Yan Sui

A Multiple Secret Sharing Scheme based on Matrix Projection

In [3], Bai et al. have proposed a multiple secret sharing scheme based on matrix projection. It is an elegant scheme with several advantages such as small share size and dynamic to secret changes. However,one of its disadvantages is that the secrets are organized in a square matrix and hence the number of secrets must be a square. So there is often a necessity to stuff dummy secrets into the secret matrix if the number of secrets is not a square.We present a new scheme based on matrix projection method that can share any number of secrets and make full use of every element of the secret matrix. The proposed scheme is as secure as Bais scheme. Besides, the proposed scheme can also take advantage of the proactive characteristic of the Matrix Projection Method to update shares periodically to improve security.Our scheme increases the potential range of the threshold. The increment of the threshold range is even more when we are using the proactive feature of the scheme. It also further reduces the share size to a constant (equal to that of a single secret). As with Bais scheme, our scheme is partially verifiable based on the properties of the projection matrix. The paper also summarizes and classifies typical existing secret sharing schemes.

Secure and privacy-preserving biometrics based active authentication

User authentication is critical in preventing system breaches. Existing authentication approaches usually do a onetime log-in authentication, but rarely incorporate mechanisms to differentiate the initial log-in user and the user who is currently taking control of the system, which may cause post-authentication breaches. In this paper, we study user authentication for both login session and post-authentication session and propose a biometrics based active authentication approach. Moreover, concerning the usage of biometrics, the system is biometrics-secure and privacy-preserving. Security analysis and experimental results prove that the proposed approach is secure, resilient to various attacks and effective.

An Efficient Time-Bound Access Control Scheme for Dynamic Access Hierarchy

Embedding user subscription time into cryptographic key generation and assignment for hierarchical access control has raised tremendous interest among researchers and practitioners in multicast, broadcast, and secure group communication fields. During the subscription period, a user of a higher class can compute the (time-bound) keys of his/her own class and also derive the keys of all its descendant classes in the access hierarchy. However, after the subscription expires, the user cannot compute/derive the keys. Unfortunately, due to the inclusion of time in the keys, existing schemes either suffer from (colluding) attacks or are only applicable to static access hierarchies. In this paper, we propose a new key generation and assignment scheme for this kind of time-bound hierarchy access control. The new scheme is able not only to prevent colluding attacks but also to support dynamics of access hierarchies in a simple and efficient way.

A New Approach to Weighted Multi-Secret Sharing

Secret sharing is important in information and network security and has broad applications in the real world. Since an elegant secret sharing mechanism was first proposed by Shamir in 1979, many schemes have appeared in literature. These schemes deal with either single or multiple secrets and their shares have either the same weight or different weights. Weighted shares mean that different shares have different capabilities in recovering the secret(s) -- a more (less) weighted share needs fewer (more) other shares to recover the secret(s). In this paper, we identify a direct relation between the length (i.e., the number of bits) and the weight of shares and, based on this relation, present a new Chinese Remainder Theorem (CRT) based weighted multiple secret sharing scheme. This scheme can also be naturally applied to other cases such as sharing a single secret with same-weight shares and is remarkably simple and easy to implement. Compared to both Shamirs scheme and Mignottes scheme -- the representative of existing CRT based secret sharing schemes, the new scheme is more efficient than both schemes in share computation and more efficient than Shamirs scheme (and as efficient as Mignottes scheme) in secret recovery. One prominent advantage of the new scheme is that the sizes of shares can vary distantly to fit different requirements and constraints of various devices such as sensors, PDAs, cell phones, iPads, hence, the new scheme is able to apply to broader applications involving wireless/sensor networks and pervasive computing.

Assurable, transparent, and mutual restraining e-voting involving multiple conflicting parties

E-voting techniques and systems have not been widely accepted and deployed by society due to various concerns and problems. One particular issue associated with many existing e-voting techniques is the lack of transparency, leading to the failure to deliver voter assurance. In this work, we propose an assurable, transparent, and mutual restraining e-voting protocol that exploits the existing two-party political dynamics in the US. The proposed e-voting protocol consists of three original technical contributions - universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement - that, in combination, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent to voters and any third party, which allow any voter to verify that his vote is indeed counted and also allow any third party to audit the tally.

A New Scheme for Anonymous Secure Group Communication

Anonymity is an important feature in many two party communication systems. Its main meaning is that either the message sender or the receiver (or both) is unidentifiable to other users, even between themselves. Many mechanisms have been proposed to hide the identity of the sender, receiver, or both. Similarly, anonymity is an important feature in multi-party computing environments, but, little research has been conducted on this topic even though many secure group communication schemes have been proposed. In this paper, we highlight the concepts of anonymity for secure group communication and propose to extend a recently invented innovative group key management mechanism, Access Control Polynomial [1], to multiple-party group communication. This newly extended scheme can not only enforce anonymous group membership and group size but also implement secure and anonymous group communication. The experimental results and comparison with existing schemes show that the new scheme is elegant, flexible, efficient and practical. The paper also summarizes and classifies typical existing anonymous group communication schemes.

Active User Authentication for Mobile Devices

Enterprises today are dealing with the challenges involved in enabling secure and remote access for mobile device users. People often bring their personal mobile devices into works and use them to access corporate resources, and also store their private information on personal mobile devices. This has prompted investigation of new security policies and techniques. Authentication is the first gate for protecting access to personal mobile devices or access remote resources through personal mobile devices. Conventional authentication does not require user re-authentication for continuous usage of the devices. And attackers can target at a post-authentication session. In this paper, we study the active authentication for personal mobile devices and propose a biometrics based active authentication system. The proposed system is secure, effective and user-friendly. Our experimental results also show the feasibility of the proposed system.

A viewable e-voting scheme for environments with conflict of interest

In this paper, we propose a distributed, verifiable, and viewable e-voting scheme. Our scheme mimics the real life voting environments such as multiple political parties with conflict of interest, and meets typical demands in such environments. Meanwhile, the computation is distributed among all voters and the entire voting process is transparent to all as well. A voter can not only verify his own vote, but also view all other individual votes, and consequently the vote total for each candidate. In particular, our scheme observes both anonymity and accountability, while managing fairness. Our analysis and experiment show that the scheme scales in polynomial.