Sharif Digital Repository

Design of anonymous authentication scheme is one of the most important challenges in Vehicular Ad hoc Networks (VANET). Most of the existing schemes have high computational and communication overhead and they do not meet security requirements. Recently, Azees et al. have introduced an Efficient Anonymous Authentication with Conditional Privacy-Preserving (EAAP) scheme for VANET and claimed that it is secure. In this paper, we show that this protocol is vulnerable against replay attack, impersonation attack and message modification attack. Also, we show that the messages sent by a vehicle are linkable. Therefore, an adversary can easily track the vehicles. In addition, it is shown that... 

Vehicular ad-hoc networks (VANETs) are under active development, thanks in part to recent advances in wireless communication and networking technologies. The most fundamental part in VANETs is to enable message authentications between vehicles and roadside units. Message authentication using proxy vehicles has been proposed to reduce the computational overhead of roadside units significantly. In this message authentication scheme, proxy vehicles that verify multiple messages at the same time improve roadside units' efficiency. In this paper, first we show that the only proxy-based authentication scheme (PBAS) presented for this goal by Liu et al. cannot guarantee message authenticity, and... 

Lightweight authentication protocols are crucial for privacy preserving in Internet of Things (IoT). Authentication protocols should be implementable for devices with constrained memory and computational power in this area, in addition to resistance against cryptographic threats. On the other hand, these protocols should not impose a heavy computational load on such devices. In this paper we proposed an authentication protocol that properly meets these features. Our protocol is suitable for wireless sensor networks (WSNs). In this protocol, authentication is fulfilled with low communication and computational loads between sensors and users through the gateway interface using a hash function... 

Privacy-preserving data release is about disclosing information about useful data while retaining the privacy of sensitive data. Assuming that the sensitive data is threatened by a brute-force adversary, we define Guessing Leakage as a measure of privacy, based on the concept of guessing. After investigating the properties of this measure, we derive the optimal utility-privacy trade-off via a linear program with any f-information adopted as the utility measure, and show that the optimal utility is a concave and piece-wise linear function of the privacy-leakage budget  

Internet-of-Things (IoT) devices and applications are being deployed in our homes and workplaces. These devices often rely on continuous data collection to feed machine learning models. However, this approach introduces several privacy and efficiency challenges, as the service operator can perform unwanted inferences on the available data. Recently, advances in edge processing have paved the way for more efficient, and private, data processing at the source for simple tasks and lighter models, though they remain a challenge for larger and more complicated models. In this article, we present a hybrid approach for breaking down large, complex deep neural networks for cooperative, and... 

Data sharing is considered as a favorite service provided by cloud storage servers in which the stored data is shared among a group of users. However, auditing such shared data is a big security issue for cloud users. In this paper, we propose an ID-Based public shared data integrity auditing scheme, in which all the group users are able to update, delete or insert new blocks into the shared data. Besides, the cloud server can revoke a misbehaving user with a minimum overhead. The scheme is secure against an untrusted cloud server and also preserves data privacy against the public verifier. Furthermore, overhead analysis shows the efficiency of proposed scheme in comparison to the existing... 

In cloud storage services, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data owners without the need to retrieve data from the cloud server. In some applications, the identity of data users should be kept private from the third party auditor. Oruta is a privacy preserving public auditing scheme for shared data in the cloud which exploits ring signatures to protect the identity privacy. In this paper, we propose two attacks and demonstrate that the scheme is insecure and a dishonest server can arbitrarily tamper the outsourced data without being detected by the auditor. We also propose a solution to remedy this weakness with the... 

Chevallier-Mames et al, proved that in a specific condition (such as the lack of untappable channels and trusted-third parties), the universal verifiability and privacy-preserving properties of e-voting protocols are incompatible (WOTE'06 and TTE'10). In this paper, we first show a flaw in their proof. Then, we prove that even with more assumptions, such as the existence of TTPs and untappable channels between the authorities, an e-voting protocol is unable to preserve privacy, regardless of verifiability. Finally, we demonstrate that preserving privacy in e-voting protocols requires the provision of at least one of the following assumptions: limited computational power of adversary,... 

One of the most used types of auctions in the smart grid is the double auction, in which both buyers and sellers can respectively submit their bids and asks to participate in the auction. In recent years, many schemes have been designed to propose a double auction mechanism for the smart grids; however, few of these schemes consider the information security aspects and users’ privacy. In this paper, we propose a protocol that helps different double auction mechanisms be implemented securely in the smart grids. This protocol not only can satisfy the security requirements of a double auction scheme but is also compatible with the smart grid technologies. In this scheme, in order to preserve... 

In a cloud storage service, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data users without the need to retrieve data from the cloud server. Recently, Shen et al. proposed a new lightweight and privacy preserving cloud data auditing scheme which employs a third party medium to perform time-consuming operations on behalf of users. The authors have claimed that the scheme meets the security requirements of public auditing mechanisms. In this paper, we show that Shen et al.'s scheme is insecure by proposing two attacks on the scheme. In the first attack, an outside adversary can modify some messages in transmission to the cloud server... 

Researchers have been studying security challenges of database outsourcing for almost a decade. Privacy of outsourced data is one of the main challenges when the "Database As a Service" model is adopted in the service oriented trend of the cloud computing paradigm. This is due to the insecurity of the network environment or even the untrustworthiness of the service providers. This paper proposes a method to preserve privacy of outsourced data based on Shamir's secret sharing scheme. We split attribute values into several parts and distribute them among untrusted servers. The problem of using secret sharing in data outsourcing scenario is how to search efficiently within the randomly... 

Privacy preservation in wireless sensor networks has drawn considerable attention from research community during last few years. Emergence of single-owner, multi-user commercial sensor networks along with hostile and uncontrollable environment of such networks, makes the security issue in such networks of a great importance. This paper concentrates on token-based privacy preservation schemes. A possible attack on such schemes has been introduced. Two different approaches has been utilized to mitigate the attack. We present mathematical models for it's effects and overheads. The results have been verified using extensive simulations  

Development of Smart Grid and deployment of smart meters in large scale has raised a lot of concerns regarding customers’ privacy. Consequently, several schemes have been proposed to overcome the above mentioned issue. These schemes mainly rely on data aggregation as a method of protecting users’ privacy from the grid operators. However, the main problem with most of these schemes is the fact that they require a large amount of processing power at the meter side. This, together with the fact that smart meters don't usually have a powerful processor, can cause the unavailability of smart meter data at the required time for operators of the grid, and at the same time prevents smart meters from... 

Real-time applications play a significant role in the area of VANET, and are mainly required for these kinds of networks. On the other hand, when the number of messages received by vehicles increases in the network, then the applied computation load becomes extremely high and consequently, delay on the message authentication process significantly increases. This paper is presented with the aim of introducing a novel cooperative message authentication (CMA) scheme for VANET, the main purpose of which is alleviating the computation load on vehicles while verifying messages by using two-part identity-based signature. The scheme enables vehicles to verify only a limited number of the total... 

With technical advancement of location technologies and their widespread adoption, information regarding physical location of individuals is becoming more available, augmenting the development and growth of location-based services. As a result of such availability, threats to location privacy are increasing, entailing more robust and sophisticated solutions capable of providing users with straightforward yet flexible privacy. The ultimate objective of this work is to design a privacy- preserving solution, based on obfuscation techniques (imprecision and inaccuracy), capable of handling location privacy, as required by users and according to their preferences. To this aim, we propose an...