Qianhong Wu

Dawei Li, Di Liu, Yangkun Ren et al.

The device fingerprinting technique extracts fingerprints based on the hardware characteristics of the device to identify the device. The primary goal of device fingerprinting is to accurately and uniquely identify a device, which requires the generated device fingerprints to have good stability to achieve long-term tracking of the target device. However, the fingerprints generated by some existing fingerprinting technologies are not stable enough or change frequently, making it impossible to track the target device for a long time. In this paper, we present FPHammer, a novel DRAM-based fingerprinting technique. The device fingerprint generated by our technique has high stability and can be used to track the device for a long time. We leverage the Rowhammer technique to repeatedly and quickly access a row in DRAM to get bit flips in its adjacent row. We then construct a physical fingerprint of the device based on the locations of the collected bit flips. The evaluation results of the uniqueness and reliability of the physical fingerprint show that it can be used to distinguish devices with the same hardware and software configuration. The experimental results on device identification demonstrate that the physical fingerprints engendered by our innovative technique are inherently linked to the entirety of the device rather than just the DRAM module. Even if the device modifies software-level parameters such as MAC address and IP address or even reinstalls the operating system, we can accurately identify the target device. This demonstrates that FPHammer can generate stable fingerprints that are not affected by software layer parameters.

Xiaofei Wang, Qianhong Wu, Yuqing Zhang

Individuals and organizations tend to migrate their data to clouds, especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is the conflict between secrecy and utilization of the relational database to be outsourced. We address this obstacle with a Transparent DataBase (T-DB) system strictly following the unmodified DBaaS framework. A database owner outsources an encrypted database to a cloud platform, needing only to store the secret keys for encryption and an empty table header for the database; the database users can make almost all types of queries on the encrypted database as usual; and the cloud can process ciphertext queries as if the database were not encrypted. Experimentations in realistic cloud environments demonstrate that T-DB has perfect query answer precision and outstanding performance.

Bo Qin, Hua Deng, Qianhong Wu et al.

In e-healthcare record systems (EHRS), attribute-based encryption (ABE) appears as a natural way to achieve fine-grained access control on health records. Some proposals exploit key-policy ABE (KP-ABE) to protect privacy in such a way that all users are associated with specific access policies and only the ciphertexts matching the users' access policies can be decrypted. An issue with KP-ABE is that it requires an a priori formulation of access policies during key generation, which is not always practicable in EHRS because the policies to access health records are sometimes determined after key generation. In this paper, we revisit KPABE and propose a dynamic ABE paradigm, referred to as access policy redefinable ABE (APR-ABE). To address the above issue, APR-ABE allows users to redefine their access policies and delegate keys for the redefined ones; hence a priori precise policies are no longer mandatory. We construct an APR-ABE scheme with short ciphertexts and prove its full security in the standard model under several static assumptions.

Lei Zhang, Chuanyan Hu, Qianhong Wu et al.

In [3], the authors proposed a highly efficient secure and privacy-preserving scheme for secure vehicular communications. The proposed scheme consists of four protocols: system setup, protocol for STP and STK distribution, protocol for common string synchronization, and protocol for vehicular communications. Here we define the security models for the protocol for STP and STK distribution, and the protocol for vehicular communications,respectively. We then prove that these two protocols are secure in our models.

Lei Zhang, Qianhong Wu, Josep Domingo-Ferrer et al.

In [3] the authors proposed a new aggregate signature scheme referred to as multiple-TA (trusted authority) one-time identity-based aggregate signature (MTA-OTIBAS). Further, they gave a concrete MTA-OTIBAS scheme. We recall here the definition of MTA-OTIBAS and the concrete proposed scheme. Then we prove that our MTA-OTIBAS concrete scheme is existentially unforgeable against adaptively chosen-message attacks in the random oracle model under the co-CDH problem assumption.

Josep Domingo-Ferrer, Qianhong Wu, Alberto Blanco-Justicia

Implicit authentication consists of a server authenticating a user based on the user's usage profile, instead of/in addition to relying on something the user explicitly knows (passwords, private keys, etc.). While implicit authentication makes identity theft by third parties more difficult, it requires the server to learn and store the user's usage profile. Recently, the first privacy-preserving implicit authentication system was presented, in which the server does not learn the user's profile. It uses an ad hoc two-party computation protocol to compare the user's fresh sampled features against an encrypted stored user's profile. The protocol requires storing the usage profile and comparing against it using two different cryptosystems, one of them order-preserving; furthermore, features must be numerical. We present here a simpler protocol based on set intersection that has the advantages of: i) requiring only one cryptosystem; ii) not leaking the relative order of fresh feature samples; iii) being able to deal with any type of features (numerical or non-numerical). Keywords: Privacy-preserving implicit authentication, privacy-preserving set intersection, implicit authentication, active authentication, transparent authentication, risk mitigation, data brokers.