Cryptology and Rights Management
![[topcap]](/images/floating_sidebar_topcap.png){kind=small}
Research Areas
![[bottomcap]](/images/floating_sidebar_bottomcap.png){kind=small}
Controlling information from being read or altered by others, preserving marks of ownership and origin, and breaking the code of adversaries are all of interest in information security. CERIAS expertise and interest includes encryption, number theoretic foundations, cryptanalysis, optical encryption, watermarking (of images, audio, movies), research in natural language digital rights protection including natural language watermarking and tamperproofing, automated security (de)classification of documents, cryptographic protocols, cybercash, trusted voting and bidding protocols, and intellectual property laws.
A Novel Approach to Robust, Secured, and Cancellable Biometrics
Biometrics is to automatically identify or verify a person using physical, biological, and behavior characteristics, which include face, iris, fingerprints, hand geometry, voice, and etc. Compared to the traditional identification and verification methods (such as, some paper, plastic ID card, or password), biometrics is more convenient for users, reduces fraud, and can be more secure. Biometrics is becoming an important ally of security, intelligence, and law enforcement.
However, there are concerns about biometrics for daily life applications, such as security issues, privacy issues, standards, and etc. Among them, the biggest concern is the security of the biometric data. Unlike traditional identity methods, it is very hard, sometimes impossible, to re-issue a person’s biometric data. If biometric data is obtained, for example compromised due to identity theft, the user will lose control over them forever and lose his/her identity.
Some researchers proposed to encrypt biometric data. They are using quite standard methods such as Advanced Encryption Standard (AES) and Public key cryptosystem RSA and cryptographic hash functions. The main issue related to them is key and key management, which has been studied independently from biometrics. As a result, there is a lack of research on the dependent relation between biometrics and encryption/integrity/key management and on comprehensive mechanisms involving authentication, encryption, data integrity, and key management.
Recently, some biometric researchers have proposed cancellable biometrics, which allows the system to re-issue the biometric for a user. The key idea of the cancellable biometrics is to distort the biometric image/signal/features before matching. The distortion parameters can be easily changed, which provides the cancelable nature of the scheme.
However, few if any have combined encryption and cancellable biometrics together to ensure the security of biometric data in storage, transmission, and identification. The simple and naïve approach is to put them together by designing a cancellable biometric method and applying encryption. This approach does not take consideration of the characteristics of biometrics and would not be applicable to real-life scenarios.
In this project, we propose a robust, secured, and cancellable biometrics method, which incorporates the encryption/key/key management into the cancellable biometric method design to provide the optimum solution. The PIs are experts in the field of biometrics, security, and network administration, which are essential for the success of this project.
Trusted Medical Information System and Health Informatics
In December of 2004 a US Marine is severely wounded during combat operations in Iraq. After receiving world class treatment at Bethesda Naval Hospital and the Indianapolis VA medical center, the patient is able to carry on a normal civilian life in Indianapolis. Several months later the veteran gets in an accident and is transported via medi-vac to a non-VA facility trauma center in Indianapolis for care. The provider looks up the patient’s data using the Indiana Health Information Exchange and the patient has a highly positive outcome. This outcome is only because critically important medical data was made available to the provider at the right time via a collaborative database between local hospitals. This scenario is only possible if VA hospitals can securely manage sharing of data between non VA health care facilities and themselves. The security schema the VA needs to meet this is a highly secure, manageable, portable, scalable, granular to the record & field level and most importantly cost effective security architecture.
It is with great enthusiasm we present the VISTALOCK security schema to the Department of Veterans Affairs. The scientists who have invented this technology are offering the Department of Veterans Affairs the opportunity to collaborate with them by implementing the already developed and proven technology across the VA Health Care domain. The VISTALOCK security architecture, using TEGO technology, is designed to be flexible and adaptable to support the security needs of VA and ALL of its national, regional and local affiliates.
VISTALOCK addresses four major security functions needed in collaborative data exchange and sharing, that is, Hierarchical Access Control (HAC), Secure Group Communication (SGC); Differential Access Control (DAC); Secure Dynamic Conferencing (SDC), enforces confidentiality, integrity, authentication, and fine tuned authorized access of patient records with granularity to the field and record level based on Cryptography and Key Management, and provides the capabilities of scalability, efficiency, dynamics, flexibility, and transparence.
The VISTALOCK security system is a bolt on security architecture that works in addition to the existing system(s) for which it protects, it will require no changes to the VISTA database repository and will act as a security gateway for all VISTA data traffic between the client and host. The VA will be able to apply best of breed technology to its security architecture, by providing modular and portable security services to the Vista/HealtheVET system. This enables the VA to continue full speed ahead with HealtheVET development as planned while still enabling secured collaborative data sharing capabilities to its architecture with external local health care facilities and practices.
Secure Group Communication Over wired/wireless networks
Secure group communications (SGC) refers to a setting in which a group of participants can send and receive messages (sent to the group members), in a way that outsiders are unable to glean information even if they are able to intercept the messages. SGC is important because several prevalent applications require it. These applications include teleconferencing, tele-medicine, real-time information services, distributed interactive simulations, collaborative work, interactive games and the deployment of VPN (Virtual Private Networks). The goals for this project are four-fold: 1. study various issues enabling SGC which include, but are not limited to, group key management, burst behavior and efficient burst operations, membership management, group member admission control, authentication and non-repudiation; 2. study and provide solutions for specific SGC scenarios such as dynamic conferencing and SGC with hierarchical access control; 3. investigate research challenges for SGC over wireless/mobile environments; 4. integrate research results into the curriculum and perform public dissemination of findings and software.
Cryptanalysis of RSA
We study the minimum period of the Bell numbers, which arise in combinatorics, modulo a prime. It is shown that this period is probably always equal to its maximum possible value. Interesting new divisibility theorems are proved for possible prime divisors of the maximum possible period. The conclusion is that these numbers are not suitable for use as RSA public keys.
Data Anonymization
Agencies and other organizations often need to publish microdata, e.g., medical data or census data, for research and other purposes. While the released datasets provide valuable information to researchers, they also contain sensitive information about individuals whose privacy may be at risk. To reduce the disclosure risks, one approach is to anonymize the microdata before it is released. Research in data anonymization aims at limiting disclosure risks to an acceptable level while maximizing data utility. In this project, we study several fundamental issues in balancing the privacy with utility in microdata publishing. Some of the research directions are as follows. First, existing privacy requirements in data publishing, such as k-anonymity, l-diversity, and t-closeness, all have limitations and shortcomings in protecting attribute disclosure while preserving data utility. We work on building a robust and effective privacy requirement. Second, when the adversary has additional background knowledge about the dataset, she would be able to make more precise inference on the individuals’ sensitive attribute values. We study approaches to model the adversary’s background knowledge and techniques to prevent background knowledge attacks. Third, few existing research work studies anonymization of datasets that are continuously updated. Such a dynamic setting requires defining a new notion of privacy and proposing techniques to achieve the privacy requirement. Finally, a careful study of privacy/utility trade-off will help us better understand the whole data publishing process.
Steganography on Criminal Suspect Computers Project
The installation and use of steganographic applications leave traces of these activities on the host system. Using disk images from seized computers, researchers use host system artifact detection software to determine if there is evidence of steganography software installed on these seized hard drives. The results are then be analyzed to determine the relative percentage of hard drives in the sample which showed evidence of installation and/or use of steganographic embedding applications, and what the applications of choice were in relation to the crimes committed with the computers in question. Results of research to date are being published.
Image Hashing and Comparison Project
The goals of the Image Hashing and Comparison Project are to develop methods for creating “fuzzy” hashes of digital images. Unlike a cryptographic digital hash which is sensitive to any change in the source content, a fuzzy hash will be tolerant of manipulations to a digital image. This allows derivative images, which have been resized, cropped, or rotated, to be linked to the original source image. A provisional patent application has been issued on the project’s accomplishments so far, and research continues on new image hashing techniques. A working prototype leading to possible product commercialization is being developed.
Image Forensics
With digital images replacing their analog counterparts in more and more venues, and increasing functionality of image editing softwares, reliable forensic tools that help establish the origin, authenticity, and the chain of custody of digital images are becoming indispensable. These tools can prove to be vital whenever questions of digital image integrity are raised. There are various levels at which the image source identification problem can be addressed. One may want to find the particular device (digital camera or scanner), which generated the image, or one might be interested in knowing only the make and model of the device. We have developed reliable methods for image source classification and source scanner identification. Dividing images into camera generated or scanned images, is an essential step before applying the source identification algorithms specific to one class or the other. Source scanner identification may be of crucial importance in situations such as e-commerce between banks using scanned checks. Two key steps of our image forensics algorithms are extraction of appropriate features from the images and training of classifiers such as SVM. Our feature vector based methods allow close to 90% classification accuracy on a set of ten scanners and ten digital cameras. Future work in this direction will allow reliable image source identification from images undergone post-processing such as cropping, compression, sub-sampling, rotation and different kinds of filtering operations.
Collaborative Attacks in WiMAX
In this paper, we discuss security problems, with a focus on collaborative attacks, in the Worldwide Interoperability for Microwave Access (WiMAX) scenario. The WiMAX protocol suite, which includes but is not limited to DOCSIS, DES, and AES, consists of a large number of protocols. We present briefly the WiMAX standard and its vulnerabilities. We pinpoint the problems with individual protocols in the WiMAX protocol suite, and discuss collaborative attacks on WiMAX systems. We present several typical WiMAX attack scenarios, including: bringing a large number of attackers to increase their computation power and break WiMAX protocols; assembling a sufficient number of attackers to influence the decision-making of core machines, which includes routing attacks and Sybil attacks; and exploiting implementations that do not conform to the WiMAX specification completely, causing interoperability problems among various protocols, including the ones in typical WiMAX/WiFi/LAN deployment scenarios. We present theoretical models and practical solutions to profile, model, and analyze collaborative attacks in WiMAX. We employ attack graphs to do vulnerability analysis. Experimental results verify our models and validate our analysis.
Defending against Collaborative Packet Drop Attacks on MANET
Detecting packet drop attacks is important for security of MANETs and current random audit based mechanism cannot detect collaborative attacks. In this paper, we design a hash function based method to generate node behavioral proofs that contain information from both data traffic and forwarding paths. The new method is robust against collaborative attacks described in the paper and it introduces limited computing overhead on the intermediate nodes. We investigate the security of the proposed approach and design schemes to further reduce the overhead.
