Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 13 Issue 4, December 2010

Pairing-Based Onion Routing with Improved Forward Secrecy
Aniket Kate, Greg M. Zaverucha, Ian Goldberg
Article No.: 29
DOI: 10.1145/1880022.1880023

This article presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to design new onion routing circuit...

Storage-Based Intrusion Detection
Adam G. Pennington, John Linwood Griffin, John S. Bucy, John D. Strunk, Gregory R. Ganger
Article No.: 30
DOI: 10.1145/1880022.1880024

Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting...

Attribute-Based Messaging: Access Control and Confidentiality
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Arindam Khan, Carl A. Gunter, Himanshu Khurana, Manoj Prabhakaran
Article No.: 31
DOI: 10.1145/1880022.1880025

Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces...

Authenticated Index Structures for Aggregation Queries
Feifei Li, Marios Hadjieleftheriou, George Kollios, Leonid Reyzin
Article No.: 32
DOI: 10.1145/1880022.1880026

Query authentication is an essential component in Outsourced DataBase (ODB) systems. This article introduces efficient index structures for authenticating aggregation queries over large datasets. First, we design an index that features good...

A Simple and Generic Construction of Authenticated Encryption with Associated Data
Palash Sarkar
Article No.: 33
DOI: 10.1145/1880022.1880027

We revisit the problem of constructing a protocol for performing Authenticated Encryption with Associated Data (AEAD). A technique is described which combines a collision-resistant hash function with a protocol for Authenticated Encryption (AE)....

MPSS: Mobile Proactive Secret Sharing
David Schultz, Barbara Liskov, Moses Liskov
Article No.: 34
DOI: 10.1145/1880022.1880028

This article describes MPSS, a new way to do proactive secret sharing. MPSS provides mobility: The group of nodes holding the shares of the secret can change at each resharing, which is essential in a long-lived system. MPSS additionally...

Uncovering Spoken Phrases in Encrypted Voice over IP Conversations
Charles V. Wright, Lucas Ballard, Scott E. Coull, Fabian Monrose, Gerald M. Masson
Article No.: 35
DOI: 10.1145/1880022.1880029

Although Voice over IP (VoIP) is rapidly being adopted, its security implications are not yet fully understood. Since VoIP calls may traverse untrusted networks, packets should be encrypted to ensure confidentiality. However, we show that it is...

Mining Roles with Multiple Objectives
Ian Molloy, Hong Chen, Tiancheng Li, Qihua Wang, Ninghui Li, Elisa Bertino, Seraphin Calo, Jorge Lobo
Article No.: 36
DOI: 10.1145/1880022.1880030

With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business...

Key Evolution Systems in Untrusted Update Environments
Benoît Libert, Jean-Jacques Quisquater, Moti Yung
Article No.: 37
DOI: 10.1145/1880022.1880031

Forward-Secure Signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer’s storage by evolving the private key in a one-way fashion. To simplify the integration of these primitives into...

Robust Decentralized Virtual Coordinate Systems in Adversarial Environments
David Zage, Cristina Nita-Rotaru
Article No.: 38
DOI: 10.1145/1880022.1880032

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were...

BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs
Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith
Article No.: 39
DOI: 10.1145/1880022.1880033

Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving...

Satisfiability and Resiliency in Workflow Authorization Systems
Qihua Wang, Ninghui Li
Article No.: 40
DOI: 10.1145/1880022.1880034

We propose the role-and-relation-based access control (R2BAC) model for workflow authorization systems. In R2BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine...

Identity Escrow Protocol and Anonymity Analysis in the Applied Pi-Calculus
Aybek Mukhamedov, Mark D. Ryan
Article No.: 41
DOI: 10.1145/1880022.1880035

Anonymity with identity escrow attempts to allow users of an online service to remain anonymous, while providing the possibility that the service owner can break the anonymity in exceptional circumstances, such as to assist in a criminal...