Sharif Digital Repository

Social networks and the shared data in these networks are always considered as good opportunities in hands of the attackers. To evaluate the privacy risks in these networks and challenge the anonymization techniques, several de-anonymization attacks have been introduced so far. In this paper, we propose a technique to improve the success rate of passive seed based de-anonymization attacks. Our proposed technique is simple and can be applied in combination with different types of de-anonymization attacks. We show that it can achieve high success rates with low number of seeds compared to similar attacks. Our technique can also be used for applying partial attacks on graphs which results in... 

Modern power systems have been faced with a rising appeal for the upgrade to a highly intelligent generation of electricity networks known as the smart grid. Thus, security for the smart grid has emerged as an important issue. Recently, Hur proposed an attribute based data sharing for smart grid which unfortunately is vulnerable to the denial of service (DoS) attack. Moreover, it does not support the user revocation property and the grid system manager cannot prevent the revoked user of having access to the shared data in the storage center. For these weaknesses, we suggest an efficient revocable data sharing scheme which is immune against DoS attack. In addition, we present the security... 

Radio Frequency Identification (RFID) technology is being deployed at our daily life. Although RFID systems provide useful services to users, they can also threat the privacy and security of the end-users. In order to provide privacy and security for RFID users, different RFID authentication protocols have been proposed. In this study, we investigate the privacy of two recently proposed RFID authentication protocols. It is shown that these protocols have some privacy problems that cannot provide user privacy. Then, in order to enhance the privacy of these protocols, two improvements of analyzed protocols are proposed that provide RFID users privacy  

Online social networks (OSNs) can be considered as huge success. However, this success costs users their privacy and loosing ownership of their own data; Sometimes the operators of social networking sites, have some business incentives adverse to users’ expectations of privacy. These sort of privacy breaches have inspired research toward privacy- preserving alternatives for social networking in a decentralized fashion. Yet almost all alternatives lack proper feasibility and efficiency, which is because of a huge mismatch between aforementioned goal and today’s network’s means of achieving it. Current Internet architecture is showing signs of age. Among a variety of proposed directions for a... 

This paper proposes a horizontal fragmentation method to preserve privacy in data outsourcing. The basic idea is to identify sensitive tuples, anonymize them based on a privacy model and store them at the external server. The remaining non-sensitive tuples are also stored at the server side. While our method departs from using encryption, it outsources all the data to the server; the two important goals that existing methods are unable to achieve simultaneously. The main application of the method is for scenarios where encrypting or not outsourcing sensitive data may not guarantee the privacy  

In a cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we show that Shen et al.'s scheme is insecure by proposing two attacks on the scheme. In the first attack, an outside adversary can modify some messages in transmission to the cloud server... 

Since low-cost RFID systems are applied in ubiquitous varied applications, privacy and security of their users became a great concern. Therefore, the various authentication protocols have been proposed. In this paper, we inspect the three new-found RFID authentication protocols based on quadratic residue property via one of the well-organized formal RFID privacy models instead of intuitive analysis. We formally prove that modular squaring is the suitable technique to guarantee RFID authentication protocols against backward traceability. Then, the flaws are alleviated to resist traceability attacks  

Universal Re-encryption Cryptosystems do not require the knowledge of the recipient's public key for re-encrypting a ciphertext whereas conventional Re-encryption Cryptosystems need that knowledge. In this paper, we present the first Identity-based Universal Re-encryption Cryptosystem scheme whose re-encryption algorithm does not need to have the knowledge of the recipient's identity. By generalizing the definition of Universal Semantic Security to Identity Based Universal Cryptosystems, we prove the security of our scheme. There are some applications for universal re-encryption cryptosystems which cannot be made using conventional cryptosystems. One significant application of these... 

One of the most important systems for providing anonymous communication is the Mix nets which should provide correctness and privacy as security requirements against active adversaries. In 2009, Zhong proposed a new mix net scheme which uses identity-based cryptographic techniques and proved that it has 'correctness' and 'privacy' properties in the semi-honest model. Since the semi-honest model is a very strong assumption for practical application, we show that if a user or the last mix server is corrupted, Zhong scheme does not provide privacy against an active adversary  

Traffic analysis is a type of attack on secure communications systems, in which the adversary extracts useful patterns and information from the observed traffic. This paper improves and extends an efficient traffic analysis attack, called "statistical disclosure attack. " Moreover, we propose a solution to defend against the improved (and, a fortiori, the original) statistical disclosure attack. Our solution delays the attacker considerably, meaning that he should gather significantly more observations to be able to deduce meaningful information from the traffic  

Privacy preservation is an important issue in data publishing. Existing approaches on privacy-preserving data publishing rely on tabular anonymization techniques such as k-anonymity, which do not provide appropriate results for aggregate queries. The solutions based on graph anonymization have also been proposed for relational data to hide only bipartite relations. In this paper, we propose an approach for anonymizing multirelation constraints (ternary or more) with (t,k) hypergraph anonymization in data publishing. To this end, we model constraints as undirected hypergraphs and formally cluster attribute relations as hyperedge with the t-means-clustering algorithm. In addition,... 

The ability of wearable cameras to continuously capture the first person viewpoint with minimal user interaction, has made them very attractive in many application domains. Wearable technology today is available and useful but not widely used and accepted due to various challenges mainly privacy concerns. In this paper, we introduce a novel efficient privacy-aware framework for wearable cameras that can protect all sensitive subjects such as people, objects (e.g, display screens, license plates and credit cards) and locations (e.g, bathrooms and bedrooms). It uses the contextual information obtained from the wearable's sensors and recorded images to identify the potential sensitive subjects... 

Current techniques in sequencing a genome allow a service provider (e.g. a sequencing company) to have full access to the genome information, and thus the privacy of individuals regarding their lifetime secret is violated. In this paper, we introduce the problem of private DNA sequencing, where the goal is to keep the DNA sequence private to the sequencer. We propose an architecture, where the task of reading fragments of DNA and the task of DNA assembly are separated, the former is done at the sequencer(s), and the later is completed at a local trusted data collector. To satisfy the privacy constraint at the sequencer and reconstruction condition at the data collector, we create an... 

DNA sequencing has faced a huge demand since it was first introduced as a service to the public. This service is often offloaded to the sequencing companies who will have access to full knowledge of individuals' sequences, a major violation of privacy. To address this challenge, we propose a solution, which is based on separating the process of reading the fragments of sequences, which is done at a sequencing machine, and assembling the reads, which is done at a trusted local data collector. To confuse the sequencer, in a pooled sequencing scenario, in which multiple sequences are going to be sequenced simultaneously, for each target individual, we add fragments of one non-target individual,... 

In vehicular ad-hoc networks (VANETs), the correctness of a message requires authentication of the origin vehicle.In this paper, we introduce a novel authentication scheme for VANETs which suggests a new solution for secure vehicle communications. The proposed scheme is an road side unit (RSU) based scheme in which the master key of the Trusted Authority (TA) is embedded in a tamper-proof device provided at the RSUs. Compared with the schemes that store the master key in the on-board units, our scheme is more practical because of a secure and high speed communication link between TA and RSUs. To the best of our knowledge,this solution has not yet been devised for secure authentication in... 

Cloud storage auditing is considered as a significant service used to verify the integrity of data stored in public cloud. However, most existing auditing protocols suffer form complex certificate management/verification since they rely on expensive Public Key Infrastructure (PKI). On the other hand, most cloud users have constrained computational resources. The few existing ID-based storage auditing protocols in the literature, require resource-constrained users to perform costly operations for generating metadata on file blocks. In this paper, we propose a storage auditing protocol which benefits from ID-based structure and lightweight user computations, simultaneously. Our construction... 

Secret sharing is a cryptographic technique used in many different applications such as cloud computing, multi-party computation and electronic voting. Security concerns in these applications are data privacy, availability, integrity and verifiability, where secret sharing provides proper solutions. The authors address some important features like verifiability and being multi-stage to make it usable in various field of application. Here, the authors propose an anonymous threshold signature scheme based on the trapdoor function introduced by Micciancio and Peikert by sharing the private key using a lattice-based threshold multi-stage secret sharing (TMSSS) scheme. Then, the authors improve... 

The development of extremely-constrained embedded systems having sensitive nodes such as RFID tags and nanosensors necessitates the use of lightweight block ciphers. Nevertheless, providing the required security properties does not guarantee their reliability and hardware assurance when the architectures are prone to natural and malicious faults. In this letter, error detection schemes for lightweight block ciphers are proposed with the case study of XTEA (eXtended TEA). Lightweight block ciphers such as XTEA, PRESENT, SIMON, and the like might be better suited for low-resource deeply-embedded systems compared to the Advanced Encryption Standard. Three different error detection approaches... 

Ubiquitousness of Radio Frequency Identification (RFID) systems with inherent weaknesses has been a cause of concern about their privacy and security. Therefore, secure protocols are essentially necessary for the RFID tags to guarantee privacy and authentication among them and the reader. This paper inspects privacy in the RFID systems. First, we survey four new-found RFID authentication protocols, and then, their weaknesses in formal privacy model are analyzed. Although the authors of the schemes claimed that their protocols completely resist privacy attacks, we formally prove that all of them suffer from the family of traceability attacks. Furthermore, not only are the four improved... 

High throughput AES encryption/decryption is a necessity for many of modern embedded systems. This article presents a high performance yet cost efficient AES system. Maestro can be used in a wide range of embedded applications with various requirements and limitations. Maestro is about one million times faster than the pure software implementation. The Maestro architecture is composed of two major components; the soft processor aimed at system initialization and control, and the hardware AES engine for high performance AES encryption/decryption. A ten stage implicit pipelined architecture is considered for the AES engine. Two novel techniques are proposed in design of AES engine which enable...