An Overview of ANONIZE:

Size: px
Start display at page:

Download "An Overview of ANONIZE:"

Transcription

1 IEEE S&P SYMPOSIUM An Overview of ANONIZE: A Large-Scale Anonymous Survey System Susan Hohenberger Johns Hopkins University Steven Myers Indiana University Rafael Pass Cornell University abhi shelat University of Virginia A new scheme enables a survey authority to independently select a group of registered users and create a survey in which only selected users can anonymously submit exactly one response. This technology has numerous applications including university course evaluations, online product reviews, and whistleblowing. C ompanies, universities, healthcare provers, and government agencies often attempt to collect data from targeted groups of users by running surveys. Such surveys aim to satisfy two basic but conflicting properties: survey results need to be authentic that is, only a specific set of users should be allowed to submit data, and each user should be allowed to submit only once yet must be anonymous that is, no link should exist between users and their survey data, so users feel safer about submitting honest feedback. The most straightforward way to implement authenticity is for the survey implementer to request usernames during submission, but this obviously breaks user anonymity. The most straightforward way to implement anonymity is to avo collecting usernames during submission, but this might allow attacks in which malicious users submit hundreds of responses to skew the results. In light of these deficiencies, we sought cryptographic solutions that prove security guarantees in which anonymity and authenticity hold. In this article, 22 March/April 2015 we describe our ad hoc survey scheme ANONIZE and report on its implementation for very large surveys. As far as we know, this is the first implementation of a provably secure multiparty protocol that scales to handle millions of users. Existing Techniques One way to address anonymity and authenticity is to employ a trusted third party to collect usernames during submission, then delete the names when proving results to the survey initiator. However, placing such trust in a survey collector might be too dangerous. Even if the survey collector intends to keep the links between users and their surveys private, its system might be stolen or broken into, and the information leaked. For instance, in 2009, a Cornell University computer was stolen that contained sensitive personal information, such as names and Social Security numbers, of more than 45,000 current and former university members.1 Even if users have full confence in the trusted third party and its ability to keep data secure, developing an Copublished by the IEEE Computer and Reliability Societies /15/$ IEEE

2 anonymous survey system using such a trusted party requires care. For example, in the implementation of course reviews, se-channel information indicating which users have already filled out the survey might leak information about the order in which students participated. Later, the order of the students comments in the aggregated responses might be correlated to break anonymity. Furthermore, in many situations, jurisdictional boundaries or legal requirements make relying on trusted third parties to maintain anonymity infeasible. For instance, storing sensitive patient information on a third-party system might be illegal, and many countries don t permit sensitive data to be stored on servers run by foreign corporations due to the potential for data seizure. Finally, if a trusted third party removes all entifying information accompanying a submission to prove anonymity or accepts submissions from anonymized networks, then the trusted party loses the ability to verify whether a participant submits multiple responses. Cryptographic voting techniques offer a partial solution to this problem. 2 In such schemes, each survey consists of two steps. First, users authenticate themselves to a server and anonymously check out a single-use token, which carries no link to user entity. Second, users participate in the specified survey using their token. Such schemes prove good anonymity if users separate these steps with a reasonably long time lag otherwise, there s a clear time link between users and their data. However, if users are required to separate the two steps by, say, one day, the survey s ease of use is significantly hampered and becomes much less convenient than nonanonymous surveys or anonymous surveys employing a trusted third party. In addition, the extra steps required to authenticate for each survey might be onerous. ANONIZE: Electronic Ad Hoc Surveys We conser a general solution to the problem of anonymously collecting feedback from an authenticated group of indivuals. In our ad hoc survey scheme, ANON- IZE, anyone can select a group of indivuals and create a survey that can be completed once by only those indivuals. In addition, the survey initiator can initiate this survey knowing only the entities (for instance, the addresses) of the users in the ad hoc group; no further interaction between the survey initiator and the users is required. Our method proves essentially the same ease of use as traditional (nonanonymous) electronic surveys; thus, we expect user participation to increase, making the feedback more valuable. A proof of security for ANONIZE s cryptographic protocols can be found in ANONIZE: A Large- Scale Anonymous Survey System 3 ; this proof holds even if attackers participate in an arbitrary number of concurrent surveys. ANONIZE supports millions of write-in surveys in minutes, in contrast to mix-net or zero knowledge based voting systems, which currently can handle only thousands of votes in several hours. The Parties and Steps Three parties comprise an ad hoc survey system: a single registration authority (RA) that issues master user tokens, one or more survey authorities (SAs) that can create surveys, and multiple users who prove survey data. Users must first register with the RA and retrieve a secret master user token. This token can be used for all future surveys. Anyone can act as an SA by generating a unique survey ID and publishing a list of entities that are permitted to participate in that survey. This list of participants can grow dynamically, and the SA can create a survey entirely on its own without interaction with either the RA or the users. Finally, users on a survey s list of val entities can submit a survey response by simply routing a message to the SA via an anonymous network, such as Tor, or anonymous proxy relay. Once all submissions are collected, the SA might publish a list of all survey responses, depending on external privacy requirements. If survey responses are made public, they can be audited. Survey responders can inspect the output to check that their submissions were counted. Moreover, anyone can check that each submission was from a unique authorized user for example, users can check for ballot stuffing and verify the list of authorized users. This technology could apply to many online survey scenarios and possibly enable new ones. We prove three detailed examples of how these surveys might be used. University Course Evaluation Most universities let students evaluate each course that they complete. These surveys typically include write-in sections in which open-ended answers are encouraged. In the past, many universities conducted these surveys on papers handed out and then collected during one of the final class sessions. However, many universities are moving to online surveys to increase participation and ease data collection. A link to an online course evaluation survey is typically ed to all students, who must trust the website collecting their responses to keep them anonymous. As we discussed, this is a dangerous assumption, even if the website makes a good faith effort to do so. To increase student confence in the system, we use an ad hoc survey. Student registration. When students are asked to set up their university account information (while proving their entity using traditional, nonelectronic methods), they generate an unlinkable master user token that 23

3 IEEE S&P SYMPOSIUM is tied to their school address. This step can be done at a later stage if desired, or after a student has lost his or her credential and needs a new one, but it needs to be done only once. Course survey setup. When administrators want to set up a course survey, they generate a survey key based on a unique survey ID, such as Survey for CS350 for Spring 2014 by Professor Brown at Cornell University, and a list of course participants addresses. Survey execution. After the survey is complete, the students client either a computer or smartphone combines the survey key and the master user token to generate an unlinkable one-time token. This token satisfies two properties: it carries no link to students entity (thus, we have anonymity), and for a given survey key, students can obtain at most one such token (thus, we ensure that each student can complete the survey only once). Survey results are tabulated and possibly announced. If results are made public, students can verify that their responses were included. Once registration is complete, setup and execution can be performed repeatedly. Participants do not need to check out a new single-use token for each survey; rather, their client uses the master user token to create a unique single-use token for each survey without any interaction that could deanonymize them. Online Product Review Many online retailers display a set of customer reviews next to each product. These reviews are often influential to prospective customers. To avo returns and customer dissatisfaction, these retailers have a vested interest in the reviewers credibility. To bolster this credibility, many retailers indicate which reviewers they can verify purchased this product on their site. This process is currently nonanonymous; the retailer knows exactly which customer posted which review. We conjecture that a significant fraction of customers would be more likely to post a review if they could do so anonymously. We explore how ad hoc surveys can give customers this anonymity while still allowing the retailer to verify their purchases and ensure at most one review per purchase. Customer account creation. When customers create an online account with a retailer proving an address and credit card to confirm entity they are given the option to enroll in anonymous reviewing. If they choose to do so, they can then interact with the retailer to generate an unlinkable master user token that is tied to their online account entifier, such as their username or address. This step can also be done at a later stage, but it needs to be done only once. Product purchase transaction. Whenever customers enrolled in anonymous reviewing make a transaction, the retailer adds their online account entifier to an internal list of certified purchasers of a given product. This list, together with a product entifier, forms the survey ID. Review execution. If customers want to post a review for a product they have purchased, their client combines the survey ID and their master user token to generate an unlinkable one-time token that they can use to complete the review. This token carries no link to user entity but can be used only once. Once the retailer receives the review with the token, which could be routed anony mously, the retailer can verify it and post it as a verified purchase review. Again, once the registration step that is, enrollment in anonymous reviewing and obtaining a master use token is complete, users can perform an unlimited number of purchases and reviews. In this case, the retailer helps to create the master user tokens. Alternatively, customers could obtain master user tokens by interacting with their bank or credit card company. Retailers, restaurants, service provers, and so forth could then generate lists of authorized reviewers based on the bank account or credit card number used for the purchases. The review execution would remain the same. This model could work well for websites that review other parties services, because the sites could guarantee that they were posting reviews of actual customers, while customers remain anonymous. Whistleblowing Frequently, whistleblowers want to prove information to an organization s ombudsman about alleged misconduct. Due to fears of reprisal, many whistleblowers prefer to remain anonymous. However, upon receiving a complaint for investigation, an ombudsman should first ascertain that the source of the complaint is legitimate say, from a verified employee and not just sent by a random discontent. In many cases, whistleblowers might be able to prove that they are in the organization by proving information only an employee would know, but doing so could break anonymity. An ad hoc survey can give whistleblowing employees anonymity while letting an ombudsman verify that a complaint comes from within the organization. Employee account creation. When employees first join an organization, they are registered and issued a master user token tied to their system account. Concurrently, the ombudsman adds them to a whistleblowing 24 IEEE Security & Privacy March/April 2015

4 survey that consists of all organization employees and proves employees in conjunction with the master user token a signature showing that their employee ID is certified for participation in the survey. The ombudsman publishes a signed list of all participants to show that all employees can contribute. Whistleblowing and verification. Should employees uncover illegal or unethical activities, they can write a memo to the ombudsman via the whistleblowing survey. They certify the memo with their master user token and signed employee ID on the whistleblowing participant list. Upon receipt via anonymous channel, the ombudsman can verify that the submission comes from a val survey participant, and thus a legitimate employee. Features and Security Requirements There are two crucial aspects of an ad hoc survey. The first is the privacy property: even if an RA and SA are arbitrarily corrupted and in collusion, they cannot learn anything about how particular users answered submissions or discover correlations between groups of users. This property primarily benefits users, although the surveyor might benefit from increased participation and reduced motivation to bias a response. The security property requires that only authorized users can complete a survey and that they can complete it at most once. This property primarily benefits surveyors, although users are also assured that their responses will not be lost in a deluge of unauthorized responses. In ANONIZE: A Large-Scale Anonymous Survey System, we precisely defined ad hoc surveys security properties. 3 As we mentioned, we are interested in proving security not only for a single survey but also for attacks on many surveys be they in the past, concurrent, or in the future. Toward this goal, we prove simple game-based security definitions and directly analyze our protocol s security under concurrent executions. In a game-based definition, there are two parties: a challenger who represents all honest parties and an adversary who represents all corrupted parties. Challengers and adversaries interact with one another according to the rules of the game; for instance, adversaries might be able to ask to register corrupted users and see the survey outputs generated by honest users of their choice. At some point, a challenger gives an adversary a challenge for instance, an honestly generated survey response. At the end of the game, the adversary proves Ad hoc surveys can give customers anonymity while still allowing a retailer to verify their purchases and ensure at most one review per purchase. a response to this challenge; the adversary might guess which honest user generated the challenge. If this challenge response is correct, the adversary wins the game. The definition of security states that for any realistic, time-bounded adversary, the probability of winning the game is very close to the probability of winning based on a random guess. Thus, a proof under this definition rules out all realistic attackers, proved the game accurately captures all actions that the adversary can make in the real world. The formalization of both the security definitions and the corresponding proofs requires care, especially for a system as complex as ad hoc surveys. This is analogous to other cryptographic game-based definitions, such as blind signatures. 4 Although related notions of anonymity and authenticity have been defined in the literature for other applications, such as group signatures, ring signatures, and anonymous credentials, our setting is conserably more complex, and thus our definitions differ. Privacy and Unlinkability Our first important property is survey unlinkability. The SA and RA should not be able to link users to their survey responses by analyzing the protocol s message traffic (separate measures ensure network-layer unlinkability). We require that this holds even if attackers register multiple entities and see submissions for chosen users in this or any other survey. We introduce an adaptive notion of unlinkability in which survey responses remain unlinkable even if the adversaries (the SA and RA) force other users to submit responses in ways that might help adversaries link other users, and they can do this at any point during the security experiment. Roughly speaking, the privacy game starts when an adversary establishes the parameters for one RA. Two distinct honest users 0 and 1 register with the adversarial RA. The adversary then outputs the public information for a challenge survey and receives the survey submissions for 0 and 1 in random order. The adversary wins if it can correctly guess which user formed which submission. The definition states that no realistic time-bounded adversary can win with probability much better than 1/2. Security and Authenticity Our second important property is authenticity malicious users should not be able to submit responses 25

5 IEEE S&P SYMPOSIUM unless they are authorized by the SA to participate in the survey. This property should hold when users arbitrarily create fake entities, fake surveys, and new surveys, which may be related in some form to the survey under attack. Moreover, this property ensures that potentially malicious users can complete such surveys only once. If they successfully submit multiple times, their submissions use the same token and can be easily entified, then joined or discarded, depending on the survey policy. Roughly speaking, the security game starts when a challenger establishes the parameters for one RA and many SAs. An adversary can then generate new survey IDs for any SA, ask for any survey submission output by any honest user for chosen surveys, and register corrupted users. The challenge involves a new, honestly generated survey ID, but the adversary chooses both the list of participants and the SA. The adversary responds with a set of survey submissions, which the challenger checks against four conditions, determining whether an adversary produced more submissions than allowed, all submissions are val, all submissions have different token numbers, and all token numbers are new and therefore created by the adversary. Satisfying all the conditions results in the adversary winning. The definitions state that no realistic timebounded adversary can win with probability much better than 0. Building ANONIZE We constructed our system in two phases. First, we proved an abstract implementation of secure ad hoc surveys from generic primitives, such as commitment schemes, signature schemes, pseudorandom functions (PRFs), and generic noninteractive zero-knowledge (NIZK) arguments for all assertions that can be efficiently verified. A commitment scheme lets a sender commit to a message without revealing that message to a receiver. A signature scheme allows public authentication of a message. A PRF is a seeded deterministic function that maps any input to a randomlooking output, assuming one has no knowledge of the seed. Finally, an NIZK argument proves a proof of an assertion for example, I know a signature by the RA on message m without revealing anything beyond the truth of this statement, such as signature bits. We proved the abstract scheme s security based on the assumption that all generic primitives employed are secure. We took explicit care to show that our schemes remain secure even when an adversary initiates many concurrently executing sessions in the system. In the second phase, we showed that the generic scheme can be instantiated with a specific commitment scheme, signature scheme, PRF, and NIZK arguments to obtain our efficient, secure ad hoc survey scheme ANONIZE. Our system is based on specific computational assumptions related to the underlying primitives security. As in many other efficient cryptographic systems, our analysis treats the hash function used as part of the NIZK argument as an ealized random oracle. 5 A surprising aspect of this second phase is that our generic protocol does not rely on the underlying primitives in a black-box way; rather, the NIZK argument is used to prove complex statements that require code of the actual commitments, signatures, and PRFs used. In this phase, we relied on eas similar to those underlying efficient constructions of anonymous credentials in bilinear groups, 6 although our constructions differ in a few ways. As far as we know, our scheme is one of the first implementations of a complex cryptographic scheme that is concurrently secure. An Abstract Construction This high-level overview omits several important features but conveys the intuition of our abstract. It comprises three steps: Registration. A user with entity registers with the RA by sending a commitment to a random seed s of a PRF F. If the user has not registered, the RA signs the user s name along with the commitment. The returned signature is the user s master user token. Survey. To create a survey, an SA generates a new signing key and publishes a list of signed user entities along with the survey ID/verification key, v. Response. To complete survey ID v, a user generates a single-use token Fs ( v ) by evaluating the PRF on the seed s with input v, and then presents an NIZK argument that it knows a signature by the RA on its entity and a commitment to a seed s, it knows a signature by the SA on its, and the singleuse token is computed as Fs ( v ). The user s actual survey data will be part of, and thereby authenticated by, this NIZK argument. The NIZK proof in the survey completion step helps ensure that only authorized users can complete the survey and that they can compute at most one single-use token and thus complete the survey only once. If users want to replace their survey response before the deadline and the system allows this, they can create a new NIZK argument with new data for the same Fs ( v ) value. The old survey with this value can be deleted. 26 IEEE Security & Privacy March/April 2015

6 Anonymity is supported by the fact that neither the RA nor the SA ever sees the seed s (only commitments to it), the NIZK arguments zero-knowledge property, and the PRF s pseudorandomness property. Proving this abstract protocol is secure is nontrivial. To guarantee security under concurrent executions, we introduce the notion of tag-based online simulationextractable NIZK, which is essentially equivalent to the notion of universally composable NIZK. 8 A Concrete Construction To enable the second phase of our construction instantiation of the abstract protocol using specific primitives we demonstrate a simple and efficient way to implement online simulation-extractable NIZK arguments in the random oracle model. The key to the construction is choosing appropriate commitments, signatures, and PRFs that can be stitched together so that we can prove an efficient NIZK argument for the complex statement in the abstract protocol. This integration step is nontrivial; to produce efficient NIZK arguments and thereby an overall efficient system, we must look closely at each building block s underlying algebraic structure to find primitives that can leverage a common algebraic structure. Although we prove one method of implementing the abstract system, there are endless alternatives. We chose this concrete implementation based on its efficiency, simplicity, and our confence in the underlying building blocks security. Our ANONIZE construction is placed in a bi linear map algebraic setting, which is commonly believed to prove high security levels with low bandwth and computationally efficient implementations. 9 These bilinear maps are typically implemented via an underlying elliptic curve. The common input for all protocols includes a description of the bilinear mapping, generators for the algebraic groups involved, and a description of a collision-resistant hash function. The bilinear map we chose is typically one of a handful of options from a given library. The elliptic curve library we used implements the hash function differently depending on the curve implementation. The RA can randomly choose the generators. With these common settings established, our system uses the following building blocks: the Pedersen commitment scheme, 10 the Dodis Yampolskiy PRF, 11 and a simplified signature scheme derived from the Boneh Boyen entity-based cryptosystem. 12 The final nontrivial step was to devise the efficient NIZK arguments for the statements we need to prove concerning these building blocks. For a deeper technical discussion, see ANONIZE: A Large-Scale Anonymous Survey System. 3 An Implementation and Experiments ANONIZE can easily handle large numbers of users with moderate resources for the registration and survey authorities. The computational cost for users is quite low as well; a typical desktop can compute the worstcase scenario in less than a few seconds, using a single core of the machine. Thus, we argue our system scales well at affordable costs. We tested our system by implementing it in C++11 using the MIRACL big number library, which supports pairing (that is, bilinear map)-based cryptography and is free for educational purposes. 13 Our implementation consisted of two curves using the Ate pairing: a Barreto Naehrig (BN) pairing-friendly curve that MIRACL equates to 128-bit security and a Barreto Lynn Scott (BLS) pairing-friendly curve that MIRACL equates to 256-bit security. Depending on the security assumption s aggressiveness, we get either close to 128- and 256-bit security from these implementations, or we get 128-bit security from the 256-bit implementation, and the 128-bit implementation wouldn t be secure due to possible loss of security in the security proof. We performed all tests on a 3.06 GHz Intel Core 2 Duo, Late 2009 imac with 12 Gbytes of 1,067 MHz DDR3 RAM and a 5,400 RPM SATA HD. Our unoptimized implementation demonstrates efficiency for nearly all practical surveys. In particular, our implementation utilizes only one core of the CPU, but one can easily load-balance user registration and survey verification over multiple cores and machines by having all cores run the same processes. Similarly, when generating new surveys, we can split the participant list among several different cores at the SA, and each would sign the names of the indivuals on its portion of the list. Our results show that one or two workstations or servers are sufficient to manage millions of surveys using the more efficient BN curves, and a small number of high-performance machines could easily handle surveys of larger or similar sizes using the BLS curves. User-se computation is reasonably negligible. Submitting a survey and verifying a submitted survey the most expensive operations a user might do take seconds. Experiments Table 1 shows our experiment results. Each experiment was performed 100 times, with mean and standard deviation times reported in milliseconds. The measured times correspond to the time necessary to compute the appropriate cryptography and store the result to disk. No network measurements were involved. The most expensive operation was the mass verification of surveys that should be done by an SA. 27

7 IEEE S&P SYMPOSIUM Table 1. Timing results from the implementation of our concrete system. Operation Barreto Naehrig curve Barreto Lynn Scott curve Mean (ms) Standard deviation (ms) Mean (ms) Standard deviation (ms) Registration authority (RA) key generation Survey authority (SA) key generation User-se user registration RA-se user registration User verification user registration SA survey generation (300 users) , SA survey generation (per user) User submission , SA verify submission , In our BN implementation, we can verify 1 million submissions in approximately 33 hours per core. Assuming a reasonable four cores per system gives us a little over eight hours for one system; three systems could complete the process in approximately two hours. In the BLS setting, assuming we had to verify the submissions of 1 million people, we could use approximately 20 machines with four cores each and compute the results in less than eight hours. If there is no need to keep the survey results private, this computing power can be rented from the cloud to lower costs. Verification does not require private information, so renting resources is less risky. Survey generation and the RA se of user registration can also centralize computing costs with an authority. Both are at least an order of magnitude less time intensive than survey verification and can be efficiently distributed over similar resources. Storage and Bandwth Requirements Storage and bandwth requirements are reasonable for such schemes. Each element in the survey list output during the survey registration is less than 1 Kbyte, as are users secret tokens. The most expensive NIZK argument used in the survey submission is smaller than 8 Kbytes. This excludes the IDs length, which is system dependent but on the order of a few hundred bytes at most. The ability to run truly anonymous, ad hoc online surveys is a critical aspect of online security. Surveys in which participants are not anonymous might not elicit truthful responses. More important, we believe it is unethical to depend on trusted third parties, such as traditional online survey provers, to prove anonymity when dealing with sensitive survey data that participants supply under the assumption that they are anonymous. Recent attacks on major companies (for instance, Sony) have demonstrated that such solutions can be breached, and the anonymity they claim to prove is just an illusion. ANONIZE proves a solution to this problem without relying on any trusted third parties. References 1. Security Breach Leaves 45,000 at Risk of Identity Theft, Cornell Daily Sun, 24 June 2009; /blog/2009/06/24/security-breach-leaves at -risk-of-entity-theft. 2. D. Chaum and T.P. Pedersen, Wallet Databases with Observers, Advances in Cryptology, vol. 740, 1992, pp S. Hohenberger et al., ANONIZE: A Large-Scale Anonymous Survey System, IEEE Symp. Security and Privacy, 2014, pp A. Juels, M. Luby, and R. Ostrovsky, Security of Blind Digital Signatures (Extended Abstract), Advances in Cryptology, 1997, pp M. Bellare and P. Rogaway, Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols, Proc. 1st ACM Conf. Computer and Comm. Security (CCS 03), 1993, pp J. Camenisch and A. Lysyanskaya, Signature Schemes and Anonymous Credentials from Bilinear Maps, Advances in Cryptology, 2004, pp O. Goldreich, The Foundations of Cryptography, Cambrge Univ., D. Santis et al., Robust Non-interactive Zero Knowledge, SIAM J. Computing, vol. 20, 2001, pp D. Boneh and M.K. Franklin, Identity-Based Encryption from the Weil Pairing, Advances in Cryptology, LNCS 2139, 2001, pp IEEE Security & Privacy March/April 2015

8 10. T.P. Pedersen, Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing, Advances in Cryptology, 1991, pp Y. Dodis and A. Yampolskiy, A Verifiable Random Function with Short Proofs and Keys, Public Key Cryptography, LNCS 3386, 2005, pp D. Boneh and X. Boyen, Efficient Selective-ID Secure Identity-Based Encryption without Random Oracles, Advances in Cryptology, LNCS 3027, 2004, pp M. Scott, Multiprecision Integer and Rational Arithmetic C/C++ Library (MIRACL), Shamus Software, 2014; Susan Hohenberger is an associate research professor in the Department of Computer Science at Johns Hopkins University. Hohenberger received a PhD in computer science from the Massachusetts Institute of Technology. Her research on practical cryptographic systems received an NSF Career Award, a Google Research Award, and a Microsoft Faculty Fellowship. Contact her at susan@cs.jhu.edu. Steven Myers is an associate professor in the Department of Informatics and Computing at Indiana University and director of the academic security programs. His research interests include theoretical and applied cryptographic systems, phishing, and understanding emergent effects on cybersecurity. Myers received a PhD in computer science from the University of Toronto. Contact him at samyers@ indiana.edu. Rafael Pass is an associate professor of computer science at Cornell University and Cornell NYC Tech. His research interests include cryptography and its interplay with computational complexity and game theory. Pass received a PhD in computer science from the Massachusetts Institute of Technology. He s a recipient of the NSF Career Award, the AFOSR Young Investigator Award, the Alfred P. Sloan Fellowship, and the Microsoft Faculty Award. Contact him at rafael@cs.cornell.edu. abhi shelat is an associate professor of computer science at the University of Virginia. shelat received a PhD in computer science from the Massachusetts Institute of Technology. He received the NSF Career award, the Virginia FEST Distinguished Young Investigator prize, a Microsoft Research Faculty Fellowship, and an SAIC Scholars Research Award. Contact him at abhi@virginia.edu. Selected CS articles and columns are also available for free at IEEE Pervasive Computing explores the many facets of pervasive and ubiquitous computing with research articles, case studies, product reviews, conference reports, departments covering wearable and mobile technologies, and much more. Keep abreast of rap technology change by subscribing today!

ANONIZE: A Large-Scale Anonymous Survey System

ANONIZE: A Large-Scale Anonymous Survey System ANONIZE: A Large-Scale Anonymous Survey System Susan Hohenberger Johns Hopkins University susan@cs.jhu.edu Steven Myers Indiana University samyers@indiana.edu Rafael Pass Cornell University rafael@cs.cornell.edu

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Efficient Unlinkable Secret Handshakes for Anonymous Communications

Efficient Unlinkable Secret Handshakes for Anonymous Communications 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique

More information

A New and Efficient Signature on Commitment Values

A New and Efficient Signature on Commitment Values International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding

More information

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD Volume 1, Issue 7, PP:, JAN JUL 2015. SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD B ANNAPURNA 1*, G RAVI 2*, 1. II-M.Tech Student, MRCET 2. Assoc. Prof, Dept.

More information

Cloud Data Storage Services Considering Public Audit for Security

Cloud Data Storage Services Considering Public Audit for Security Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 1 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Digital Identity Management

Digital Identity Management Digital Identity Management Techniques and Policies E. Bertino CS Department and ECE School CERIAS Purdue University bertino@cs.purdue.edu Digital Identity Management What is DI? Digital identity (DI)

More information

Improving data integrity on cloud storage services

Improving data integrity on cloud storage services International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services

More information

Two Factor Zero Knowledge Proof Authentication System

Two Factor Zero Knowledge Proof Authentication System Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted

More information

Privacy-preserving Digital Identity Management for Cloud Computing

Privacy-preserving Digital Identity Management for Cloud Computing Privacy-preserving Digital Identity Management for Cloud Computing Elisa Bertino bertino@cs.purdue.edu Federica Paci paci@cs.purdue.edu Ning Shang nshang@cs.purdue.edu Rodolfo Ferrini rferrini@purdue.edu

More information

White Paper: Multi-Factor Authentication Platform

White Paper: Multi-Factor Authentication Platform White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all

More information

AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM

AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM Bairu Ravi 1, B.Ramya 2 1 M.Tech Student, Dept of CSE, Arjun College

More information

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a

More information

Secure Computation Without Authentication

Secure Computation Without Authentication Secure Computation Without Authentication Boaz Barak 1, Ran Canetti 2, Yehuda Lindell 3, Rafael Pass 4, and Tal Rabin 2 1 IAS. E:mail: boaz@ias.edu 2 IBM Research. E-mail: {canetti,talr}@watson.ibm.com

More information

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction Real-Time Service Composition and Deployment for Secure Computing in Cloud Environment R. Ushadevi 1, V. Rajamani 2 1 Research Scholar, Department of Computer Applications, St. Peter s University, Chennai

More information

Privacy-Providing Signatures and Their Applications. PhD Thesis. Author: Somayeh Heidarvand. Advisor: Jorge L. Villar

Privacy-Providing Signatures and Their Applications. PhD Thesis. Author: Somayeh Heidarvand. Advisor: Jorge L. Villar Privacy-Providing Signatures and Their Applications PhD Thesis Author: Somayeh Heidarvand Advisor: Jorge L. Villar Privacy-Providing Signatures and Their Applications by Somayeh Heidarvand In fulfillment

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010

Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010 Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010 Summary This document describes a Ph.D. level course, corresponding to a Curriculum Unit credited with 5 ECTS. It is offered jointly

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India E-Mail: reshmamaryabraham@gmail.com

More information

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Efficient construction of vote-tags to allow open objection to the tally in electronic elections Information Processing Letters 75 (2000) 211 215 Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2

More information

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud T.Vijayalakshmi 1, Balika J Chelliah 2,S.Alagumani 3 and Dr.J.Jagadeesan 4 1 PG

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

On the Limits of Anonymous Password Authentication

On the Limits of Anonymous Password Authentication On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,

More information

Lecture 15 - Digital Signatures

Lecture 15 - Digital Signatures Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.

More information

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 3, Issue.

More information

Verifiable Delegation of Computation over Large Datasets

Verifiable Delegation of Computation over Large Datasets Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious

More information

Selective dependable storage services for providing security in cloud computing

Selective dependable storage services for providing security in cloud computing Selective dependable storage services for providing security in cloud computing Gade Lakshmi Thirupatamma*1, M.Jayaram*2, R.Pitchaiah*3 M.Tech Scholar, Dept of CSE, UCET, Medikondur, Dist: Guntur, AP,

More information

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 1-8 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0975-8283 ----------------------------------------------------------------------------------------------------------------------------------------------------------

More information

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart

More information

Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings

Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March

More information

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE R.REVATHI # PG Scholar #, Bharathiyar Institute Of Engineering for Women, Deviyakurichi, Salem(DT) India

More information

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Semi-Trusted Authentication for Health Data in Cloud

Semi-Trusted Authentication for Health Data in Cloud JOURNAL OF COMPUTER SCIENCE AND ENGINEERING Semi-Trusted Authentication for Health Data in Cloud Rajeswari.M 1, Anjelin Lilly Jasmine.P 2, V.Komaladevi 3, K.Monika 4 1 Assistant professor, 2,3,4 Students,

More information

Multi Layered Securing of Health Records using Public and Private Model in Cloud

Multi Layered Securing of Health Records using Public and Private Model in Cloud pp 97 102 Krishi Sanskriti Publications http://www.krishisanskriti.org/acsit.html Multi Layered Securing of Health Records using Public and Private Model in Cloud Vijay J 1, Anitha C.L 2 1 P.G.Student,

More information

Comments on "public integrity auditing for dynamic data sharing with multi-user modification"

Comments on public integrity auditing for dynamic data sharing with multi-user modification University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic

More information

Lecture 2: Complexity Theory Review and Interactive Proofs

Lecture 2: Complexity Theory Review and Interactive Proofs 600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

More information

An Efficient Data Correctness Approach over Cloud Architectures

An Efficient Data Correctness Approach over Cloud Architectures International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 8, Issue 12 (October 2013), PP. 33-37 An Efficient Data Correctness Approach over

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN

More information

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems

More information

A Survey on Untransferable Anonymous Credentials

A Survey on Untransferable Anonymous Credentials A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches

More information

Trusted Public Auditing Process for Secure Cloud Storage

Trusted Public Auditing Process for Secure Cloud Storage Trusted Public Auditing Process for Secure Cloud Storage K.Adhiyaman 1, A. Jesudoss 2, D.Saravanan 3 1 Final Year MCA, Faculty of Computing, Department of MCA Sathyabama University, Chennai,Tamil Nadu,

More information

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,

More information

Secure Cloud StorageForPrivacy-Preserving Public Audit

Secure Cloud StorageForPrivacy-Preserving Public Audit RESEARCH ARTICLE OPEN ACCESS Secure Cloud StorageForPrivacy-Preserving Public Audit ShekhAhamadhusen D., Prof. Rahul Deshmukh Abstract- In Cloud Environment, using cloud storage service, users can remotely

More information

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud M.Jayanthi, Assistant Professor, Hod of MCA.E mail: badini_jayanthi@yahoo.co.in MahatmaGandhi University,Nalgonda, INDIA. B.Ranganatha

More information

Computational Soundness of Symbolic Security and Implicit Complexity

Computational Soundness of Symbolic Security and Implicit Complexity Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview

More information

Group Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the

More information

Security Analysis of DRBG Using HMAC in NIST SP 800-90

Security Analysis of DRBG Using HMAC in NIST SP 800-90 Security Analysis of DRBG Using MAC in NIST SP 800-90 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@u-fukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator

More information

Security in Electronic Payment Systems

Security in Electronic Payment Systems Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

More information

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense

More information

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure

More information

A Survey on Optimistic Fair Digital Signature Exchange Protocols

A Survey on Optimistic Fair Digital Signature Exchange Protocols A Survey on Optimistic Fair Digital Signature Exchange s Alfin Abraham Vinodh Ewards Harlay Maria Mathew Abstract Security services become crucial to many applications such as e-commerce payment protocols,

More information

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,

More information

Surveying Cloud Storage Correctness using TPA with BLS

Surveying Cloud Storage Correctness using TPA with BLS Surveying Cloud Storage Correctness using TPA with BLS Priyanka Dehariya 1, Prof. Shweta Shrivastava 2, Dr. Vineet Richaraya 3 1 M.Tech Scholar (CSE), LNCT, Bhopal 2 Asst.Professors, (CSE Department),

More information

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India

More information

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu

More information

Official Arbitration with Secure Cloud Storage Application

Official Arbitration with Secure Cloud Storage Application Official Arbitration with Secure Cloud Storage Application Alptekin Küpçü Koç University, İstanbul, Turkey akupcu@ku.edu.tr February 11, 2013 Abstract Static and dynamic proof of storage schemes have been

More information

New Efficient Searchable Encryption Schemes from Bilinear Pairings

New Efficient Searchable Encryption Schemes from Bilinear Pairings International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang

More information

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Categorical Heuristic for Attribute Based Encryption in the Cloud Server Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,

More information

A Secure Decentralized Access Control Scheme for Data stored in Clouds

A Secure Decentralized Access Control Scheme for Data stored in Clouds A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University

More information

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

More information

Data management using Virtualization in Cloud Computing

Data management using Virtualization in Cloud Computing Data management using Virtualization in Cloud Computing A.S.R. Krishna Kanth M.Tech (CST), Department of Computer Science & Systems Engineering, Andhra University, India. M.Sitha Ram Research Scholar Department

More information

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Priyanga.R 1, Maheswari.B 2, Karthik.S 3 PG Scholar, Department of CSE, SNS College of technology, Coimbatore-35,

More information

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud I.sriram murthy 1 N.Jagajeevan 2 II M-Tech student Assistant.Professor Department of computer science & Engineering Department of

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

Index Terms: Data integrity, dependable distributed storage, Cloud Computing

Index Terms: Data integrity, dependable distributed storage, Cloud Computing Volume 5, Issue 5, May 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Data Protection

More information

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming

More information

An Approach to Enhance in Group Signature Scheme with Anonymous Revocation

An Approach to Enhance in Group Signature Scheme with Anonymous Revocation An Approach to Enhance in Group Signature Scheme with Anonymous Revocation Thu Thu Mon Oo, and Win Htay Abstract This paper concerns with the group signature scheme. In this scheme, anyone who can access

More information

Experiments in Encrypted and Searchable Network Audit Logs

Experiments in Encrypted and Searchable Network Audit Logs Experiments in Encrypted and Searchable Network Audit Logs Bhanu Prakash Gopularam Cisco Systems India Pvt. Ltd Nitte Meenakshi Institute of Technology Email: bhanprak@cisco.com Sashank Dara Cisco Systems

More information

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2

More information

Secure Single Sign-on Schemes Constructed from Nominative Signatures

Secure Single Sign-on Schemes Constructed from Nominative Signatures Secure Single Sign-on Schemes Constructed from Nominative Signatures Jingquan Wang, Guilin Wang, and Willy Susilo Center for Computer and Information Security Research School of Computer Science and Software

More information

ISSN 2278-3091. Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

ISSN 2278-3091. Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability Outsourcing and Discovering Storage Inconsistencies in Cloud Through TPA Sumathi Karanam 1, GL Varaprasad 2 Student, Department of CSE, QIS College of Engineering and Technology, Ongole, AndhraPradesh,India

More information

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control. Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based

More information

Lecture 17: Re-encryption

Lecture 17: Re-encryption 600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy

More information

PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING

PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING T.Vidhya Sree M.Phil Research Scholar,CS, MGR College, Hosur (India) ABSTRACT Cloud Computing is the long dreamed vision

More information

Formal Modelling of Network Security Properties (Extended Abstract)

Formal Modelling of Network Security Properties (Extended Abstract) Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer

More information

How To Ensure Data Integrity In Clouds

How To Ensure Data Integrity In Clouds Proficient Audit Services Outsourced for Data Availability in Clouds N Praveen Kumar Reddy #1, Dr Subhash Chandra *2 N Praveen Kumar Reddy, pursuing M.Tech from Holy Mary Institute of Technology and Science,,

More information

Enabling Public Auditing for Secured Data Storage in Cloud Computing

Enabling Public Auditing for Secured Data Storage in Cloud Computing IOSR Journal of Engineering (IOSRJEN) e-issn: 2250-3021, p-issn: 2278-8719 Vol. 3, Issue 5 (May. 2013), V3 PP 01-05 Enabling Public Auditing for Secured Data Storage in Cloud Computing 1 Er.Amandeep Kaur,

More information

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing. Survey on Privacy Preserving Public Auditing Techniques for Shared Data in the Cloud Kedar Jayesh Rasal 1, Dr. S.V.Gumaste 2, Sandip A. Kahate 3 Computer Engineering, Pune University, SPCOE, Otur, Pune,

More information

Chosen-Ciphertext Security from Identity-Based Encryption

Chosen-Ciphertext Security from Identity-Based Encryption Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes

More information

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Biometric Authentication Platform for a Safe, Secure, and Convenient Society 472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.

More information

Secure Way of Storing Data in Cloud Using Third Party Auditor

Secure Way of Storing Data in Cloud Using Third Party Auditor IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.

More information

Cloud Data Storage Security and Public Auditing

Cloud Data Storage Security and Public Auditing A Meticulous Description of Applying Watermarking Technique for Secure Cloud Storage 1 M. Guresh, 2 R. Suresh 1 M.Tech 2 nd Year, Department of CSE, CREC Tirupati, AP, India 2 Professor & HOD, Department

More information

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,

More information

Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Manoj Kokane 1, Premkumar Jain 2, Poonam Sarangdhar 3 1, 2, 3 Government College of Engineering and Research, Awasari, Pune, India Abstract: Cloud computing is

More information

Erasure correcting to enhance data security in cloud data storage

Erasure correcting to enhance data security in cloud data storage Erasure correcting to enhance data security in cloud data storage K.Shrividhya Department of computer science- Vels University shrividhya224@gmail.com A.Sajeevram Department of computer science Vels University

More information

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption. Secure Privacy-Preserving Cloud Services. Abhaya Ghatkar, Reena Jadhav, Renju Georgekutty, Avriel William, Amita Jajoo DYPCOE, Akurdi, Pune ghatkar.abhaya@gmail.com, jadhavreena70@yahoo.com, renjug03@gmail.com,

More information

A Secure RFID Ticket System For Public Transport

A Secure RFID Ticket System For Public Transport A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It

More information

PERFORMANCE OF BALANCED STORAGE SERVICES IN CLOUD SYSTEM

PERFORMANCE OF BALANCED STORAGE SERVICES IN CLOUD SYSTEM INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE PERFORMANCE OF BALANCED STORAGE SERVICES IN CLOUD SYSTEM Byagari Kumar 1, K.Pradeep Kumar 2 1 M.Tech Student, Dept of CSE, RRS College

More information

How To Ensure Correctness Of Data In The Cloud

How To Ensure Correctness Of Data In The Cloud A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING 1, 2 Pratibha Gangwar, 3 Mamta Gadoria 1 M. Tech. Scholar, Jayoti Vidyapeeth Women s University, Jaipur, priya25mehta@gmail.com 2 M. Tech.

More information

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE Abstract: Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared

More information

Bitmessage: A Peer to Peer Message Authentication and Delivery System

Bitmessage: A Peer to Peer Message Authentication and Delivery System Bitmessage: A Peer to Peer Message Authentication and Delivery System Jonathan Warren jonathan@bitmessage.org www.bitmessage.org November 27, 2012 Abstract. We propose a system that allows users to securely

More information

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013 FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

More information