enter search term and/or author name
Pairing-Based Onion Routing with Improved Forward Secrecy
Aniket Kate, Greg M. Zaverucha, Ian Goldberg
Article No.: 29
This article presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to design new onion routing circuit...
Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting...
Attribute-Based Messaging: Access Control and Confidentiality
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Arindam Khan, Carl A. Gunter, Himanshu Khurana, Manoj Prabhakaran
Article No.: 31
Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces...
Authenticated Index Structures for Aggregation Queries
Feifei Li, Marios Hadjieleftheriou, George Kollios, Leonid Reyzin
Article No.: 32
Query authentication is an essential component in Outsourced DataBase (ODB) systems. This article introduces efficient index structures for authenticating aggregation queries over large datasets. First, we design an index that features good...
A Simple and Generic Construction of Authenticated Encryption with Associated Data
Article No.: 33
We revisit the problem of constructing a protocol for performing Authenticated Encryption with Associated Data (AEAD). A technique is described which combines a collision-resistant hash function with a protocol for Authenticated Encryption (AE)....
This article describes MPSS, a new way to do proactive secret sharing. MPSS provides mobility: The group of nodes holding the shares of the secret can change at each resharing, which is essential in a long-lived system. MPSS additionally...
Although Voice over IP (VoIP) is rapidly being adopted, its security implications are not yet fully understood. Since VoIP calls may traverse untrusted networks, packets should be encrypted to ensure confidentiality. However, we show that it is...
With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business...
Key Evolution Systems in Untrusted Update Environments
Benoît Libert, Jean-Jacques Quisquater, Moti Yung
Article No.: 37
Forward-Secure Signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer’s storage by evolving the private key in a one-way fashion. To simplify the integration of these primitives into...
Robust Decentralized Virtual Coordinate Systems in Adversarial Environments
David Zage, Cristina Nita-Rotaru
Article No.: 38
Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were...
BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs
Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith
Article No.: 39
Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving...
Satisfiability and Resiliency in Workflow Authorization Systems
Qihua Wang, Ninghui Li
Article No.: 40
We propose the role-and-relation-based access control (R2BAC) model for workflow authorization systems. In R2BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine...
Identity Escrow Protocol and Anonymity Analysis in the Applied Pi-Calculus
Aybek Mukhamedov, Mark D. Ryan
Article No.: 41
Anonymity with identity escrow attempts to allow users of an online service to remain anonymous, while providing the possibility that the service owner can break the anonymity in exceptional circumstances, such as to assist in a criminal...