Colin Boyd's research while affiliated with Norwegian University of Science and Technology and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (281)
This book is the most comprehensive and integrated treatment of the protocols required for authentication and key establishment. In a clear, uniform presentation the authors classify most protocols in terms of their properties and resource requirements, and describe all the main attack types, so the reader can quickly evaluate protocols for particu...
The majority of protocols for key establishment and entity authentication that have been proposed in the literature concentrate on the case where there are exactly two users who wish to communicate or establish a session key. This is commonly referred to as the two-party case. In this chapter we discuss two-party key establishment and authenticatio...
Key agreement, as the name implies, is a process in which principals cooperate in order to establish a session key. Amongst the class of public key protocols for key establishment without a server, key agreement has become much more popular than key transport in recent years. There is an intuitive feeling that key agreement is ‘fairer’ than key tra...
It is generally regarded that there are two main potential advantages of public key techniques over symmetric cryptography. The first is that public key systems allow the straightforward definition of digital signatures, thereby enabling the service of non-repudiation which is so useful in commercial applications. The second is the simplification o...
Cryptographic authentication relies on possession of a key by the party to be authenticated. Such a key is usually chosen randomly within its domain and can be of length from around 100 bits up to many thousands of bits, depending on the algorithm used and security level desired. Experience has shown [273, 741] that humans find it difficult to reme...
Authentication and key establishment are fundamental steps in setting up secure communications. Authentication is concerned with knowing that the correct parties are communicating; key establishment is concerned with obtaining good cryptographic keys to protect the communications, particularly to provide confidentiality and integrity of the data co...
Authenticated key exchange protocols are at the core of Internet security protocols: they authenticate one or more of the parties communicating, and provide the establishment of a session key that is then used to encrypt application data. There are several protocols in widespread use to secure various applications. The most prominent are the follow...
As electronic communications and information services become more sophisticated, many applications involving multiple entities become necessary. Since these applications will generally require secure communications it is necessary to design protocols that establish keys for groups of principals. There is a great variety of different practical requi...
During the early years of open academic research in cryptography it was commonplace to see research papers following a sequence of break, fix, break, fix … : a scheme would be proposed and then others would analyse it, often finding an attack. The scheme was then patched up and subjected to further scrutiny, and so the cycle would continue. Althoug...
Identity-based public key cryptography was first proposed by Shamir in 1984 [665]. The idea is to avoid the need for public key certificates by making the public key publicly computable from the identification information of the owner. The identification information can include any desired fields such as real name, physical description or identific...
Secure channels are one of the most pivotal building blocks of cryptography today. Internet connections, secure messaging, protected IoT data, etc., all rely upon the security of the underlying channel. In this work we define channel protocols, as well as security for channels constructed from stateful length-hiding authenticated encryption (stLHAE...
![Specification of fI,fR,FI,FR\documentclass[12pt]{minimal}...](publication/318598847/figure/fig2/AS:960353567514661@1605977541835/Specification-of-fI-fR-FI-FRdocumentclass12ptminimal-usepackageamsmath_Q320.jpg)
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside th...
We introduce the notion of human-followable security wherein a human user can understand the process and logic behind cryptographic authentication protocols. We use Transport Layer Security, a widely used protocol, as an example to explain why human-followable security is required. From there, we define the notion of human-perceptible freshness and...
Authentication and authenticated encryption with associated data (AEAD) are applied in cryptographic protocols to provide message integrity. The definitions in the literature and the constructions used in practice all protect against forgeries, but offer varying levels of protection against replays, reordering, and drops. As a result of the lack of...
Shared Cues is a password management system proposed by Blocki, Blum and Datta at Asiacrypt 2013. Unlike the majority of password management systems Shared Cues passwords are never stored, even on the management device. The idea of the Shared Cues system is to help users choose and remember passwords in a manner proven to avoid brute force searchin...
Although the Self-Authentication Watermarking (SAW) schemes are promising to tackle the multimedia information assurance problem, their unknown security level seems to impair their potential. In this paper, we identify three new counterfeiting attacks on those schemes and present their countermeasure. We develop, analyse, and validate the models of...
As the increasing adoption of information technology continues to offer better distant medical services, the distribution of, and remote access to digital medical images over public networks continues to grow significantly. Such use of medical images raises serious concerns for their continuous security protection, which digital watermarking has sh...
Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS)...
![Fig. 2. Capacity control flow-chart of NBB scheme [19].](profile/Hussain-Nyeem/publication/279869018/figure/fig2/AS:600317225877504@1520138188050/Capacity-control-flow-chart-of-NBB-scheme-19_Q320.jpg)
Despite significant improvements in capacity-distortion performance, a computationally efficient capacity control is still lacking in the recent watermarking schemes. In this paper, we propose an efficient capacity control framework to substantiate the notion of watermarking capacity control to be the process of maintaining “acceptable” distortion...
We provide a computational analysis of the ISO 9798–2.4 mutual authentication standard protocol in the model of Bellare and Rogaway. In contrast to typical analyses of standardized protocols, we include the optional data fields specified in the standard by applying the framework of Rogaway and Stegers. To our knowledge this is the first application...
We present CHURNs, a method for providing freshness and authentication assurances to human users. In computer-to-computer
protocols, it has long been accepted that assurances of freshness such as random nonces are required to prevent replay attacks.
Typically, no such assurance of freshness is presented to a human in a human-and-computer protocol....
While formal definitions and security proofs are well established in some fields like cryptography and steganography, they are not as evident in digital watermarking research. A systematic development of watermarking schemes is desirable, but at present their development is usually informal, ad hoc, and omits the complete realization of application...
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to provide security even when the adversary learns certain secret keys. In this work, we advance the modelling of AKE protocols by considering more granular, continuous leakage of long-term secrets of protocol participants: the adversary can adaptively...
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after the session key is established. We intr...
To prevent unauthorized access to protected trusted platform module (TPM) objects, authorization protocols, such as the object-specific authorization protocol (OSAP), have been introduced by the trusted computing group (TCG). By using OSAP, processes trying to gain access to the protected TPM objects need to prove their knowledge of relevant author...
The geographic location of cloud data storage centres is an important issue for many organisations and individuals due to various regulations that require data and operations to reside in specific geographic locations. Thus, cloud users may want to be sure that their stored data have not been relocated into unknown geographic regions that may compr...
Security protocols are designed in order to provide security properties (goals). They achieve their goals using cryptographic primitives such as key agreement or hash functions. Security analysis tools are used in order to verify whether a security protocol achieves its goals or not. The analysed property by specific purpose tools are predefined pr...
A fundamental part of many authentication protocols which authenticate a party to a human involves the human recognizing or otherwise processing a message received from the party. Examples include typical implementations of Verified by Visa in which a message, previously stored by the human at a bank, is sent by the bank to the human to authenticat...
We propose a computationally efficient image border pixel based watermark embedding scheme for medical images. We considered the border pixels of a medical image as RONI (region of non-interest), since those pixels have no or little interest to doctors and medical professionals irrespective of the
image modalities. Although RONI is used for embeddi...
In this paper, we present three counterfeiting attacks on the block-wise dependent fragile watermarking schemes. We consider vulnerabilities such as the exploitation of a weak correlation among block-wise dependent watermarks to modify valid watermarked images, where they could still be verified as authentic, though they are actually not. Experimen...
Even though web security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper examines findings from a qualitative study investigating the identification of security decisions used on the web. The study was designed to uncover how...
We present a tool for automatic analysis of computational indistinguishability between two strings of information. This is designed as a generic tool for proving cryptographic security based on a formalism that provides computational soundness preservation. The tool has been implemented and tested successfully with several cryptographic schemes.
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outsi...
Process Control Systems (PCSs) or Supervisory Control and
Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application en...
Cloud computing is a currently developing revolution in information technology that is disturbing the way that individuals and corporate entities operate while enabling new distributed services that have not existed before. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. Security is often...
Predicate encryption is a new primitive that supports flexible control over access to encrypted data. We study predicate encryption systems, evaluating a wide class of predicates. Our systems are more expressive than the existing attribute-hiding systems in the sense that the proposed constructions support not only all existing predicate evaluation...
A number of security models have been proposed for RFID systems. Recent studies show that current models tend to be limited in the number of properties they capture. Consequently, models are commonly unable to distinguish between protocols with regard to finer privacy properties. This paper proposes a privacy model that introduces previously unavai...
Teleradiology allows medical images to be transmitted over electronic networks for clinical interpretation and for improved healthcare access, delivery, and standards. Although such remote transmission of the images is raising various new and complex legal and ethical issues, including image retention and fraud, privacy, malpractice liability, etc....
Timed-release cryptography addresses the problem of "sending messages into the future": a message is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a party performs the required number of sequential operations. We generalise the latter case to wh...
The privacy of efficient tree-based RFID authentication protocols is heavily dependent on the branching factor at the top layer. Indefinitely increasing the branching factor, however, is not a practical option. This paper proposes an alternate tree-walking scheme as well as two protocols to circumvent this problem. The privacy of the resulting prot...
Cloud computing has emerged as a major ICT trend and has been acknowledged as a key theme of industry by prominent ICT organisations. However, one of the major challenges that face the cloud computing concept and its global acceptance is how to secure and protect the data that is the property of the user. The geographic location of cloud data stora...
Client puzzles are cryptographic problems that are neither easy nor hard to solve. In this paper, we solve the problem of constructing cryptographic puzzles that are secure in the standard model and are very efficient. To prove the security of our puzzle, we introduce a new variant of the interval discrete logarithm assumption which may be of indep...
In most of the digital image watermarking schemes, it becomes a common practice to address security in terms of robustness, which is basically a norm in cryptography. Such consideration in developing and evaluation of a watermarking scheme may severely affect the performance and render the scheme ultimately unusable. This paper provides an explicit...
Security of RFID authentication protocols has received considerable interest recently. However, an important aspect of such protocols that has not received as much attention is the efficiency of their communication. In this paper we investigate the efficiency benefits of pre-computation for time-constrained applications in small to medium RFID netw...
The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the...
We blend research from human-computer interface (HCI) design with computational based cryptographic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we highligh...
Most one-round key exchange protocols provide only weak forward secrecy at best. Furthermore, one-round protocols with strong forward secrecy often break badly when faced with an adversary who can obtain ephemeral keys. We provide a characterisation of how strong forward secrecy can be achieved in one-round key exchange. Moreover, we show that prot...
Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al.(ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows' cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in...
This paper presents a key based generic model for digital image watermarking. The model aims at addressing an identified gap in the literature by providing a basis for assessing different watermarking requirements in various digital image applications. We start with a formulation of a basic watermarking system, and define system inputs and outputs....
Client puzzles are moderately-hard cryptographic problems -- neither easy nor impossible to solve -- that can be used as a countermeasure against denial of service attacks on network protocols. Puzzles based on modular exponentiation are attractive as they provide important properties such as non-parallelisability, deterministic solving time, and l...
Continuous user authentication with keystroke dynamics uses characters sequences as features. Since users can type characters in any order, it is imperative to find character sequences (n-graphs) that are representative of user typing behavior. The contemporary feature selection approaches do not guarantee selecting frequently-typed features which...
Authentication is a promising way to treat denial-of-service (DoS) threats against nonpublic services because it allows servers to restrict connections only to authorised users. However, there is a catch with this argument since authentication itself is typically a computationally intensive rocess that is necessarily exposed to unauthenticated enti...
Many current HCI, social networking, ubiquitous computing, and context aware designs, in order for the design to function, have access to, or collect, significant personal information about the user. This raises concerns about privacy and security, in both the research community and main-stream media. From a practical perspective, in the social wor...
We present an automated verification method for security of Diffie-Hellman-based key exchange protocols. The method includes a Hoare-style logic and syntactic checking. The method is applied to protocols in a simplified version of the Bellare-Rogaway-Pointcheval model (2000). The security of the protocol in the complete model can be established aut...
Gradual authentication is a principle proposed by Meadows as a way to tackle denial-of-service attacks on network protocols by gradually increasing the confidence in clients before the server commits resources. In this paper, we propose an efficient method that allows a defending server to authenticate its clients gradually with the help of some fa...
Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately
hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and
Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than s...
Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor network applications. The PCS/ SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application en...
Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has...
Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to...
We present an approach to automating computationally sound proofs of key exchange protocols based on public-key encryption.
We show that satisfying the property called occultness in the Dolev–Yao model guarantees the security of a related key exchange protocol in a simple computational model. Security
in this simpler model has been shown to imply s...
Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consid...
Predicate encryption has an advantage over traditional public-key or identity-based encryption, since predicate encryption
systems provide more flexible control over access to encrypted data. We focus on delegation capabilities in predicate systems.
More specifically, we investigate delegatable encryption systems supporting disjunctive predicate ev...
Miller’s algorithm for computing pairings involves performing multiplications between elements that belong to different finite
fields. Namely, elements in the full extension field
\mathbbFpk\mathbb{F}_{p^k} are multiplied by elements contained in proper subfields
\mathbbFpk/d\mathbb{F}_{p^{k/d}}, and by elements in the base field
\mathbbFp\ma...
We give a direct construction of a certificateless key encapsulation mechanism (KEM) in the standard model that is more efficient
than the generic constructions proposed before by Huang and Wong [9]. We use a direct construction from Kiltz and Galindo’s
KEM scheme [10] to obtain a certificateless KEM in the standard model; our construction is rough...
Minimizing complexity of group key exchange (GKE) protocols is an important milestone towards their practical deployment.
An interesting approach to achieve this goal is to simplify the design of GKE protocols by using generic building blocks.
In this paper we investigate the possibility of founding GKE protocols based on a primitive called multi k...
The most costly operations encountered in pairing computations are those that take place in the full extension field
\mathbbFpk\mathbb{F}_{p^k}. At high levels of security, the complexity of operations in
\mathbbFpk\mathbb{F}_{p^k} dominates the complexity of the operations that occur in the lower degree subfields. Consequently, full extension...
Constructing a one round group key exchange (GKE) protocol that provides forward secrecy is an open problem in the literature. In this paper, we investigate whether or not the security of one round GKE protocols can be enhanced with any form of forward secrecy without increasing the number of rounds. We apply the key evolving approach used for forw...
This paper presents efficient formulas for computing cryptographic pairings on the curve y
2 = c
x
3 + 1 over fields of large characteristic. We provide examples of pairing-friendly elliptic curves of this form which are of interest for efficient pairing implementations.
We introduce a formal model for certificateless authenticated key exchange (CL-AKE) protocols. Contrary to what might be expected, we show that the natural combination of an ID-based AKE protocol with a public key based AKE protocol cannot provide strong security. We provide the first one-round CL-AKE scheme proven secure in the random oracle model...
We examine the use of randomness extraction and expansion in key agreement (KA) protocols to generate uniformly random keys
in the standard model. Although existing works provide the basic theorems necessary, they lack details or examples of appropriate
cryptographic primitives and/or parameter sizes. This has lead to the large amount of min-entrop...
Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has...
We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures contributiveness in addition to other desired security goals. We show that an efficient two-round proto...
We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two dierent protocol designs with progressively stronger security guarantees. A d...
Unlike ordinary digital signatures, a designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party. In a strong designated verifier signature scheme, no third party can even verify the vali...
A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party can even verify the validity of a designated verifier signature. We show that anyone who intercepts...
The security of strong designated verifier (SDV) signature schemes has thus far been analyzed only in a two-user setting. We observe that security in a two-user setting does not necessarily imply the same in a multi-user setting for SDV signatures. Moreover, we show that existing security notions do not adequately model the security of SDV signatur...
We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences...
This paper investigates the fundamental difference between a simple e-tender box and a traditional physical tender box, and
highlights a series of security traps created by the functional differences. Based on our findings, we have defined the security
requirements for an e-tender submission protocol. We also discuss functional limitations of crypt...
One-pass authenticated key establishment (AKE) protocols are arguably better suited to the ID-based environment than their two-pass counterparts. However, there is no ID-based one-pass AKE protocol proposed in the literature with a proof of security in an appropriate model.
This paper addresses the current gap by proposing a new ID-based one-pass A...
Enhanced security can be achieved combining biometrics and cryptographic concepts together. Aiming for security enhancement, this paper presents a scheme for merging multiple fingerprints with a cryptographic concept, the fuzzy vault. Thereby multiple fingerprints are eligible to lock and unlock a secret securely embedded within the multiple-contro...
There is an intuitive connection between signcryption and one-pass key establishment. Al-though this has been observed previously, up to now there has been no formal analysis of this relationship. The main purpose of this paper is to prove that, with appropriate security no-tions, one-pass key establishment can be used as a signcryption KEM and vic...
Universal Designated-Verifier Signatures (UDVS) are pro- posed to protect the privacy of a signature holder. Since UDVS schemes reduce to standard signatures when no verifier designation is performed, from the perspective of a signer, it is natural to ask if a UDVS can be constructed from widely used standardized -signatures so that the ex- isting...
This paper presents a low-cost and secure authentication protocol to reduce the computational load on both the back-end database
and the tags in a distributed RFID system. The proposed protocol is based on a hierarchical group-index to reduce the search
time for a tag ID in the back-end database. Thus, when a tag is included in the k-th-level subgr...
Client puzzles have been proposed as a useful mechanism for mitigating denial of service attacks on network protocols. Several different puzzles have been proposed in recent years. This paper reviews the desirable properties of client puzzles, pointing out that there is currently no puzzle which satisfies all such properties. We investigate how to...