Efficient schemes for anonymous credential with reputation support

Yu, Kin-ying., 余見英.

January 2012

Anonymous credential is an important tool to protect the identity of users in the Internet for various reasons (e.g. free open speech) even when a service provider (SP) requires user authentication. Yet, misbehaving users may use anonymity for malicious purposes and SP would have no way to refrain these users from creating further damages. Revocable anonymous credential allows SP to revoke a particular anonymous user based on the observed behavior of a session the user conducted. However, such kind of all-or-nothing revocation does not work well with the “Web 2.0” applications because it does not give a user a second chance to remedy a misconduct, nor rewards for positive behaviors. Reputation support is vital for these platforms. In this thesis, we propose two schemes with different strengths that solve this privacy and reputation dilemma. Our first scheme, PE(AR)2, aims to empower anonymous credential based authentication with revocation and rewarding support. The scheme is efficient, outperforms PEREA which was the most efficient solution to this problem, with an authentication time complexity O(1) as compared with other related works that has dependency on either the user side storage or the blacklist size. PEREA has a few drawbacks that make it vulnerable and not practical enough. Our scheme fixes PEREA's vulnerability together with efficiency improvement. Our benchmark on PE(AR)2 shows that an SP can handle over 160 requests/second when the credentials store 1000 single-use tickets, which outperforms PEREA with a 460 fold efficiency improvement. Our second scheme, SAC, aims to provide a revocation and full reputation support over anonymous credential based authentication system. With a small efficiency trade-o_ as compared with PE(AR)2, the scheme now supports both positive and negative scores. The scoring mechanism is now much more flexible, that SP could modify the rated score of any active sessions, or declare that no more rating should be given to it and mark it as finalized. SAC provides a much more elastic user side credential storage, there is no practical limit on the number of authentication sessions associated with a credential. Unlike other schemes, SAC make use of a combined membership proof instead of multiple non-membership proofs to distinguish if a session is active, finalized, or blacklisted. This special consideration has contributed to the reduction of efficiency-flexibility trade-off from PE(AR)2, making the scheme stay practical in terms of authentication time. Our benchmark on SAC shows that an SP can handle over 2.9 requests/second when the credentials store 10000 active sessions, which outperforms BLACR-Express (a related work based on pairing cryptography with full reputation support) with a 131 fold efficiency improvement. Then we analyze the potential difficulties for adopting the solutions to any existing web applications. We present a plugin based approach such that our solutions could run on a user web browser directly, and how a service provider could instruct the plugin to communicate using our protocol in HTML context. We conclude our thesis stating the solutions are practical, efficient and easy to integrate in real world scenario, and discuss potential future works. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

Internet - Security measures.

Dispersability and vulnerability analysis certificate systems

Jung, Eunjin

28 August 2008

Not available / text

Internet--Security measures

Determination of the internal exposure hazard from plutonium work in an open front hood

Olson, Cheryl Lynn

28 August 2008

Not available

Plutonium--Safety measures

SECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION).

LU, WEN-PAI.

January 1986

This dissertation concerns investigations on two of the most important problems in establishing communication security in computer networks: (1) developing a model which precisely describes the mechanism that enforces the security policy and requirements for a secure network, and (2) designing a key management scheme for establishing a secure session for end-to-end encryption between a pair of communicants. The security mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems attached to a computer communication network. The mechanism also controls the accesses to the network devices by the subjects (users and processes executed on behalf of the users). The communication security problem is formulated by using a mathematical model which precisely describes the security requirements for the network. The model integrates the notions of access control and information flow control to provide a Trusted Network Base (TNB) for the network. The demonstration of security of the network when the security mechanism is designed following the present model is given by using mathematical induction techniques. The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destination pairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is examined. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.

Computer networks -- Security measures.

Radiation hazards of building materials

吳楚儀, Ng, Chor-yi.

January 1991

published_or_final_version / Radioisotope / Master / Master of Philosophy

Building materials - Safety measures.

THE STRUCTURE OF CERTAIN TWO-DIMENSIONAL PROBABILITY MEASURES

Crosby, David S., 1938-

January 1967

No description available.

Probabilities.

Probability measures.

The effects of different types of mouthguards on ventilation /

Blyth, Annie

January 2005

Athletes wear mouthguards to decrease the risk of injuries. However, many athletes resist wearing mouthguards due to problems with speech and breathing during play. Breathing difficulties may suggest limitations with ventilation. The purpose of this study was to examine peak inspiratory and peak expiratory air flow at different ventilatory rates using various types of mouthguards and a no mouthguard condition. Mouthguards were fitted into a dental model and air was ventilated through the model at three flow rates (30, 45, 60 strokes·min-1) using 2 and 3 L syringes. Flows were recorded using a Medisoft Ergocard. Peak flows (L·s -1) were recorded for 10 strokes during each condition. At 180 L·min -1, only bimolar mouthguards impeded air flow compared to the no mouthguard condition. In addition, the Shock Doctor bimolar mouthguard experienced decreased peak values compared to several mouthguards. Results suggest that peak flow is lowered at high ventilation with bimolar mouthguards.

Sports -- Safety measures

Respiration

Performance evaluation of the Dosicard electronic personal dosimeter

Griffis, Neale Jeff

08 1900

No description available.

Radiation Safety measures

Dosimeters

The economics of bone density screening and the subsequent use of hormone replacement therapy

Torgerson, David J.

January 1996

The work contained in this thesis explores the economic issues of screening women, and the subsequent use of hormone replacement therapy (HRT), for the prevention of osteoporosis. The thesis is divided into five sections. In the first section the background to the problem is described as are the relevant economic evaluation techniques. In addition, the relevant economic literature is reviewed. The second section of the thesis, contains the results of research aimed at estimating the costs of population screening followed by treating the women at highest risk. The three chapters in this section address the following issues: estimating total screening costs; developing an economic definition of at risk status; and describing the HRT compliance rate after screening and its associated costs. In the third section the consequences of screening are examined. Hence, the osteoporosis risk profile of non attenders is described and the effects of HRT on women's quality of life is explored. Finally, this section is completed with a study looking at the predictive value of bone density screening. The fourth section is a synthesis of all the costs and consequences described in the preceding sections with relevant additional information from the literature. This section shows that screening perimenopausal women will be very expensive in terms of cost per quality adjusted life years (QALY) gained. In contrast, screening women and treating them when they are aged 70 appears to generate a relatively low cost per QALY. The final, fifth section, of the thesis describes outstanding research issues which need to be addressed before any screening programme is implemented.

362.1

Osteoporosis; Preventative measures

A safety handbook for the high school industrial arts department of the South Bend Community Schools

Dudley, Vernon Hugh

January 1966

There is no abstract available for this thesis.

School shops -- Safety measures.