Journal Article

Permanent URI for this collectionhttps://ir.daiict.ac.in/handle/123456789/37

Browse

Filters

2008 - 200982010 - 2019142020 - 20247

Settings

Author: search.filters.author.Das, Maniklal

Search Results

Now showing 1 - 10 of 29
  • Thumbnail Image
    PublicationMetadata only
    detecting flaws in dynamic hierarchical key management schemes using specification animation
    (01-09-2012) Mundra, Anil; Mathuria, Anish; Das, Maniklal; DA-IICT, Gandhinagar; Kumar, Naveen Sahu (201021001); Mundra, Anil (200911022)
    In key assignment schemes for hierarchical access control systems, each access class has a key associated with it that can be used to derive the keys associated with every descendant of that class. Many recently proposed key assignment schemes support updates to the hierarchy such as addition and deletion of classes and class relationships. The dynamic changes entail a change to the hierarchy as well as re-computing of public and secret information. In this paper, we describe a software tool that supports the animation of specifications of dynamic schemes. The specification of a scheme, written in Prolog, corresponds to a symbolic model of the algorithms used by the scheme for key generation and for handling dynamic changes. The tool allows us to generate a test hierarchy, generate keys for the classes in the hierarchy, and simulate various dynamic operations. The animation search using the tool has shown to be useful in finding previously unreported attacks on several existing dynamic schemes.
  • Thumbnail Image
    PublicationMetadata only
    A provable secure key-escrow-free identity-based signature scheme without using secure channel at the phase of private key issuance
    (Springer, 01-06-2019) Sahana, Subhas chandra; Bhuyan, Bubu; Das, Maniklal; DA-IICT, Gandhinagar
    The identity-based cryptosystems furnish us with simplest key management procedures. Yet, they have a very slow adoption in cryptography due to the key escrow problem and the necessity of a secure channel between the user and the Private Key Generator (PKG) to transmit the created private key to the user. In this paper, we propose an identity-based signature scheme that not only solves the key escrow problem but also eliminates the requirement of the secure channel. The proposed scheme is secure against existential forgery under adaptively chosen message and ID attacks in the random oracle model assuming the hardness of the Computational Diffie�Hellmann Problem (CDHP). Furthermore, we compare the efficiency of our scheme to that of a similar established scheme.
  • Thumbnail Image
    PublicationMetadata only
    Secure and Privacy-Preserving RFID Authentication Scheme for Internet of Things Applications
    (Springer, 01-01-2020) Das, Maniklal; Kumar, Pardeep; Martin, Andrew; DA-IICT, Gandhinagar
    Privacy issue has become a crucial concern in internet of things (IoT) applications ranging from home appliances to vehicular networks. RFID system has found enormous scope in IoT applications such as consumer electronics, healthcare, tracking objects and transport system. In this paper, we present a privacy preserving authentication protocol for RFID system. The protocol provides mutual authentication of tag and reader, and preserves privacy of tags. We analyze the proposed protocol against active adversary and show that the protocol preserves narrow-strong privacy of the tags. We compare our protocol with the related work and show its usefulness in wide range of IoT applications.
  • Thumbnail Image
    PublicationMetadata only
    KeySea: Keyword-Based Search With Receiver Anonymity in Attribute-Based Searchable Encryption
    (IEEE, 01-03-2022) Chaudhari, Payal; Das, Maniklal; DA-IICT, Gandhinagar
    In modern digital age, enterprise applications typically outsource user data in pubic cloud storage with the objective of availing flexibility and scalability features of cloud infrastructure, and importantly, making business goal more cost effective. Security and privacy concerns pose a challenging task to handle in cloud setup by both service providers and service consumers. In this landscape, before outsourcing the sensitive data on cloud storage, the data should be protected from unauthorized access and the privacy of the users should be preserved as per application requirement. In this article, we present a scheme, termed as KeySea, keyword-based search over attribute-based encrypted data with receiver anonymity. While searching documents pertaining to the target keyword(s), keeping receiver�s anonymity and ensuring data privacy are important features in applications like healthcare, bureaucracy, social engineering, and so on. The construction of the KeySea scheme uses the hidden access policy in attribute-based searchable encryption. The KeySea scheme provides a secure and practical solution to address the issue of privacy-preserving search over encrypted data in the public cloud storage. We show the security strengths of the KeySea scheme and its practicality with experimental results.
  • Thumbnail Image
    PublicationMetadata only
    Detection of Node Capture Attack in Wireless Sensor Networks
    (IEEE, 01-03-2019) Agrawal, Sarita; Lopez, Javier; Das, Maniklal; DA-IICT, Gandhinagar; Agrawal, Sarita (201121013)
    Wireless sensor networks (WSNs) deployed in hostile environments for applications such as battle-field surveillance are vulnerable to various attacks, including node capture attack wherein an adversary physically captures, reprograms, and redeploys a node in the network. In this paper, we present a novel approach of program integrity verification (PIV) protocol to detect whether a node is captured. The cluster head equipped with trusted platform module (TPM) verifies by comparing the program memory content of the sensor node before and after capture. The proposed TPM-enabled PIV (TPIV) protocol uses dynamically computed hash-based key and pseudorandom function for detection of a captured node in the network. The security analysis of the TPIV protocol reveals that the probability of a node capture attack victim eluding the PIV and leaking the secret of any noncaptured node is negligible. The proposed TPIV protocol can detect the captured node even in the presence of a strong adversary capable of putting additional memory to elude the PIV. With the results of analytical and experimental comparisons, we show the performance improvement of TPIV protocol in terms of low communication, computation, and storage overhead as compared to the related protocols for PIV in WSN.
  • Thumbnail Image
    PublicationMetadata only
    Privacy Preserving Searchable Encryption with Fine-grained Access Control
    (IEEE, 01-07-2021) Chaudhari, Payal; Das, Maniklal; DA-IICT, Gandhinagar; Chaudhari, Payal (201121014)
    Searchable encryption facilitates cloud server to search over encrypted data without decrypting the data. Single keyword based searchable encryption enables a user to access a subset of documents, which contains the keyword of the user's interest. In this paper, we present a single keyword based searchable encryption scheme for the applications where multiple data owners upload their data and then multiple users can access the data. The scheme uses attribute based encryption that allows user to access the selective subset of data from cloud without revealing his/her access rights to the cloud server. The scheme is proven adaptively secure against chosen-keyword attack in the random oracle model. We have implemented the scheme on Google cloud instance and the performance of the scheme found practical in real-world applications.
  • Thumbnail Image
    PublicationMetadata only
    Edge Computing and Blockchain-Based Distributed Audit of Outsourced Dynamic Data
    (Springer, 14-05-2024) Dwivedi, Amit Kumar; Kumar, Naveen; Das, Maniklal; DA-IICT, Gandhinagar
    Dynamic outsourced data managed by an untrusted third party is prone to integrity violation. Data auditing is a well-known posterior mechanism to detect integrity violations. Existing integrity auditing schemes are centralized and take significant computation, storage, or communication cost at the data owner. Recently, a distributed auditing scheme involving three parties: the data owner, storage server, and end-users, is proposed. However, it uses redundant failure reports for a corrupt file increases the storage, computation, and communication costs. Also, the low-configured end-users may avoid auditing tasks for efficiency reasons. This paper proposes a secure and efficient distributed auditing scheme for outsourced data that utilizes blockchain and edge computing. The blockchain securely stores distinct failure reports, while edge nodes handle local auditing tasks. The scheme is compared with the existing distributed auditing scheme and found to be secure, and more efficient in terms of computational cost at the data owner and communication cost used by the scheme participants.
  • Thumbnail Image
    PublicationMetadata only
    Background Knowledge Attacks in Privacy-Preserving Data Publishing Models
    (Elsevier, 01-11-2022) Desai, Nidhi; Chaudhari, Payal; Kumar, Naveen; Das, Maniklal; DA-IICT, Gandhinagar; Desai, Nidhi (201421005)
    Massive volumes of data are being generated at every moment through various sources in the cyber-physical world. While storing as well as facilitating these data for business or individual requirements, data disclosure, sensitive data leakage, and privacy breaches are important concerns to both service providers and service consumers. Many privacy-preserving data publishing models came into existence to protect data security and privacy from disclosure. Background knowledge has been an important data source to the adversary and has become a potential threat to many privacy-preserving data publishing models. Background knowledge allows the adversary to reveal sensitive information of an individual from the published data. In this paper, we formalize background knowledge by defining different knowledge sets. We present a privacy model against the given background knowledge. We analyze the conventional privacy-preserving data publishing models such as k-anonymity, l-diversity, and t-closeness against the background knowledge attacks and show that all these privacy models fail to preserve privacy against the comprehensive background knowledge adversarial model, which we formalized in this work. Comprehensive background knowledge attacks in privacy-preserving data publishing models are practical in many real-world applications, and we believe that the privacy model presented in this work advances the research findings in the area.
  • Thumbnail Image
    PublicationMetadata only
    PP-PRNU: PRNU-based source camera attribution with privacy-preserving applications
    (Springer, 06-08-2024) Jena, Riyanka; Singh, Priyanka; Mohanty, Manoranjan; Das, Maniklal; DA-IICT, Gandhinagar; Jena, Riyanka (201921012)
    Tracing the origin of digital images is a crucial concern in digital image forensics, where accurately identifying the source of an image is essential that leads important clues to investing and law enforcement agencies. Photo Response Non-Uniformity (PRNU) based camera attribution is an effective forensic tool for identifying the source camera of a crime scene image. The PRNU pattern approach helps investigators determine whether a specific camera captured a crime scene image using the Pearson correlation coefficient between the unique camera fingerprint and the PRNU noise. However, this approach raises privacy concerns as the camera fingerprint or the PRNU noise can be linked to non-crime images taken by the camera, potentially disclosing the photographer�s identity. To address this issue, we propose a novel PRNU-based source camera attribution scheme that enables forensic investigators to conduct criminal investigations while preserving privacy. In the proposed scheme, a camera fingerprint extracted from a set of known images and PRNU noise extracted from the anonymous image are divided into multiple shares using Shamir�s Secret Sharing (SSS). These shares are distributed to various cloud servers where correlation is computed on a share basis between the camera fingerprint and the PRNU noise. The partial correlation values are combined to obtain the final correlation value, determining whether the camera took the image. The security analysis and the experimental results demonstrate that the proposed scheme not only preserves privacy and ensures data confidentiality and integrity, but also is computationally efficient compared to existing methods. Specifically, the results showed that our scheme achieves similar accuracy in source camera attribution with a negligible decrease in performance compared to non-privacy-preserving methods and is computationally less expensive than state-of-the-art schemes. Our work advances research in image forensics by addressing the need for accurate source identification and privacy protection. The privacy-preserving approach is beneficial for scenarios where protecting the identity of the photographer is crucial, such as in whistleblower cases.
  • Thumbnail Image
    PublicationMetadata only
    Group data freshness scheme for outsourced data in distributed systems
    (Elsevier, 01-08-2022) Dwivedi, Amit Kumar; Kumar, Naveen; Das, Maniklal; DA-IICT, Gandhinagar
    Data freshness ensures accessing recent data that could help in achieving high business values and providing effective customer service. Group data freshness is a challenging aspect in a distributed outsourced environment, as stale data among different entities may mislead the business goal of the system. Generally, three-party data outsourcing model is found in practice: users, data owner, and�cloud service provider. The users require to register with the data owner to access data files directly from the cloud service provider. A scheme verifying the freshness of whole�outsourced data�of its readers is called the group data freshness auditing scheme (GDFAS). Existing GDFASs focus on a probabilistic guarantee and require high computational cost at the data owner. In this paper, an efficient group data freshness auditing scheme is proposed, where the data owner does auditing in a distributed system with the help of the system users. As the data owner is not directly involved in their user�s data access, it needs mechanisms such as auditing data through an additional third-party to ensure the data is fresh. However, the third-party data storage service provider may not be fully trusted by a data owner. In such context, auditing data with respect to its freshness property without involving additional third-party storage service is challenging, but would be more effective in terms of the system�s performance and efficacy. The proposed GDFAS provides real-time data freshness verification using�Merkle hash trees. In comparison to the existing scheme, it takes less computational cost at the data owner without involving any third party and less communication cost between the data owner and the service provider. The proposed GDFAS is implemented on the AWS cloud and the auditing cost at the data owner is experimentally evaluated. The proposed GDFAS is analyzed and compared with the relevant existing scheme and is found that the proposed GDFAS outperforms other schemes with respect to its security and efficiency.