Publications

Overview

2017

2016

2015

2014

2013

Detailed

Title:
Secure FPGA as a Service – Towards Secure Data Processing by Physicalizing the Cloud

Authors:
Mark A. Will and Ryan K. L. Ko

Conference:
IEEE TrustCom-17, The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Download:
PDF

Abstract:
Securely processing data in the cloud is still a difficult problem, even with homomorphic encryption and other privacy preserving schemes. Hardware solutions provide additional layers of security and greater performance over their software alternatives. However by definition the cloud should be flexible and adaptive, often viewed as abstracting services from products. By creating services reliant on custom hardware, the core essence of the cloud is lost. FPGAs bridge this gap between software and hardware with programmable logic, allowing the cloud to remain abstract. FPGA as a Service (FaaS) has been proposed for a greener cloud, but not for secure data processing. This paper explores the possibility of Secure FaaS in the cloud for privacy preserving data processing, describes the technologies required, identifies use cases, and highlights potential challenges.


Title:
Anonymous Data Sharing Between Organisations with Elliptic Curve Cryptography

Authors:
Mark A. Will, Ryan K. L. Ko and Silvino J. Schlickmann

Conference:
TrustWSN 2017 (3rd IEEE International Workshop on Trust and Security in Wireless Sensor Networks) at IEEE TrustCom-17, The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Download:
PDF

Abstract:
Promoting data sharing between organisations is challenging, without the added concerns over having actions traced. Even with encrypted search capabilities, the entities digital location and downloaded information can be traced, leaking information to the hosting organisation. This is a problem for law enforcement and government agencies, where any information leakage is not acceptable, especially for investigations. Anonymous routing is a technique to stop a host learning which agency is accessing information. Many related works for anonymous routing have been proposed, but are designed for Internet traffic, and are over complicated for internal usage. A streaming design for circuit creation is proposed using elliptic curve cryptography. Allowing for a simple anonymous routing solution, which provides fast performance with source and destination anonymity to other organisations.


Title:
Visualizing the New Zealand Cyber Security Challenge for Attack Behaviours

Authors:
Jeffery Garae, Ryan K. L. Ko, Janice Kho, Saidah Suwadi, Mark A. Will and Mark Apperley

Conference:
WCSF 2017 (The 3rd IEEE International Workshop on Cloud Security and Forensics) at IEEE TrustCom-17, The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Download:
PDF

Abstract:
Datasets are important for security analytics and mitigation processes in cyber security research and investigations. “Cyber security challenge (CSC)” events provide the means to collect datasets. The New Zealand National cyber security challenge event is designed to promote cyber security education, awareness and equally as important, collect datasets for research purposes. In this paper, we present the: (1) Importance of cyber security challenge events, (2) Highlight the importance of collecting datasets, and (3) present a user-centric security visualization model of attack behaviors. User-centric features with the theoretical concept of Data Provenance as a Security Visualization Service (DPaaSVS) are used to display attacks commencing at the reconnaissance stage through to compromising a defending team machine and exploiting the systems. DPaaSVS creates the ability for users to interact and observe correlations between cyber-attacks. Finally we provide future work on Security Visualization with Augmented Reality capabilities to enhance and improve user interactions with the security visualization platform.


Best Paper Award.

Title:
Returning Control of Data to Users with a Personal Information Crunch – A Position Paper

Authors:
Mark A. Will, Jeffery Garae, Yu Shyang Tan, Craig Scoon and Ryan K. L. Ko

Conference:
ICCCRI2017, International Conference on Cloud Computing Research and Innovation (Link)

Best Paper Award

Download:
PDF (Import into BibTeX)

Abstract:
With the data universe expanding to uncontrollable limits, we are losing control of our personal information. From online purchases to movie streaming, we are giving vendors more and more information, such that our privacy is at stake. Hackers and third-parties can gain access to this information, putting us at risk to a number of attacks. The current model where every online vendor has personal information, such as name, addresses and date of birth should be reconsidered. A user needs to have full or at least more control over their personal data, and who has access to it. This paper presents alternatives to vendors having all of a users personal information and raises many concerns about the current state of play. A simple model is proposed where personal information is stored on the users mobile device, and requested by vendors when needed. Information can then be given in either a private or trusted manor, and encrypted responses can be cached by a relay service. Vendors should only use the data inflight, and never store personal information. This provides the user with data provenance and access control, while providing the vendor with accountability and enhanced security.


Title:
Privacy Preserving Computation by Fragmenting Individual Bits and Distributing Gates

Authors:
Mark A. Will, Ryan K. L. Ko and Ian H. Witten

Conference:
IEEE TrustCom-16, The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (Link)

Download:
PDF (Import into BibTeX)

Abstract:
Solutions that allow the computation of arbitrary operations over data securely in the cloud are currently impractical. The holy grail of cryptography, fully homomorphic encryption, still requires minutes to compute a single operation. In order to provide a practical solution, this paper proposes taking a different approach to the problem of securely processing data. FRagmenting Individual Bits (FRIBs), a scheme which preserves user privacy by distributing bit fragments across many locations, is presented. Privacy is maintained by each server only receiving a small portion of the actual data, and solving for the rest results in a vast number of possibilities. Functions are defined with NAND logic gates, and are computed quickly as the performance overhead is shifted from computation to network latency. This paper details our proof of concept addition algorithm which took 346ms to add two 32-bit values – paving the way towards further improvements to get computations completed under 100ms.


Title:
Computing Mod with a Variable Lookup Table

Authors:
Mark A. Will and Ryan K. L. Ko

Conference:
SSCC’16, International Symposium on Security in Computing and Communication

Abstract:
Encryption algorithms are designed to be difficult to break without knowledge of the secrets or keys. To achieve this, the algorithms require the keys to be large, with some having a recommend size of 2048- bits or more. However most modern processors only support computation on 64-bits at a time. Therefore standard operations with large numbers are more complicated to implement. One operation that is particularly challenging to efficiently implement is modular reduction. In this paper we propose a highly-efficient algorithm for solving large modulo operations; it has several advantages over current approaches as it supports the use of a variable sized lookup table, has good spatial and temporal locality allowing data to be streamed, and only requires basic processor instructions. Our proposed algorithm is theoretically compared to widely used modular algorithms, and shows improvements over other algorithms using predefined lookup tables.


Best Paper Award.

Title:
Secure Voting in the Cloud using Homomorphic Encryption and Mobile Agents

Authors:
Mark A. Will, Brandon Nicholson, Marc Tiehuis and Ryan K. L. Ko

Conference:
ICCCRI2015, International Conference on Cloud Computing Research and Innovation (Link)

Best Paper Award

Download:
PDF (Import into BibTeX)

Abstract:
While governments are transitioning to the cloud to leverage efficiency, transparency and accessibility advantages, public opinion – the backbone of democracy – is being left behind. Statistics show that traditional paper voting is failing to reach the technological-savvy generation, with voter turnout decreasing every election for many first-world countries. Remote electronic voting is a possible solution facilitator to this problem, but it still faces several security, privacy and accountability concerns. This paper introduces a practical application of partially homomorphic encryption to help address these challenges. We describe a cloud-based mobile electronic voting scheme, evaluating its security against a list of requirements, and benchmarking performance on the cloud and mobile devices. In order to protect voter privacy, we propose moving away from a public bulletin board so that no individual cipher votes are saved, while still allowing vote verification. As the majority of the security threats faced by electronic voting are from the underlying system, we also introduce the novel concept of using a dedicated hardware server for homomorphic tallying and decryption.


Title:
Bin Encoding: A User-Centric Secure Full-Text Searching Scheme for the Cloud

Authors:
Mark A. Will, Ryan K. L. Ko and Ian H. Witten

Conference:
IEEE TrustCom-15, The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (Link)

Download:
PDF (Import into BibTeX)

Abstract:
Permitting users to search encrypted documents presents cloud storage providers with interesting challenges. Existing solutions target large corporations rather than individual users of the cloud. In order to serve all users, we propose a way of shifting most of the computational complexity from the client to the cloud by building and managing the index there, while ensuring that only the client can access the plaintext. This allows more sophisticated indexing and search ranking schemes to be implemented, including approximate search with multiple errors. Our method uses a many-to-one encoding scheme called “Bin Encoding”, and this paper analyses its cryptographic strength against letter-frequency and dictionary attacks.


Title:
Chapter 5 – A Guide to Homomorphic Encryption

Authors:
Mark A. Will and Ryan K. L. Ko

Book:
The Cloud Security Ecosystem, 1st Edition, Technical, Legal, Business and Management Issues
(Link)

Abstract:
Traditional cryptography techniques require our data to be unencrypted to be processed correctly. This means that at some stage on a system we have no control over, our data will be processed in plaintext. Homomorphic encryption or specifically, fully homomorphic encryption is a viable solution to this problem. It allows encrypted data to be processed as if it were in plaintext and will produce the correct value once decrypted. While many know that homomorphic encryption promises to be an ideal solution to trust, security, and privacy issues in cloud computing, few actually knows how it works and why it is not yet a practical solution despite its promises. This chapter serves as a much needed primer on current homomorphic encryption techniques, discusses about several practical challenges, and introduces workarounds proposed by practitioners and researchers to overcome these challenges.


Title:
Progger: An Efficient, Tamper-Evident Kernel-Space Logger for Cloud Data Provenance Tracking

Authors:
Ryan K. L. Ko and Mark A. Will

Conference:
IEEE CLOUD 2014, 7th IEEE International Conference on Cloud Computing (Link)

Download:
PDF (Import into BibTeX)

Abstract:
Cloud data provenance, or “what has happened to my data in the cloud”, is a critical data security component which addresses pressing data accountability and data governance issues in cloud computing systems. In this paper, we present Progger (Provenance Logger), a kernel-space logger which potentially empowers all cloud stakeholders to trace their data. Logging from the kernel space empowers security analysts to collect provenance from the lowest possible atomic data actions, and enables several higher-level tools to be built for effective end-to-end tracking of data provenance. Within the last few years, there has been an increasing number of proposed kernel space provenance tools but they faced several critical data security and integrity problems. Some of these prior tools’ limitations include (1) the inability to provide log tamper-evidence and prevention of fake/ manual entries, (2) accurate and granular timestamp synchronisation across several machines, (3) log space requirements and growth, and (4) the efficient logging of root usage of the system. Progger has resolved all these critical issues, and as such, provides high assurance of data security and data activity audit. With this in mind, the paper will discuss these elements of high-assurance cloud data provenance, describe the design of Progger and its efficiency, and present compelling results which paves the way for Progger being a foundation tool used for data activity tracking across all cloud systems.


Title:
Real-Time Image Processing

Author:
Mark A. Will

Published
The University Of Waikato – COMP520 2013 Honours Thesis

Download:
PDF

Abstract:
For thousands of years engineers have dreamed of building machines with vision capabilities that match their own. However most image processing algorithms are computationally intensive making real-time implementation difficult, expensive and not usually possible with microprocessor based hardware. In this project a computationally intensive image-processing algorithm is implemented, analysed, and optimised for an ARM Cortex-A9 microprocessor. The highly optimised code is then further accelerated by using state-of-the-art Xilinx devices which package an ARM Cortex-A9 and reconfigurable logic on the same chip, to offload the most computationally intense functions into reconfigurable logic, improving performance and power usage without drastically increasing development time.