ACM Transactions on Information and System Security

This article presents new protocols for onion routing anonymity networks. We define a provably secure privacy-preserving key agreement scheme in an identity-based infrastructure setting, and use it to design new onion routing circuit constructions. ...

Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting Trojan ...

Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces challenges in access ...

Query authentication is an essential component in Outsourced DataBase (ODB) systems. This article introduces efficient index structures for authenticating aggregation queries over large datasets. First, we design an index that features good performance ...

We revisit the problem of constructing a protocol for performing Authenticated Encryption with Associated Data (AEAD). A technique is described which combines a collision-resistant hash function with a protocol for Authenticated Encryption (AE). The ...

This article describes MPSS, a new way to do proactive secret sharing. MPSS provides mobility: The group of nodes holding the shares of the secret can change at each resharing, which is essential in a long-lived system. MPSS additionally allows the ...

Although Voice over IP (VoIP) is rapidly being adopted, its security implications are not yet fully understood. Since VoIP calls may traverse untrusted networks, packets should be encrypted to ensure confidentiality. However, we show that it is possible ...

With the growing adoption of Role-Based Access Control (RBAC) in commercial security and identity management products, how to facilitate the process of migrating a non-RBAC system to an RBAC system has become a problem with significant business impact. ...

Forward-Secure Signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer’s storage by evolving the private key in a one-way fashion. To simplify the integration of these primitives into standard security ...

Virtual coordinate systems provide an accurate and efficient service that allows hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all of the nodes in the network. Many of the proposed systems were designed ...

Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users ...

We propose the role-and-relation-based access control (R²BAC) model for workflow authorization systems. In R²BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine whether the user is allowed to perform a ...

Anonymity with identity escrow attempts to allow users of an online service to remain anonymous, while providing the possibility that the service owner can break the anonymity in exceptional circumstances, such as to assist in a criminal investigation. ...