Current projects

Blockchains, a decentralized peer-to-peer (P2P) ledger system, can provide trusted consen- sus, computation, and immutable data between untrusted entities. The goal of blockchain privacy is to protect sender privacy, receiver privacy, and/or provide confidential transac- tions. Since Bitcoin, there are a number of research articles for blockchain privacy. Notable approaches are to use ring signatures [RST01] to achieve sender privacy and stealth addresses for receiver privacy (e.g., the Monero cryptocurrency).

Introduction

As the easiest and cheapest way of authenticating an end user, password-based authentication methods have been consistently employed by organizations and businesses as the default mechanism of restricting and monitoring access. The increased adoption of cloud applications and third-party services within an enterprise generally requires employees to keep track of a number of user names and passwords on a daily basis. The fact that employees need to remember multiple login credentials has incurred significant costs for an enterprise due to the increasing number of help desk calls for pass- word reset. Moreover, the current practice of using multiple user names and passwords in enterprises is also exposing the business to more opportunities for security breaches, as demonstrated by recent password leaks in big brands such as Apple, Adobe, and LinkedIn.

Motivation

Lightweight cryptography has been investigated in the literature for over a decade. Many symmetric key primitives such as block ciphers, stream ciphers, hash functions, and pseudorandom generators have been proposed. Recently, The National Institute of Standards and Technology (NIST) has put effort towards standardization for lightweight cryptographic algorithms. The goal of lightweight cryptography is to provide security and privacy in resource-constrained applications, embedded systems, and Internet-of-Things (IoT) including Radio Frequency Identification (RFID) systems, wireless sensor networks, and vehicle ad-hoc networks.

Introduction

A blockchain is a decentralized peer-to-peer (P2P) ledger system introduced for the Bitcoin cryptocurrency in 2008, and deployed for many other cryptocurrencies. Notable extensions include Ethereum smart contracts, Ripple’s consensus protocol, etc.. A blockchain, permissionless and permissioned, with its decentralized feature and immutable data makes it potentially applicable to numerous scenarios where value or data is transferred/shared, stored and processed. There are two fundamental challenge problems in blockchain technology. One is the scalability in consensus protocols of blockchain networks for updating the ledger which can resist to attacks on P2P network systems (e.g., Sybil attacks, routing attacks, etc.), and the second is how to provide a certain degree of sender/receiver and transaction privacy required for some applications (e.g., banking, heath care, and supply chain management applications), although transaction transparency is the powerhouse of trust in blockchains.

Introduction

The Internet-of-Things (IoT) is a world-wide collection of networks of physical objects, sensors, actuators, and computers. IoT devices are distinguished from conventional computers in both their structure and behaviour. They have limited memory and computational resources, are used in specific application domains, and use specialized network protocols. There is consensus that one) IoT will continue to grow by approximately 20 percent per year, and two) the greatest risks for IoT are security, scalability, and reliability.

Other initiatives

Abstract

With the emergence of the 3G (third-generation) networks for mobile communications, data security becomes even more important. Designing cryptosystems that meet both the power contraints and computing constraints of mobile units is very challenging. The GH-PKC reduces the size of the modulus and speeds up the computations of the same degree of security as existing cryptosystems. Our research focus is on software implementation of the GH-PKC and analysis on its performance over the existing cryptosystems.

Abstract

Current authentication technologies are commonly based asymmetric encryption techniques such as digital signatures. To be able to employ these techniques requires a significant amount of computing resources, which are uncommon to many lightweight mobile devices such as cell phones and personal digital assistants (PDAs). It is therefore currently infeasible or uneconomical to implement mutual authentication services between these devices. A new protocol called “Controlled Proxy-Assisted Secure End-to-End Communication Protocol” was proposed by Professor Hung-Yu Lin to solve the problem. The goal of a Fourth Year Design Project at the University of Waterloo of Jimmy Choi, Kenneth Choi, Kenric Li, and Truman Ng supervised by Prof. Guang Gong, was to build a secure communication system that employs such proxy-assisted protocol as illustrated in figure four.

Abstract

We propose a new synchronous stream cipher, called WG (Welch-Gong) cipher. The cipher is based on WG transformations. The WG cipher has been designed to produce keystream with guaranteed randomness properties, i.e., balance, long period, large and exact linear complexity, three level additive autocorrelation, and ideal two level multiplicative autocorrelation. It is resistant to time/memory/data tradeoff attacks, algebraic attacks and correlation attacks. The cipher can be implemented with a small amount of hardware.

Motivation

Recently many people in the media, industry, and academia are talking about ubiquitous computing and ad hoc networking, but it seems that everybody has a different understanding of the topic. Some people associate ad hoc networks with Personal Area Networks (PANs), as for instance wireless communications among PDA's, cellular phones, and laptops using the Bluetooth protocol, whereas others might imagine military applications, such as exploring enemy territory by the use of sensor networks. The number of applications are countless.

Completed projects

Introduction

As cloud computing and mobile computing continue to become more widely adopted, there is an ever increasing demand for efficient transmission and storage of data. Compression is widely used in Internet-based information systems to satisfy these demands. At the same time, as our daily lives become ever more reliant upon this digital infrastructure, protecting the security and privacy of data becomes a pervasive necessity. Even when a system is built from secure cryptographic algorithms, the protection provided by these algorithms can be compromised at the system level when pre- or post-processing operations, such as compression, are used in conjunction with encryption and authentication. The two recent attacks CRIME and BREACH demonstrated that conventional techniques for combining compression and encryption are susceptible to "compression side-channel" attacks. The only effective remedy is to disable compression for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and HTTPS communication, which almost 90 percent of web sites have done.