In this dissertation, we studied and addressed the privacy-preserving and authentication techniques for some network applications, where existing internet security solutions cannot address them straightforwardly due to different trust and attack models and possibly constrained resources. For example, in a centralized dynamic spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs), have strong operational privacy requirements for the DSA service provider called spectrum access system (SAS), and hence SAS is required to perform spectrum computation without knowing IUs' operational information. This means SAS can at most be considered as a semi-trusted party which is honest but curious, and common anonymization and end-to-end encryption cannot address this issue, and dedicated solutions are required. Another example is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed 64 bits of message and its authentication tag into on message frame, which makes it difficult to achieve message authentication in real-time with sufficient cryptographic strength. The focus of this dissertation is to fill the gap of existing solutions with stronger security notion and practicability. On the topic of privacy-preserving DSA systems, we firstly explored existing solutions and proposed a comparative study. We additionally proposed a new metric for evaluation and showed the advantages and disadvantages of existing solutions. We secondly studied the IU location privacy in 3.5GHz band ESC-based DSA system and proposed a novel scheme called PriDSA. PriDSA addresses malicious colluding SAS attack model through leveraging different and relatively lightweight cryptography primitive with novel design, granting stronger security notion and improved efficiency as well. We thirdly studied the operational privacy of both IU and secondary users (SUs) in a general centralized SAS based DSA system and proposed a novel framework called PeDSS. Through our novel design that integrates differential privacy with secure multi-party computation protocol, PeDSS exhibits great communication and computation overhead compared to existing solutions.
On the topic of lightweight message authentication in resource-constrained networks, we firstly explored message authentication schemes with high cryptographic strength and low communication-overhead and proposed a novel scheme called CuMAC. CuMAC provides a flexible trade-off between authentication delay and cryptographic strength, through the embodiment of a novel concept that we refer to as accumulation of cryptographic strength. We secondly explored the possibility of achieving both high cryptographic strength and low authentication delay and proposed a variant of CuMAC called CuMAC/S. By employing the novel idea of message speculation, CuMAC/S achieves enables the accumulation of cryptographic strength while incurring minimal delay when the message speculation accuracy is high. / Doctor of Philosophy / The privacy-preserving and message authentication issues of some network applications are distinctive from common internet security due to different attack models and possibly constrained resources, and these security and privacy concerns cannot be addressed by applying existing internet security solutions straightforwardly. For example, in a centralized dynamic spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs), have strong operational privacy requirements for the DSA service provider called spectrum access system (SAS), and hence SAS is required to perform spectrum computation without knowing IUs' operational information. This means SAS can at most be considered as a semi-trusted party which is honest but curious, and common anonymization and end-to-end encryption cannot address this issue, and dedicated solutions are required. Another example is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed 64 bits of message and its authentication tag into on message frame, which makes it difficult to achieve message authentication in real-time with sufficient cryptographic strength. We addressed the privacy issue of DSA systems by proposing novel schemes incorporating efficient cryptographic primitives and various privacy-preserving techniques, achieving a greatly higher efficiency or stronger privacy-preserving level. We addressed the lightweight authentication issue of resource-constrained networks by employing the novel concept of security accumulation and message speculation, achieving high cryptographic strength, low communication overhead, and probable low latency.
| Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/101786 |
| Date | 07 January 2021 |
| Creators | Li, He |
| Contributors | Electrical Engineering, Park, Jung-Min, Hsiao, Michael S., Yao, Danfeng (Daphne), Yang, Yaling, Zeng, Haibo |
| Publisher | Virginia Tech |
| Source Sets | Virginia Tech Theses and Dissertation |
| Detected Language | English |
| Type | Dissertation |
| Format | ETD, application/pdf |
| Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.0023 seconds