Learn More
Security is important for many sensor network applications. A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack [6], where a node illegitimately claims multiple identities. This paper systematically analyzes the threat posed by the Sybil attack to wireless sensor networks. We demonstrate that the attack can be(More)
We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM requires log^2 N / log X bandwidth overhead for block size B = X log N. For block sizes bigger than(More)
We consider how an untrusted data aggregator can learn desired statistics over multiple participants’ data, without compromising each individual’s privacy. We propose a construction that allows a group of participants to periodically upload encrypted values to a data aggregator, such that the aggregator is able to compute the sum of all participants’ values(More)
We take an important step forward in making Oblivious RAM (O-RAM) practical. We pro-<lb>pose an O-RAM construction achieving an amortized overhead of 20 ∼ 35X (for an O-RAM<lb>roughly 1 terabyte in size), about 63 times faster than the best existing scheme. On the theoretic<lb>front, we propose a fundamentally novel technique for constructing Oblivious(More)
In this paper we propose BIND (binding instructions and data), a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and(More)
We design an encryption scheme called multi-dimensional range query over encrypted data (MRQED), to address the privacy concerns related to the sharing of network audit logs and various other applications. Our scheme allows a network gateway to encrypt summaries of network flows before submitting them to an untrusted repository. When network intrusions are(More)
Predicate encryption is a new encryption paradigm which gives a master secret key owner fine-grained control over access to encrypted data. The master secret key owner can generate secret key tokens corresponding to predicates. An encryption of data x can be evaluated using a secret token corresponding to a predicate f ; the user learns whether the data(More)
We ask the question: how can Web sites and data aggregators continually release updated statistics, and meanwhile preserve each individual user&#8217;s privacy? Suppose we are given a stream of 0&#8217;s and 1&#8217;s. We propose a differentially private continual counter that outputs at every time step the approximate number of 1&#8217;s seen thus far. Our(More)
We propose a primitive, called Pioneer, as a first step towards verifiable code execution on untrusted legacy hosts. Pioneer does not require any hardware support such as secure co-processors or CPU-architecture extensions. We implement Pioneer on an Intel Pentium IV Xeon processor. Pioneer can be used as a basic building block to build security systems. We(More)