Browsing by Author "Fong, Philip W. L."

Now showing 1 - 12 of 12
  • Thumbnail Image
    ItemOpen Access
    A View-Based Protection Model to Prevent Inference Attacks by Third-Party Extensions to Social Computing Platforms
    (2016-01-18) Ahmadinejad, Seyed Hossein; Fong, Philip W. L.; Fong, Philip W. L.; Safavi-Naini, Reihaneh; Locasto, Michael E.; Bauer, Mark; Debbabi, Mourad
    The recent significant growth in popularity of Social Network Systems (SNSs) raised serious concerns regarding user privacy. One of such concerns, called inference attacks, is the leakage of users' private information from their public information. This dissertation identifies a more dangerous type of inference attacks where users' private information is inferred by third-party extensions to SNS platforms. SNSs provide an Application Programming Interface (API) that could be used by third-party applications to access SNS user profiles, and in return provide some functionality for the users. Systematic inference of user inaccessible information by third-party extensions from the information accessible through the SNS APIs is called SNS API inference attacks. Due to the large number of users who subscribe to third-party extensions, even with a meager success rate, SNS API inference attacks could violate the privacy of millions of users. Moreover, SNS API inference attacks could be used as a building block for further security attacks (e.g., identification attacks). This work first evaluate the feasibility of SNS API inference attacks by conducting an experiment where sample inference algorithms will be developed and executed against enough number of real user profiles and then their success rate will be assessed. Next, a view-based protection model will be proposed for the purpose of preventing SNS API inference attacks. This model allows users to share a sanitized version of their profiles with extensions. Sanitizing transformations must be designed to preserve both privacy and usefulness of the user profiles. The proposed model has a theoretical framework that defines measures to evaluate the effectiveness of sanitizing transformations. The theoretical framework will be paired with an enforcement model to show how transformations can actually be designed and sanitize user profiles. The enforcement model will include a declarative language for articulating transformations. Moreover, the enforcement model will have a model of computation that can describe transformations and access queries. The proposed model of computation has enough expressive power and meets the required properties. Finally, the proposed model will be evaluated by assessing the correctness of the theoretical framework and the enforcement model.
  • Thumbnail Image
    ItemOpen Access
    A Capability-based System to Enforce Context-aware Permission Sequence
    (2020-01-31) Li, Shuai; Safavi-Naini, Reihaneh S.; Fong, Philip W. L.; Reardon, Joel
    With the rise of the Internet of Things, the need for distributed authorization is fast growing. We consider a capability-based distributed authorization system where a client obtains access tokens (capabilities) from an authorization server and by presenting them to a resource server, obtains access. We propose a capability system that provides efficient and refined (conditional) access to resources. It supports “ordered permission” and “context”, and so allows a sequence of permissions to be enforced, each with their own specific context. We prove the safety property of this system for these conditions, show how it can be incorporated in the OAuth framework, and give an implementation of the system - Griffin that uses OAuth 2.0 with proof-of-possession token and attribute-based access control model.
  • Thumbnail Image
    ItemOpen Access
    Contributions to Behavioral Authentication Systems
    (2021-01-27) Islam, Md Morshedul; Safavi-Naini, Reihaneh; Fong, Philip W. L.; Jacobson, Michael John; Yanushkevich, Svetlana N.; Mannan, Mohammad
    Behavioral Authentication (BA) systems authenticate users through their behavioral characteristics. BA systems construct behavioral profiles of users from their well-designed activities, and store profiles in a profile database on the system. For a verification request, a verification algorithm evaluates the request by comparing the provided verification data with the stored profile. In this thesis, we identify a number of shortcomings of these systems that are motivated by the application of these systems in practice. We study these shortcomings and propose solutions to address each. We designed, implemented and evaluated an activity-based BA system for mobile devices that is used to evaluate our proposed systems, experimentally. In more details, we proposed a challenge-response based BA system named DAC (Draw A Circle) and later extended it to eDAC (extended DAC) to improve its accuracy and usability. In both systems, behavioral data are from users’ response to drawing challenge circles. Through extensive analysis and experiments, we chose a set of features that are non-shareable and non-emulatable, and developed a verification algorithm that can successfully authenticate users with overwhelming probability. We studied the effect of database size on verification error, and that verification error increases with the database size. We introduced the notion of scalability of BA systems that requires the error probability of the system to remain (almost) the same as profile database grows; proposed personalization of verification to achieve scalability. To estimate information in BA systems, we used Biometric Information (BI), and Biometric System Entropy (BSE), two different but related approaches used for information measure in biometric-based systems. We studied the applicability of these measures for BA systems. For cryptographic applications, we proposed BAVault, a fuzzy vault based on the profiles in BA systems that can protect a secret key (message) of reasonable length. BAVault ensures profile privacy, even when the key is known. For profile privacy in profile databases and privacy-preserving verification, we proposed a non-cryptographic approach that uses an efficient profile transformation called random projection, projects a profile (verification data) into a lower dimension space and ensures their privacy. The verification is done in the transformed domain using a similar verification algorithm. Finally, we show an attack on BA systems when the verification algorithm uses the outputs of the classifier for verification decision. To impersonate a user of the BA systems, the attacker will utilize the information leakage of the verification algorithm about the output of the classifier. In all the above cases, we implemented our proposed approach and evaluated their performance.
  • Thumbnail Image
    ItemOpen Access
    Efficient Multiparty Computation from Lossy Threshold Encryption
    (2019-09-26) Nargis, Isheeta; Eberly, Wayne; Jacobson, Michael S.; Safavi-Naini, Reihaneh S.; Fong, Philip W. L.; Reardon, Joel; Yadid-Pecht, Orly; Wei, Ruizhong
    This dissertation includes four contributions concerning secure multiparty computation. The first contribution is a new lossy threshold encryption scheme. This is the first encryption scheme that is both a lossy and a threshold encryption scheme. The second contribution is a new oblivious transfer protocol secure against erasure-free one-sided active adaptive adversaries. The third contribution is a new two-party computation protocol for the evaluation of boolean circuits that is secure against erasure-free one-sided active adaptive adversaries. As a building block of this protocol, a new cut-and-choose oblivious transfer protocol is designed. The fourth contribution is a new multiparty computation protocol for the evaluation of arithmetic circuits that is secure against covert adversaries. Protocols that are part of the second, third and fourth contributions improve the communication complexity, the number of public key encryption operations and the number of exponentiation operations over existing protocols for the same problems that provide the same or higher levels of security.
  • Thumbnail Image
    ItemOpen Access
    New Approaches for Secure Distance- Bounding
    (2018-05-23) Ahmadi Fatlaki, Ahmad; Safavi-Naini, Reihaneh S.; Fong, Philip W. L.; Jacobson, Michael J.; O'Keefe, Kyle P. G.; Valaee, Shahrokh
    In this thesis we design and implement three aspects of secure distance-bounding (DB) schemes as a type of authentication scheme that considers distance as an extra verification parameter. By adding this new parameter to authentication schemes, we can prevent certain attacks that are related to distance, such as relay attack. In fact, the attacking scenarios can be much more complex than the simple relay attack, in addition to the classic authentication scheme attacks. In this thesis we consider the most advanced distance-bounding attack scenarios in a variety of authentication models. We consider three authentication models in order to add the distance as an extra authentication factor: public-key and anonymous DB are the main fields of this thesis that consider strong adversary with access to directional antenna, and we consider One-Shot DB as a one-message authentication scheme. Each of these fields make a chapter of this thesis. Public-Key Distance-Bounding. In a public-key DB scheme, a prover who owns a key pair and is located within a distance bound to a verifier, who has access to the public-key of the prover, tries to convince the verifier that it is authentic and located within the distance bound. We provide a formal model and two protocols with security proofs. Anonymous Distance-Bounding. In an anonymous DB scheme, a prover who owns a registration certificate and is located within a distance bound to a verifier, who only has access to the public parameters of the system, tries to convince the verifier that it is authentic and located within the distance bound without revealing its identity. We provide a formal model and two secure protocols. One-Shot Distance-Bounding. In an one-shot DB scheme, a prover who owns a secret key and is located within a distance bound to a verifier, who has access to the corresponding key of the prover, tries to convince the verifier that it is authentic and located within the distance bound without receiving any message from the verifier. We provide a formal model and a secure protocol.
  • Thumbnail Image
    ItemOpen Access
    Privacy in Geo-social Networking Systems
    (2016) Tarameshloo, Ebrahim; Fong, Philip W. L.; Carpendale, Sheelagh; Safavi-Naeini, Reyhaneh; Wang, Xin; Tripunitara, Mahesh
    With the proliferation of the Internet and GPS enabled smartphones, Geo-Social Computing Systems (GSCS) have seen widespread adoption. Facebook, Twitter, Waze, Geofeedia, WeLink are among the many GSCS with various members and services. These systems rapidly gained traction for two types of target users, a) GSCS members (data contributors), and b) GSCS data consumers.Although GSCS deliver valuable services, they also generate a host of privacy challenges. Protecting members' identity and their location information is a notable challenge in GSCS. Close examination of nine real life GSCS applications enabled me to identify four major challenges that can lead to insufficient privacy protection for members of GSCS. Unregulated access, policy conformity, privacy in publishing GSCS data, and data utility in published data are the focus of the challenges. Contributions of this thesis can be categorized into two main perspectives within the identified challenges. First, privacy of members inside the geo-social computing systems and second, privacy of members when these systems publish members' data. In each identified privacy challenge, I proposed an approach to address the challenge, and developed my designed approaches to demonstrate a tangible solution for each challenge. The results of this research provide knowledge that can help other researchers to recognize and address more privacy concerns in the GSNSs environment. This knowledge includes insight into theory and practice of privacy within the context of access control models, policy enforcement in a federated environment, privacy attacks and countermeasures in published data, and analytic tools for privacy experts.
  • Thumbnail Image
    ItemRestricted
    Satisfiability and feasibility in a relationship-based workflow authorization model
    (2012-09) Khan, Arif Akram; Fong, Philip W. L.
    A workflow authorization model is defined in the framework of Relationship-Based Access Control (ReBAC), in which the protection state is a social network. Armed with this model, a new decision problem called workflow feasibility is studied. The goal is to ensure that the space of protection states contains at least one member in which the workflow specification can be executed to completion. A sufficient condition is identified under which feasibil­ity can be decided by a refutation procedure that is both sound and complete. A formal specification language, based on a monotonic fragment of the Propositional Dynamic Logic (PDL), is proposed for specifying protection state spaces. The adoption of this language renders workflow feasibility NP-complete in the general case but polynomial-time decidable for an important family of workflows. A model checker for this POL-based language is im­plemented. Hybridization of this PDL-fragment is examined. Satisfiability and feasibility of workflows with XOR-patterns are analyzed as well.
  • Thumbnail Image
    ItemOpen Access
    Smart Home with Resilience Against Cloud Disconnection
    (2018-09-17) Doan, Tam Thanh; Safavi-Naini, Reihaneh S.; Fong, Philip W. L.; Sharlin, Ehud
    Kevin Aston, one who coined the term, described Internet of Things (IoT) as computers that knew everything there was to know about things. Having such computers enable us to use the data to track and count everything, which results in huge reduction of waste and cost. A smart home is equipped with hundreds of sensors that perform measurements, and in combination with other data sources (e.g., third-party data), provides smarts that are used for personalization and automated services, as well as improving efficiency and convenience for its residents. Today's smart home platforms are primarily cloud-based, devices in the home that sense the environment and send the collected data, directly or through a hub, to the cloud. Clouds run various applications and analytics on the collected data and generate commands according to the users' specifications, that are sent to the actuators to control the environment. Focusing on cloud dependency of smart homes, this thesis makes two contributions. Design of a secure event logging system for a host-based smart home, SHEL. A secure and reliable event logging system is an essential component of smart homes with a wide range of applications such as fault detection, forensics, and accounting. We propose a host-based conceptual framework for storing and processing data in smart homes, analyze security requirements of such environments. We give an overview of our implementation of a message (event) logging system for a typical home and present the efficiency evaluation of our cryptographic design. Propose a resilient smart home. We ask the following question: What if the cloud is not available?This can happen not only by accident or natural causes but also due to targeted attacks. The role of the hub in this setup is effectively message passing between the devices and the cloud, while the required analytics, computation, and control are all performed by the cloud. We discuss possible effects of such unavailability on the functionalities that are commonly available in smart homes, including security and safety related services as well as support for health and well-being of home users. We propose the software architecture of RES-Hub, a hub that can provide the required functionalities when the cloud is unavailable. During the normal functioning of the system, RES-Hub will receive regular status updates from the cloud and will use this information to continue to provide the user-specified services when it detects the cloud is down. We describe an IoTivity-based software architecture that is used to implement RES-Hub in a flexible and expendable way and discuss our implementation.
  • Thumbnail Image
    ItemOpen Access
    Social Control and Interactivity in Anonymous Public Events
    (2024-09-05) Rahman, Mushfekur; Fong, Philip W. L.; Fong, Philip W. L.; Safavi-Naini, Reihaneh; De Carli, Lorenzo
    Online event hosting platforms, such as Zoom Meetings and Twitch Streams, have revolutionized the way we socialize with one another. These platforms offer a rich set of interactive features such as live chat and gestures, enabling dynamic and engaging social events. In public events, however, participants are not well-known entities originating from the same institution, and thus traditional access control fails to provide means for maintaining order without disrupting interactivity. Zoombombing and cyberbullying in Twitch streams are symptoms of this dilemma. The design of the aforementioned event hosting systems thus resort to social control mechanisms that allow moderators to monitor the social interactions of the participants and respond to disorderly behavior in real time. The designer of an event hosting system needs to make sure that social control mechanisms preserve interactivity expectations. In this work, we introduce HIPE (Highly Interactive Public Event), a framework for modelling social control mechanisms, articulating interactivity expectations, as well as verifying if social control interferes with interactivity. We catalogued four classes of social control mechanisms that can be reused in the design of event hosting systems, namely sanction, remedy, containment, and retaliation. Additionally, we formulated a 2-safety hyperproperty characterization of interactivity called (a, p)-interactivity and a stricter version, strong (a, p)-interactivity, to express the degree of interactivity expected of an event hosting system. Furthermore, we designed model checking algorithms for verifying both (a, p)-interactivity and strong (a, p)-interactivity. An empirical case study has been conducted to illustrate the interplay between social control and interactivity, as well as to evaluate the performance of our model checking algorithm. To the best of our knowledge this is the first work to formally study the balancing of social control and interactivity in anonymous public events.
  • Thumbnail Image
    ItemOpen Access
  • Thumbnail Image
    ItemOpen Access
    The SUDO Framework: For Data Organization And Efficient Query Authorization For NoSQL Databases
    (2020-12-07) Rizvi, Syed Zain R.; Fong, Philip W. L.; Fong, Philip W. L.; Barker, Kenneth E.; Safavi-Naeini, Reyhaneh A.; Zach, Richard; Reardon, Joel C.; Tawbi, Nadia
    Due to the variety of NoSQL databases and database models, along with their schemaless nature, it has been a challenge to develop a framework that can enforce fine-grained access control policies and can be applicable to multiple NoSQL databases ranging over a variety of database models. In this thesis we present SUDO: Semi- / Unstructured Data Organization Framework for defining pseudo-dynamic schemata. The SUDO framework is comprised of four main features. i) SUDO is designed to be applicable to multiple NoSQL database technologies and models. ii) SUDO operates between the database and the application layer. iii) SUDO provides the tools for defining a pseudo-dynamic schema for databases with semi-structured or unstructured data. The pseudo-dynamic schema is based on Description Logic ontology. iv) SUDO provides the tools for validating database queries against that pseudo-dynamic schema and weaving queries and access control policies to simultaneously evaluate and authorize the query results.We present the SUDO framework in three parts. First, we present AReBAC, an attribute-supporting ReBAC model for Neo4j, a graph database. AReBAC focuses on weaving queries and policies for efficient authorization. AReBAC is also accompanied by GP-Eval, a query evaluation algorithm that surprisingly performs orders of magnitudes faster than the Cypher query evaluation engine provided by Neo4j, and introduces a new constraint satisfaction programming technique that we dubbed Live-End Backjumping. Next, we present SUDO as a framework for MongoDB, a document-based database. At this stage we focus on defining a pseudo-dynamic schema for a MongoDB state, and validating database queries against the pseudo-dynamic schema. Finally, we further extend SUDO by presenting a set of relations between queries and polices required to weave the two together and form a query that simultaneously evaluates and authorizes the query results. We also present a set of tests to verify if a query and a policy are compatible with each other, and identify the reason for incompatibility (if any). We then generalize SUDO so that it is not only specific to MongoDB, by presenting AReBAC as an extension of SUDO, and applying SUDO to Cassandra, a wide-column database.
  • Thumbnail Image
    ItemOpen Access
    Weighted Raft and its Application to Geographically Distributed Servers
    (2018-09-17) Liu, Xi; Safavi-Naini, Reihaneh; Safavi-Naini, Reihanah; Fong, Philip W. L.; Reardon, Joel
    Modern application are usually deployed in a distributed architecture where several servers are involved in providing service to users. Distributed systems offer fault tolerance and increased availability. In some cases, the servers are distributed in different geographic locations to reduce latency and provide better service to end users. Keeping data consistent across servers is a fundamental problem. Raft consensus algorithm has been prepared to achieve data consistency in the presence of server failure. In Raft, servers elect a leader server that manages client-side requests and updates the data files. Each server has the same chance to becoming a leader. Although typical Raft servers are in a local cluster, in many natural applications, Raft can be used in a geographically distributed setting to ensure data consistency. In such a setting, it is natural to allow the “closest” server to a user to respond to the user request. The notation of “closeness” could capture not only geographic location but also network connectivity and capacity. Motivated by the above challenge, we propose Geo-Raft which is the application of Raft protocol in geographically distributed systems. To reduce the performance cost, we add weights to servers’ election timeout to enable the most suitable server to be elected as the leader and serve the users. We propose a model to optimize Geo-Raft performance and present an approach to determine Raft timeouts for a given set of weights. We discuss our results and directions for future work.