Man Ho Au | University of Wollongong (original) (raw)
Papers by Man Ho Au
Abstract The problem of access control on outsourced data to" honest but curious" cloud servers h... more Abstract The problem of access control on outsourced data to" honest but curious" cloud servers has received considerable attention, especially in scenarios involving potentially huge sets of data files, where re-encryption and re-transmission by the data owner may not be acceptable. Considering the user privacy and data security in cloud environment, in this paper, we propose a solution to achieve flexible and fine-grained access control on outsourced data files.
Abstract: The only known constructions of Hierarchical Identity Based Signatures that are proven ... more Abstract: The only known constructions of Hierarchical Identity Based Signatures that are proven secure in the strongest model without random oracles are based on the approach of attaching certificate chains or hierarchical authentication tree with one-time signature. Both construction methods lead to schemes that are somewhat inefficient and leave open the problem of efficient direct construction.
Oblivious Transfer with Access Control (AC-OT) is a protocol which allows a user to obtain a data... more Oblivious Transfer with Access Control (AC-OT) is a protocol which allows a user to obtain a database record with a credential satisfying the access policy of the record while the database server learns nothing about the record or the credential. The only AC-OT construction that supports policy in disjunctive form requires duplication of records in the database, each with a different conjunction of attributes (representing one possible criterion for accessing the record).
Abstract Wireless handheld devices which support e-mail and web browsing are increasingly popular... more Abstract Wireless handheld devices which support e-mail and web browsing are increasingly popular. The authenticity of the information received is important, especially for business uses. In server-aided verification (SAV), a substantial part of the verification computation can be offloaded to a powerful but possibly untrusted server.
Abstract Anonymous authentication can give users the license to misbehave since there is no fear ... more Abstract Anonymous authentication can give users the license to misbehave since there is no fear of retribution. As a deterrent, or means to revocation, various schemes for accountable anonymity feature some kind of (possibly distributed) trusted third party (TTP) with the power to identify or link misbehaving users.
Abstract Several anonymous authentication schemes allow servers to revoke a misbehaving user's ab... more Abstract Several anonymous authentication schemes allow servers to revoke a misbehaving user's ability to make future accesses. Traditionally, these schemes have relied on powerful Trusted Third Parties (TTPs) capable of deanonymizing (or linking) users' connections. Such TTPs are undesirable because users' anonymity is not guaranteed, and users must trust them to judge misbehaviors fairly.
Abstract. We present identity-based identification (resp. encryption, signature, blind signature,... more Abstract. We present identity-based identification (resp. encryption, signature, blind signature, ring signature) from composite degree residuosity (CDR). Constructions of identifications and signatures motivated by several existing CDR-based bandwidth-efficient encryption schemes are presented. Their securities are proven equivalent to famous hard problems, in the random oracle model. Motivated by Cocks [12], we construct an identity-based encryption from CDR.
Abstract Several credential systems have been proposed in which users can authenticate to service... more Abstract Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a Trusted Third Party (TTP). The ability of the TTP to revoke a user's privacy at any time, however, is too strong a punishment for misbehavior.
Abstract. In this paper, we propose a Hierarchical Identity Based Encryption scheme that is prove... more Abstract. In this paper, we propose a Hierarchical Identity Based Encryption scheme that is proven secure under the strongest model of [5] directly, without relying on random oracles. The size of the ciphertext is a constant while the size of public parameters is independent to the number of bit representing an identity. It is the first in the literature to achieve such a high security level and space efficiency at the same time.
ABSTRACT Some users may misbehave under the cover of anonymity by, eg, defacing webpages on Wikip... more ABSTRACT Some users may misbehave under the cover of anonymity by, eg, defacing webpages on Wikipedia or posting vulgar comments on YouTube. To prevent such abuse, a few anonymous credential schemes have been proposed that revoke access for misbehaving users while maintaining their anonymity such that no trusted third party (TTP) is involved in the revocation process.
Abstract. Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, num... more Abstract. Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, numerous ID-based signature schemes have been proposed. In 2001, Rivest et al. introduced ring signature that provides irrevocable signer anonymity and spontaneous group formation. In recent years, ID-based ring signature schemes have been proposed and all of them are based on bilinear pairings. In this paper, we propose the first ID-based threshold ring signature scheme that is not based on bilinear pairings.
Full version available for download here.
Previosly under the title of "Dynamic Multiversal Accumulators and Their Application to Attribute... more Previosly under the title of "Dynamic Multiversal Accumulators and Their Application to Attribute-Based Anonymous Credential Systems"
Full version available for download here.
In this paper, for the first time in the literature, we introduce the notion of online/offline ri... more In this paper, for the first time in the literature, we introduce the notion of online/offline ring signature scheme. Our primitive enables ring signature schemes to be used in practice, since the online mechanism can be performed very efficiently and hence, it is very suitable to be used in a mobile-device environment. We provide a formal model to capture our primitive, and we proceed with a concrete construction of online/offline ring signature schemes. Finally, we show that our scheme is secure in our model.
On-line/Off-line signatures are useful in many applications where the signer has a very limited r... more On-line/Off-line signatures are useful in many applications where the signer has a very limited response time once the message is presented. The idea is to perform the signing process in two phases. The first phase is performed off-line before the message to be signed is available and the second phase is performed on-line after the message to be signed is provided. Recently, in CT-RSA 2009, Gao et al. made a very interesting observation that most of the existing schemes possess the following structure. In the off-line phase, a partial signature, called the off-line token is computed first. Upon completion of the on-line phase, the off-line token constitutes part of the full signature. They considered the “off-line token exposure problem” in which the off-line token is exposed in the off-line phase and introduced a new model to capture this scenario. While intuitively the new requirement appears to be a stronger notion, Gao et al. cannot discover a concrete attack on any of the existing schemes under the new model. They regard clarifying the relationship between the models as an open problem. In this paper, we provide an affirmative answer to this open problem. We construct an On-line/Off-line signature scheme, which is secure under the ordinary security model whilst it is insecure in the new model. Specifically, we present a security proof under the old model and a concrete attack of the scheme under the new model. This illustrates that the new model is indeed stronger.
Copyright © by ACM 2008. This is the author's version of the work. It is posted here by permissio... more Copyright © by ACM 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.
Abstract The problem of access control on outsourced data to" honest but curious" cloud servers h... more Abstract The problem of access control on outsourced data to" honest but curious" cloud servers has received considerable attention, especially in scenarios involving potentially huge sets of data files, where re-encryption and re-transmission by the data owner may not be acceptable. Considering the user privacy and data security in cloud environment, in this paper, we propose a solution to achieve flexible and fine-grained access control on outsourced data files.
Abstract: The only known constructions of Hierarchical Identity Based Signatures that are proven ... more Abstract: The only known constructions of Hierarchical Identity Based Signatures that are proven secure in the strongest model without random oracles are based on the approach of attaching certificate chains or hierarchical authentication tree with one-time signature. Both construction methods lead to schemes that are somewhat inefficient and leave open the problem of efficient direct construction.
Oblivious Transfer with Access Control (AC-OT) is a protocol which allows a user to obtain a data... more Oblivious Transfer with Access Control (AC-OT) is a protocol which allows a user to obtain a database record with a credential satisfying the access policy of the record while the database server learns nothing about the record or the credential. The only AC-OT construction that supports policy in disjunctive form requires duplication of records in the database, each with a different conjunction of attributes (representing one possible criterion for accessing the record).
Abstract Wireless handheld devices which support e-mail and web browsing are increasingly popular... more Abstract Wireless handheld devices which support e-mail and web browsing are increasingly popular. The authenticity of the information received is important, especially for business uses. In server-aided verification (SAV), a substantial part of the verification computation can be offloaded to a powerful but possibly untrusted server.
Abstract Anonymous authentication can give users the license to misbehave since there is no fear ... more Abstract Anonymous authentication can give users the license to misbehave since there is no fear of retribution. As a deterrent, or means to revocation, various schemes for accountable anonymity feature some kind of (possibly distributed) trusted third party (TTP) with the power to identify or link misbehaving users.
Abstract Several anonymous authentication schemes allow servers to revoke a misbehaving user's ab... more Abstract Several anonymous authentication schemes allow servers to revoke a misbehaving user's ability to make future accesses. Traditionally, these schemes have relied on powerful Trusted Third Parties (TTPs) capable of deanonymizing (or linking) users' connections. Such TTPs are undesirable because users' anonymity is not guaranteed, and users must trust them to judge misbehaviors fairly.
Abstract. We present identity-based identification (resp. encryption, signature, blind signature,... more Abstract. We present identity-based identification (resp. encryption, signature, blind signature, ring signature) from composite degree residuosity (CDR). Constructions of identifications and signatures motivated by several existing CDR-based bandwidth-efficient encryption schemes are presented. Their securities are proven equivalent to famous hard problems, in the random oracle model. Motivated by Cocks [12], we construct an identity-based encryption from CDR.
Abstract Several credential systems have been proposed in which users can authenticate to service... more Abstract Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a Trusted Third Party (TTP). The ability of the TTP to revoke a user's privacy at any time, however, is too strong a punishment for misbehavior.
Abstract. In this paper, we propose a Hierarchical Identity Based Encryption scheme that is prove... more Abstract. In this paper, we propose a Hierarchical Identity Based Encryption scheme that is proven secure under the strongest model of [5] directly, without relying on random oracles. The size of the ciphertext is a constant while the size of public parameters is independent to the number of bit representing an identity. It is the first in the literature to achieve such a high security level and space efficiency at the same time.
ABSTRACT Some users may misbehave under the cover of anonymity by, eg, defacing webpages on Wikip... more ABSTRACT Some users may misbehave under the cover of anonymity by, eg, defacing webpages on Wikipedia or posting vulgar comments on YouTube. To prevent such abuse, a few anonymous credential schemes have been proposed that revoke access for misbehaving users while maintaining their anonymity such that no trusted third party (TTP) is involved in the revocation process.
Abstract. Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, num... more Abstract. Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, numerous ID-based signature schemes have been proposed. In 2001, Rivest et al. introduced ring signature that provides irrevocable signer anonymity and spontaneous group formation. In recent years, ID-based ring signature schemes have been proposed and all of them are based on bilinear pairings. In this paper, we propose the first ID-based threshold ring signature scheme that is not based on bilinear pairings.
Full version available for download here.
Previosly under the title of "Dynamic Multiversal Accumulators and Their Application to Attribute... more Previosly under the title of "Dynamic Multiversal Accumulators and Their Application to Attribute-Based Anonymous Credential Systems"
Full version available for download here.
In this paper, for the first time in the literature, we introduce the notion of online/offline ri... more In this paper, for the first time in the literature, we introduce the notion of online/offline ring signature scheme. Our primitive enables ring signature schemes to be used in practice, since the online mechanism can be performed very efficiently and hence, it is very suitable to be used in a mobile-device environment. We provide a formal model to capture our primitive, and we proceed with a concrete construction of online/offline ring signature schemes. Finally, we show that our scheme is secure in our model.
On-line/Off-line signatures are useful in many applications where the signer has a very limited r... more On-line/Off-line signatures are useful in many applications where the signer has a very limited response time once the message is presented. The idea is to perform the signing process in two phases. The first phase is performed off-line before the message to be signed is available and the second phase is performed on-line after the message to be signed is provided. Recently, in CT-RSA 2009, Gao et al. made a very interesting observation that most of the existing schemes possess the following structure. In the off-line phase, a partial signature, called the off-line token is computed first. Upon completion of the on-line phase, the off-line token constitutes part of the full signature. They considered the “off-line token exposure problem” in which the off-line token is exposed in the off-line phase and introduced a new model to capture this scenario. While intuitively the new requirement appears to be a stronger notion, Gao et al. cannot discover a concrete attack on any of the existing schemes under the new model. They regard clarifying the relationship between the models as an open problem. In this paper, we provide an affirmative answer to this open problem. We construct an On-line/Off-line signature scheme, which is secure under the ordinary security model whilst it is insecure in the new model. Specifically, we present a security proof under the old model and a concrete attack of the scheme under the new model. This illustrates that the new model is indeed stronger.
Copyright © by ACM 2008. This is the author's version of the work. It is posted here by permissio... more Copyright © by ACM 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.