Search

Your search keyword '"Ximeng LIU"' showing total 25 results
Start Over Author "Ximeng LIU" Journal ieee transactions on dependable and secure computing
25 results on '"Ximeng LIU"'

4. RevFRF: Enabling Cross-Domain Random Forest Training With Revocable Federated Learning

Author

Yang Liu, Zhuo Ma, Jianfeng Ma, Yilong Yang, Ximeng Liu, and Kui Ren

Subjects
Information privacy, Revocation, Computer science, Server, Suite, Homomorphic encryption, Electrical and Electronic Engineering, Data science, Random forest, Data modeling, Domain (software engineering)
Abstract

Random forest is one of the most heated machine learning tools in a wide range of industrial scenarios. Recently, federated learning enables efficient distributed machine learning without direct revealing of private participant data. In this paper, we present a novel framework of federated random forest (RevFRF), and further emphatically discuss the participant revocation problem of federated learning based on RevFRF. Specifically, RevFRF first introduces a suite of homomorphic encryption based secure protocols to implement federated random forest (RF). The protocols cover the whole lifecycle of an RF model, including construction, prediction, and participant revocation. Then, referring to the practical application scenarios of RevFRF, the existing federated learning frameworks ignore a fact that even every participant in federated learning cannot maintain the cooperation with others forever. In company-level cooperation, allowing the remaining companies to use a trained model that contains the memories from an off-lying company potentially leads to a significant conflict of interest. Therefore, we propose the revocable federated learning concept and illustrate how RevFRF implements participant revocation in applications.

Published
2022

5. Social Characteristic-Based Propagation-Efficient PBFT Protocol to Broadcast in Unstructured Overlay Networks

Author

Kim-Kwang Raymond Choo, Xiaoqin Feng, Jianfeng Ma, Yinbin Miao, and Ximeng Liu

Subjects
Multicast, Computer science, business.industry, Overlay network, Denial-of-service attack, State (computer science), Electrical and Electronic Engineering, business, Protocol (object-oriented programming), Database transaction, Computer network, Block (data storage), Flooding (computer networking)
Abstract

Blockchain allows for secure management of a shared ledger by agreement protocols, where transactions are validated over network without central authorities. Although the agreement protocol has been thoroughly conducted of propagation and consensus researches, mobility of nodes in unstructured overlay networks has not received much attention. Besides, current dynamic propagation schemes waste travel hops and are low of delivery ratio. In this paper, we propose a social characteristic-based propagation-efficient protocol NefSBFT to agree on system state plus consensus mechanisms in public blockchains. We devise a propagation technique (travel hops of at least $\frac{1}{3}$ savings, delivery ratio above $0.93$ , etc.) for message multicasting when exploiting real nodes' social characteristics of intermittent connectivity and frequent partitions. This propagation technique is executed in the improved FastBFT to achieve transaction ordering and block verification, thus, no controllable mobility is required during the whole system's execution. NefSBFT achieves fast propagation, small message complexity and few resource consumption of travel hops and running nodes for complete protocol execution. We analyze NefSBFT's security against DDOS attack of non-primary failure. The experiments show the performance tradeoff under different parameters, compare the propagation efficiency with Erlay and Flooding, and clarify NefSBFT's impact on the whole system performance through comparison.

Published
2022

10. LS-RQ: A Lightweight and Forward-Secure Range Query on Geographically Encrypted Data

Author

Jiangtao Cui, Yanguo Peng, Jianfeng Ma, Hui Li, Long Wang, and Ximeng Liu

Subjects
021110 strategic, defence & security studies, Service (systems architecture), Database, Range query (data structures), business.industry, Computer science, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, computer.software_genre, Encryption, Index (publishing), Electrical and Electronic Engineering, business, computer
Abstract

In the era of cloud computing, to achieve convenient location-based service (LBS), consumers such as users, companies, and organizations prefer subcontracting massive geographical data to public clouds after encryption for privacy and security. However, numerous harmful cyber-attacks happen on those public clouds in an unpredicted and hourly manner. To alleviate those concerns, various secure query schemes on the encrypted data have been proposed in the literature. As a fundamental query of LBSs, forward-secure range query has not been well investigated. To address this issue, we propose a lightweight and forward-secure range query (LS-RQ) on geographically encrypted data, which soundly balances between security and efficiency. Promisingly, we design an index mechanism to manage geographical data on the public clouds, while not compromising the privacy of data. Moreover, our LS-RQ schemes provide a convenient approach to range query on geographically encrypted data on-the-fly. We also rigorously prove that LS-RQ is forward-secure. Finally, extensive experimental studies are performed on both real and synthetic datasets. By observation, our LS-RQ schemes are highly efficient in realistic environments. Particularly, on encrypted datasets with about 1, 000, 000 geographical data, our solution to secure range query takes strictly less than a second.

Published
2022

12. Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-owner Setting

Author

Kim-Kwang Raymond Choo, Jiguo Li, Ximeng Liu, Robert H. Deng, Hongwei Li, Yinbin Miao, and Jianfeng Ma

Subjects
021110 strategic, defence & security studies, Polynomial, Information privacy, business.industry, Computer science, Data_MISCELLANEOUS, 0211 other engineering and technologies, Cloud computing, Access control, 02 engineering and technology, Tracing, Space (commercial competition), Encryption, Computer security, computer.software_genre, Public-key cryptography, Electrical and Electronic Engineering, business, computer
Abstract

Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) facilitates search queries and supports fine-grained access control over encrypted data in the cloud. However, prior CP-ABKS schemes were designed to support unshared multi-owner setting, and cannot be directly applied in the shared multi-owner setting (where each record is accredited by a fixed number of data owners), without incurring high computational and storage costs. In addition, due to privacy concerns on access policies, most existing schemes are vulnerable to off-line keyword-guessing attacks if the keyword space is of polynomial size. Furthermore, it is difficult to identify malicious users who leak the secret keys when more than one data user has the same subset of attributes. In this paper, we present a privacy-preserving CP-ABKS system with hidden access policy in Shared Multi-owner setting (basic ABKS-SM system), and demonstrate how it is improved to support malicious user tracing (modified ABKS-SM system). We then prove that the proposed ABKS-SM systems achieve selective security and resist off-line keyword-guessing attack in the generic bilinear group model. We also evaluate their performance using real-world datasets.

Published
2021

13. Proxy-Free Privacy-Preserving Task Matching with Efficient Revocation in Crowdsourcing

Author

Kan Yang, Cong Wang, Jiangang Shu, Ximeng Liu, Xiaohua Jia, and Robert H. Deng

Subjects
021110 strategic, defence & security studies, Matching (statistics), Information privacy, Theoretical computer science, Revocation, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Crowdsourcing, Proxy re-encryption, Random oracle, Task analysis, Overhead (computing), Electrical and Electronic Engineering, business
Abstract

Task matching in crowdsourcing has been extensively explored with the increasing popularity of crowdsourcing. However, privacy of tasks and workers is usually ignored in most of exiting solutions. In this paper, we study the problem of privacy-preserving task matching for crowdsourcing with multiple requesters and multiple workers. Instead of utilizing proxy re-encryption, we propose a proxy-free task matching scheme for multi-requester/multi-worker crowdsourcing, which achieves task-worker matching over encrypted data with scalability and non-interaction. We further design two different mechanisms for worker revocation including Server-Local Revocation (SLR) and Global Revocation (GR), which realize efficient worker revocation with minimal overhead on the whole system. The proposed scheme is provably secure in the random oracle model under the Decisional $q$ q -Combined Bilinear Diffie-Hellman ( $q$ q -DCDBH) assumption. Comprehensive theoretical analysis and detailed simulation results show that the proposed scheme outperforms the state-of-the-art work.

Published
2021

14. Privacy-Preserving Outsourced Calculation Toolkit in the Cloud

Author

HweeHwa Pang, Kim-Kwang Raymond Choo, Ximeng Liu, Yang Yang, and Robert H. Deng

Subjects
021110 strategic, defence & security studies, Information privacy, business.industry, Computer science, 0211 other engineering and technologies, Homomorphic encryption, Plaintext, Cloud computing, Cryptography, 02 engineering and technology, Encryption, Server, Secure multi-party computation, Electrical and Electronic Engineering, business, Computer network
Abstract

In this paper, we propose a privacy-preserving outsourced calculation toolkit, Pockit, designed to allow data owners to securely outsource their data to the cloud for storage. The outsourced encrypted data can be processed by the cloud server to achieve commonly-used plaintext arithmetic operations without involving additional servers. Specifically, we design both signed and unsigned integer circuits using a fully homomorphic encryption (FHE) scheme, construct a new packing technique (hereafter referred to as integer packing), and extend the secure circuits to its packed version. This achieves significant improvements in performance compared with the original secure signed/unsigned integer circuit. The secure integer circuits can be used to construct a new data mining application, which we refer to as secure $k$ k -nearest neighbours classifier, without compromising the privacy of original data. Finally, we prove that the proposed Pockit achieves the goal of secure computation without privacy leakage to unauthorized parties, and demonstrate the utility and efficiency of Pockit.

Published
2020

15. Multi-User Multi-Keyword Rank Search Over Encrypted Data in Arbitrary Language

Author

Robert H. Deng, Ximeng Liu, and Yang Yang

Subjects
021110 strategic, defence & security studies, Information privacy, Information retrieval, Computer science, business.industry, Rank (computer programming), 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Multi-user, Encryption, Set (abstract data type), Server, Electrical and Electronic Engineering, business, Cloud storage
Abstract

Multi-keyword rank searchable encryption (MRSE) returns the top- $k$ k results in response to a data user's request of multi-keyword search over encrypted data, and hence provides an efficient way for preserving data privacy in cloud storage systems while without loss of data usability. Many existing MRSE systems are constructed based on an algorithm which we term as $k$ k -nearest neighbor for searchable encryption (KNN-SE). Unfortunately, KNN-SE has a number of shortcomings, which limit its practical applications. In this paper, we propose a new MRSE system which overcomes almost all the defects of the KNN-SE based MRSE systems. Specifically, our new system does not require a predefined keyword set and supports keywords in arbitrary languages, is a multi-user system which supports flexible search authorization and time-controlled revocation, and it achieves better data privacy protection since even the cloud server is not able to tell which documents are the top- $k$ k results returned to a data user. We also conduct extensive experiments to demonstrate the efficiency of the new system.

Published
2020

16. Lightweight Sharable and Traceable Secure Mobile Health System

Author

Robert H. Deng, Yingjiu Li, Ximeng Liu, and Yang Yang

Subjects
021110 strategic, defence & security studies, business.industry, Computer science, 0211 other engineering and technologies, Mobile computing, Cloud computing, Access control, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Electrical and Electronic Engineering, business, Cloud storage, Mobile device, mHealth, computer
Abstract

Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient's mobile device to data users. LiST enables efficient keyword search and fine-grained access control of encrypted data, supports tracing of traitors who sell their search and access privileges for monetary gain, and allows on-demand user revocation. LiST is lightweight in the sense that it offloads most of the heavy cryptographic computations to the cloud while only lightweight operations are performed at the end user devices. We formally define the security of LiST and prove that it is secure without random oracle. We also conduct extensive experiments to access the system's performance.

Published
2020

17. Dual Access Control for Cloud-Based Data Storage and Sharing

Author

Yinghui Zhang, Willy Susilo, Xinyi Huang, Kaitai Liang, Jianting Ning, and Ximeng Liu

Subjects
Service (business), business.industry, Computer science, Data management, Cloud-based data sharing, access control, Cloud computing, Access control, Service provider, Computer security, computer.software_genre, Encryption, attribute-based encryption, Data access, cloud storage service, Intel SGX, Electrical and Electronic Engineering, business, computer, Dual access
Abstract

Cloud-based data storage service has drawn increasing interests from both academic and industry in the recent years due to its efficient and low cost management. Since it provides services in an open network, it is urgent for service providers to make use of secure data storage and sharing mechanism to ensure data confidentiality and service user privacy. To protect sensitive data from being compromised, the most widely used method is encryption. However, simply encrypting data (e.g., via AES) cannot fully address the practical need of data management. Besides, an effective access control over download request also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks cannot be launched to hinder users from enjoying service. In this article, we consider the dual access control, in the context of cloud-based storage, in the sense that we design a control mechanism over both data access and download request without loss of security and efficiency. Two dual access control systems are designed in this article, where each of them is for a distinct designed setting. The security and experimental analysis for the systems are also presented.

Published
2022

18. Efficient and Privacy-Preserving Outsourced Calculation of Rational Numbers

Author

Jian Weng, Rongxing Lu, Robert H. Deng, Kim-Kwang Raymond Choo, Ximeng Liu, Liu, Ximeng, Choo, Kim-Kwang Raymond, Deng, Robert H, Lu, Rongxing, and Weng, Jian

Subjects
Rational number, Computer science, business.industry, Distributed computing, homomorphic encryption, Homomorphic encryption, privacy-preserving, 020206 networking & telecommunications, Cryptography, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Outsourcing, rational numbers, Integer, Server, 0202 electrical engineering, electronic engineering, information engineering, Systems architecture, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, encrypted data processing, outsourced computation, business, computer
Abstract

In this paper, we propose a framework for efficient and privacy-preserving outsourced calculation of rational numbers, which we refer to as POCR. Using POCR, a user can securely outsource the storing and processing of rational numbers to a cloud server without compromising the security of the (original) data and the computed results. More specifically, we present a Paillier cryptosystem with threshold decryption (PCTD), the core cryptographic primitive, to reduce the private key exposure risk in POCR. We also present the tool kits required in the privacy preserving calculation of integers and rational numbers to ensure that commonly used outsourced operations can be handled on-the-fly. We then prove that the proposed POCR achieves the goal of secure integer and rational number calculation without resulting in privacy leakage to unauthorized parties, as well as demonstrating the utility and the efficiency of POCR using simulations. Refereed/Peer-reviewed

Published
2018

19. Multi-authority Attribute-Based Keyword Search over Encrypted Cloud Data

Author

Robert H. Deng, Yinbin Miao, Hongjun Wu, Ximeng Liu, Hongwei Li, Kim-Kwang Raymond Choo, and School of Physical and Mathematical Sciences

Subjects
021110 strategic, defence & security studies, Security analysis, Database, business.industry, Computer science, 0211 other engineering and technologies, Encryption, Key distribution, Data security, Access control, Cloud computing, 02 engineering and technology, Cloud Computing, computer.software_genre, Server, Computer science and engineering [Engineering], Attribute-based encryption, Electrical and Electronic Engineering, business, computer
Abstract

Searchable Encryption (SE) is an important technique to guarantee data security and usability in the cloud at the same time. Leveraging Ciphertext-Policy Attribute-Based Encryption (CP-ABE), the Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) scheme can achieve keyword-based retrieval and fine-grained access control simultaneously. However, the single attribute authority in existing CP-ABKS schemes is tasked with costly user certificate verification and secret key distribution. In addition, this results in a single-point performance bottleneck in distributed cloud systems. Thus, in this paper, we present a secure Multi-authority CP-ABKS (MABKS) system to address such limitations and minimize the computation and storage burden on resource-limited devices in cloud systems. In addition, the MABKS system is extended to support malicious attribute authority tracing and attribute update. Our rigorous security analysis shows that the MABKS system is selectively secure in both selective-matrix and selective-attribute models. Our experimental results using real-world datasets demonstrate the efficiency and utility of the MABKS system in practical applications.

Published
2021

20. A Lightweight Privacy-Preserving CNN Feature Extraction Framework for Mobile Sensing

Author

Ming Xu, Shaojing Fu, Deke Guo, Kai Huang, and Ximeng Liu

Subjects
021110 strategic, defence & security studies, Computer science, business.industry, Deep learning, Distributed computing, Feature extraction, 0211 other engineering and technologies, Data security, Cloud computing, 02 engineering and technology, Server, Enhanced Data Rates for GSM Evolution, Artificial intelligence, Electrical and Electronic Engineering, business, Mobile device, Edge computing
Abstract

The proliferation of various mobile devices equipped with cameras results in an exponential growth of the amount of images. Recent advances in the deep learning with convolutional neural networks (CNN) have made CNN feature extraction become an effective way to process these images. However, it is still a challenging task to deploy the CNN model on the mobile sensors, which are typically resource-constrained in terms of the storage space, the computing capacity, and the battery life. Although cloud computing has become a popular solution, data security and response latency are always the key issues. Therefore, in this paper, we propose a novel lightweight framework for privacy-preserving CNN feature extraction for mobile sensing based on edge computing. To get the most out of the benefits of CNN with limited physical resources on the mobile sensors, we design a series of secure interaction protocols and utilize two edge servers to collaboratively perform the CNN feature extraction. The proposed scheme allows us to significantly reduce the latency and the overhead of the end devices while preserving privacy. Through theoretical analysis and empirical experiments, we demonstrate the security, effectiveness, and efficiency of our scheme.

Published
2020

21. Optimized Verifiable Fine-Grained Keyword Search in Dynamic Multi-owner Settings

Author

Robert H. Deng, Hongwei Li, Ximeng Liu, Yinbin Miao, Kim-Kwang Raymond Choo, and Jianting Ning

Subjects
Computer science, business.industry, Server, Ciphertext, Overhead (computing), Access control, Cryptography, Cloud computing, Verifiable secret sharing, Electrical and Electronic Engineering, business, Encryption, Computer network
Abstract

Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) schemes support both fine-grained access control and keyword-based ciphertext retrieval, which make these schemes attractive for resource-constrained users (i.e., mobile or wearable devices, sensor nodes, etc.) to store, share and search encrypted data in the public cloud. However, ciphertext length and decryption overhead in the existing CP-ABKS schemes grow with the complexity of access policies or the number of data users’ attributes. Moreover, such schemes generally do not consider the practical multi-owner setting (e.g., each file needs to be signed by multiple data owners before being uploaded to the cloud server) or prevent malicious cloud servers from returning incorrect search results. To overcome these limitations, in this paper we first design an optimized Verifiable Fine-grained Keyword Search scheme in the static Multi-owner setting (termed as basic VFKSM), which achieves short ciphertext length, fast ciphertext transformation, accelerated search process, and authentic search result verification. Then, we extend the basic VFKSM to support multi-keyword search and multi-owner update (also called as extended VFKSM). Finally, we prove that the basic (or extended) VFKSM resists the Chosen-Keyword Attack (CKA) and external Keyword-Guessing Attack (KGA). We also evaluate the performance of these schemes using various public datasets.

Published
2019

22. Reliable and Privacy-Preserving Truth Discovery for Mobile Crowdsensing Systems

Author

Kashif Sharif, Chuan Zhang, Liehuang Zhu, Chang Xu, and Ximeng Liu

Subjects
021110 strategic, defence & security studies, Information privacy, Security analysis, business.industry, Computer science, 0211 other engineering and technologies, Homomorphic encryption, Cloud computing, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Paillier cryptosystem, Data aggregator, Hash chain, Electrical and Electronic Engineering, business, computer
Abstract

Truth discovery has received considerable attention in mobile crowdsensing systems. In real practice, it is vital to resolve conflicts among a large amount of sensory data and estimate the truthful information. Although truth discovery has been widely explored to improve aggregation accuracy, numerous security and privacy issues still need to be addressed. Existing schemes either do not guarantee the privacy of each participating user, or fail to consider practical needs in crowdsensing systems. In this paper, we present two reliable and privacy-preserving truth discovery schemes for different scenarios. Our first design is fit for applications where users are relatively stable. By employing the homomorphic Paillier encryption, one-way hash chain, and super-increasing sequence techniques, this approach not only guarantees strong privacy, but also is highly efficient and practical. Our second design suits applications where users are frequently moving. In such an application, we explore data perturbation and homomorphic Paillier encryption to shift all user workloads to the server side, without compromising users’ privacy. Through detailed security analysis, we demonstrate that both schemes are secure, practical, and privacy-preserving. Moreover, extensive experiments based on real world and simulated mobile crowdsensing systems, we demonstrate the efficiency of our proposed schemes.

Published
2019

23. Secure Fine-grained Encrypted Keyword Search for e-Healthcare Cloud

Author

Haijiang Wang, Geong Sen Poh, Jianting Ning, Xinyi Huang, Guiyi Wei, and Ximeng Liu

Subjects
021110 strategic, defence & security studies, Information privacy, business.industry, Computer science, 0211 other engineering and technologies, Cryptography, Cloud computing, Access control, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Information sensitivity, Overhead (computing), Attribute-based encryption, Electrical and Electronic Engineering, business, computer
Abstract

E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users’ devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient’s privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.

Published
2019

24. Person Re-Identification over Encrypted Outsourced Surveillance Videos

Author

Hang Cheng, Xiaojun Zhang, Ximeng Liu, Yan Fang, Huaxiong Wang, and Meiqing Wang

Subjects
021110 strategic, defence & security studies, Information privacy, business.industry, Computer science, Hash function, 0211 other engineering and technologies, Cryptography, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Merkle tree, Secret sharing, Server, Electrical and Electronic Engineering, business, computer
Abstract

Person re-identification (Re-ID) has attracted extensive attention due to its potential to identify a person of interest from different surveillance videos. With the increasing amount of the surveillance videos, high computation and storage costs have posed a great challenge for the resource-constrained users. In recent years, the cloud storage services have made a large volume of video data outsourcing become possible. However, person Re-ID over outsourced surveillance videos could lead to a security threat, i.e., the privacy leakage of the innocent person in these videos. Therefore, we propose an ef F icient priv A cy-prese R ving pe R son Re- I D S cheme (FARRIS) over outsourced surveillance videos, which can ensure the privacy of the detected person while providing the person Re-ID service. Specifically, FARRIS exploits the convolutional neural network (CNN) and kernels based supervised hashing (KSH) to extract the efficient person Re-ID feature. Then, we design a secret sharing based Hamming distance computation protocol to allow cloud servers to calculate similarities among obfuscated feature indexes. Furthermore, a dual Merkle hash trees based verification is proposed, which permits users to validate the correctness of the matching results. The extensive experimental results and security analysis demonstrate that FARRIS can work efficiently, without compromising the privacy of the involved person.

Published
2019

25. ObliComm: Towards Building an Efficient Oblivious Communication System

Author

Robert H. Deng, Zhonghai Wu, Ximeng Liu, Pengfei Wu, Qi Li, and Qingni Shen

Subjects
Soundness, Queueing theory, Computer science, business.industry, Server, Distributed computing, Scalability, Universal composability, Electrical and Electronic Engineering, Modular design, Communications system, business, Network topology
Abstract

Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system’s efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.

Published
2019

Catalog

Books, media, physical & digital resources
See catalog results