Breno de Medeiros

• Home
• Bio
• Publications
• Research

Research projects:

• Security and privacy in ubiquitous computing
• Identity-based cryptography
• Information privacy
• Composable security

Security and privacy in ubiquitous computing

Computing is increasingly no longer confined by the boundaries of a "computer box." Instead, devices such as PDAs, cell phones, smart appliances, and other objects increasingly dominate computing applications. In addition to providing convenience in the form of smart behavior, these embedded computers are often powerful enough to execute arbitrary applications and to network with similar devices. Several emerging applications of ubiquitous computing, such as sensor, vehicular, and body-area networks, as well as RFID, have attracted sufficient attention to constitute research areas on their own right, with attending security and privacy concerns.

RFID: Radio-Frequency Identification (RFID) tags represent the extreme edge of ubiquitous computing technology, in terms of limitations in computing capabilities. These devices are often passively powered by antenna inductance and therefore highly constrained in total available operating voltage, memory capacity, clock speed, and hardware footprint. However, in other respects, RFID-based systems display many of the security issues shared by other ubiquitous applications. Therefore, while RFID security research provides unique challenges, solutions in this space can often be ported or adapted to broader settings.

As RFID tags are often attached as labels to other objects to enable their automatic recognition, issues of location privacy (freedom from tracing) are addressed via solutions that support anonymous authentication: The identity of the authenticating tag is revealed only to the authorized parties, not to eavesdroppers and other malicious entities that may also interfere with the communication (active adversaries).

Related pubs:

• Persistent security for RFID.
  
  
• Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange.
  
  
• Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols.
  
  
• Towards provable security for ubiquitous applications.
  
  
• Untraceable RFID Tags via Insubvertible Encryption.

Identity-based cryptography

Identity-based cryptography (IBC) allows parties to dispense with certificates, allowing instead for systems to rely on any standardized naming convention that uniquely identifies parties. In addition to providing an alternative to PKIs, IBC has other applications. For instance, in identity-based chameleon hashes, the IB characteristics allow for greatly increased flexibility in its application.

IBC is a rich and fertile area from where to draw novel ideas for both theoretical and practical research undertakings. In the context of this research effort, a new cryptographic setting, XDH (for eXternal Diffie-Hellman) was outlined and new constructs made possible that exploit its unique features.

Related pubs:

• Correlation-Resistant Storage via Keyword-Searchable Encryption.
  
  
• On the Key Exposure Problem in Chameleon Hashes.
  
  
• Identity-based Chameleon Hash and Applications.
  
  

Information privacy

Beyond the traditional provision of data confidentiality through access control and encryption mechanisms, privacy services include the support for (accountable) anonymous transactions, freedom from profiling, location privacy, and other related issues. Research on new privacy-enhancing technologies is motivated by the facility of data gathering and correlation in an increasingly interconnected world. While individual persons desire to preserve personal autonomy threatened by technologies that encroach into formerly private aspects of life, enterprises have interests in protecting their data assets and transaction profiles when business automation and outsourcing weaken the effectiveness of time-honored practices.
Group signatures: Group signatures have been a major element of this line of research. Important results are: Group signatures that do not require the group manager to know trapdoor values, to enhance the usefulness of group signatures in multi-organization environments, such as in the finance or health care industries; and a proposal for the most efficient group signature scheme to achieve provable security without resorting to random oracle arguments.

Related pubs: See also to the work on provably secure ubiquitous computing.

• Practical Group Signatures without Random Oracles.
  
  
• Efficient Group Signatures without Trapdoors.
  
  
• Anonymous E-Prescriptions.

Composable security

Until as recently as the end of the past decade, it was widely believed by the security research community that security was an emerging property of systems: one could not divide a system into components, analyze the parts for their security properties, and then compose the results to derive (positive) guarantees for the whole. If true, such fact would severely limit the reach of rigorous analytical techniques, since software and computer systems are far too complex for holistic analysis to be feasible. This situation changed with the emergence of two security models that support composability.
This research has adapted composable security models to settings where their application reveal insights into the difficulties of supporting multiple security requirements simultaneously. For instance, in RFID technology the provision of availability and privacy are in contention. By capturing these requirements in the UC framework, the limits to which these properties can be reconciled become clear, and trade-offs can be judiciously adopted for optimal capture of real-world requirements.

Related pubs: Please see the above listed works on provably secure ubiquitous computing.