Homomorphic Authenticated Encryption Secure Against Chosen-Ciphertext Attack, by Chihong Joo and Aaram Yun
We study homomorphic authenticated encryption, where privacy
and authenticity of data are protected simultaneously. We define homomorphic versions
of various security notions for privacy and authenticity, and investigate
relations between them. In particular, we show that it is possible to
give a natural definition of IND-CCA for homomorphic authenticated encryption, unlike
the case of homomorphic encryption. Also, we construct a homomorphic
authenticated encryption scheme supporting arithmetic circuits on $\\ZZ_Q$
for smooth modulus $Q$, which is chosen-ciphertext secure both for privacy
and authenticity. Our scheme is based on the error-free approximate GCD assumption.
PhD studentships, Royal Holloway, University of London, UK
We will be awarding 10 fully-funded studentships (generous stipend and college fees for four years) to outstanding candidates to join the Royal Holloway Centre for Doctoral Training in Cyber Security in October 2014.
We will consider applications from candidates with undergraduate and masters\\\' qualifications in a wide range of disciplines, including, but not limited to, mathematics, computer science, and electrical and electronic engineering.
Please see the Entry Requirements at http://www.rhul.ac.uk/isg/cybersecuritycdt/entryrequirements.aspx and instructions on How to Apply at http://www.rhul.ac.uk/isg/cybersecuritycdt/howtoapply.aspx. Funding is provided by the EPSRC, and thus is subject to their eligibility conditions. For further details, please visit the CDT Funding page at http://www.rhul.ac.uk/isg/cybersecuritycdt/funding.aspx.
Closing date for receiving applications is the 30th March 2014. We will however assess applications on an ongoing basis, and we reserve the right to make an offer to outstanding candidates before the closing date.
PhD student, SnT, University of Luxembourg, Luxembourg
The Interdisciplinary Centre for Security, Reliability and Trust (SnT, www.securityandtrust.lu) at University of Luxembourg is looking for a PhD candidate in privacy-preserving recommender systems. The PhD topic is related to investigate the privacy issues in recommender systems and propose efficient and secure mechanisms to achieve the maximum privacy. The candidate is expected to design new privacy-preserving recommender systems for both horizontally and vertically partitioned dataset, prove their privacy properties, and study their asymptotical performances.
The student will work closely with the team members of the APSIA group, led by Prof. Peter Y. A. Ryan. Moreover, the student will be encouraged to collaborate with researchers from the group of Prof. Jiuyong Li at University of South Australia (UniSA), Australia.
For informal inquiries please contact: Dr. Qiang Tang qiang.tang (at) uni.lu
To formally apply for this position: http://emea3.mrted.ly/9lwj
Professor (Open Rank), Worcester Polytechnic Institute, MA, USA, below Canada
Worcester Polytechnic Institute (WPI) invites applications for a faculty position in the Department of Electrical & Computer Engineering at all ranks, commensurate with qualifications.
Required qualifications for the position include; an earned Ph.D. in Electrical & Computer Engineering, or a closely related field. Areas of particular interest include, but are not limited to: security engineering, hardware and embedded systems security, and mobile and cyber-physical systems security.
The successful candidate will be expected to establish and maintain a high quality, self-sustaining research program. WPI offers ample opportunity for collaboration with current department faculty as well as appropriate cross-campus, interdisciplinary research groups in various topics in security. In addition to excellence in teaching and research, candidates should look forward to engaging undergraduate and graduate students in a classroom and projects intensive environment, and expanding our graduate research program.
Qualified applicants should submit a detailed curriculum vitae, a brief statement of specific teaching and research objectives, and four letters of recommendation at least one of which addresses teaching experience or potential, via https://careers.wpi.edu/. Review of applications will begin on November 1, 2013 and will continue until the position is filled.
Outsourced Symmetric Private Information Retrieval, by Stanislaw Jarecki and Charanjit Jutla and Hugo Krawczyk and Marcel Rosu and Michael Steiner
In the setting of searchable symmetric encryption (SSE), a data owner D outsources a database (or document/file collection) to a remote server E in encrypted form such that D can later search the collection at E while hiding information about the database and queries from E. Leakage to E is to be confined to well-defined forms of data-access and query patterns while preventing disclosure of explicit data and query plaintext values. Recently, Cash et al presented a protocol, OXT, which can run arbitrary Boolean queries in the SSE setting and which is remarkably efficient even for very large databases.
In this paper we investigate a richer setting in which the data owner
D outsources its data to a server E but D is now interested to allow clients (third parties) to search the database such that clients learn the information D authorizes them to learn but nothing else while E still does not learn about the data or queried values as in the basic SSE setting. Furthermore, motivated by a wide range of applications, we extend this model and requirements to a setting where, similarly to private information retrieval, the client\'s queried values need to be hidden also from the data owner D even though the latter still needs to authorize the query. Finally, we consider the scenario in which authorization can be enforced by the data owner D without D learning the policy, a setting that arises in court-issued search warrants.
We extend the OXT protocol of Cash et al to support arbitrary Boolean queries in all of the above models while withstanding adversarial
non-colluding servers (D and E) and arbitrarily malicious clients,
and while preserving the remarkable performance of the protocol.