and show that our construction meets the lower bounds for both the communication and computation costs, respectively.

Remote attestation on program execution

Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a relevant executable is invoked due to the execution of the target program, its state is measured for attestation. Our scheme not only testifies to a programs execution, but also supports fine-granularity attestations and information flow checking.

Embellishing text search queries to protect user privacy

Users of text search engines are increasingly wary that their activities may disclose confidential information about their business or personal profiles. It would be desirable for a search engine to perform document retrieval for users while protecting their intent. In this paper, we identify the privacy risks arising from semantically related search terms within a query, and from recurring high-specificity query terms in a search session. To counter the risks, we propose a solution for a similarity text retrieval system to offer anonymity and plausible deniability for the query terms, and hence the user intent, without degrading the systems precision-recall performance. The solution comprises a mechanism that embellishes each user query with decoy terms that exhibit similar specificity spread as the genuine terms, but point to plausible alternative topics. We also provide an accompanying retrieval scheme that enables the search engine to compute the encrypted document relevance scores from only the genuine search terms, yet remain oblivious to their distinction from the decoys. Empirical evaluation results are presented to substantiate the effectiveness of our solution.

Leak-free group signatures with immediate revocation

Group signatures are an interesting and appealing cryptographic construct with many promising potential applications. This work is motivated by attractive features of group signatures, particularly, their potential to serve as foundation for anonymous credential systems. We reexamine the entire notion of group signatures from a systems perspective and identify two new security requirements: leak-freedom and immediate-revocation, which are crucial for a large class of applications. We then present a new group signature scheme that achieves all identified properties. Our scheme is based on the so-called systems architecture approach. It is more efficient than the state-of-the-art and facilitates easy implementation. Moreover, it reflects the well-known separation-of-duty principle. Another benefit of our scheme is the obviated reliance on underlying anonymous communication channels, which are necessary in previous schemes.

Multiuser private queries over encrypted databases

Searchable encryption schemes allow users to perform keyword-based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multiuser setting. Our results include a set of security notions for multiuser searchable encryption as well as a construction which is provably secure under the newly introduced security notions. We also discuss how to improve query efficiency.

A scalable and format-compliant encryption scheme for H.264/SVC bitstreams

SVC (Scalable Video Coding) is designed to adapt to heterogeneous networks and various terminal devices. This paper presents an encryption scheme for SVC bitstreams which retains the valuable scalability properties of SVC. To this end, we explore PACSI (Payload Content Scalability Information) and RTP (Real-time Transport Protocol) payload format such that encrypted bitstreams are SVC format-compliant. Specifically, the proposed scheme processes the base layer and enhancement layers in different ways. For the base layer, the scheme encrypts VCL (video coding layer) NALU (Network Abstract Layer Unit) into either SEI (Supplement Enhancement Information) NALU or PACSI NALU. For an enhancement layer, the scheme replaces a coded slice in scalable extension NALU with an encryption of PACSI NALU. Thus, the proposed encryption scheme preserves SVC scalability and format-compliance. It produces encrypted bitstreams which have the original SVC structure without emulation markers or illegal codewords for any standard decoder. The analysis and experiments indicate that our algorithm is cost-effective and secure against chosen plaintext attack.

Tuning On-Air Signatures for Balancing Performance and Confidentiality

In this paper, we investigate the trade off between performance and confidentiality in signature-based air indexing schemes for wireless data broadcast. Two metrics, namely, false drop probability and false guess probability, are defined to quantify the filtering efficiency and confidentiality loss of a signature scheme. Our analysis reveals that false drop probability and false guess probability share a similar trend as the tuning parameters of a signature scheme change and it is impossible to achieve a low false drop probability and a high false guess probability simultaneously. In order to balance the performance and confidentiality, we perform an analysis to provide a guidance for parameter settings of the signature schemes to meet different system requirements. In addition, we propose the jump pointer technique and the XOR signature scheme to further improve the performance and confidentiality. A comprehensive simulation has been conducted to validate our findings.