|
Publications.
- Xin Zhang, Abhishek Jain, Adrian Perrig
Packet Dropping Adversary Identification for Data Plane Security
CoNEXT 2008
-- 4th ACM International Conference on emerging Networking EXperiments and Technologies
Nearly two decades ago, Perlman first studied packet dropping attacks on routing paths in the context of data-plane security. However, until recently, the design of packet dropping adversary identification protocols that are simultaneously robust to both benign packet loss and malicious behavior has proven to be surprisingly elusive. In this paper, we strive to propose a secure and practical packet-dropping adversary localization scheme that is robust (in the sense as described earlier) and simultaneously achieves high detection rate and low communication and storage overhead -- the three key performance metrics for such protocols in realistic settings. Recent work optimizes either the detection rate or the communication overhead only. We systematically explore the design space of acknowledgment based protocols to identify a packet dropping adversary on a forwarding path from a source to a destination. In particular, we investigate a set of primitive protocols where each protocol exemplifies a design dimension; and examine the underlying tradeoff between the performance metrics. For each primitive protocol, we present both upper/lower performance bounds via theoretical analysis and average-case results via simulations. We conclude that the proposed PAI-1 protocol outperforms other related schemes in terms of practicality in a realistic network setting.
- Vipul Goyal, Abhishek Jain, Omkant Pandey, Amit Sahai
Bounded Ciphertext Policy Attribute based Encryption
ICALP 2008
-- 35th International Colloquium on Automata, Languages and Programming
In a ciphertext policy attribute based encryption system, a user's private key is associated with a set of attributes (describing the user) and an encrypted ciphertext will specify an access policy over attributes. A user will be able to decrypt if and only if his attributes satisfy the ciphertext's policy. In this work, we present the first construction of a ciphertext-policy attribute based encryption scheme having a security proof based on a number theoretic assumption and supporting advanced access structures. Previous CP-ABE systems could either support only very limited access structures or had a proof of security only in the generic group model. Our construction can support access structures which can be represented by a bounded size access tree with threshold gates as its nodes. The bound on the size of the access trees is chosen at the time of the system setup. Our security proof is based on the standard Decisional Bilinear Diffie-Hellman assumption.
- Jun Han, Abhishek Jain, Mark Luk, Adrian Perrig
Don't Sweat Your Privacy: Using Humidity to Detect Human Presence UbiPriv 2007
-- 5th International Workshop on Privacy in UbiComp
Sensor nodes are increasingly deployed in many environments. Most of these nodes feature onboard sensor chips to measure environmental data such as humidity, temperature and light. In this paper, we show that seemingly innocuous and non-sensitive data such as humidity measurements can disclose private information such as human presence. We conduct several experiments using Telos motes running TinyOS to justify our claims. Our results motivate the need for research to investigate mechanisms to prevent the leakage of private information.
- Vipul Goyal, Abhishek Jain, Jean Jacques Quisquater
Improvements to Mitchell's Remote User Authentication Protocol ICISC 2005
-- 8th International Conference on Information Security and Cryptography
A provably secure protocol for remote authentication is presented.
Only public information is stored at the verifying host that makes our scheme
resistant to server compromise. We use one time signatures coupled with offline
transcripts for synchronization. Due to sole usage of fast cryptographic hash
functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks.
|