Refik Molva - Academia.edu (original) (raw)
Papers by Refik Molva
Lecture Notes in Computer Science, 2005
Even if there are many authentication protocols for RFID system, only a few protocols support loc... more Even if there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag’s hardware limitation, these protocols suffer from many security threats, especially from the DoS (Denial of Service) attacks. In this paper, we discuss location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we will suggest a strong authentication
Journal of Network and Computer Applications, 2009
Although very developed in many sectors (databases, filesystems), access control schemes are stil... more Although very developed in many sectors (databases, filesystems), access control schemes are still somewhat elusive when it comes to wireless sensor networks. However, it is clear that many WSN systems-such as healthcare and automotive ones-need a controlled access to data that sensor nodes produce, given its high sensitivity. Enforcing access control in wireless sensor networks is a particularly difficult task due to the limited computational capacity of wireless sensor nodes. In this paper we present a full-fledged access control scheme for wireless sensor data. We enforce access control through data encryption, thus embedding access control in sensor data units. We also propose a lightweight key generation mechanism, based on cryptographic hash functions, that allows for hierarchical key derivation. The suggested protocol only relies on simple operations, does not require interactions between nodes and data consumers and has minimal storage requirements.
Proceedings of SPIE, Jan 24, 1997
As distributed multimedia applications are starting to be offered as services in enterprise and r... more As distributed multimedia applications are starting to be offered as services in enterprise and residential cable networks, there is a growing interest in platforms that provide a standard framework for the development and deployment of these applications. Key issues in platform design are service diversity, service portability and interoperability of user terminal equipment. We propose a platform architecture for the provision of multimedia communication services which logically separates application processing from media processing. Applications are installed in application pools from where they control a set of communicating multimedia terminals. Application-specific intelligence is downloaded into the terminals in the form of Tcl/Tk or Java scripts that generate graphical user interfaces, control media processing components, and communicate with the application in the pool. The platform architecture is based on CORBA and is defined as an extensible set of IDL interfaces for control and stream interfaces for multimedia communication. The platform supports application development with high-level programming interfaces.
As the organizing committee, it is our pleasure to present the proceedings of the 2 nd IEEE Inter... more As the organizing committee, it is our pleasure to present the proceedings of the 2 nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks (D-SPAN), held on June 20, 2011, in Lucca, Italy. The goal of this one-day workshop, organized in conjunction with the 12 th IEEE WoWMoM 2011, is to exchange cutting-edge ideas for securing the next-generation wireless networks, systems and applications. The scope of D-SPAN includes a wide variety of topics, including security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined ± such as cellular and mobile ad hoc networks (MANET), vehicular ad hoc networks (VANET), cognitive and sensor networks ± to applying data analytics techniques to address security and privacy challenges in these networks. D-SPAN provides a forum for academic and industry researchers to present research ideas that build bridges across three communities: wireless networks and databases, and security.
Springer eBooks, 2005
... University, USA Kaisa Nyberg, Nokia, Finland Christof Paar, University of Bochum, Germany Pan... more ... University, USA Kaisa Nyberg, Nokia, Finland Christof Paar, University of Bochum, Germany Panagiotis Papadimitratos, Cornell University, USA ... An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices Erik Dahmen, Katsuyuki Okeya, Tsuyoshi Takagi ...
This paper discusses the results of a research project that developed an architectural framework ... more This paper discusses the results of a research project that developed an architectural framework for integrating non-IBM network architectures to the reference model and node structures of IBM's Systems Network Architecture (SNA). The unique features of the selected integration approach allow multiple protocol stacks to coexist and interoperate within the same computer, to share use of common physical network ports, links, and switching nodes, and to be accessed and managed through homogeneous interfaces. The architectural framework was developed for the specific purpose of integrating the Open Systems Interconnection (OSI) Reference Model to that of SNA, but its basic philosophy and key aspects turn out to be generally applicable to the Integration of other network technologies as well, such as TCP/IP or NetBIOS. B ack in the mid-1970s, IBM introduced its hostbased Systems Network Architecture (SNA), which was later enhanced by cross-domain SNA Network Interconnection (SNI) and decentralized Advanced Peer-to-Peer Networking (APPN) functions. In the early 1980s, IBM also introduced NetBIOS (Network Basic Input/Output System), a communication technology originally targeted at local area networks (LANs), and started offering support for the Transmission Control Proto-collInternet Protocol (TCP/lP) family and the Open Systems Interconnection (OSI) architecture to address multivendor network environments. This broad palette of network offerings raises some
Springer eBooks, 2009
A Secret Handshake is a protocol that allows two users to mutually verify one another's propertie... more A Secret Handshake is a protocol that allows two users to mutually verify one another's properties, and in case of simultaneous matching, to share a key used to secure subsequent communications. In this paper, we present the first Secret Handshake scheme that allows dynamic matching of properties under stringent security requirements: in particular, the right to prove and to verify is strictly under the control of an authority. This work merges characteristics of Secret Handshake with features peculiar to Secure Matchmaking.
ABSTRACT Security of e-applications running over Internet is a major requirement for their widesp... more ABSTRACT Security of e-applications running over Internet is a major requirement for their widespread use. As discussions in this panel often pointed it out, such kind of applications shows more and more a property of mobility: mobility of code, data, or even mobility of objects, termed agents. But how to enforce security of such mobile components? Is it at the programming language level, or could it be managed in a completely transparent way for the programmer ? Do we need domainspecific languages that we hope could be trusted or are general-purpose languages enough ? This panel gave some highlights on how adequate the object-oriented language technology could be; at which level of granularity security has to be designed and introduced into the application; why solutions differing from classical cryptography-based solutions are promising.
Journal of Computer Security, 1996
This paper discusses issues and idiosyncrasies associated with changing passwords and keys in dis... more This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems. Current approaches are often complicated and fail to provide the desired level of security and fault tolerance. A novel and very simple approach to changing passwordslkeys is presented and analyzed. It provides a means for human users and service programs to change passwords and keys in a robust and secure fashion.
IACR Cryptology ePrint Archive, 2008
In this paper, we present the design of the lightweight F f family of privacy-preserving authenti... more In this paper, we present the design of the lightweight F f family of privacy-preserving authentication protocols for RFID-systems. F f is based on a new algebraic framework for reasoning about and analyzing this kind of authentication protocols. F f offers user-adjustable, strong authenticity and privacy against known algebraic and also recent SAT-solving attacks. In contrast to related work, F f achieves these two security properties without requiring an expensive cryptographic hash function. F f is designed for a challenge-response protocol, where the tag sends random nonces and the results of HMAC-like computations of one of the nonces together with its secret key. In this paper, the authenticity and privacy of F f is evaluated using analytical and experimental methods.
M., the S3 group, the SPaCIoS group, and the AVANTSSAR group. I would like also to give a special... more M., the S3 group, the SPaCIoS group, and the AVANTSSAR group. I would like also to give a special thank to Christina, a famiglia, Mercecindo, Saro, Tama, and Kata, to have supported me with the right combination of care and nonsense. Finally, thanks to prof. Engin Kirda, prof. Frédéric Cuppens, prof. Refik Molva, prof. Alessandro Armando, and dr. Luca Compagna for agreeing to be reporters and examiners.
Proceedings - 2011 International Conference on Network-Based Information Systems, NBiS 2011, 2011
Lecture Notes in Computer Science, 2015
While Searchable Encryption (SE) has been widely studied, adapting it to the multiuser setting wh... more While Searchable Encryption (SE) has been widely studied, adapting it to the multiuser setting whereby many users can upload secret files or documents and delegate search operations to multiple other users still remains an interesting problem. In this paper we show that the adversarial models used in existing multiuser searchable encryption solutions are not realistic as they implicitly require that the cloud service provider cannot collude with some users. We then propose a stronger adversarial model, and propose a construction which is both practical and provably secure in this new model. The new solution combines the use of bilinear pairings with private information retrieval and introduces a new, non trusted entity called "proxy" to transform each user's search query into one instance per targeted file or document.
Proofs of data reliability are cryptographic protocols that provide assurance to a user that a cl... more Proofs of data reliability are cryptographic protocols that provide assurance to a user that a cloud storage system correctly stores her data and has provisioned sufficient redundancy to be able to guarantee reliable storage service. In this paper, we consider distributed cloud storage systems that make use of erasure codes to guarantee data reliability. We propose a novel proof of data reliability scheme, named PORTOS, that on the one hand guarantees the retrieval of the outsourced data in their entirety through the use of proofs of data possession and on the other hand ensures the actual storage of redundancy. PORTOS makes sure that redundancy is stored at rest and not computed on-the-fly (whenever requested) thanks to the use of timelock puzzles. Furthermore, PORTOS delegates the burden of generating the redundancy to the cloud. The repair operations are also taken care of by the cloud. Hence, PORTOS is compatible with the current cloud computing model where the cloud autonomously performs all maintenance operations without any interaction with the user. The security of the solution is proved in the face of a rational adversary whereby the cheating cloud provider tries to gain storage savings without increasing its total operational cost.
In recent years, the increasing popularity of outsourcing data to third-party cloud servers spark... more In recent years, the increasing popularity of outsourcing data to third-party cloud servers sparked a major concern towards data breaches. A standard measure to thwart this problem and to ensure data confidentiality is data encryption. Nevertheless, organizations that use traditional encryption techniques face the challenge of how to enable untrusted cloud servers perform search operations while the actually outsourced data remains confidential. Searchable encryption is a powerful tool that attempts to solve the challenge of querying data outsourced at untrusted servers while preserving data confidentiality. Whereas the literature mainly considers searching over an unstructured collection of files, this paper explores methods to execute SQL queries over encrypted databases. We provide a complete framework that supports private search queries over encrypted SQL databases, in particular for PostgreSQL and MySQL databases. We extend the solution for searchable encryption designed by Curtmola et al., to the case of SQL databases. We also provide features for evaluating range and boolean queries. We finally propose a framework for implementing our construction, validating its practicality.
Lecture Notes in Computer Science, 2015
Existing work on data collection and analysis for aggregation is mainly focused on confidentialit... more Existing work on data collection and analysis for aggregation is mainly focused on confidentiality issues. That is, the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper we extend the existing models with stronger security requirements. Apart from the privacy requirements with respect to the individual inputs, we ask for unforgeability for the aggregate result. We first define the new security requirements of the model. We also instantiate a protocol for private and unforgeable aggregation for multiple independent users. I.e, multiple unsynchronized users owing to personal sensitive information without interacting with each other, contribute their values in a secure way: The Aggregator learns the result of a function without learning individual values, and moreover, it constructs a proof that is forwarded to a verifier that will convince the latter for the correctness of the computation. Our protocol is provably secure in the random oracle model.
With the advent of cloud computing, individuals and companies alike are looking for opportunities... more With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server the evaluation of highdegree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach. Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under wellstudied assumptions.
Lecture Notes in Computer Science, 2005
Even if there are many authentication protocols for RFID system, only a few protocols support loc... more Even if there are many authentication protocols for RFID system, only a few protocols support location privacy. Because of tag’s hardware limitation, these protocols suffer from many security threats, especially from the DoS (Denial of Service) attacks. In this paper, we discuss location privacy problem and show vulnerabilities of RFID authentication protocols. And then, we will suggest a strong authentication
Journal of Network and Computer Applications, 2009
Although very developed in many sectors (databases, filesystems), access control schemes are stil... more Although very developed in many sectors (databases, filesystems), access control schemes are still somewhat elusive when it comes to wireless sensor networks. However, it is clear that many WSN systems-such as healthcare and automotive ones-need a controlled access to data that sensor nodes produce, given its high sensitivity. Enforcing access control in wireless sensor networks is a particularly difficult task due to the limited computational capacity of wireless sensor nodes. In this paper we present a full-fledged access control scheme for wireless sensor data. We enforce access control through data encryption, thus embedding access control in sensor data units. We also propose a lightweight key generation mechanism, based on cryptographic hash functions, that allows for hierarchical key derivation. The suggested protocol only relies on simple operations, does not require interactions between nodes and data consumers and has minimal storage requirements.
Proceedings of SPIE, Jan 24, 1997
As distributed multimedia applications are starting to be offered as services in enterprise and r... more As distributed multimedia applications are starting to be offered as services in enterprise and residential cable networks, there is a growing interest in platforms that provide a standard framework for the development and deployment of these applications. Key issues in platform design are service diversity, service portability and interoperability of user terminal equipment. We propose a platform architecture for the provision of multimedia communication services which logically separates application processing from media processing. Applications are installed in application pools from where they control a set of communicating multimedia terminals. Application-specific intelligence is downloaded into the terminals in the form of Tcl/Tk or Java scripts that generate graphical user interfaces, control media processing components, and communicate with the application in the pool. The platform architecture is based on CORBA and is defined as an extensible set of IDL interfaces for control and stream interfaces for multimedia communication. The platform supports application development with high-level programming interfaces.
As the organizing committee, it is our pleasure to present the proceedings of the 2 nd IEEE Inter... more As the organizing committee, it is our pleasure to present the proceedings of the 2 nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks (D-SPAN), held on June 20, 2011, in Lucca, Italy. The goal of this one-day workshop, organized in conjunction with the 12 th IEEE WoWMoM 2011, is to exchange cutting-edge ideas for securing the next-generation wireless networks, systems and applications. The scope of D-SPAN includes a wide variety of topics, including security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined ± such as cellular and mobile ad hoc networks (MANET), vehicular ad hoc networks (VANET), cognitive and sensor networks ± to applying data analytics techniques to address security and privacy challenges in these networks. D-SPAN provides a forum for academic and industry researchers to present research ideas that build bridges across three communities: wireless networks and databases, and security.
Springer eBooks, 2005
... University, USA Kaisa Nyberg, Nokia, Finland Christof Paar, University of Bochum, Germany Pan... more ... University, USA Kaisa Nyberg, Nokia, Finland Christof Paar, University of Bochum, Germany Panagiotis Papadimitratos, Cornell University, USA ... An Advanced Method for Joint Scalar Multiplications on Memory Constraint Devices Erik Dahmen, Katsuyuki Okeya, Tsuyoshi Takagi ...
This paper discusses the results of a research project that developed an architectural framework ... more This paper discusses the results of a research project that developed an architectural framework for integrating non-IBM network architectures to the reference model and node structures of IBM's Systems Network Architecture (SNA). The unique features of the selected integration approach allow multiple protocol stacks to coexist and interoperate within the same computer, to share use of common physical network ports, links, and switching nodes, and to be accessed and managed through homogeneous interfaces. The architectural framework was developed for the specific purpose of integrating the Open Systems Interconnection (OSI) Reference Model to that of SNA, but its basic philosophy and key aspects turn out to be generally applicable to the Integration of other network technologies as well, such as TCP/IP or NetBIOS. B ack in the mid-1970s, IBM introduced its hostbased Systems Network Architecture (SNA), which was later enhanced by cross-domain SNA Network Interconnection (SNI) and decentralized Advanced Peer-to-Peer Networking (APPN) functions. In the early 1980s, IBM also introduced NetBIOS (Network Basic Input/Output System), a communication technology originally targeted at local area networks (LANs), and started offering support for the Transmission Control Proto-collInternet Protocol (TCP/lP) family and the Open Systems Interconnection (OSI) architecture to address multivendor network environments. This broad palette of network offerings raises some
Springer eBooks, 2009
A Secret Handshake is a protocol that allows two users to mutually verify one another's propertie... more A Secret Handshake is a protocol that allows two users to mutually verify one another's properties, and in case of simultaneous matching, to share a key used to secure subsequent communications. In this paper, we present the first Secret Handshake scheme that allows dynamic matching of properties under stringent security requirements: in particular, the right to prove and to verify is strictly under the control of an authority. This work merges characteristics of Secret Handshake with features peculiar to Secure Matchmaking.
ABSTRACT Security of e-applications running over Internet is a major requirement for their widesp... more ABSTRACT Security of e-applications running over Internet is a major requirement for their widespread use. As discussions in this panel often pointed it out, such kind of applications shows more and more a property of mobility: mobility of code, data, or even mobility of objects, termed agents. But how to enforce security of such mobile components? Is it at the programming language level, or could it be managed in a completely transparent way for the programmer ? Do we need domainspecific languages that we hope could be trusted or are general-purpose languages enough ? This panel gave some highlights on how adequate the object-oriented language technology could be; at which level of granularity security has to be designed and introduced into the application; why solutions differing from classical cryptography-based solutions are promising.
Journal of Computer Security, 1996
This paper discusses issues and idiosyncrasies associated with changing passwords and keys in dis... more This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems. Current approaches are often complicated and fail to provide the desired level of security and fault tolerance. A novel and very simple approach to changing passwordslkeys is presented and analyzed. It provides a means for human users and service programs to change passwords and keys in a robust and secure fashion.
IACR Cryptology ePrint Archive, 2008
In this paper, we present the design of the lightweight F f family of privacy-preserving authenti... more In this paper, we present the design of the lightweight F f family of privacy-preserving authentication protocols for RFID-systems. F f is based on a new algebraic framework for reasoning about and analyzing this kind of authentication protocols. F f offers user-adjustable, strong authenticity and privacy against known algebraic and also recent SAT-solving attacks. In contrast to related work, F f achieves these two security properties without requiring an expensive cryptographic hash function. F f is designed for a challenge-response protocol, where the tag sends random nonces and the results of HMAC-like computations of one of the nonces together with its secret key. In this paper, the authenticity and privacy of F f is evaluated using analytical and experimental methods.
M., the S3 group, the SPaCIoS group, and the AVANTSSAR group. I would like also to give a special... more M., the S3 group, the SPaCIoS group, and the AVANTSSAR group. I would like also to give a special thank to Christina, a famiglia, Mercecindo, Saro, Tama, and Kata, to have supported me with the right combination of care and nonsense. Finally, thanks to prof. Engin Kirda, prof. Frédéric Cuppens, prof. Refik Molva, prof. Alessandro Armando, and dr. Luca Compagna for agreeing to be reporters and examiners.
Proceedings - 2011 International Conference on Network-Based Information Systems, NBiS 2011, 2011
Lecture Notes in Computer Science, 2015
While Searchable Encryption (SE) has been widely studied, adapting it to the multiuser setting wh... more While Searchable Encryption (SE) has been widely studied, adapting it to the multiuser setting whereby many users can upload secret files or documents and delegate search operations to multiple other users still remains an interesting problem. In this paper we show that the adversarial models used in existing multiuser searchable encryption solutions are not realistic as they implicitly require that the cloud service provider cannot collude with some users. We then propose a stronger adversarial model, and propose a construction which is both practical and provably secure in this new model. The new solution combines the use of bilinear pairings with private information retrieval and introduces a new, non trusted entity called "proxy" to transform each user's search query into one instance per targeted file or document.
Proofs of data reliability are cryptographic protocols that provide assurance to a user that a cl... more Proofs of data reliability are cryptographic protocols that provide assurance to a user that a cloud storage system correctly stores her data and has provisioned sufficient redundancy to be able to guarantee reliable storage service. In this paper, we consider distributed cloud storage systems that make use of erasure codes to guarantee data reliability. We propose a novel proof of data reliability scheme, named PORTOS, that on the one hand guarantees the retrieval of the outsourced data in their entirety through the use of proofs of data possession and on the other hand ensures the actual storage of redundancy. PORTOS makes sure that redundancy is stored at rest and not computed on-the-fly (whenever requested) thanks to the use of timelock puzzles. Furthermore, PORTOS delegates the burden of generating the redundancy to the cloud. The repair operations are also taken care of by the cloud. Hence, PORTOS is compatible with the current cloud computing model where the cloud autonomously performs all maintenance operations without any interaction with the user. The security of the solution is proved in the face of a rational adversary whereby the cheating cloud provider tries to gain storage savings without increasing its total operational cost.
In recent years, the increasing popularity of outsourcing data to third-party cloud servers spark... more In recent years, the increasing popularity of outsourcing data to third-party cloud servers sparked a major concern towards data breaches. A standard measure to thwart this problem and to ensure data confidentiality is data encryption. Nevertheless, organizations that use traditional encryption techniques face the challenge of how to enable untrusted cloud servers perform search operations while the actually outsourced data remains confidential. Searchable encryption is a powerful tool that attempts to solve the challenge of querying data outsourced at untrusted servers while preserving data confidentiality. Whereas the literature mainly considers searching over an unstructured collection of files, this paper explores methods to execute SQL queries over encrypted databases. We provide a complete framework that supports private search queries over encrypted SQL databases, in particular for PostgreSQL and MySQL databases. We extend the solution for searchable encryption designed by Curtmola et al., to the case of SQL databases. We also provide features for evaluating range and boolean queries. We finally propose a framework for implementing our construction, validating its practicality.
Lecture Notes in Computer Science, 2015
Existing work on data collection and analysis for aggregation is mainly focused on confidentialit... more Existing work on data collection and analysis for aggregation is mainly focused on confidentiality issues. That is, the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper we extend the existing models with stronger security requirements. Apart from the privacy requirements with respect to the individual inputs, we ask for unforgeability for the aggregate result. We first define the new security requirements of the model. We also instantiate a protocol for private and unforgeable aggregation for multiple independent users. I.e, multiple unsynchronized users owing to personal sensitive information without interacting with each other, contribute their values in a secure way: The Aggregator learns the result of a function without learning individual values, and moreover, it constructs a proof that is forwarded to a verifier that will convince the latter for the correctness of the computation. Our protocol is provably secure in the random oracle model.
With the advent of cloud computing, individuals and companies alike are looking for opportunities... more With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server the evaluation of highdegree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach. Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under wellstudied assumptions.