As privacy-enhancing authentications without any TTP (Trusted Third Party), blacklistable anonymous credential systems with reputation have been proposed. However, the previous systems have the efficiency problem: The authentication data size is or , where L is the reputation list, and K is the size of a window indicating the most recent K authentications of the user. Therefore, the previous systems suffer from or -size data in each authentication. In addition, the authentication needs the computation of or exponentiations. In this paper, an efficient blacklistable anonymous credential system with reputation is proposed. In our system, the data size of the authentication is . Furthermore, although the computational costs in the authentication depend on some parameters, the parameter-related costs are only multiplications instead of exponentiations. Compared to the previously proposed blacklistable system FARB with the constant computational and communication costs, our system has the advantage that the clear/redeem protocol only has to be executed every interval instead of every session. For constructing our system, we newly introduce the concept of an accumulator for reputation, and propose an efficient construction.

The idea of aggregate signcryption was first proposed by Selvi. The aggregation process reduces the communication overhead and hence, it is efficient in low-bandwidth communication networks such as wireless sensor networks and vehicular ad-hoc network VANET. The goal of this study is to propose a secure provably identity based aggregate signcryption scheme ID-ASC without pairings over the elliptic curve cryptography. The proposed scheme is provable secure against confidentiality and unforgeability under random oracle model. Moreover, the proposed ID-ASC reduced the computational complexity when compared to other schemes in literature.

In this study, the authors introduce new Montgomery and Edwards form elliptic curves targeted at the 256-bit security level. To this end, they work with three primes, namely , and . While has been considered earlier in the literature, and are new. They define a pair of birationally equivalent Montgomery and Edwards form curves over all the three primes. Efficient 64-bit assembly implementations targeted at Skylake and later generation Intel processors have been made for the shared secret computation phase of the Diffie-Hellman key agreement protocol for the new Montgomery curves. Curve448 of the Transport Layer Security, Version 1.3 is a Montgomery curve which provides security at the 224-bit security level. Compared to the best publicly available 64-bit implementation of Curve448, the new Montgomery curve over leads to a 3–4% slowdown and the new Montgomery curve over leads to a 4.5–5% slowdown; on the other hand, 29 and 30.5 extra bits of security, respectively, are gained. For designers aiming for the 256-bit security level, the new curves over and provide an acceptable trade-off between security and efficiency.

The PRISM made the research of cryptography against subversion attacks flourish these years. In a subversion attack, surveillants can compromise the security of users’ systems by subverting implementations of cryptographic algorithms. While the scenario of a single-surveillant has been researched by several works, the multi-surveillant setting attracted less consideration. The authors have initialised this notion in previous work but assumed the surveillants to be completely isolated. In this study, the authors follow this idea and consider more realistic scenarios of the multi-surveillant subversion, where surveillants are able to have limited communications. They propose the notions of queryable adversaries and conversational adversaries. In the first setting, adversaries can verify whether output is produced by a subverted implementation from others; in the latter setting, adversaries can have arbitrary conversations with each other without leaking their backdoors. Under the framework of ‘amalgamation and decomposition’, they design randomness generators that are secure against queryable adversaries and conversational adversaries, respectively, by adopting implementations from different sources intentionally. Based on the secure randomness generators, they construct symmetric encryption schemes that match the corresponding security definitions.

In the mid-sixties, Rothaus introduced the notion of bent function and later presented a secondary construction of bent functions (building new bent functions from already defined ones), called Rothaus’ construction. In Zhang et al. 2017 (‘Constructing bent functions outside the Maiorana–Mcfarland class using a general form of Rothaus,’ IEEE Transactions on Information Theory, 2017, vol. 63, no. 8, pp. 5336–5349.’) provided two constructions of bent functions using a general form of Rothaus and showed that the obtained classes lie outside the completed Maiorana–McFarland () class. In this study, the authors propose two similar methods for constructing bent functions outside the completed class but with significantly simplified sufficient conditions compared to those in Zhang et al. 2017. These simplified conditions do not induce any serious restrictions on the choice of permutations used in the construction apart from a simple requirement on their algebraic degree and the request that the component functions of one permutation do not admit linear structures. This enables us to generate a huge class of bent functions lying outside the completed class. Even more importantly, they prove that the new classes of bent functions are affine inequivalent to the bent functions in Zhang et al. 2017.

Nowadays, the necessity of electronic information increases rapidly. As a consequence, often, that information needs to be shared among mutually distrustful parties. In this area, private set intersection (PSI) and its variants play an important role when the participants wish to do secret operations on their input sets. Unlike the most modern public key cryptosystems relying on number theoretic problems, lattice-based cryptographic constructions provide security in the presence of a quantum computer. Consequently, developing PSI and its variants using lattice based cryptosystem becomes an interesting direction for research. This study presents the first size-hiding post quantum PSI cardinality (PSI-CA) protocol whose complexity is linear in the size of the sets of the participants. The authors use space-efficient probabilistic data structure (Bloom filter) as its building block. Further, they extend the authors’ PSI-CA to its authorised version, i.e. authorised PSI-CA. Security for both of them is achieved in the standard model based on the hardness of the decisional learning with errors problem.

This study proposes a secure and privacy-preserving protocol for outsourcing health data processing operations during the emergency in the mobile healthcare network. The proposed protocol provides a practical solution to utilise smartphone resources at both remote and nearby for processing the overwhelming personal health information (PHI) of a user in healthcare emergency opportunistically and securely. The patients with symptoms matching with those of the user in an emergency are considered as opportunities to minimise the privacy disclosure of the user. Opportunities at both remote and nearby are exploited with the help of a base station in the 4G network. Moreover, novel and efficient outsourced privacy access control schemes are developed to minimise the power drain of the user in an emergency without compromising his privacy. The outsourced privacy access control is facilitated through the design of innovative schemes for outsourced attribute-based access mechanism and an outsourced privacy-preserving scalar product computation. Detailed performance evaluations through implementations on Raspberry Pi 3B + board and simulations using NS3 network simulator and Scyther tool confirm the efficiency of the proposed protocol in providing highly reliable PHI processing and transmissions with reasonably low delay and energy consumption while maintaining user privacy.

Security vulnerabilities in web traffic can directly lead to data leak. Preventing these data leaks to a large extent has become an important problem to solve. Besides, the accurate detection and prevention of abnormal changes in web traffic is of great importance. In this study, a hybrid approach, called C-NSA, based on the negative selection algorithm (NSA) and clonal selection algorithm (CSA) of artificial immune systems for the detection of abnormal web traffic on the network is proposed and a user-friendly application software is developed. The real and synthetic data in the Yahoo Webscope S5 dataset are used for web traffic and the data are split into windows using the window sliding. In the experimental studies, the abnormal web traffic data is detected by monitoring the changes in the number of activated detectors in the C-NSA. It is observed that the average accuracy performance of finding anomalies in real web traffic data is 94.30% and the overall classification accuracy is 98.22% based on proposed approach. In addition, false positive rate of the proposed approach using C-NSA is obtained as 0.029. In addition, the results in synthetic web traffic data using C-NSA are achieved as average 98.57% classification accuracy.

Socialbots are intelligent software that controls all behaviour of fake accounts in an online social network. Since they are armed with detection evasion techniques, it is valuable to be able to determine the effectiveness of these techniques. In this study, an analytical model is developed to estimate a lower bound for the cost of automatic establishment of a socialbot network. Moreover, by considering fake accounts purchasing as an establishment strategy, an upper bound is suggested for acceptable costs. These two boundaries are compared to decide on the economic feasibility of a socialbot network design strategy. To demonstrate the practicality and effectiveness of the model, two case studies are investigated. They show that although designing a fully stealthy socialbot network is economically feasible, the infiltration time would be unacceptable. Thus, this ideal situation in which the establishment is fully stealthy, performs in a tolerable time, and satisfactory infiltration scale, is impractical. A possible solution could be achieved by reducing the time and cost in exchange for less stealthy behaviour while the infiltration scale kept unchanged. Since the model presents a trade-off between stealthiness, time, and cost, it is a useful tool facilitating the design of a possible strategy.

Delegation is a technique that allows a subject receiving a delegation (the delegatee) to act on behalf of the delegating subject (the delegator). Although the existing Key Aggregate Searchable Encryption (KASE) schemes support delegation of search rights over any set of ciphertexts using a key of constant-size, two critical issues still should be considered. Firstly, an adversary can intercept the aggregate key or query trapdoor from the insecure communication channels involving the cloud server and impersonate as an authorized user to the server for accessing the data. Secondly, the existing KASE schemes only discuss the delegation of rights from the data owner to other users. However, if a subject receiving a delegation cannot perform the time-critical task on the shared data because of the unavailability, it becomes necessary for the delegatee to further delegate his received rights to another user. In this paper, we propose a novel KASE scheme that allows a fine-grained multi-delegation, i.e., if the attributes of the delegatee satisfy the hidden access policy (defined by the data owner), the delegatee can delegate his received rights to another user, without compromising data privacy. The proposed scheme provides security against the impersonation attack by verifying the user's authentication.

Identity-based cryptography (IBC) is considered as a promising mechanism in the Internet of Things and ad-hoc networks, providing lightweight authentication and powerful access control. However, it suffers from two inherent problems, i.e. key escrow and the requirement of a secure channel, which are not always good properties in many realistic scenarios. Thus, an efficient key issuing protocol in a distributed setting without the assumption of the secure channel is needed. In this study, the authors give special attention to the IBC standardised in IEEE P1363 and design a multi-party setup and key issuing protocol for it. Their protocol is proven to be malicious secure by simulation under weaker assumptions. Contrast to prior works that rely on a trusted party for key distribution or the strong assumption of a secure channel, they provide the first practical solution for the distributed architectures.

The authors analyse the security threats caused by personal wireless local area network (WLAN) sharing, propose schemes under two different conditions, and evaluate the performance of their schemes. WLAN is a widely used low-cost wireless networking technology. Most personal WLANs use the Wi-Fi-protected access II (WPA2)-personal to ensure robust security. Exposing the passphrase of WLAN is the only way to share it. Passphrase exposure can cause three threats, i.e. eavesdropping, evil twin attack, and resource abuse. This study addresses these threats by proposing two schemes under different device upgrade difficulties. For devices that are difficult to upgrade, their scheme only upgrades wireless routers. All WPA2-personal certified user devices can address these threats without any changes. For easy-upgrade and new devices, their scheme uses the attribute-based key exchange to address threats and provide ease of use, anonymity, and fine-grained access control. To solve the problem practically, they propose a mutual authentication method based on trust-on-first-use and a convenient attribute assignment method based on the existence of social information. The attribute authority already has numerous social information to provide services and cannot obtain more private information from participants in their scheme. The analysis shows that these proposed schemes are secure and practical.

In this study, an oblivious 3D mesh watermarking scheme is represented utilising local curvature estimation and statistical characteristics of 3D mesh to provide robustness as well as retaining the imperceptibility of the 3D model. The proposed method estimates the local curvature of 3D model by finding the difference between the average normal and the surface normal of all the faces in a 1-ring neighbourhood of a vertex under consideration. Feature vector of all vertices is then measured and used to select vertices for watermark insertion. Distributions of vertex norms are transformed statistically to hide the watermark as statistical parameters are more robust and less prone to attacks. The robustness and imperceptibility of the proposed method against various attacks are analysed through simulations.

In this study, I consider privacy against hypothesis testing adversaries within a non-stochastic framework. He developed a theory of non-stochastic hypothesis testing by borrowing the notion of uncertain variables from non-stochastic information theory. I define tests as binary-valued mappings on uncertain variables and proved a fundamental bound on the best performance of the tests in non-stochastic hypothesis testing. I provide parallels between stochastic and non-stochastic hypothesis-testing frameworks. I use the performance bound in non-stochastic hypothesis testing to develop a measure of privacy. I then construct the reporting policies with the prescribed privacy and utility guarantees. The utility of a reporting policy is measured by the distance between the reported and original values. Finally, I present the notion of indistinguishability as a measure of privacy by extending the identifiability from the privacy literature to the non-stochastic framework. I prove that the linear quantisers can indeed achieve identifiability for responding to linear queries on private datasets.

Tight security is an important requirement of practical cryptographic schemes. Compared with loosely-secure schemes, tightly-secure schemes allow shorter security parameters hence are more efficient. In CRYPTO 2018, Gjøsteen and Jager proposed a tightly-secure authenticated key exchange (AKE) protocol. They used ‘commitment trick’ to construct a tight security reduction for their protocol. However, this technique leads to a three-pass execution in their protocol, and their protocol cannot achieve key confirmation unless it is modified to have a four-pass execution. In this study, the authors propose a tightly-secure two-pass AKE protocol. They use the twin Diffie–Hellman problem and the ‘re-patch’ trick of random oracles to construct a tight security reduction for their protocol. This technique allows their protocol to have a two-pass execution. Their protocol provides several security properties such as key-compromise-impersonation security, unknown-key-share security, and weak perfect forward secrecy. Moreover, a three-pass variant of their protocol provides key confirmation.

Data sharing across multiple different entities is on-demand to upgrade an enterprise's performance. However, some malicious entity can reveal this data to an unauthorised third party that may result in heavy loss to the enterprises in terms of finance, reputation, and long-term stability. This study presents a novel model GUIM-SMD for the identification of the guilty entity which is responsible for the data leakage to the unauthorised party in the shared environment. An effective distribution strategy to allocate the data among the users based on the access control mechanism is proposed in this model. The approach introduces the summation matrix which is computed using D-score and U-score that are assigned to the classified data and user, correspondingly. Furthermore, D-score and U-score are based on the data sensitivity and user guilty record relatively; and their values vary between 0 and 1. The evaluated summation matrix is used for data distribution among various users. The results show improvement up to 98.74, 236.38, and 252.39% for average probability, average success rate, and detection rate, respectively, as compared to the prior work.

A verifiable multi-secret sharing (VMSS) scheme allows distributors to share multiple secrets simultaneously and can detect fraud by both distributors and participants. After analysing the security of the VMSS schemes proposed by Dehkordi and Mashhadi in 2015, the authors point out that they could not detect the fraudulent behaviour of the dealer. By using the non-homogeneous linear recursion and linear feedback shift rigister (LFSR) public key cryptosystem, they introduce two new VMSS schemes. The proposed schemes can not only overcome the defects mentioned above, but also have shorter private and public key lengths at the same level of security. Besides, the proposed schemes are dynamic.