Yi-Ruei Chen

Secure group key management using uni-directional proxy re-encryption schemes

The group key management is for a group manager to maintain a consistent group key for a dynamic group of members through a broadcast channel. In this paper we propose a group key management scheme based on a meta proxy re-encryption (PRE) scheme. In particular, we propose an RSA-based PRE scheme with special properties. It is the first RSA-based PRE scheme for group key management and has the desired properties of uni-directionality and multi-hop. In our group key management scheme, each group member holds just one secret auxiliary key and logN public auxiliary keys. The size of rekey messages for each group key update remains O(logN). Additionally, our scheme has some distinct features. Firstly, the size of the key update history is a constant O(N) no matter how many times of group key updates occur. Secondly, the computation time of computing the newest group key from the key update history is always O(logN) no matter how many group key updates are missed. This feature provides a practical solution for group key update when members go offline from time to time. Finally, the proposed scheme is immune to the collusion attack of other members.

CloudHKA: a cryptographic approach for hierarchical access control in cloud computing

Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-but-curious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the Bell-LaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-but-curious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data. (1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the header-cipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.

An efficient and secure group key management scheme supporting frequent key updates on Pay-TV systems

Pay-TV has become a popular subscribed-based service in recent years. To prevent unauthorized access from non-paid users over a broadcast channel, the TV server usually encrypts TV programs into ciphertexts such that only the legal members can decrypt them. The way of maintaining the common decryption key of a TV program to a dynamic subscription group of members is called the group key management. In this paper, we propose a secure and efficient tree-based group key management scheme that is very suitable for Pay-TV systems. In addition to possessing the advantages of the former tree-based scheme, such as O(log N) communication cost for each group key update and O(log N) secret keys for each member, our scheme has two distinct features, where N is the total number of members. (1) Each member only needs to decrypt one ciphertext or compute one hash value to get the group key from the rekey messages for each member leaving/joining. (2) To handle the key update for reconnected members who have missed the group key updates in his off-line period of time, the server only needs to store O(N) public tokens on the bulletin and each off-line member only needs O(log N) decryptions for getting the newest group key, which are independent of the number of group key updates. In Pay-TV systems, these features not only minimize the delay time for each group key update, but also let the system more practical even if the key update frequency is very high, such as, the Pay-Per-View TV service. Finally, we have a discussion of applying our GKM scheme to a multi-program service.

Group key management with efficient rekey mechanism: A Semi-Stateful approach for out-of-Synchronized members

Abstract This paper addresses the problem of managing a cryptographic group key among a large and highly dynamic group of members, who may miss group key update (rekey) messages frequently. We propose two provably-secure and practical schemes: KeyDer-GKM and ReEnc-GKM. The rekey process in these schemes has an O(log N) rekey message and O(log N) computation and storage cost for a member, where N is the number of group members. Moreover, our schemes have the following distinct features. (1) Each member is given only one private key and O(log N) public information. The private key remains unchanged during the membership period. For the public information, a member can hold them locally and update accordingly from each rekey message, or get them from a public bulletin if needed. (2) The size of published information is O(N) no matter how many rekey processes occur. The computation cost for a member, who has missed some rekey messages, to compute the up-to-date group key is always O(log N) no matter how many rekey messages have been missed. Our KeyDer-GKM scheme is very efficient since it can be implemented by using hash and XOR functions only. Our ReEnc-GKM scheme allows a member to reduce the cost of computing the up-to-date group key to one decryption by outsourcing log N operations. Both of our schemes are shown immune to the collusion attacks. For KeyDer-GKM, a set of collusive members cannot recover an unauthorized group key. For ReEnc-GKM, a set of collusive members cannot distinguish an unauthorized group key from a random string.

A public-key traitor tracing scheme with an optimal transmission rate

The way of transmitting the encrypted digital content to the legitimate subscribers over a broadcast channel has wide commercial applications, such as Pay-TV, DVD, etc. In order to discourage the legitimate subscribers from giving away their decryption keys, the traitor tracing scheme comes up. In this paper, we propose a public-key traitor tracing scheme that has optimal transmission rate. In other words, our scheme enables everyone to transmit the encrypted digital contents almost without any redundancy. As for tracing, our scheme supports black-box tracing, i.e., identifying colluders without opening the pirate decoder. Moreover, in our scheme, the storage requirement for legitimate subscribers and digital content broadcasters is smaller than that of previous schemes.

A congestion control approach for LAN/MAN interconnection via ATM

The main congestion problem for LAN/MAN interconnection via ATM lies in the possibility of congestion at the receiving gateway. The authors propose a buffer management scheme that stores packets in a buffer if there is a speed mismatch between the source gateways and the receiving gateway. If congestion occurs in the source gateway, it sends a source quench message to slow down the traffic from the host. They calculate the buffer size of the receiving gateway according to the bandwidth of the virtual paths, the number of virtual paths connected, the mean packet size, and the propagation delay of the turn-off signal. Their method can reduce the processing overhead of the gateways as well as achieve real-time control.<<ETX>>

Hierarchical Key Assignment with Dynamic Read-Write Privilege Enforcement and Extended KI-Security

This paper addresses the problem of key assignment for controlling access of encrypted data in access hierarchies. We propose a hierarchical key assignment (HKA) scheme RW-HKA that supports dynamic reading and writing privilege enforcement simultaneously. It not only provides typical confidentiality guarantee in data encryption, but also allows users to verify the integrity of encrypted data. It can be applied to cloud-based systems for providing flexible access control on encrypted data in the clouds. For security, we define the extended key indistinguishable (EKI) security for RW-HKA schemes. An EKI-secure RW-HKA scheme is resistant to collusion such that no subset of users can conspire to distinguish a data decryption key, that is not legally accessible, from random strings. In this paper, we provide a generic construction of EKI-secure RW-HKA schemes based on sID-CPA secure identity-based broadcast encryption (IBBE) and strong one-time signature schemes. Furthermore, we provide a new IBBE scheme that is suitable in constructing an efficient RW-HKA scheme with a constant number of user private keys, constant size of encrypted data, and constant computation cost of a user in deriving a key for decryption. It is the first HKA scheme that achieves the aforementioned performance while supporting dynamic reading and writing privilege enforcement simultaneously.

Least required bandwidth in VP-based ATM networks

In an ATM network, a virtual path (VP) is a labeled path which can be used to transport a bundle of virtual connections (VCs) and to manage the resources used by these connections. The ATM multimedia leased line service is provided across user-to-user VPs. The customers can increase/decrease the VP bandwidth according to their demand. This paper proposes a method to derive the least required bandwidth on a VP which is the minimum amount of bandwidth estimated to satisfy the QoS requirement of the VCs. The least required bandwidth can be a warranty of the VP resource reallocation.

Privacy-preserving ridge regression on distributed data

Abstract Ridge regression is a statistical method for modeling a linear relationship between a dependent variable and some explanatory values. It is a building-block that plays a major role in many learning algorithms such as recommendation systems. However, in many applications such as e-health, explanatory values contains private information owned by different patients that are not willing to share them, unless data privacy is guaranteed. In this paper, we propose a protocol for conducting privacy-preserving ridge regression (PPRR) over high-dimensional data. In our protocol, each user submits its data in an encrypted form to an evaluator and the evaluator computes a linear model of all users’ data without learning their contents. The core encryption method is equipped with homomorphic properties to enable the evaluator to perform ridge regression over encrypted data. We implement our protocol and demonstrate that it is suitable for dealing with high-dimensional data distributed among millions of users. We also compare our protocol with the state-of-the-art solutions in terms of both computation and communication costs. The results show that our protocol outperforms most existing approaches based on secure multi-party computation, garbled circuit, fully homomorphic encryption, secret-sharing, and hybrid methods.

An online subject-based spam filter using natural language features

This paper proposes an online subject-based spam filter built upon an extended version of weighted naive Bayesian (WNB) classifier. The spam filter checks email subjects only. It is faster than spam filters that scan whole body of emails and useful even spam senders temper email bodies to avoid filtering. In addition to the widely used bag-of-word feature, we further consider statistical and nature language features to discover new characteristics from email subjects. In online learning, we use an extended WNB classifier. It is not only computationally efficient, but also more adaptive to the changes of spams with new malicious campaigns. The proposed classifier is immune to the spams with malicious campaigns beyond contemplation. We evaluate the performance of our spam filter on 8 well-known ham-spam email datasets from TREC and Enron-Spam corpus. Our approach achieves 94.85% of accuracy and 95.8% of F1-measure on TREC datasets, and 95.74% of accuracy and 97.2% of F1-measure on Enron-Spam datasets. Compared with previous works of the same line, our approach has 2.43%, 2.3%, and 3.2% improvements on accuracy, true positive rate, and false positive rate, respectively.