Cloud computing has emerged as the most influential paradigm in recent years. The new computing t... more Cloud computing has emerged as the most influential paradigm in recent years. The new computing technology requires users to entrust their data to the cloud provider, which leads to security issues on the outsourced data. In order to achieve scalable, fine-grained and flexible access control for cloud computing, we extends Ciphertext-Policy Attribute-Set-Based Encryption (CP-ASBE) by building in a hierarchical structure to obtain Hierarchical Attribute-Set-Based Encryption (HASBE) for cloud computing. The proposed scheme inherits flexibility in supporting compound attributes, and achieves scalability due to the hierarchical structure. More efficient user revocation is achieved because of the use of attribute-set which allows us incrementally update user’s expiration time. We analyze the proposed scheme, and it is showed that the scheme is not only efficient and flexible in dealing with access control for cloud computing, but also has the same security as CP-ASBE.
In this paper, we propose a highly efficient key agreement scheme based on a novel key tree const... more In this paper, we propose a highly efficient key agreement scheme based on a novel key tree construction for ad hoc networks. The key tree is constructed taking into consideration of the multicast tree which represents the underlying network topology. Our scheme greatly reduces the communications and computation cost for group key agreement and has high flexibility in having dynamic group memberships. We implement our scheme in ns-2 and evaluate its performance in terms of overhead and communication cost. The simulation results show that our scheme enjoys great advantages over other schemes in the literature
As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising t... more As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, however, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anonymous, and ciphertext-policy ABE (CP-A3BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A3BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are provably secure.
IEEE Transactions on Wireless Communications, 2012
Privacy-preserving routing is crucial for some ad hoc networks that require stronger privacy prot... more Privacy-preserving routing is crucial for some ad hoc networks that require stronger privacy protection. A number of schemes have been proposed to protect privacy in ad hoc networks. However, none of these schemes offer complete unlinkability or unobservability property since data packets and control packets are still linkable and distinguishable in these schemes. In this paper, we define stronger privacy requirements regarding privacy-preserving routing in mobile ad hoc networks. Then we propose an unobservable secure routing scheme USOR to offer complete unlinkability and content unobservability for all types of packets. USOR is efficient as it uses a novel combination of group signature and ID-based encryption for route discovery. Security analysis demonstrates that USOR can well protect user privacy against both inside and outside attackers. We implement USOR on ns2, and evaluate its performance by comparing with AODV and MASK. The simulation results show that USOR not only has satisfactory performance compared to AODV, but also achieves stronger privacy protection than existing schemes like MASK.
Page 1. WiFace: A Secure GeoSocial Networking System Using WiFi-based Multi-hop MANET ... The res... more Page 1. WiFace: A Secure GeoSocial Networking System Using WiFi-based Multi-hop MANET ... The results show that MoNet is more than sufficient to support so-cial networking, and even audio and video applications. Keywords WiFi, Social Network, Privacy, MANET, WiFace. ...
In this paper, we review a PKC (public key cryptosystem) based protocol, referred to as the Stanf... more In this paper, we review a PKC (public key cryptosystem) based protocol, referred to as the Stanford protocol, aimed at overcoming several security deficiencies in IEEE 802.1X and to provide access control in both wireless and wired networks. One main objective of the Stanford protocol is to provide DoS resistance for the wireless network. Meanwhile, in the wireless environment, identity confidentiality of the mobile user is especially important since the disclosed identity could be used to locate the user and track his movement. But our analysis shows that the Stanford protocol fails to fulfill these requirements. So we propose a new PKC-based protocol that not only provides DoS resistance and perfect forward secrecy, but also provides identity anonymity for the clients. We also present detailed security and performance analysis for our protocol, and show that our protocol is secure and efficient for access control in wireless networks.
Wireless networks have gained overwhelming popularity over their wired counterpart due to their g... more Wireless networks have gained overwhelming popularity over their wired counterpart due to their great flexibility and convenience, but access control of wireless networks has been a serious problem because of the open medium. Passwords remain the most popular way for access control as well as authentication and key exchange. But existing password-based access control protocols are not satisfactory in that they do not provide DoS-resistance or anonymity. In this paper we analyze the weaknesses of an access control protocol using passwords for wireless networks in IEEE LCN 2001, and propose a different access control protocol using passwords for wireless networks. Our new protocol avoids the weaknesses of the previous protocol, and the client can anonymously authenticate himself to the server with a human-memorable password, while the server is free of DoS attacks. We also present detailed security and performance analysis for our protocols, and show that our protocol is both secure and efficient for access control in wireless networks
Password-Authenticated Key Exchange (PAKE) protocols enable two or more parties to use human-memo... more Password-Authenticated Key Exchange (PAKE) protocols enable two or more parties to use human-memorable passwords for authentication and key exchange. Since the human-memorable passwords are vulnerable to off-line dictionary attacks, PAKE protocols should be very carefully designed to resist dictionary attacks. However, designing PAKE protocols against dictionary attacks proved to be quite tricky. In this paper, we analyze two PAKE protocols and show that they are subject to dictionary attacks. The analyzed protocols are EPA which was proposed in ACISP 2003 and AMP which is a contribution for P1363. Our attack is based on the small factors of the order of a large group \({\mathbb Z_p^*}\) (i.e., the DLP of subgroup attack), by which the secret password can be fully discovered. We intend to emphasize that our attack is valid since the protocols neither select secure parameter p nor check the order of received values for achieving good efficiency.
Nowadays, online social network data are increasingly made publicly available to third parties. S... more Nowadays, online social network data are increasingly made publicly available to third parties. Several anonymization techniques have been studied and adopted to preserve privacy in the publishing of data. However, recent works have shown that de-anonymization of the released data is not only possible but also practical. In this paper, we present a brief yet systematic review of the existing
Copyright (c) 2009 IEEE. Personal use is permitted. For any other purposes, Permission must be ob... more Copyright (c) 2009 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org. ... This article has been accepted for publication in a future issue of this journal, but has not been fully edited. ...
Cloud computing has emerged as the most influential paradigm in recent years. The new computing t... more Cloud computing has emerged as the most influential paradigm in recent years. The new computing technology requires users to entrust their data to the cloud provider, which leads to security issues on the outsourced data. In order to achieve scalable, fine-grained and flexible access control for cloud computing, we extends Ciphertext-Policy Attribute-Set-Based Encryption (CP-ASBE) by building in a hierarchical structure to obtain Hierarchical Attribute-Set-Based Encryption (HASBE) for cloud computing. The proposed scheme inherits flexibility in supporting compound attributes, and achieves scalability due to the hierarchical structure. More efficient user revocation is achieved because of the use of attribute-set which allows us incrementally update user’s expiration time. We analyze the proposed scheme, and it is showed that the scheme is not only efficient and flexible in dealing with access control for cloud computing, but also has the same security as CP-ASBE.
In this paper, we propose a highly efficient key agreement scheme based on a novel key tree const... more In this paper, we propose a highly efficient key agreement scheme based on a novel key tree construction for ad hoc networks. The key tree is constructed taking into consideration of the multicast tree which represents the underlying network topology. Our scheme greatly reduces the communications and computation cost for group key agreement and has high flexibility in having dynamic group memberships. We implement our scheme in ns-2 and evaluate its performance in terms of overhead and communication cost. The simulation results show that our scheme enjoys great advantages over other schemes in the literature
As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising t... more As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, however, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anonymous, and ciphertext-policy ABE (CP-A3BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A3BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are provably secure.
IEEE Transactions on Wireless Communications, 2012
Privacy-preserving routing is crucial for some ad hoc networks that require stronger privacy prot... more Privacy-preserving routing is crucial for some ad hoc networks that require stronger privacy protection. A number of schemes have been proposed to protect privacy in ad hoc networks. However, none of these schemes offer complete unlinkability or unobservability property since data packets and control packets are still linkable and distinguishable in these schemes. In this paper, we define stronger privacy requirements regarding privacy-preserving routing in mobile ad hoc networks. Then we propose an unobservable secure routing scheme USOR to offer complete unlinkability and content unobservability for all types of packets. USOR is efficient as it uses a novel combination of group signature and ID-based encryption for route discovery. Security analysis demonstrates that USOR can well protect user privacy against both inside and outside attackers. We implement USOR on ns2, and evaluate its performance by comparing with AODV and MASK. The simulation results show that USOR not only has satisfactory performance compared to AODV, but also achieves stronger privacy protection than existing schemes like MASK.
Page 1. WiFace: A Secure GeoSocial Networking System Using WiFi-based Multi-hop MANET ... The res... more Page 1. WiFace: A Secure GeoSocial Networking System Using WiFi-based Multi-hop MANET ... The results show that MoNet is more than sufficient to support so-cial networking, and even audio and video applications. Keywords WiFi, Social Network, Privacy, MANET, WiFace. ...
In this paper, we review a PKC (public key cryptosystem) based protocol, referred to as the Stanf... more In this paper, we review a PKC (public key cryptosystem) based protocol, referred to as the Stanford protocol, aimed at overcoming several security deficiencies in IEEE 802.1X and to provide access control in both wireless and wired networks. One main objective of the Stanford protocol is to provide DoS resistance for the wireless network. Meanwhile, in the wireless environment, identity confidentiality of the mobile user is especially important since the disclosed identity could be used to locate the user and track his movement. But our analysis shows that the Stanford protocol fails to fulfill these requirements. So we propose a new PKC-based protocol that not only provides DoS resistance and perfect forward secrecy, but also provides identity anonymity for the clients. We also present detailed security and performance analysis for our protocol, and show that our protocol is secure and efficient for access control in wireless networks.
Wireless networks have gained overwhelming popularity over their wired counterpart due to their g... more Wireless networks have gained overwhelming popularity over their wired counterpart due to their great flexibility and convenience, but access control of wireless networks has been a serious problem because of the open medium. Passwords remain the most popular way for access control as well as authentication and key exchange. But existing password-based access control protocols are not satisfactory in that they do not provide DoS-resistance or anonymity. In this paper we analyze the weaknesses of an access control protocol using passwords for wireless networks in IEEE LCN 2001, and propose a different access control protocol using passwords for wireless networks. Our new protocol avoids the weaknesses of the previous protocol, and the client can anonymously authenticate himself to the server with a human-memorable password, while the server is free of DoS attacks. We also present detailed security and performance analysis for our protocols, and show that our protocol is both secure and efficient for access control in wireless networks
Password-Authenticated Key Exchange (PAKE) protocols enable two or more parties to use human-memo... more Password-Authenticated Key Exchange (PAKE) protocols enable two or more parties to use human-memorable passwords for authentication and key exchange. Since the human-memorable passwords are vulnerable to off-line dictionary attacks, PAKE protocols should be very carefully designed to resist dictionary attacks. However, designing PAKE protocols against dictionary attacks proved to be quite tricky. In this paper, we analyze two PAKE protocols and show that they are subject to dictionary attacks. The analyzed protocols are EPA which was proposed in ACISP 2003 and AMP which is a contribution for P1363. Our attack is based on the small factors of the order of a large group \({\mathbb Z_p^*}\) (i.e., the DLP of subgroup attack), by which the secret password can be fully discovered. We intend to emphasize that our attack is valid since the protocols neither select secure parameter p nor check the order of received values for achieving good efficiency.
Nowadays, online social network data are increasingly made publicly available to third parties. S... more Nowadays, online social network data are increasingly made publicly available to third parties. Several anonymization techniques have been studied and adopted to preserve privacy in the publishing of data. However, recent works have shown that de-anonymization of the released data is not only possible but also practical. In this paper, we present a brief yet systematic review of the existing
Copyright (c) 2009 IEEE. Personal use is permitted. For any other purposes, Permission must be ob... more Copyright (c) 2009 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org. ... This article has been accepted for publication in a future issue of this journal, but has not been fully edited. ...
Uploads
Papers by zhiguo wan