Security and Privacy

Overview
Security is an essential requirement of business applications. We address the problem of authenticating high volumes of data in non-trusted distributed environments. Current solutions are typically centralized, and therefore subject to network delay and denial-of-service attacks; expensive to operate because trusted data must be maintained in a secure environment; and non-scalable, with limited throughput due to operating and economic constraints We are developing a distributed system for authenticating data in non-trusted environments, at the network edge and outside the firewall. We use a novel approach where authentication information is cached over the network on inexpensive servers. Our architecture is highly scalable and provably secure but does not require protected servers or SSL connections. As a result, we can dramatically lower the cost of authentication in such applications as distributed storage, end-to-end integrity, tamper detection, electronic commerce exchanges, wireless authorization, and certificate revocation checking. This project is currently supported by the National Science Foundation and IAM Technology, Inc. Previous support has been provided by the Dynamic Coalitions Program of the Defense Advanced Research Projects Agency.
Papers	Research Team
M. T. Goodrich, R. Tamassia and N. Triandopoulos, Super-Efficient Verification of Dynamic Outsourced Databases. In Proceedings of RSA Conference - Cryptographers' Track (CT-RSA '08), San Francisco CA, April 2008. (To appear.) I. F. Cruz, R. Tamassia and D. Yao, Privacy-Preserving Schema Matching Using Mutual Information (Extended Abstract), In Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec '07) . Redondo Beach, CA. July 2007. D. Yao, R. Tamassia and S. Proctor, Private Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust, In Proceedings of Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM '07). Moncton, New Brunswick, Canada. July 2007. R. Tamassia and N. Triandopoulos, Efficient Content Authentication in Peer-to-Peer Networks, In Proceedings of 5th International Conference on Applied Cryptography and Network Security (ACNS '07), p. 354 -- 372, Springer, LNCS 4521, Zhuhai, China. June 2007. M. T. Goodrich, C. Papamanthou, and R. Tamassia, On the Cost of Persistence and Authentication in Skip Lists, In Proceedings of the 7th International Workshop on Experimental Algorithms (WEA '07). Rome, Italy. June 2007. D. Yao, Y. Koglin, E. Bertino and R. Tamassia, Decentralized authorization and data security in web content delivery, In Proceedings of the 22nd Annual ACM Symposium on Applied Computing (SAC '07). Seoul, Korea. March 2007. M. T. Goodrich, R. Tamassia, and D. Yao, Notarized Federated Identity Management for Web Service, In Proceedings of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec '06). Sophia Antipolis, France. July 2006. Full version. R. Tamassia and D. Yao, Cascaded Authorization with Anonymous-Signer Aggregate Signatures, In Proceedings of the Seventh Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop (IAW '06). United States Military Academy, West Point, New York. June 2006. Full version. R. Tamassia and N. Triandopoulos, Efficient Content Authentication over Distributed Hash Tables, Technical Report, Brown University, November 2005. R. Tamassia and N. Triandopoulos, Computational Bounds on Hierarchical Data Processing with Applications to Information Security, In Proceedings of International Colloquium on Automata, Languages and Programming (ICALP 2005) -- Security and Cryptography Foundations (Track C), p. 153--165, Springer, LNCS 3580, July 2005. A. Lysyanskaya, R. Tamassia and N. Triandopoulos, Multicast Authentication in Fully Adversarial Networks, In Proceedings of IEEE Symposium on Security and Privacy (SSP 2004), p. 241--255, Oakland, May 2004. Full version. R. Tamassia and N. Triandopoulos, On the Cost of Authenticated Data Structures, Technical Report, Brown University, 2003. M. T. Goodrich, M. Shin, R. Tamassia, W. H. Winsborough, Authenticated dictionaries for fresh attribute credentials, Proc. Trust Management Conference, pages 332--347, Springer, LNCS 2692, 2003. M. T. Goodrich, R. Tamassia, N. Triandopoulos and R. Cohen, Authenticated Data Structures for Graph and Geometric Searching, In Proceedings of RSA Conference - Cryptographers' Track (CT-RSA '03), pages 295--313, Springer, LNCS 2612, 2003. D. J. Polivy and R. Tamassia, Authenticating Distributed Data using Web Services and XML Signatures, Proc. ACM Workshop on XML Security, ACM Press, 2002. M. T. Goodrich, and R. Tamassia and J. Hasic, An Efficient Dynamic and Distributed Cryptographic Accumulator, Proc. Information Security Conference (ISC 2002) Lecture Notes in Computer Science, vol. 2433, Springer-Verlag, pp. 372-388, 2002. R. Tamassia, Efficient Low-Cost Authentication of Distributed Data and Transactions, Conduit, vol. 10, no. 2, Department of Computer Science, Brown University, 2001. A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia, Persistent Authenticated Dictionaries and Their Applications, Proc. Information Security Conference (ISC 2001), Lecture Notes in Computer Science, vol. 2200, Springer-Verlag, pp. 379-393, 2001. M. T. Goodrich, R. Tamassia, and A. Schwerin, Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing, Proc. DARPA Information Survivability Conference and Exposition (DISCEX '01), IEEE Press, vol. 2, pp. 68-82, 2001.	Faculty Roberto Tamassia Anna Lysyanskaya Graduate Students Charalampos Papamanthou Undergraduate Students David Ellis External Collaborators Michael Goodrich Nikos Triandopoulos Danfeng Yao

Overview

Security is an essential requirement of business applications. We address the problem of authenticating high volumes of data in non-trusted distributed environments. Current solutions are typically centralized, and therefore subject to network delay and denial-of-service attacks; expensive to operate because trusted data must be maintained in a secure environment; and non-scalable, with limited throughput due to operating and economic constraints

We are developing a distributed system for authenticating data in non-trusted environments, at the network edge and outside the firewall. We use a novel approach where authentication information is cached over the network on inexpensive servers. Our architecture is highly scalable and provably secure but does not require protected servers or SSL connections. As a result, we can dramatically lower the cost of authentication in such applications as distributed storage, end-to-end integrity, tamper detection, electronic commerce exchanges, wireless authorization, and certificate revocation checking.

This project is currently supported by the National Science Foundation and IAM Technology, Inc. Previous support has been provided by the Dynamic Coalitions Program of the Defense Advanced Research Projects Agency.

Papers

Research Team

M. T. Goodrich, R. Tamassia and N. Triandopoulos, Super-Efficient Verification of Dynamic Outsourced Databases. In Proceedings of RSA Conference - Cryptographers' Track (CT-RSA '08), San Francisco CA, April 2008. (To appear.)
I. F. Cruz, R. Tamassia and D. Yao, Privacy-Preserving Schema Matching Using Mutual Information (Extended Abstract), In Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec '07) . Redondo Beach, CA. July 2007.
D. Yao, R. Tamassia and S. Proctor, Private Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust, In Proceedings of Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM '07). Moncton, New Brunswick, Canada. July 2007.
R. Tamassia and N. Triandopoulos, Efficient Content Authentication in Peer-to-Peer Networks, In Proceedings of 5th International Conference on Applied Cryptography and Network Security (ACNS '07), p. 354 -- 372, Springer, LNCS 4521, Zhuhai, China. June 2007.
M. T. Goodrich, C. Papamanthou, and R. Tamassia, On the Cost of Persistence and Authentication in Skip Lists, In Proceedings of the 7th International Workshop on Experimental Algorithms (WEA '07). Rome, Italy. June 2007.
D. Yao, Y. Koglin, E. Bertino and R. Tamassia, Decentralized authorization and data security in web content delivery, In Proceedings of the 22nd Annual ACM Symposium on Applied Computing (SAC '07). Seoul, Korea. March 2007.
M. T. Goodrich, R. Tamassia, and D. Yao, Notarized Federated Identity Management for Web Service, In Proceedings of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec '06). Sophia Antipolis, France. July 2006. Full version.
R. Tamassia and D. Yao, Cascaded Authorization with Anonymous-Signer Aggregate Signatures, In Proceedings of the Seventh Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop (IAW '06). United States Military Academy, West Point, New York. June 2006. Full version.
R. Tamassia and N. Triandopoulos, Efficient Content Authentication over Distributed Hash Tables, Technical Report, Brown University, November 2005.
R. Tamassia and N. Triandopoulos, Computational Bounds on Hierarchical Data Processing with Applications to Information Security, In Proceedings of International Colloquium on Automata, Languages and Programming (ICALP 2005) -- Security and Cryptography Foundations (Track C), p. 153--165, Springer, LNCS 3580, July 2005.
A. Lysyanskaya, R. Tamassia and N. Triandopoulos, Multicast Authentication in Fully Adversarial Networks, In Proceedings of IEEE Symposium on Security and Privacy (SSP 2004), p. 241--255, Oakland, May 2004. Full version.
R. Tamassia and N. Triandopoulos, On the Cost of Authenticated Data Structures, Technical Report, Brown University, 2003.
M. T. Goodrich, M. Shin, R. Tamassia, W. H. Winsborough, Authenticated dictionaries for fresh attribute credentials, Proc. Trust Management Conference, pages 332--347, Springer, LNCS 2692, 2003.
M. T. Goodrich, R. Tamassia, N. Triandopoulos and R. Cohen, Authenticated Data Structures for Graph and Geometric Searching, In Proceedings of RSA Conference - Cryptographers' Track (CT-RSA '03), pages 295--313, Springer, LNCS 2612, 2003.
D. J. Polivy and R. Tamassia, Authenticating Distributed Data using Web Services and XML Signatures, Proc. ACM Workshop on XML Security, ACM Press, 2002.
M. T. Goodrich, and R. Tamassia and J. Hasic, An Efficient Dynamic and Distributed Cryptographic Accumulator, Proc. Information Security Conference (ISC 2002) Lecture Notes in Computer Science, vol. 2433, Springer-Verlag, pp. 372-388, 2002.
R. Tamassia, Efficient Low-Cost Authentication of Distributed Data and Transactions, Conduit, vol. 10, no. 2, Department of Computer Science, Brown University, 2001.
A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia, Persistent Authenticated Dictionaries and Their Applications, Proc. Information Security Conference (ISC 2001), Lecture Notes in Computer Science, vol. 2200, Springer-Verlag, pp. 379-393, 2001.
M. T. Goodrich, R. Tamassia, and A. Schwerin, Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing, Proc. DARPA Information Survivability Conference and Exposition (DISCEX '01), IEEE Press, vol. 2, pp. 68-82, 2001.

Security and Privacy

Overview

Papers

Research Team

Faculty

Graduate Students

Undergraduate Students

External Collaborators