Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the app...Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the users' private keys will be affected when the revo-cation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the users' private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the at- tribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system eno cryption.展开更多
Hierarchical identity-based signature (HIBS) has wide applications in the large network. However,the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to...Hierarchical identity-based signature (HIBS) has wide applications in the large network. However,the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to construct a high efficient and strong secure HIBS with a low computation cost. In this paper,a new construction of HIBS scheme is proposed. The new scheme achieves the adaptive security which is a strong security in the identity-based cryptography. But our scheme has short public parameters and the private keys size shrinks as the hierarchy depth increases. The signature size is a constant and the cost of verification only requires four bilinear pairings,which are independent of hierarchy depth. Furthermore,under the q-strong computational diffie-Hellman problem (q-SDH) assumption,the scheme is provably secure against existential forgery for adaptive chosen message and identity attack in the standard model.展开更多
Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and...Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.展开更多
This paper proposes an XTR version of the Kurosawa-Desmedt scheme. Our scheme is secure against adaptive chosen-ciphertext attack under the XTR version of the Decisional Diffie- Hellman assumption in the standard mode...This paper proposes an XTR version of the Kurosawa-Desmedt scheme. Our scheme is secure against adaptive chosen-ciphertext attack under the XTR version of the Decisional Diffie- Hellman assumption in the standard model. Comparing efficiency between the Kurosawa-Desmedt scheme and the proposed XTR-Kurosawa-Desmedt scheme, we find that the proposed scheme is more efficient than the Kurosawa-Desmedt scheme both in communication and computation without compromising security.展开更多
This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The pro...This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.展开更多
Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how ...Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their construc- tions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leak- age model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.展开更多
In the wake of the research community gaining deep understanding about control-hijacking attacks,data-oriented attacks have emerged.Among data-oriented attacks,data structure manipulation attack(DSMA)is a major catego...In the wake of the research community gaining deep understanding about control-hijacking attacks,data-oriented attacks have emerged.Among data-oriented attacks,data structure manipulation attack(DSMA)is a major category.Pioneering research was conducted and shows that DSMA is able to circumvent the most effective defenses against control-hijacking attacks-DEP,ASLR and CFI.Up to this day,only two defense techniques have demonstrated their effectiveness:Data Flow Integrity(DFI)and Data Structure Layout Randomization(DSLR).However,DFI has high performance overhead,and dynamic DSLR has two main limitations.L-1:Randomizing a large set of data structures will significantly affect the performance.L-2:To be practical,only a fixed sub-set of data structures are randomized.In the case that the data structures targeted by an attack are not covered,dynamic DSLR is essentially noneffective.To address these two limitations,we propose a novel technique,feedback-control-based adaptive DSLR and build a system named SALADSPlus.SALADSPlus seeks to optimize the trade-off between security and cost through feedback control.Using a novel feedback-control-based adaptive algorithm extended from the Upper Confidence Bound(UCB)algorithm,the defender(controller)uses the feedbacks(cost-effectiveness)from previous randomization cycles to adaptively choose the set of data structures to randomize(the next action).Different from dynamic DSLR,the set of randomized data structures are adaptively changed based on the feedbacks.To obtain the feedbacks,SALADSPlus inserts canary in each data structure at the time of compilation.We have implemented SALADSPlus based on gcc-4.5.0.Experimental results show that the runtime overheads are 1.8%,3.7%,and 5.3% when the randomization cycles are selected as 10s,5s,and 1s respectively.展开更多
To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security a...To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.展开更多
文摘Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the users' private keys will be affected when the revo-cation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the users' private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the at- tribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system eno cryption.
基金supported by the National Natural Science Foundation of China (60970119, 60803149)the National Basic Research Program of China (2007CB311201)the Fundamental Research Funds for the Central Universities
文摘Hierarchical identity-based signature (HIBS) has wide applications in the large network. However,the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to construct a high efficient and strong secure HIBS with a low computation cost. In this paper,a new construction of HIBS scheme is proposed. The new scheme achieves the adaptive security which is a strong security in the identity-based cryptography. But our scheme has short public parameters and the private keys size shrinks as the hierarchy depth increases. The signature size is a constant and the cost of verification only requires four bilinear pairings,which are independent of hierarchy depth. Furthermore,under the q-strong computational diffie-Hellman problem (q-SDH) assumption,the scheme is provably secure against existential forgery for adaptive chosen message and identity attack in the standard model.
基金This work was supported in part by the National Science Foundation,USA(ECCS-2018492,CNS-2006828,ECCS-2002897,and OIA-2040599).
文摘Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.
基金Supported partially by the National Grand Fundamental Research 973 Program (2004CB318000) of China
文摘This paper proposes an XTR version of the Kurosawa-Desmedt scheme. Our scheme is secure against adaptive chosen-ciphertext attack under the XTR version of the Decisional Diffie- Hellman assumption in the standard model. Comparing efficiency between the Kurosawa-Desmedt scheme and the proposed XTR-Kurosawa-Desmedt scheme, we find that the proposed scheme is more efficient than the Kurosawa-Desmedt scheme both in communication and computation without compromising security.
基金the National Basic Research Program(973)of China(No.2007CB311201)the National High Technology Research and Development Program(863) of China(Nos.2006AA01Z422,2007AA01Z456)
文摘This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.
基金This work was supported by the Science and Technology on Communication Security Laboratory Foundation (9140C110301110C1103), the Weaponry Equipment Pre-Research Foundation, the PLA General Armament Department (9140A04020311DZ02), and the National Natural Science Foundation of China (61370203).
文摘Threshold public key encryption allows a set of servers to decrypt a ciphertext if a given threshold of authorized servers cooperate. In the setting of threshold public key encryption, we consider the question of how to correctly decrypt a ciphertext where all servers continually leak information about their secret keys to an external attacker. Dodis et al. and Akavia et al. show two concrete schemes on how to store secrets on continually leaky servers. However, their construc- tions are only interactive between two servers. To achieve continual leakage security among more than two servers, we give the first threshold public key encryption scheme against adaptively chosen ciphertext attack in the continual leak- age model under three static assumptions. In our model, the servers update their keys individually and asynchronously, without any communication between two servers. Moreover, the update procedure is re-randomized and the randomness can leak as well.
基金supported by ARO W911NF-13-1-0421(MURI)NSF CNS-1422594NSF CNS-1505664.
文摘In the wake of the research community gaining deep understanding about control-hijacking attacks,data-oriented attacks have emerged.Among data-oriented attacks,data structure manipulation attack(DSMA)is a major category.Pioneering research was conducted and shows that DSMA is able to circumvent the most effective defenses against control-hijacking attacks-DEP,ASLR and CFI.Up to this day,only two defense techniques have demonstrated their effectiveness:Data Flow Integrity(DFI)and Data Structure Layout Randomization(DSLR).However,DFI has high performance overhead,and dynamic DSLR has two main limitations.L-1:Randomizing a large set of data structures will significantly affect the performance.L-2:To be practical,only a fixed sub-set of data structures are randomized.In the case that the data structures targeted by an attack are not covered,dynamic DSLR is essentially noneffective.To address these two limitations,we propose a novel technique,feedback-control-based adaptive DSLR and build a system named SALADSPlus.SALADSPlus seeks to optimize the trade-off between security and cost through feedback control.Using a novel feedback-control-based adaptive algorithm extended from the Upper Confidence Bound(UCB)algorithm,the defender(controller)uses the feedbacks(cost-effectiveness)from previous randomization cycles to adaptively choose the set of data structures to randomize(the next action).Different from dynamic DSLR,the set of randomized data structures are adaptively changed based on the feedbacks.To obtain the feedbacks,SALADSPlus inserts canary in each data structure at the time of compilation.We have implemented SALADSPlus based on gcc-4.5.0.Experimental results show that the runtime overheads are 1.8%,3.7%,and 5.3% when the randomization cycles are selected as 10s,5s,and 1s respectively.
基金the National Natural Science Foundation of China(Nos.60573032,60773092,90604036)
文摘To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.
