Sharif Digital Repository

Researchers have been studying security challenges of database outsourcing for almost a decade. Privacy of outsourced data is one of the main challenges when the "Database As a Service" model is adopted in the service oriented trend of the cloud computing paradigm. This is due to the insecurity of the network environment or even the untrustworthiness of the service providers. This paper proposes a method to preserve privacy of outsourced data based on Shamir's secret sharing scheme. We split attribute values into several parts and distribute them among untrusted servers. The problem of using secret sharing in data outsourcing scenario is how to search efficiently within the randomly... 

Chevallier-Mames et al, proved that in a specific condition (such as the lack of untappable channels and trusted-third parties), the universal verifiability and privacy-preserving properties of e-voting protocols are incompatible (WOTE'06 and TTE'10). In this paper, we first show a flaw in their proof. Then, we prove that even with more assumptions, such as the existence of TTPs and untappable channels between the authorities, an e-voting protocol is unable to preserve privacy, regardless of verifiability. Finally, we demonstrate that preserving privacy in e-voting protocols requires the provision of at least one of the following assumptions: limited computational power of adversary,... 

Privacy preservation in wireless sensor networks has drawn considerable attention from research community during last few years. Emergence of single-owner, multi-user commercial sensor networks along with hostile and uncontrollable environment of such networks, makes the security issue in such networks of a great importance. This paper concentrates on token-based privacy preservation schemes. A possible attack on such schemes has been introduced. Two different approaches has been utilized to mitigate the attack. We present mathematical models for it's effects and overheads. The results have been verified using extensive simulations  

Privacy preservation is an important issue in data publishing. Existing approaches on privacy-preserving data publishing rely on tabular anonymization techniques such as k-anonymity, which do not provide appropriate results for aggregate queries. The solutions based on graph anonymization have also been proposed for relational data to hide only bipartite relations. In this paper, we propose an approach for anonymizing multirelation constraints (ternary or more) with (t,k) hypergraph anonymization in data publishing. To this end, we model constraints as undirected hypergraphs and formally cluster attribute relations as hyperedge with the t-means-clustering algorithm. In addition,... 

The ability of wearable cameras to continuously capture the first person viewpoint with minimal user interaction, has made them very attractive in many application domains. Wearable technology today is available and useful but not widely used and accepted due to various challenges mainly privacy concerns. In this paper, we introduce a novel efficient privacy-aware framework for wearable cameras that can protect all sensitive subjects such as people, objects (e.g, display screens, license plates and credit cards) and locations (e.g, bathrooms and bedrooms). It uses the contextual information obtained from the wearable's sensors and recorded images to identify the potential sensitive subjects... 

Development of Smart Grid and deployment of smart meters in large scale has raised a lot of concerns regarding customers’ privacy. Consequently, several schemes have been proposed to overcome the above mentioned issue. These schemes mainly rely on data aggregation as a method of protecting users’ privacy from the grid operators. However, the main problem with most of these schemes is the fact that they require a large amount of processing power at the meter side. This, together with the fact that smart meters don't usually have a powerful processor, can cause the unavailability of smart meter data at the required time for operators of the grid, and at the same time prevents smart meters from... 

Real-time applications play a significant role in the area of VANET, and are mainly required for these kinds of networks. On the other hand, when the number of messages received by vehicles increases in the network, then the applied computation load becomes extremely high and consequently, delay on the message authentication process significantly increases. This paper is presented with the aim of introducing a novel cooperative message authentication (CMA) scheme for VANET, the main purpose of which is alleviating the computation load on vehicles while verifying messages by using two-part identity-based signature. The scheme enables vehicles to verify only a limited number of the total... 

Design of anonymous authentication scheme is one of the most important challenges in Vehicular Ad hoc Networks (VANET). Most of the existing schemes have high computational and communication overhead and they do not meet security requirements. Recently, Azees et al. have introduced an Efficient Anonymous Authentication with Conditional Privacy-Preserving (EAAP) scheme for VANET and claimed that it is secure. In this paper, we show that this protocol is vulnerable against replay attack, impersonation attack and message modification attack. Also, we show that the messages sent by a vehicle are linkable. Therefore, an adversary can easily track the vehicles. In addition, it is shown that... 

Vehicular ad-hoc networks (VANETs) are under active development, thanks in part to recent advances in wireless communication and networking technologies. The most fundamental part in VANETs is to enable message authentications between vehicles and roadside units. Message authentication using proxy vehicles has been proposed to reduce the computational overhead of roadside units significantly. In this message authentication scheme, proxy vehicles that verify multiple messages at the same time improve roadside units' efficiency. In this paper, first we show that the only proxy-based authentication scheme (PBAS) presented for this goal by Liu et al. cannot guarantee message authenticity, and...