Search for: data-privacy
0.006 seconds
Total 50 records

    A technique to improve De-anonymization attacks on graph data

    , Article 26th Iranian Conference on Electrical Engineering, ICEE 2018, 8 May 2018 through 10 May 2018 ; 2018 , Pages 704-709 ; 9781538649169 (ISBN) Aliakbari, J ; Delavar, M ; Mohajeri, J ; Salmasizadeh, M ; Sharif University of Technology
    Social networks and the shared data in these networks are always considered as good opportunities in hands of the attackers. To evaluate the privacy risks in these networks and challenge the anonymization techniques, several de-anonymization attacks have been introduced so far. In this paper, we propose a technique to improve the success rate of passive seed based de-anonymization attacks. Our proposed technique is simple and can be applied in combination with different types of de-anonymization attacks. We show that it can achieve high success rates with low number of seeds compared to similar attacks. Our technique can also be used for applying partial attacks on graphs which results in... 

    A revocable attribute based data sharing scheme resilient to DoS attacks in smart grid

    , Article Wireless Networks ; 2014 ; ISSN: 10220038 Bayat, M ; Arkian, H. R ; Aref, M. R ; Sharif University of Technology
    Modern power systems have been faced with a rising appeal for the upgrade to a highly intelligent generation of electricity networks known as the smart grid. Thus, security for the smart grid has emerged as an important issue. Recently, Hur proposed an attribute based data sharing for smart grid which unfortunately is vulnerable to the denial of service (DoS) attack. Moreover, it does not support the user revocation property and the grid system manager cannot prevent the revoked user of having access to the shared data in the storage center. For these weaknesses, we suggest an efficient revocable data sharing scheme which is immune against DoS attack. In addition, we present the security... 

    Privacy analysis and improvements of two recent RFID authentication protocols

    , Article 11th International ISC Conference on Information Security and Cryptology, ISCISC 2014 ; 3-4 September , 2014 , pp. 137-142 ; ISBN: 9781479953837 Baghery, K ; Abdolmaleki, B ; Akhbari, B ; Aref, M. R ; Sharif University of Technology
    Radio Frequency Identification (RFID) technology is being deployed at our daily life. Although RFID systems provide useful services to users, they can also threat the privacy and security of the end-users. In order to provide privacy and security for RFID users, different RFID authentication protocols have been proposed. In this study, we investigate the privacy of two recently proposed RFID authentication protocols. It is shown that these protocols have some privacy problems that cannot provide user privacy. Then, in order to enhance the privacy of these protocols, two improvements of analyzed protocols are proposed that provide RFID users privacy  

    Decentralized social networking using named-data

    , Article Communications in Computer and Information Science, 16 June 2015 through 19 June 2015 ; Volume 522 , June , 2015 , Pages 421-430 ; 18650929 (ISSN) ; 9783319194189 (ISBN) Zeynalvand, L ; Gharib, M ; Movaghar, A ; Sharif University of Technology
    Springer Verlag  2015
    Online social networks (OSNs) can be considered as huge success. However, this success costs users their privacy and loosing ownership of their own data; Sometimes the operators of social networking sites, have some business incentives adverse to users’ expectations of privacy. These sort of privacy breaches have inspired research toward privacy- preserving alternatives for social networking in a decentralized fashion. Yet almost all alternatives lack proper feasibility and efficiency, which is because of a huge mismatch between aforementioned goal and today’s network’s means of achieving it. Current Internet architecture is showing signs of age. Among a variety of proposed directions for a... 

    k-anonymity-based horizontal fragmentation to preserve privacy in data outsourcing

    , Article Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11 July 2012 through 13 July 2012, Paris ; Volume 7371 LNCS , 2012 , Pages 263-273 ; 03029743 (ISSN) ; 9783642315398 (ISBN) Soodejani, A. T ; Hadavi, M. A ; Jalili, R ; Sharif University of Technology
    Springer  2012
    This paper proposes a horizontal fragmentation method to preserve privacy in data outsourcing. The basic idea is to identify sensitive tuples, anonymize them based on a privacy model and store them at the external server. The remaining non-sensitive tuples are also stored at the server side. While our method departs from using encryption, it outsources all the data to the server; the two important goals that existing methods are unable to achieve simultaneously. The main application of the method is for scenarios where encrypting or not outsourcing sensitive data may not guarantee the privacy  

    Comments on a lightweight cloud auditing scheme: Security analysis and improvement

    , Article Journal of Network and Computer Applications ; Volume 139 , 2019 , Pages 49-56 ; 10848045 (ISSN) Rabaninejad, R ; Ahmadian Attari, M ; Rajabzadeh Asaar, M ; Aref, M. R ; Sharif University of Technology
    Academic Press  2019
    In a cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we show that Shen et al.'s scheme is insecure by proposing two attacks on the scheme. In the first attack, an outside adversary can modify some messages in transmission to the cloud server... 

    Traceability analysis of quadratic residue-based RFID authentication protocols

    , Article 2013 11th Annual Conference on Privacy, Security and Trust, PST 2013 ; 2013 , Pages 61-68 ; 9781467358392 (ISBN) Sohrabi Bonab, Z ; Alagheband, M. R ; Aref, M. R ; Sharif University of Technology
    Since low-cost RFID systems are applied in ubiquitous varied applications, privacy and security of their users became a great concern. Therefore, the various authentication protocols have been proposed. In this paper, we inspect the three new-found RFID authentication protocols based on quadratic residue property via one of the well-organized formal RFID privacy models instead of intuitive analysis. We formally prove that modular squaring is the suitable technique to guarantee RFID authentication protocols against backward traceability. Then, the flaws are alleviated to resist traceability attacks  

    Identity based universal re-encryption for mix nets

    , Article 2013 10th International ISC Conference on Information Security and Cryptology, ISCISC 2013 ; Aug , 2013 , 1 - 5 Yajam, H. A ; Mohajeri, J ; Salmasizadeh, M ; Sharif University of Technology
    IEEE Computer Society  2013
    Universal Re-encryption Cryptosystems do not require the knowledge of the recipient's public key for re-encrypting a ciphertext whereas conventional Re-encryption Cryptosystems need that knowledge. In this paper, we present the first Identity-based Universal Re-encryption Cryptosystem scheme whose re-encryption algorithm does not need to have the knowledge of the recipient's identity. By generalizing the definition of Universal Semantic Security to Identity Based Universal Cryptosystems, we prove the security of our scheme. There are some applications for universal re-encryption cryptosystems which cannot be made using conventional cryptosystems. One significant application of these... 

    Security analysis of an identity-based mix net

    , Article 2013 10th International ISC Conference on Information Security and Cryptology, ISCISC 2013 ; 2013 Yajam, H. A ; Mahmoodi, A ; Mohajeri, J ; Salmasizadeh, M ; Sharif University of Technology
    IEEE Computer Society  2013
    One of the most important systems for providing anonymous communication is the Mix nets which should provide correctness and privacy as security requirements against active adversaries. In 2009, Zhong proposed a new mix net scheme which uses identity-based cryptographic techniques and proved that it has 'correctness' and 'privacy' properties in the semi-honest model. Since the semi-honest model is a very strong assumption for practical application, we show that if a user or the last mix server is corrupted, Zhong scheme does not provide privacy against an active adversary  

    Statistical disclosure: Improved, extended, and resisted

    , Article SECURWARE 2012 - 6th International Conference on Emerging Security Information, Systems and Technologies ; 2012 , Pages 119-125 ; 9781612082097 (ISBN) Emamdoost, N ; Dousti, M. S ; Jalili, R ; Sharif University of Technology
    Traffic analysis is a type of attack on secure communications systems, in which the adversary extracts useful patterns and information from the observed traffic. This paper improves and extends an efficient traffic analysis attack, called "statistical disclosure attack. " Moreover, we propose a solution to defend against the improved (and, a fortiori, the original) statistical disclosure attack. Our solution delays the attacker considerably, meaning that he should gather significantly more observations to be able to deduce meaningful information from the traffic  

    (t,k)-Hypergraph anonymization: An approach for secure data publishing

    , Article Security and Communication Networks ; Volume 8, Issue 7 , September , 2015 , Pages 1306-1317 ; 19390114 (ISSN) Asayesh, A ; Hadavi, M. A ; Jalili, R ; Sharif University of Technology
    John Wiley and Sons Inc  2015
    Privacy preservation is an important issue in data publishing. Existing approaches on privacy-preserving data publishing rely on tabular anonymization techniques such as k-anonymity, which do not provide appropriate results for aggregate queries. The solutions based on graph anonymization have also been proposed for relational data to hide only bipartite relations. In this paper, we propose an approach for anonymizing multirelation constraints (ternary or more) with (t,k) hypergraph anonymization in data publishing. To this end, we model constraints as undirected hypergraphs and formally cluster attribute relations as hyperedge with the t-means-clustering algorithm. In addition,... 

    A context-based privacy preserving framework for wearable visual lifeloggers

    , Article 2016 IEEE International Conference on Pervasive Computing and Communication Workshops, PerCom Workshops 2016, 14 March 2016 through 18 March 2016 ; 2016 ; 9781509019410 (ISBN) Zarepour, E ; Hosseini, M ; Kanhere, S. S ; Sowmya, A ; Sharif University of Technology
    Institute of Electrical and Electronics Engineers Inc  2016
    The ability of wearable cameras to continuously capture the first person viewpoint with minimal user interaction, has made them very attractive in many application domains. Wearable technology today is available and useful but not widely used and accepted due to various challenges mainly privacy concerns. In this paper, we introduce a novel efficient privacy-aware framework for wearable cameras that can protect all sensitive subjects such as people, objects (e.g, display screens, license plates and credit cards) and locations (e.g, bathrooms and bedrooms). It uses the contextual information obtained from the wearable's sensors and recorded images to identify the potential sensitive subjects... 

    Private shotgun and sequencing

    , Article 2019 IEEE International Symposium on Information Theory, ISIT 2019, 7 July 2019 through 12 July 2019 ; Volume 2019-July , 2019 , Pages 171-175 ; 21578095 (ISSN); 9781538692912 (ISBN) Gholami, A ; Maddah Ali, M. A ; Abolfazl Motahari, S ; Sharif University of Technology
    Institute of Electrical and Electronics Engineers Inc  2019
    Current techniques in sequencing a genome allow a service provider (e.g. a sequencing company) to have full access to the genome information, and thus the privacy of individuals regarding their lifetime secret is violated. In this paper, we introduce the problem of private DNA sequencing, where the goal is to keep the DNA sequence private to the sequencer. We propose an architecture, where the task of reading fragments of DNA and the task of DNA assembly are separated, the former is done at the sequencer(s), and the later is completed at a local trusted data collector. To satisfy the privacy constraint at the sequencer and reconstruction condition at the data collector, we create an... 

    Private shotgun DNA sequencing: A structured approach

    , Article 2019 Iran Workshop on Communication and Information Theory, IWCIT 2019, 24 April 2019 through 25 April 2019 ; 2019 ; 9781728105840 (ISBN) Gholami, A ; Maddah Ali, M. A ; Motahari, S. A ; Sharif University of Technology
    Institute of Electrical and Electronics Engineers Inc  2019
    DNA sequencing has faced a huge demand since it was first introduced as a service to the public. This service is often offloaded to the sequencing companies who will have access to full knowledge of individuals' sequences, a major violation of privacy. To address this challenge, we propose a solution, which is based on separating the process of reading the fragments of sequences, which is done at a sequencing machine, and assembling the reads, which is done at a trusted local data collector. To confuse the sequencer, in a pooled sequencing scenario, in which multiple sequences are going to be sequenced simultaneously, for each target individual, we add fragments of one non-target individual,... 

    NERA: A new and efficient RSU based authentication scheme for VANETs

    , Article Wireless Networks ; Volume 26, Issue 5 , 2020 , Pages 3083-3098 Bayat, M ; Pournaghi, M ; Rahimi, M ; Barmshoory, M ; Sharif University of Technology
    Springer  2020
    In vehicular ad-hoc networks (VANETs), the correctness of a message requires authentication of the origin vehicle.In this paper, we introduce a novel authentication scheme for VANETs which suggests a new solution for secure vehicle communications. The proposed scheme is an road side unit (RSU) based scheme in which the master key of the Trusted Authority (TA) is embedded in a tamper-proof device provided at the RSUs. Compared with the schemes that store the master key in the on-board units, our scheme is more practical because of a secure and high speed communication link between TA and RSUs. To the best of our knowledge,this solution has not yet been devised for secure authentication in... 

    A lightweight identity-based provable data possession supporting users’ identity privacy and traceability

    , Article Journal of Information Security and Applications ; Volume 51 , 2020 Rabaninejad, R ; Ahmadian Attari, M ; Rajabzadeh Asaar, M ; Aref, M. R ; Sharif University of Technology
    Elsevier Ltd  2020
    Cloud storage auditing is considered as a significant service used to verify the integrity of data stored in public cloud. However, most existing auditing protocols suffer form complex certificate management/verification since they rely on expensive Public Key Infrastructure (PKI). On the other hand, most cloud users have constrained computational resources. The few existing ID-based storage auditing protocols in the literature, require resource-constrained users to perform costly operations for generating metadata on file blocks. In this paper, we propose a storage auditing protocol which benefits from ID-based structure and lightweight user computations, simultaneously. Our construction... 

    An efficient lattice-based threshold signature scheme using multi-stage secret sharing

    , Article IET Information Security ; Volume 15, Issue 1 , 2021 , Pages 98-106 ; 17518709 (ISSN) Pilaram, H ; Eghlidos, T ; Toluee, R ; Sharif University of Technology
    John Wiley and Sons Inc  2021
    Secret sharing is a cryptographic technique used in many different applications such as cloud computing, multi-party computation and electronic voting. Security concerns in these applications are data privacy, availability, integrity and verifiability, where secret sharing provides proper solutions. The authors address some important features like verifiability and being multi-stage to make it usable in various field of application. Here, the authors propose an anonymous threshold signature scheme based on the trapdoor function introduced by Micciancio and Peikert by sharing the private key using a lattice-based threshold multi-stage secret sharing (TMSSS) scheme. Then, the authors improve... 

    Fault-resilient lightweight cryptographic block ciphers for secure embedded systems

    , Article IEEE Embedded Systems Letters ; Vol. 6, issue. 4 , 2014 , pp. 89-92 ; ISSN: 19430663 Mozaffari Kermani, M ; Tian, K ; Azarderakhsh, R ; Bayat Sarmadi, S ; Sharif University of Technology
    The development of extremely-constrained embedded systems having sensitive nodes such as RFID tags and nanosensors necessitates the use of lightweight block ciphers. Nevertheless, providing the required security properties does not guarantee their reliability and hardware assurance when the architectures are prone to natural and malicious faults. In this letter, error detection schemes for lightweight block ciphers are proposed with the case study of XTEA (eXtended TEA). Lightweight block ciphers such as XTEA, PRESENT, SIMON, and the like might be better suited for low-resource deeply-embedded systems compared to the Advanced Encryption Standard. Three different error detection approaches... 

    Unified privacy analysis of new-found RFID authentication protocols

    , Article Security and Communication Networks ; Volume 6, Issue 8 , 2013 , Pages 999-1009 ; 19390122 (ISSN) Alagheband, M. R ; Aref, M. R ; Sharif University of Technology
    Ubiquitousness of Radio Frequency Identification (RFID) systems with inherent weaknesses has been a cause of concern about their privacy and security. Therefore, secure protocols are essentially necessary for the RFID tags to guarantee privacy and authentication among them and the reader. This paper inspects privacy in the RFID systems. First, we survey four new-found RFID authentication protocols, and then, their weaknesses in formal privacy model are analyzed. Although the authors of the schemes claimed that their protocols completely resist privacy attacks, we formally prove that all of them suffer from the family of traceability attacks. Furthermore, not only are the four improved... 

    Maestro: A high performance AES encryption/decryption system

    , Article Proceedings - 17th CSI International Symposium on Computer Architecture and Digital Systems, CADS 2013 ; October , 2013 , Pages 145-148 ; 9781479905621 (ISBN) Biglari, M ; Qasemi, E ; Pourmohseni, B ; Computer Society of Iran; IPM ; Sharif University of Technology
    IEEE Computer Society  2013
    High throughput AES encryption/decryption is a necessity for many of modern embedded systems. This article presents a high performance yet cost efficient AES system. Maestro can be used in a wide range of embedded applications with various requirements and limitations. Maestro is about one million times faster than the pure software implementation. The Maestro architecture is composed of two major components; the soft processor aimed at system initialization and control, and the hardware AES engine for high performance AES encryption/decryption. A ten stage implicit pipelined architecture is considered for the AES engine. Two novel techniques are proposed in design of AES engine which enable...