Browsing by Author "Fong, Philip Wai Leung"

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    A Novel Approach to White-Box Policy Analysis
    (2013-01-25) Balasubramaniam, Jayalakshmi; Fong, Philip Wai Leung
    The access control systems in dynamic environments contain composite access control policies, that combine decisions from multiple component policies using policy combining algorithms. In such dynamic environments, analysis of policies is a challenge. In this thesis, I propose a white-box policy analysis Decision in Context (DIC), that would analyse component policies situated inside a composite policy. For generality, the DIC query is defined in an XACML-style policy composition framework. The DIC query is implemented via a reduction to either propositional satisfiability or pseudo boolean satisfiability instances, after which standard solvers can be invoked to complete the evaluation. Empirical analyses have been conducted to compare the relative efficiency of the SAT and PBS encodings. The latter is found to be the more effective encoding, in reducing DIC queries containing majority voting policy combining algorithms.
  • Thumbnail Image
    ItemOpen Access
    Contribution to Proof-of-Location Systems
    (2023-05-03) Akand, Md Mamunur Rashid; Safavi-Naeini, Reyhaneh Alsadat; Fong, Philip Wai Leung; Reardon, Joel Christopher; Yanushkevich, Svetlana; Clark, Jeremy
    Proof-of-Location (POL) is a type of credential system that allows a user to obtain proof-of-location tokens (pol), attesting their visit to some location at some time, that they can later present to another party for receiving services. POL is gaining popularity due to its numerous applications, including location-based rewards, multi-factor authentication, and access control. POLs require a secure technique to verify the user’s location or proximity to a trusted infrastructure node as a prerequisite for issuing a pol token. Distance bounding protocols satisfy the required security properties that securely put an upper bound between two entities in real-time, and are thus considered an essential building block in designing proof-of-location systems. In this thesis, a number of shortcomings in POL systems and in distance bounding protocols are identified and addressed. The thesis is divided into two parts – the first part focuses on the modeling and designing of POL systems, physical attack on infrastructure nodes of POL systems, composability of POL with other protocols, user-controlled access of pol tokens, and verifying a sequence of pol tokens that are stored on an untrusted user’s device. The second part concentrates on the building block of POL systems – the distance bounding protocols, which offer cryptographic security to verify the proximity between two entities. The research aims to address the challenges of existing distance bounding protocols, such as high implementation costs and vulnerability to attacks using directional antennas and collusion of multiple users. Consequently, the contributions of this thesis are presented in five sections, each covering one or more research problems, including providing a solid foundation for the design and analysis of POL systems and designing provably secure POL schemes that protect user anonymity against pol issuer and verifier, protecting against location tampering attacks on infrastructure nodes, ensuring user-controlled pol accessibility when the user is offline, preserving security guarantees when POL is composed with other protocols, proving a subsequence of POL tokens while ensuring efficient storage and user anonymity, designing distance bounding protocols that do not require multiple rounds in the fast-exchange phase, and protecting distance bounding protocols from novel attacks while ensuring user anonymity.