An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation

During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.

Indexing dynamic encrypted database in cloud for efficient secure k-nearest neighbor query

Secure k-Nearest Neighbor(k-NN)query aims to find k nearest data of a given query from an encrypted database in a cloud server without revealing privacy to the untrusted cloud and has wide applications in many areas,such as privacy-preservingmachine elearning gand secure biometric identification.Several solutions have been put forward to solve this challenging problem.However,the existing schemes still suffer from various limitations in terms of efficiency and flexibility.In this paper,we propose a new encrypt-then-index strategy for the secure k-NN query,which can simultaneously achieve sub-linear search complexity(efficiency)and support dynamical update over the encrypted database(flexibility).Specifically,we propose a novel algorithm to transform the encrypted database and encrypted query points in the cloud.By indexing the transformed database using spatial data structures such as the R-tree index,our strategy enables sub-linear complexity for secure k-NN queries and allows users to dynamically update the encrypted database.To the best of our knowledge,the proposed strategy is the first to simultaneously provide these two properties.Through theoretical analysis and extensive experiments,we formally prove the security and demonstrate the efficiency of our scheme.

Fully distributed identity-based threshold signatures with identifiable aborts

Identity-based threshold signature(IDTS)is a forceful primitive to protect identity and data privacy,in which parties can collaboratively sign a given message as a signer without reconstructing a signing key.Nevertheless,most IDTS schemes rely on a trusted key generation center(KGC).Recently,some IDTS schemes can achieve escrow-free security against corrupted KGC,but all of them are vulnerable to denial-of-service attacks in the dishonest majority setting,where cheaters may force the protocol to abort without providing any feedback.In this work,we present a fully decentralized IDTS scheme to resist corrupted KGC and denialof-service attacks.To this end,we design threshold protocols to achieve distributed key generation,private key extraction,and signing generation which can withstand the collusion between KGCs and signers,and then we propose an identification mechanism that can detect the identity of cheaters during key generation,private key extraction and signing generation.Finally,we formally prove that the proposed scheme is threshold unforgeability against chosen message attacks.The experimental results show that the computation time of both key generation and signing generation is<1 s,and private key extraction is about 3 s,which is practical in the distributed environment.

Mean estimation over numeric data with personalized local differential privacy

The fast development of the Internet and mobile devices results in a crowdsensing business model,where individuals(users)are willing to contribute their data to help the institution(data collector)analyze and release useful information.However,the reveal of personal data will bring huge privacy threats to users,which will impede the wide application of the crowdsensing model.To settle the problem,the definition of local differential privacy(LDP)is proposed.Afterwards,to respond to the varied privacy preference of users,resear-chers propose a new model,i.e.,personalized local differential privacy(PLDP),which allow users to specify their own privacy parameters.In this paper,we focus on a basic task of calculating the mean value over a single numeric attribute with PLDP.Based on the previous schemes for mean estimation under LDP,we employ PLDP model to design novel schemes(LAP,DCP,PWP)to provide personalized privacy for each user.We then theoretically analysis the worst-case variance of three proposed schemes and conduct experiments on synthetic and real datasets to evaluate the performance of three methods.The theoretical and experimental results show the optimality of PWP in the low privacy regime and a slight advantage of DCP in the high privacy regime.