*10:17* [Pub][ePrint]
Improving throughput of RC4 algorithm using multithreading techniques in multicore processors, by T.D.B Weerasinghe
RC4 is the most widely used stream cipher around. So, it is important that it runs cost effectively, with minimum encryption time. In other words, it should give higher throughput. In this paper, a mechanism is proposed to improve the throughput of RC4 algorithm in multicore processors using multithreading. The proposed mechanism does not parallelize RC4, instead it introduces a way that multithreading can be used in encryption when the plaintext is in the form of a text file. In this particular research, the source codes were written in Java (JDK version: 1.6.0_21) in Windows environments. Experiments to analyze the throughput were done separately in an IntelĀ® P4 machine (O/S: Windows XP), Core 2 Duo machine (O/S: Windows XP) and Core i3 machine (O/S: Windows 7).Outcome of the research: Higher throughput of RC4 algorithm can be achieved in multicores when using the proposed mechanism in this research. Effective use of multithreading in encryption can be achieved in multicores using this technique.

*10:17* [Pub][ePrint]
A Framework and Compact Constructions for Non-monotonic Attribute-Based Encryption, by Shota Yamada, Nuttapong Attrapadung, Goichiro Hanaoka, and Noboru Kunihiro
In this paper, we propose new non-monotonic attribute-based encryption schemes with compact parameters.The first three schemes are key-policy attribute-based encryption (KP-ABE) and the fourth scheme is ciphertext-policy attribute-based encryption (CP-ABE) scheme.

\\begin{itemize}

\\item Our first scheme has very compact ciphertexts. The ciphertext overhead only consists of two group elements and this is the shortest in the literature.

Compared to the scheme by Attrapadung et al. (PKC2011), which is the best scheme in terms of the ciphertext overhead, our scheme shortens ciphertext overhead by $33\\%$.

The scheme also reduces the size of the master public key to about half.

\\item Our second scheme is proven secure under the decisional bilinear Diffie-Hellman (DBDH) assumption, which is one of the most standard assumptions in bilinear groups. Compared to the non-monotonic KP-ABE scheme from the same assumption by Ostrovsky et al. (ACM-CCS\'07), our scheme achieves more compact parameters. The master public key and the ciphertext size is about the half that of their scheme.

\\item Our third scheme is the first non-monotonic KP-ABE scheme that can deal with unbounded size of set and access policies. That is, there is no restriction on the size of attribute sets and

the number of allowed repetition of the same attributes which appear in an access policy.

The master public key of our scheme is very compact: it consists of only constant number of group elements.

\\item Our fourth scheme is the first non-monotonic CP-ABE scheme that can deal with unbounded size of set and access policies. The master public key of the scheme consists of only constant number of group elements.

\\end{itemize}

We construct our KP-ABE schemes in a modular manner.

We first introduce special type of predicate encryption that we call two-mode identity based broadcast encryption (TIBBE).

Then, we show that any TIBBE scheme that satisfies certain condition can be generically converted into non-monotonic KP-ABE scheme.

Finally, we construct efficient TIBBE schemes and apply this conversion to obtain the above new non-monotonic KP-ABE schemes.

*22:17* [Pub][ePrint]
Verifiable Delegated Set Intersection Operations on Outsourced Encrypted Data, by Qingji Zheng and Shouhuai Xu
We initiate the study of the following problem:Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced ciphertexts, decrypt the ciphertexts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical.

We therefore motivate and introduce the novel notion of {\\em Verifiable Delegated Set Intersection on outsourced encrypted data} (VDSI).

The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud,

and (ii) being able to hold the misbehaving cloud accountable.

We formalize security properties of VDSI and present a construction.

In our solution, the computational and communication costs on the users are linear to the size of the intersection set,

meaning that the efficiency is optimal up to a constant factor.

*16:17* [Pub][ePrint]
Analysis of a Modified RC4 Algorithm, by T.D.B Weerasinghe
In this paper, analysis of a simply modified RC4 algorithm is presented. RC4 is the most widely used stream cipher and it is not considered as a cipher that is strong in security. Many alternatives have been proposed to improve RC4 key generation and pseudo random number generation but the thoughts behind this work is to try out a simple modification of RC4\'s PRGA, where we can mention like this:Output = M XOR GeneratedKey XOR j

After having done the modification the modified algorithm is tested for its secrecy and performance and analyzed over the variable key length with respect to those of the original RC4. The results show that the modified algorithm is better than the original RC4 in the aspects of secrecy and performance.

*16:17* [Pub][ePrint]
Secrecy and Performance Analysis of Symmetric Key Encryption Algorithms, by T.D.B Weerasinghe
In open literature there is a lack of focus on Shannon\'s secrecy of ciphers as a security measurement of symmetric key encryption, hence in this research, Shannon\'s theories on secrecy of ciphers were used to calculate the average secrecy of each symmetric cipher used in this research. All secrecy and performance analysis were done using a newly created tool. Analysis is done based on the secrecy level and performance of the algorithm. This paper presents an analysis of some of the widely used symmetric key algorithms which fall under the categories of block and stream ciphers together with the two combined algorithms. [DES, TripleDES, AES, RC2, RC4, Hybrid1(TripleDES+RC4) and Hybrid2 (AES+RC4) are used]. Analysis is pivoted around on two measurement criteria under two circumstances which are described later in this paper. All the algorithms are implemented in Core Javausing classes available in JAVA package javax.crypto. Separate classes are written to calculate the secrecy of ciphers and the encryption time. And also the tool is created using Core Java with the help of Netbeans IDE. As far as the outcome of the research is concerned, the performances of all stream ciphers are higher than that of block ciphers and the combined algorithms have similar performance level to block ciphers. Secrecy levels of block ciphers are comparatively higher than that of stream ciphers as the history says, it is further proved by Shannon\'s theories in this research. The combined algorithms have more stable secrecy levels.

*16:17* [Pub][ePrint]
One-Round Witness Indistinguishability from Indistinguishability Obfuscation, by Qihua Niu, Hongda Li, Bei Liang, Fei Tang
In this work, we explore the connection between witness indistinguishability (WI) and indistinguishability obfuscation (iO). We construct a one-round witness indistinguishable protocol for all of NP based on the the existence of indistinguishability obfuscator (the first candidate construction of indistinguishability obfuscator was recently put forward by Garg et.al. in 2013). Based on our one-round WI, we alsoconstruct a two-round oblivious transfer (OT) protocol and by a slight modification of our OT protocol, we get a noninteractive bit commitment scheme.

*16:05* [Job][New]
Security Systems Programmer Associate, *University of Michigan Transportation Research Institute (UMTRI), USA, North-West*
Job Opening ID: 93077Please see the job posting at UMJOBS.ORG for the full description, salary range, and requirements.

ALL APPLICANTS MUST APPLY DIRECTLY TO THE UNIVERSITY OF MICHIGAN AT UMJOBS.ORG. APPLICATIONS SUBMITTED ELSEWHERE WILL NOT BE CONSIDERED.

Job Summary

UMTRI is currently establishing a world-class transportation cyber-security team. For this team we seek motivated, energetic, independently working team players. The incumbent for this position will assist in the design, and development of Cybersecurity project plans, and tests. Hands-on security system penetration strategies will be tested along with security strategies for projects housed at the University of Michigan Transportation Research Institute (UMTRI)l, including work for industrial partners, government sponsors and the Safety Pilot Model Deployment (http://safetypilot.umtri.umich.edu/) project. The successful candidate for this position will be required to interact with sponsors and other engineering and technical staff, prepare components of related research proposals, and other plans related to large cyber security projects. You will also prepare documentation and participate in the development of publications and technical reports.

Additional Information

Please visit the posting on UMJOBS.ORG for more information regarding require and desired qualifications, underfill requirements and the mandatory background screening.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.