Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
In contrast, our solution provides a realistic and practical trade-off between performance and privacy by efficiently supporting very large databases at the cost of moderate and well-defined leakage to the outsourced server (leakage is in the form of data access patterns, never as direct exposure of plaintext data or searched values). A key aspect of our protocols is that it allows the searcher to pivot its conjunctive search on the estimated least frequent keyword in the conjunction. We show that a Decisional Diffie-Hellman (DDH) based pseudo-random function can be used not just to implement search tokens but also to hide query access pattern of non-pivot, and hence possibly highly frequent, keywords in conjunctive queries. We present a formal cryptographic analysis of the privacy and security of our protocols and establish precise upper bounds on the allowed leakage.
To demonstrate the real-world practicality of our approach, we provide performance results of a prototype applied to several large representative data sets.
rapidly deployed in several daily life applications such as
payment, access control, ticketing, and e-passport, which
requires strong security and privacy mechanisms. However,
RFID systems commonly have limited computational capacity,
poor resources and inefficient data management. Hence there
is a demanding urge to address these issues in the light
of some mechanism which can make the technology excel.
Cloud computing is one of the fastest growing segments of
IT industry which can provide a cost effective technology
and information solution to handling and using data collected
with RFID. As more and more information on individuals and
companies is placed in the cloud, concerns are beginning to
grow about just how safe an environment it is. Therefore, while
integrating RFID into the cloud, the security and privacy of
the tag owner must be considered.
Motivated by this need, we first provide a security and
privacy model for RFID technology in the cloud computing. In
this model, we first define the capabilities of the adversary and
then give the definitions of the security and privacy. After that
we propose an example of an RFID authentication protocol
in the cloud computing. We prove that the proposal is narrow
strong private+ in our privacy model.
Our solutions assume the user has access to either an untrusted online cloud storage service (as per Boyen ), or a mobile storage device that is trusted until stolen. In the cloud storage scenario, we consider schemes that optimize for either storage server or online service performance, as well as anonymity and unlinkability of the user\'s actions. In the mobile storage scenario, we minimize the assumptions we make about the capabilities of the mobile device: we do not assume synchronization, tamper resistance, special or expensive hardware, or extensive cryptographic capabilities. Most importantly, the user\'s password remains secure even after the mobile device is stolen. Our protocols provide another layer of security against malware and phishing. To the best of our knowledge, we are the first to propose such various and provably secure password-based authentication schemes. Lastly, we argue that our constructions are relatively easy to deploy, especially if a few single sign-on services (e.g., Microsoft, Google, Facebook) adopt our proposal.
Both recent Ph.D. graduates and well-established scientists are encouraged to apply. A premier center for commercial innovation, PARC, a Xerox company, is in the business of breakthroughs. We work closely with global enterprises, entrepreneurs, government agencies and partners, and other clients to invent, co-develop, and bring to market game-changing innovations by combining imagination, investigation, and return on investment for our clients. For 40 years, we have lived at the leading edge of innovation, merging inquiry and strategy to pioneer technological change. PARC was incorporated in 2002 as a wholly owned independent subsidiary of Xerox Corporation – enabling us to continue pioneering technological change but across a broader set of industries and clients today. See http://www.parc.com/about for more details on PARC.
Candidates in all areas of cyber security will be considered, with particular interest in:
Apply at: http://www.parc.com/about/careers/
prime order setting based on the decisional linear assumption. We note that
some random factor involved in the ciphertext can further be used to hide yet another message
, and get a new fully secure IBE scheme with better message-ciphertext rate.
Similar to Lewko\'s
scheme, we use dual pairing vector space in prime order bilinear
groups to simulate the canceling and parameter hiding properties of
composite order settings. The security of our scheme is based on the
subspace assumption, which can be reduced to the decisional linear
assumption. We employ the dual system encryption technique in our