Yongge Wang

Recursively enumerable reals and Chaitin &Ω numbers

A real α is called recursively enumerable if it is the limit of a recursive, increasing, converging sequence of rationals. Following Solovay (unpublished manuscript, IBM Thomas J. Watson Research Center, Yorktown Heights, New York, May 1975, 215 pp.) and Chaitin (IBM J. Res. Develop. 21 (1977) 350–359, 496.) we say that an r.e. real α dominates an r.e. real β if from a good approximation of α from below one can compute a good approximation of β from below. We shall study this relation and characterize it in terms of relations between r.e. sets. Solovays (unpublished manuscript, IBM Thomas J. Watson Research Center, Yorktown Heights, New York, May 1975, 215 pp.) Ω-like numbers are the maximal r.e. real numbers with respect to this order. They are random r.e. real numbers. The halting probability of a universal self-delimiting Turing machine (Chaitins Ω number (J. Assoc. Comput. Mach. 22 (1975) 329–340)) is also a random r.e. real. Solovay showed that any Chaitin Ω number is Ω-like. In this paper we show that the converse implication is true as well: any Ω-like real in the unit interval is the halting probability of a universal self-delimiting Turing machine.

Perfectly Secure Message Transmission Revisited

Secure communications guaranteeing reliability and privacy (without unproven assumptions) in networks with active adversaries has been an important research issue. It has been studied for point to point networks by Dolev-Dwork-Waarts-Yung (J. ACM 1993), Desmedt-Wang (Eurocrypt 2002), and Srinathan-Narayanan-Rangan (Crypto 2004). Dolev-Dwork-Waarts-Yung gave necessary and sufficient conditions for secure communication in networks with the condition that (1) all the channels are two-way; or (2) all the channels are one-way from the sender to the receiver. In this paper, we study the general case with a network modeled by a directed graph. In this general case, there are communication channels from the sender to the receiver and there are feedback channels from the receiver to the sender. We give necessary and sufficient bounds on the number of channels that are required from sender to receiver given a number of ldquofeedbackrdquo channels from receiver to sender. We give these bounds for the case reliability is perfect, as well as for the case it is not perfect.

Efficient Identity-Based and Authenticated Key Agreement Protocol

Several identity based and implicitly authenticated key agreement protocols have been proposed in recent years and none of them has achieved all required security properties. It remains an open question to design secure identity based and implicitly authenticated key agreement protocols. In this paper, we propose an efficient identity-based and authenticated key agreement protocol IDAK using Weil/Tate pairing. The security of IDAK is proved in Bellare-Rogaway model. Several required properties for key agreement protocols are not implied by the Bellare-Rogaway model. We proved these properties for IDAK separately.

Secure Key Distribution for the Smart Grid

To secure the network communication for the smart grid, it is important that a secure key management scheme is needed. The focus of this paper is on the secure key distribution for the smart grid. In this paper, we first overview the key management scheme recently proposed by Wu-Zhou and show it is vulnerable to the man-in-the-middle attack. Then we propose a new key distribution protocol and demonstrate it is secure and efficient for smart grid network. Applying traditional PKI to the smart grid requires significant work and maintenance of the public key. By using Kerberos to smart grid may lose authentication from the third party due to power outages. Therefore, we propose a scheme for a smart grid using a trusted third party which not only has no issue on key revocation, but also the third party can be easily duplicated in case power outages occur.

Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks

We study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used for the protection of password based authentication between a client and a remote server. In this paper, we will focus on the password based authentication between a smart card owner and smart card via an untrusted card reader. In a typical scenario, a smart card owner inserts the smart card into an untrusted card reader and input the password via the card reader in order for the smart card to carry out the process of authentication with a remote server. In this case, we want to guarantee that the card reader will not be able to impersonate the card owner in future without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we want the assurance that an adversary could not use the smart card to impersonate the card owner even though the sample space of passwords may be small enough to be enumerated by an off-line adversary.

Privacy Aware Market Basket Data Set Generation: A Feasible Approach for Inverse Frequent Set Mining

Association rule mining has received a lot of attention in the data mining community and several algorithms were proposed to improve the performance of association rule or frequent itemset mining. The IBM Almaden synthetic data generator has been commonly used for performance evaluation. One recent work shows that the data generated is not good enough for benchmarking as it has very different characteristics from real-world data sets. Hence there is a great need to use real-world data sets as benchmarks. However, organizations hesitate to provide their data due to privacy concerns. Recent work on privacy preserving association rule mining addresses this issue by modifying real data sets to hide sensitive or private rules. However, modifying individual values in real data may impact on other, non-sensitive rules. In this paper, we propose a feasible solution to the NPcomplete problem of inverse frequent set mining. Since solving this problem by linear programming techniques is very computationally prohibitive, we apply graph-theoretical results to divide the original itemsets into components that preserve maximum likelihood estimation. We then use iterative proportional fitting method to each component. The technique is experimentally evaluated with two real data sets and one synthetic data set. The results show that our approach is effective and efficient for reconstructing market basket data set from a given set of frequent itemsets while preserving sensitive information.

Approximate inverse frequent itemset mining: privacy, complexity, and approximation

In order to generate synthetic basket datasets for better benchmark testing, it is important to integrate characteristics from real-life databases into the synthetic basket datasets. The characteristics that could be used for this purpose include the frequent itemsets and association rules. The problem of generating synthetic basket datasets from frequent itemsets is generally referred to as inverse frequent itemset mining. In this paper, we show that the problem of approximate inverse frequent itemset mining is NP-complete. Then we propose and analyze an approximate algorithm for approximate inverse frequent itemset mining, and discuss privacy issues related to the synthetic basket dataset. In particular, we propose an approximate algorithm to determine the privacy leakage in a synthetic basket dataset.

sSCADA: securing SCADA infrastructure communications

Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.

Security analysis of a password-based authentication protocol proposed to IEEE 1363

In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols aim to be secure even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. In Eurocrypt 2000, Bellare, Pointcheval and Rogaway (BPR) presented a model and security definition for authenticated key exchange. They claimed that in the ideal-cipher model (random oracles), the two-flow protocol at the core of Encrypted Key Exchange (EKE) is secure. Bellare and Rogaway suggested several instantiations of the ideal cipher in their proposal to the IEEE P1363.2 working group. Since then there has been an increased interest in proving the security of password-based protocols in the ideal-cipher model. For example, Bresson, Chevassut, and Pointcheval have recently showed that the One-Encryption-Key-Exchange (OEKE) protocol is secure in the ideal cipher model. In this paper, we present examples of real (NOT ideal) ciphers (including naive implementations of the instantiations proposed to IEEE P1363.2) that would result in broken instantiations of the idealised AuthA protocol and OEKE protocol. Our result shows that the AuthA protocol can be instantiated in an insecure way, and that there are no well defined (let alone rigorous) ways to distinguish between secure and insecure instantiations. Thus, without a rigorous metric for ideal-ciphers, the value of provable security in ideal cipher model is limited.

A complete characterization of tolerable adversary structures for secure point-to-point transmissions without feedback

Problems of unconditionally secure communication have been studied extensively in network models. Dolev-Dwork-Waarts-Yung considered the Byzantine threats model, in which the adversary can only take over a number of nodes bounded by a threshold. They studied two cases: all communication links (edges in the graph) are two-way communication, all communication links are one-way communication, and there is no feedback. The node sets that the adversary can take over was generalized by Hirt-Maurer to an adversary structure. At PODC 2002, Kumar-Goundan-Srinathan-Rangan generalized Dolev-Dwork-Waarts-Yungs first scenario to the case of a general adversary structure. In this paper we generalize Dolev-Dwork-Waarts-Yungs second scenario to the case of a general adversary structure. As in Dolev-Dwork-Waarts-Yung, our work relies on the use of secret sharing.