Karim El Defrawy scite author profile

Abstract-In most common mobile ad-hoc networking (MANET) scenarios, nodes establish communication based on long-lasting public identities. However, in some hostile and suspicious settings, node identities must not be exposed and node movements should be untraceable. Instead, nodes need to communicate on the basis of their current locations. While such MANET settings are not very common, they do occur in military and law enforcement domains and require high security and privacy guarantees. In this paper, we address a number of issues arising in suspicious location-based MANET settings by designing and analyzing a privacy-preserving and secure linkstate based routing protocol (ALARM). ALARM uses nodes' current locations to securely disseminate and construct topology snapshots and forward data. With the aid of advanced cryptographic techniques (e.g, group signatures), ALARM provides both security and privacy features, including: node authentication, data integrity, anonymity and untraceability (trackingresistance). It also offers protection against passive and active insider and outsider attacks. To the best of our knowledge, this work represents the first comprehensive study of security, privacy and performance trade-offs in the context of link-state MANET routing.

show abstract

5PM: Secure Pattern Matching

Baron

Defrawy

Minkovich

et al. 2012

View full text Add to dashboard Cite

Abstract. In this paper we consider the problem of secure pattern matching that allows singlecharacter wildcards and substring matching in the malicious (stand-alone) setting. Our protocol, called 5PM, is executed between two parties: Server, holding a text of length n, and Client, holding a pattern of length m to be matched against the text, where our notion of matching is more general and includes non-binary alphabets, non-binary Hamming distance and non-binary substring matching.5PM is the first secure expressive pattern matching protocol designed to optimize round complexity by carefully specifying the entire protocol round by round. In the malicious model, 5PM requires O((m + n)k 2 ) bandwidth and O(m + n) encryptions, where m is the pattern length and n is the text length. Further, 5PM can hide pattern size with no asymptotic additional costs in either computation or bandwidth. Finally, 5PM requires only two rounds of communication in the honest-but-curious model and eight rounds in the malicious model. Our techniques reduce pattern matching and generalized Hamming distance problems to a novel linear algebra formulation that allows for generic solutions based on any additively homomorphic encryption. We believe our efficient algebraic techniques are of independent interest.

show abstract

How to withstand mobile virus attacks, revisited

Baron

Defrawy

Lampkins

et al. 2014

View full text Add to dashboard Cite

Secure Multiparty Computation (MPC) protocols allow a set of distrusting participants to securely compute a joint function of their private inputs without revealing anything but the output of the function to each other. In 1991 Ostrovsky and Yung introduced the proactive security model, where faults spread throughout the network, analogous to the spread of a virus or a worm. More specifically, in the proactive security model, the adversary is not limited in the number of parties it can corrupt but rather in the rate of corruption with respect to a "rebooting" rate. In the same paper, Ostrovsky and Yung showed that constructing a general purpose MPC protocol in the proactive security model is indeed feasible when the rate of corruption is a constant fraction of the parties. Their result, however, was shown only for stand-alone security and incurred a large polynomial communication overhead for each gate of the computation. In contrast, protocols for "classical" MPC models (where the adversary is limited to corrupt in total up to a fixed fraction of the parties) have seen dramatic progress in reducing communication complexity in recent years.The question that we consider in this paper is whether continuous improvements of communication overhead in protocols for the "classical" stationary corruptions model in the MPC literature can lead to communication complexity reductions in the proactive security model as well. It turns out that improving communication complexity of proactive MPC protocols using modern techniques encounters two fundamental roadblocks due to the nature of the mobile faults model: First, in the proactive security model there is the inherent impossibility of "bulk pre-computation" to generate cryptographic material that can be slowly consumed during protocol computation in order to amortize communication cost (the adversary can easily discover pre-computed values if they are not refreshed, and refreshing is expensive); second, there is an apparent need for double-sharing (which requires high communication overhead) of data in order to achieve proactive security guarantees. Thus, techniques that were used to speed up classical MPC do not work, and new ideas are needed. That is exactly what we do in this paper: we show a novel MPC protocol in the proactive security model that can tolerate a 1 3 − (resp. 1 2 − ) fraction of moving faults, is perfectly (resp. statistically) UC-secure, and achieves near-linear communication complexity for each step of the computation. Our results match the asymptotic communication complexity of the best known results in the "classical" model of stationary faults [DIK10]. One of the important building blocks that we introduce is a new near-linear "packed" proactive secret sharing (PPSS) scheme, where the amortized communication and computational cost of maintaining each individual secret share is just a constant. We believe that our PPSS scheme might be of independent interest.

show abstract

Privacy-Preserving Location-Based On-Demand Routing in MANETs

Defrawy

Tsudik

2011

IEEE J. Select. Areas Commun.

View full text Add to dashboard Cite

show abstract

Communication-Optimal Proactive Secret Sharing for Dynamic Groups

Baron

Defrawy

Lampkins

et al. 2015

View full text Add to dashboard Cite

Proactive secret sharing (PSS) schemes are designed for settings where long-term confidentiality of secrets has to be guaranteed, specifically, when all participating parties may eventually be corrupted. PSS schemes periodically refresh secrets and reset corrupted parties to an uncorrupted state; in PSS the corruption threshold t is replaced with a corruption rate which cannot be violated. In dynamic proactive secret sharing (DPSS) the number of parties can vary during the course of execution. DPSS is ideal when the set of participating parties changes over the lifetime of the secret or where removal of parties is necessary if they become severely corrupted. This paper presents the first DPSS schemes with optimal amortized, O(1), per-secret communication compared to O(n 4) or exp(n) in number of parties, n, required by existing schemes. We present perfectly and statistically secure schemes with near-optimal threshold in each case. We also describe how to construct a communication-efficient dynamic proactively-secure multiparty computation (DPMPC) protocol which achieves the same thresholds.

show abstract

PRISM: Privacy-friendly routing in suspicious MANETs (and VANETs)

Defrawy

Tsudik

2008

View full text Add to dashboard Cite

Leveraging Social Contacts for Message Confidentiality in Delay Tolerant Networks

Defrawy

Solis

Tsudik

2009

View full text Add to dashboard Cite

Delay-and disruption-tolerant networks (DTNs) have received much attention from the research community in recent years and are likely to play an important role in future networking. DTNs can bring much-needed connectivity to rural areas and other settings with limited or non-existing infrastructures. High node mobility and infrequent connectivity inherent to DTNs make it challenging to implement simple and traditional security services, e.g., message integrity and confidentiality. In particular, it is hard to retrieve credentials of peer users/nodes. Also, multi-round security protocols (typically found in handshakes at network and session layers) are greatly handicapped due to long and uneven delays.In this paper, we focus on the problem of initial secure context establishment in DTNs. We construct a scheme that allows DTN users to leverage social contact information in order to exchange confidential and authentic messages. We show how the proposed scheme applies for both intra-and inter-region communication scenarios.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Karim El Defrawy

Attacks on physical-layer identification

ALARM: Anonymous Location-Aided Routing in Suspicious MANETs

5PM: Secure Pattern Matching

How to withstand mobile virus attacks, revisited

Privacy-Preserving Location-Based On-Demand Routing in MANETs

Communication-Optimal Proactive Secret Sharing for Dynamic Groups

PRISM: Privacy-friendly routing in suspicious MANETs (and VANETs)

Leveraging Social Contacts for Message Confidentiality in Delay Tolerant Networks

Contact Info

Product

Resources

About