Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
* A scheme based on the computational Diffie-Hellman (CDH) assumption in pairing-friendly groups. Signatures contain O(1) and verification keys O(log(k)) group elements, where k is the security parameter. Our scheme is the first CDH-based scheme with such compact verification keys.
* A scheme based on the (non-strong) RSA assumption in which both signatures and verification keys contain O(1) group elements. Our scheme is significantly more efficient than existing RSA-based schemes.
* A scheme based on the Short Integer Solutions (SIS) assumption. Signatures contain O(log(k) m) and verification keys O(n m) Z_p-elements, where p may be polynomial in k, and n, m denote the usual SIS matrix dimensions. Compared to state-of-the-art SIS-based schemes, this gives very small verification keys, at the price of slightly larger signatures.
In all cases, the involved constants are small, and the arising schemes provide significant improvements upon state-of-the-art schemes. The only price we pay is a rather large (polynomial) loss in the security reduction. However, this loss can be significantly reduced at the cost of an additive term in signature and verification key size.
In contrast, our solution provides a realistic and practical trade-off between performance and privacy by efficiently supporting very large databases at the cost of moderate and well-defined leakage to the outsourced server (leakage is in the form of data access patterns, never as direct exposure of plaintext data or searched values). A key aspect of our protocols is that it allows the searcher to pivot its conjunctive search on the estimated least frequent keyword in the conjunction. We show that a Decisional Diffie-Hellman (DDH) based pseudo-random function can be used not just to implement search tokens but also to hide query access pattern of non-pivot, and hence possibly highly frequent, keywords in conjunctive queries. We present a formal cryptographic analysis of the privacy and security of our protocols and establish precise upper bounds on the allowed leakage.
To demonstrate the real-world practicality of our approach, we provide performance results of a prototype applied to several large representative data sets.
rapidly deployed in several daily life applications such as
payment, access control, ticketing, and e-passport, which
requires strong security and privacy mechanisms. However,
RFID systems commonly have limited computational capacity,
poor resources and inefficient data management. Hence there
is a demanding urge to address these issues in the light
of some mechanism which can make the technology excel.
Cloud computing is one of the fastest growing segments of
IT industry which can provide a cost effective technology
and information solution to handling and using data collected
with RFID. As more and more information on individuals and
companies is placed in the cloud, concerns are beginning to
grow about just how safe an environment it is. Therefore, while
integrating RFID into the cloud, the security and privacy of
the tag owner must be considered.
Motivated by this need, we first provide a security and
privacy model for RFID technology in the cloud computing. In
this model, we first define the capabilities of the adversary and
then give the definitions of the security and privacy. After that
we propose an example of an RFID authentication protocol
in the cloud computing. We prove that the proposal is narrow
strong private+ in our privacy model.
Our solutions assume the user has access to either an untrusted online cloud storage service (as per Boyen ), or a mobile storage device that is trusted until stolen. In the cloud storage scenario, we consider schemes that optimize for either storage server or online service performance, as well as anonymity and unlinkability of the user\'s actions. In the mobile storage scenario, we minimize the assumptions we make about the capabilities of the mobile device: we do not assume synchronization, tamper resistance, special or expensive hardware, or extensive cryptographic capabilities. Most importantly, the user\'s password remains secure even after the mobile device is stolen. Our protocols provide another layer of security against malware and phishing. To the best of our knowledge, we are the first to propose such various and provably secure password-based authentication schemes. Lastly, we argue that our constructions are relatively easy to deploy, especially if a few single sign-on services (e.g., Microsoft, Google, Facebook) adopt our proposal.
Both recent Ph.D. graduates and well-established scientists are encouraged to apply. A premier center for commercial innovation, PARC, a Xerox company, is in the business of breakthroughs. We work closely with global enterprises, entrepreneurs, government agencies and partners, and other clients to invent, co-develop, and bring to market game-changing innovations by combining imagination, investigation, and return on investment for our clients. For 40 years, we have lived at the leading edge of innovation, merging inquiry and strategy to pioneer technological change. PARC was incorporated in 2002 as a wholly owned independent subsidiary of Xerox Corporation – enabling us to continue pioneering technological change but across a broader set of industries and clients today. See http://www.parc.com/about for more details on PARC.
Candidates in all areas of cyber security will be considered, with particular interest in:
Apply at: http://www.parc.com/about/careers/