Sharif Digital Repository

Radio Frequency Identification (RFID) technology is being deployed at our daily life. Although RFID systems provide useful services to users, they can also threat the privacy and security of the end-users. In order to provide privacy and security for RFID users, different RFID authentication protocols have been proposed. In this study, we investigate the privacy of two recently proposed RFID authentication protocols. It is shown that these protocols have some privacy problems that cannot provide user privacy. Then, in order to enhance the privacy of these protocols, two improvements of analyzed protocols are proposed that provide RFID users privacy  

This paper proposes a horizontal fragmentation method to preserve privacy in data outsourcing. The basic idea is to identify sensitive tuples, anonymize them based on a privacy model and store them at the external server. The remaining non-sensitive tuples are also stored at the server side. While our method departs from using encryption, it outsources all the data to the server; the two important goals that existing methods are unable to achieve simultaneously. The main application of the method is for scenarios where encrypting or not outsourcing sensitive data may not guarantee the privacy  

Privacy preservation is an important issue in data publishing. Existing approaches on privacy-preserving data publishing rely on tabular anonymization techniques such as k-anonymity, which do not provide appropriate results for aggregate queries. The solutions based on graph anonymization have also been proposed for relational data to hide only bipartite relations. In this paper, we propose an approach for anonymizing multirelation constraints (ternary or more) with (t,k) hypergraph anonymization in data publishing. To this end, we model constraints as undirected hypergraphs and formally cluster attribute relations as hyperedge with the t-means-clustering algorithm. In addition,... 

The ability of wearable cameras to continuously capture the first person viewpoint with minimal user interaction, has made them very attractive in many application domains. Wearable technology today is available and useful but not widely used and accepted due to various challenges mainly privacy concerns. In this paper, we introduce a novel efficient privacy-aware framework for wearable cameras that can protect all sensitive subjects such as people, objects (e.g, display screens, license plates and credit cards) and locations (e.g, bathrooms and bedrooms). It uses the contextual information obtained from the wearable's sensors and recorded images to identify the potential sensitive subjects... 

Since their introduction, Cognitive Radio Networks (CRN), as a new solution to the problem of spectrum scarcity, have received great attention from the research society. An important field in database-driven CRN studies is pivoted on their security issues. A critical issue in this context is user’s location privacy, which is potentially under serious threat. The query process by secondary users (SU) from the database is one of the points where the problem rises. In this paper, we propose a Privacy-Preserving Query Process (PPQP), accordingly. This method lets SUs deal in the process of spectrum query without sacrificing their location information. Analytical assessment of PPQP’s privacy... 

Modern power systems have been faced with a rising appeal for the upgrade to a highly intelligent generation of electricity networks known as the smart grid. Thus, security for the smart grid has emerged as an important issue. Recently, Hur proposed an attribute based data sharing for smart grid which unfortunately is vulnerable to the denial of service (DoS) attack. Moreover, it does not support the user revocation property and the grid system manager cannot prevent the revoked user of having access to the shared data in the storage center. For these weaknesses, we suggest an efficient revocable data sharing scheme which is immune against DoS attack. In addition, we present the security... 

Ubiquitousness of Radio Frequency Identification (RFID) systems with inherent weaknesses has been a cause of concern about their privacy and security. Therefore, secure protocols are essentially necessary for the RFID tags to guarantee privacy and authentication among them and the reader. This paper inspects privacy in the RFID systems. First, we survey four new-found RFID authentication protocols, and then, their weaknesses in formal privacy model are analyzed. Although the authors of the schemes claimed that their protocols completely resist privacy attacks, we formally prove that all of them suffer from the family of traceability attacks. Furthermore, not only are the four improved... 

Radio frequency identification (RFID) technology is a prominent technology which has been used in most authentication and identification applications. Above all, recently RFID systems have got more attention as an interesting candidate to implement in the internet of things systems. Although RFID systems provide useful and interest services to users, they can also threat the security and the privacy of the end-users. In order to provide the security and the privacy of RFID users, different authentication protocols have been proposed. In this study, we analyze the privacy of three RFID authentication protocols that proposed recently. For our privacy analysis, we use a formal RFID privacy... 

Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed... 

Since low-cost RFID systems are applied in ubiquitous varied applications, privacy and security of their users became a great concern. Therefore, the various authentication protocols have been proposed. In this paper, we inspect the three new-found RFID authentication protocols based on quadratic residue property via one of the well-organized formal RFID privacy models instead of intuitive analysis. We formally prove that modular squaring is the suitable technique to guarantee RFID authentication protocols against backward traceability. Then, the flaws are alleviated to resist traceability attacks  

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not... 

Social networks and the shared data in these networks are always considered as good opportunities in hands of the attackers. To evaluate the privacy risks in these networks and challenge the anonymization techniques, several de-anonymization attacks have been introduced so far. In this paper, we propose a technique to improve the success rate of passive seed based de-anonymization attacks. Our proposed technique is simple and can be applied in combination with different types of de-anonymization attacks. We show that it can achieve high success rates with low number of seeds compared to similar attacks. Our technique can also be used for applying partial attacks on graphs which results in... 

Current techniques in sequencing a genome allow a service provider (e.g. a sequencing company) to have full access to the genome information, and thus the privacy of individuals regarding their lifetime secret is violated. In this paper, we introduce the problem of private DNA sequencing, where the goal is to keep the DNA sequence private to the sequencer. We propose an architecture, where the task of reading fragments of DNA and the task of DNA assembly are separated, the former is done at the sequencer(s), and the later is completed at a local trusted data collector. To satisfy the privacy constraint at the sequencer and reconstruction condition at the data collector, we create an... 

The great attention to cognitive radio networks (CRNs) in recent years, as a revolutionary communication paradigm that aims to solve the problem of spectrum scarcity, prompts serious investigation on security issues of these networks. One important security concern in CRNs is the preservation of users location privacy, which is under the shadow of threat, especially in database-driven CRNs. To this end, in this paper, we propose a Location Privacy Preserving Database-Driven Spectrum-Sharing (L-PDS 2) protocol for sharing the spectrum between PUs and SUs in a database-driven CRN, while protecting location privacy of both primary and secondary users, simultaneously. We also present two... 

In a cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we show that Shen et al.'s scheme is insecure by proposing two attacks on the scheme. In the first attack, an outside adversary can modify some messages in transmission to the cloud server... 

The development of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related security and privacy issues in great detail. Among other security characteristic of an RFID authentication protocol, untraceability and synchronization are the most important attributes. The former is strongly related to the privacy of tags and their holders, while the latter has a significant role in the security and availability parameters. In this paper, we investigate three RFID authentication protocols proposed by Duc and Kim, Song and Mitchell, and Cho, Yeo and Kim in terms of privacy and security. We analyze the protocol... 

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks...