To see the other types of publications on this topic, follow the link: Cryptography – Research.
Dissertations / Theses on the topic 'Cryptography – Research'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 20 dissertations / theses for your research on the topic 'Cryptography – Research.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Mefford, Greg. "Side Channel Analysis Research Framework (SCARF)." University of Cincinnati / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1342463791.
Full text
2
Meihong, Li, Zhang Qishan, and Wang Jun. "RESEARCH AND IMPLEMENTATION OF MOBILE BANK BASED ON SSL." International Foundation for Telemetering, 2003. http://hdl.handle.net/10150/605837.
Full textAbstract:
International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada<br>SSL protocol is one industrial standard to protect data transferred securely on Internet. Firstly SSL is analyzed, according to its characteristics, one solution plan on mobile bank based on SSL is proposed and presented, in which GPRS technology is adopted and elliptic curve algorithm is used for the session key, finally several functional modules of mobile bank are designed in details and its security is analyzed.
3
Deligne, Eddy. "Hyperviseur de protection d'exécutables - Etude, développement et discussion." Phd thesis, Ecole Polytechnique X, 2014. http://pastel.archives-ouvertes.fr/pastel-00976713.
Full textAbstract:
Pour garantir la pérennité de l'entreprise, celle-ci doit souvent chercher des contrats à l'export. Dans le domaine de la Défense, ces contrats s'accompagnent souvent de transferts de technologie (ToT) vers le pays acquéreur. Ceux-ci sont partiels et un compromis est nécessaire entre la protection de la propriété industrielle, celle du secret national et les demandes du client. C'est dans ce contexte, et notamment au sein de DCNS que nous cherchons de nouvelles techniques de protection logicielles. Face aux échecs des différentes techniques de protections actuelles (obfuscations et packer) qui ne proposent que de ralentir la compréhension des données, une nouvelle approche de protection est envisagée. L'idée principale est de filtrer les accès mémoires des données identifiées comme sensibles. Cette solution, qui s'inscrit dans un environnement industriel défini (architecture Intel et système d'exploitation Linux), doit impacter au minimum le système et les applications fournis par DCNS. Nous proposons une architecture qui s'appuie sur les dernières technologies Intel et particulièrement sur la virtualisation matérielle. Celle-ci nous permet d'obtenir un haut niveau de privilège et de contrôler finement les applications. Notre solution permet de protéger les données exécutables des binaires de type ELF, dans les architectures 32 et 64 bits, sans modification du système cible. Nous détaillons les différentes étapes pour protéger l'exécution d'un processus (du chargement à son arrêt) ainsi que les problèmes rencontrés et les choix pour y remédier. Nous montrons également, à travers différentes mesures, l'efficacité d'une telle architecture et son faible impact sur les performances globales. Dans notre implémentation, seules les données exécutables sont protégées, nous proposons donc des pistes d'améliorations pour couvrir la totalité du binaire en mémoire. Et nous étudions les évolutions possibles pour intégrer notre protection dans une architecture de confiance et ainsi, renforcer sa persistance face aux attaques. Notre solution permet donc par construction d'interdire toutes les lectures et écritures des données exécutables sensibles et s'adapte à tous les systèmes d'exploitation Linux sans aucune modification du système.
4
Moulianitakis, Feidias, and Konstantinos Asimakopoulos. "Benchmarking Framework for Transparent Data Encryption Systems." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-75814.
Full textAbstract:
In the digital world of today, information is always at risk regardless of its state, at rest or in transit. Cryptography is the technology that promises to address the security issues that emerge. Hence, it was a reasonable consequence to introduce cryptography to databases. However, manually encrypting and decrypting data along with the key management is a burden for the regular user of a database. The need for removing this burden gave birth to Transparent Data Encryption (TDE). TDE technology is widely available nowadays and a number of vendors have developed their own solutions for protecting data at rest in a transparent way to the end user. However, cryptographic operations are resource intensive and introduce an overhead to the computational operations. The burden of cryptographic operations has drawn the interest of both academia and the industry for a long time before TDE appeared on the horizon. Hence, a lot of research has been done to measure the performance impact of those operations. Despite the extensive study for the performance of cryptographic algorithms, the performance of the TDE systems and the add-on computational burden for the introduced encryption has not yet been studied thoroughly. As a result, the current Thesis project tries to develop a theoretical benchmarking framework that evaluates the performance of Transparent Data Encryption systems. The study is conducted utilizing the Design Research methodology. The developed benchmarking framework focuses on the basic performance metrics of TDE systems, Elapsed time, CPU time and Hard Disk memory consumption. These metrics are calculated for varying key lengths, encryption algorithms and table sizes. The framework follows a five - step procedure that includes the creation of topology - lab environment, creation of databases and definition of scenarios, activation of TDE feature, sequencial execution of scenarios and analysis of the results. The developed framework is evaluated by applying it on real TDE systems.
5
Gutmann, Peter. "The Design and Verification of a Cryptographic Security Architecture." Thesis, University of Auckland, 2000. http://hdl.handle.net/2292/2310.
Full textAbstract:
A cryptographic security architecture constitutes the collection of hardware and software which protects and controls the use of encryption keys and similar cryptovariables. This thesis presents a design for a portable, flexible high-security architecture based on a traditional computer security model. Behind the API it consists of a kernel implementing a reference monitor which controls access to security-relevant objects and attributes based on a configurable security policy. Layered over the kernel are various objects which abstract core functionality such as encryption and digital signature capabilities, certificate management and secure sessions and data enveloping (email encryption). The kernel itself uses a novel design which bases its security policy on a collection of filter rules enforcing a cryptographic module-specific security policy. Since the enforcement mechanism (&e kernel) is completely independent of the policy database (the filter rules), it is possible to change the behaviour of the architecture by updating the policy database without having to make any changes to the kernel itself. This clear separation of policy and mechanism contrasts with current cryptographic security architecture approaches which, if they enforce controls at all, hardcode them into the implementation, making it difficult to either change the controls to meet application-specific requirements or to assess and verify them. To provide assurance of the correctness of the implementation, this thesis presents a design and implementation process which has been selected to allow the implementation to be verified in a manner which can reassure an outsider that it does indeed function as required. In addition to producing verification evidence which is understandable to the average user, the verification process for an implementation needs to be fully automated and capable of being taken down to the level of running code, an approach which is currently impossible with traditional methods. The approach presented here makes it possible to perform verification at this level, something which had previously been classed as "beyond Al" (that is, not achievable using any known technology). The versatility of the architecture presented here has been proven through its use in implementations ranging from l6-bit microcontrollers through to supercomputers, as well as a number of unusual areas such as security modules in ATMs and cryptographic coprocessors for general-purpose computers.<br>Note: Updated version of the thesis now published as Gutmann, P (2004). Cryptographic security architecture: design and verification. New York: Springer. ISBN 9780387953876.
6
Pfennig, Stefan, and Elke Franz. "Comparison of Different Secure Network Coding Paradigms Concerning Transmission Efficiency." Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2014. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-145096.
Full textAbstract:
Preventing the success of active attacks is of essential importance for network coding since even the infiltration of one single corrupted data packet can jam large parts of the network. The existing approaches for network coding schemes preventing such pollution attacks can be divided into two categories: utilize cryptographic approaches or utilize redundancy similar to error correction coding. Within this paper, we compared both paradigms concerning efficiency of data transmission under various circumstances. Particularly, we considered an attacker of a certain strength as well as the influence of the generation size. The results are helpful for selecting a suitable approach for network coding taking into account both security against pollution attacks and efficiency.
7
Pfennig, Stefan, and Elke Franz. "Comparison of Different Secure Network Coding Paradigms Concerning Transmission Efficiency." Technische Universität Dresden, 2013. https://tud.qucosa.de/id/qucosa%3A28134.
Full textAbstract:
Preventing the success of active attacks is of essential importance for network coding since even the infiltration of one single corrupted data packet can jam large parts of the network. The existing approaches for network coding schemes preventing such pollution attacks can be divided into two categories: utilize cryptographic approaches or utilize redundancy similar to error correction coding. Within this paper, we compared both paradigms concerning efficiency of data transmission under various circumstances. Particularly, we considered an attacker of a certain strength as well as the influence of the generation size. The results are helpful for selecting a suitable approach for network coding taking into account both security against pollution attacks and efficiency.
8
Dyer, Kevin Patrick. "Novel Cryptographic Primitives and Protocols for Censorship Resistance." PDXScholar, 2015. https://pdxscholar.library.pdx.edu/open_access_etds/2489.
Full textAbstract:
Internet users rely on the availability of websites and digital services to engage in political discussions, report on newsworthy events in real-time, watch videos, etc. However, sometimes those who control networks, such as governments, censor certain websites, block specific applications or throttle encrypted traffic. Understandably, when users are faced with egregious censorship, where certain websites or applications are banned, they seek reliable and efficient means to circumvent such blocks. This tension is evident in countries such as a Iran and China, where the Internet censorship infrastructure is pervasive and continues to increase in scope and effectiveness.
An arms race is unfolding with two competing threads of research: (1) network operators' ability to classify traffic and subsequently enforce policies and (2) network users' ability to control how network operators classify their traffic. Our goal is to understand and progress the state-of-the-art for both sides. First, we present novel traffic analysis attacks against encrypted communications. We show that state-of-the-art cryptographic protocols leak private information about users' communications, such as the websites they visit, applications they use, or languages used for communications. Then, we investigate means to mitigate these privacy-compromising attacks. Towards this, we present a toolkit of cryptographic primitives and protocols that simultaneously (1) achieve traditional notions of cryptographic security, and (2) enable users to conceal information about their communications, such as the protocols used or websites visited. We demonstrate the utility of these primitives and protocols in a variety of real-world settings. As a primary use case, we show that these new primitives and protocols protect network communications and bypass policies of state-of-the-art hardware-based and software-based network monitoring devices.
9
Chaffe, Tomas. "The Secret Writer." Thesis, Konstfack, Institutionen för Konst (K), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:konstfack:diva-3980.
Full textAbstract:
This essay reflects a particular method and way of working that I employ when undertaking artistic research. My artworks are rooted and develop from the situation I find myself in as an artist, the very context I exhibit the work within. I do this by trying to understand this position, both on the micro and macro scale. As an artist currently studying at—and subsequently exhibiting in relation to— Konstfack, I base my research with the physical manifestation of the school. An imposing building that was part of a huge headquarters and factory site for the telecommunication company, Ericsson, in south Stockholm. The title of my essay is from the translation of a unique German cipher machine, the Geheimschreiber, made known to me through enquiry into this site. Throughout the Second World War the German army used this machine to send highly encrypted military messages across Swedish telephone cables. Following one of the greatest accomplishments in the history of cryptography, a Swedish mathematician broke this German code and subsequently assisted in designing a deciphering machine on behalf of the Swedish Intelligence branch. This device, known as the App, was secretly developed and manufactured by Ericsson, possibly where I now study. In exploring the theme of secrets, this essay originates from an underpinning desire and subject of my work to reveal what is concealed or overlooked. Through researching and writing this essay I attempt to have a better understanding on the notion of secrets, in both the private and public realms. Introducing the artistic process and situation I am working from, I explore the central role that secrets play within society. In order to understand secrecy today I introduce the intertwined and associated contemporary debates of privacy, (both private and public) and transparency through such subjects as Google’s new privacy policy, mobile phone hacking, WikiLeaks and offshore banking.
10
Fujdiak, Radek. "Analýza a optimalizace datové komunikace pro telemetrické systémy v energetice." Doctoral thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2017. http://www.nusl.cz/ntk/nusl-358408.
Full textAbstract:
Telemetry system, Optimisation, Sensoric networks, Smart Grid, Internet of Things, Sensors, Information security, Cryptography, Cryptography algorithms, Cryptosystem, Confidentiality, Integrity, Authentication, Data freshness, Non-Repudiation.
11
Lin, Shin-Guo, and 林新國. "Research of Multi-Secret Sharing Using Visual Cryptography." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/10396132706705115003.
Full textAbstract:
碩士<br>明志科技大學<br>電機工程研究所<br>100<br>This thesis arms to research the multi-secret sharing mechanism of visual cryptography, using traditional extended visual cryptography and random grid visual cryptography to conduct multi-secret sharing, and designed to the password management system of visual cryptography. The mechanism of visual cryptography enter the passwords of required remember into the password management system, as well as generated two homologous images (share1 and share2), also stored in mobile devices and homologous safety equipment. Through wireless transmission, users can superimposing share1 and share2 images to obtain password. The same share1 image can to homologize different safety equipment of share2 image, and produce different management of password, hence password achieve simple and high-security management.
12
Lin, Yiming, and 林易民. "A Research of Visual Cryptography on XML Platform." Thesis, 2002. http://ndltd.ncl.edu.tw/handle/60790336399281330368.
Full textAbstract:
碩士<br>國立臺灣師範大學<br>資訊教育研究所<br>90<br>With the rapid-growing popularity of Internet, XML (Extensible Markup Language) becomes an important technical standard on World Wide Web. But the research of security on XML platform is not matured yet which can not provide necessary message security mechanism on Internet. In our research, we propose a secure information exchanging model which is called “X-Secure”. It has three main features. (1) By combining Visual Cryptography and XML Encryption Syntax, it provides the secure sharing mechanism which XML Encryption Syntax lacks. (2) We propose a novel encryption scheme (which is) called “Hybrid Encryption” and the scheme enables both men and computers to recognize the cipher text (which is) encrypted by Visual Cryptography. (3) Our Scheme includes PKI (Public Key Infrastructure) and Kerberos which provides a distributed security communication protocol on XML platform.
13
朱秋香. "A Research on Visual Cryptography Model for Protecting Grey-Level Images." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/92334265187823882070.
Full textAbstract:
碩士<br>育達商業技術學院<br>資訊管理所<br>92<br>In recent years, internet and information technology are applied widely and developed fast. People can use it easily to search and get digital information. But it would be tamper readily with people. And it’ll bring many encroach upon the copyright’s issues, hence the major problems of the copyright had have been discussed.
The visual cryptography was proposed by M.Naor and A.Shamir in 1994. Their objective used the human identification scheme to decrypt. In the past Y.C. Hou and B.C. Sheng researched in this ambit, they combined the visual cryptography and the watermarking moreover the visual cryptography was able to use it in image of gray level. Although this method could put the watermarking into the image of gray level and get the secret information by visual cryptography. However, if the watermarking was inserted in the image sections which had seldom changes. The part of the images would be shown up the “outline” of the watermarking and decrease the secret of information. This thesis proposes the model of improvement visual cryptography and proves to progress the defects of the watermarking’s outline on the gray level of visual cryptography.
Our improvement visual cryptography model is using the asymmetry. The model is able to modify the pixel and hide the outline. It observes the irregular rules of visual cryptography. This technology was proved from our experiments. Moreover, this research was improving the Y.C. Hou and B.C. Sheng’s shortcoming of Visual Cryptography gray level. Finally, it’ll make sure the classified information of the watermarking and reach the target which is the announcement copyright and protects the copyright.
14
Hsu, Hsiao Pin, and 許筱萍. "The Type of Camouflaged Style in Spatial Research - Focused on the Cryptography." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/10723723534685664576.
Full textAbstract:
碩士<br>國立臺南藝術大學<br>建築藝術研究所<br>98<br>In reviewing the history of development of architecture, we could find that after the basic installation demands from architecture were satisfied, it would turn to decorative vocabulary symbolizing times and develop various forms and styles of architecture. However, the evolution of architecture is based on the breakthrough of predecessors’ thinking that it is important to construct a set of rules for changing existed forms and style of architecture. The changes could not only enhance spatial interest as well as evolve the styles of architecture to continue the styles of architecture but also realize the co-existence and the compromise of the styles in different regions and integrate them into environments.
Given that the encryption theory in cryptography is also based on the manipulation of human visual inertia and the contravention of general cognition to encrypt that will diversity the cipher text, the encryption theory has effects of form reforms. So the extraction of encryption model may act as a reference to help the architecture in the development of building form of “Camouflaged Style” to create a new vision.
Therefore, the research analyzed the encryption model of cryptography and combined with the types of operating elements of “encryption clear-text” and “architecture style” and parallel and analogue construction of formation model that would act as the base of follow-up operation methods. In the meantime, through the reorganization of the theories including the “Syntactic theory” of architecture in the principles of visual illusion, art systems and post-modern architecture, and verification and confirmation by a lot of cases, the research formed a set of encryption rules in the operation systems of the formation model of spatial element of “deformation” and the constitutive model of spatial organization of “sequence change” that would establish the procedure system of encryption of spatial “style” of architecture. The system would be realized and applied to the spatial operation to create the possibility of encryption of style and formation.
15
Ling, Jie. "Smart card fault attacks on public key and elliptic curve cryptography." Thesis, 2014. http://hdl.handle.net/1805/5967.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)<br>Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.
16
Sheriff, Ray E. "The 2013 Electronics and Telecommunications Research Seminar Series: 12th Workshop Proceeedings." 2013. http://hdl.handle.net/10454/5560.
Full textAbstract:
yes<br>This is the twelfth workshop to be organised under the postgraduate programmes in electrical and electronic engineering (EEE). In total, thirty-four papers from forty-nine submissions have been selected for the Proceedings. The Proceedings comprises eleven themes, which reflect today's research agenda.
17
Yu, Min-Chieh. "A secure mobile agent e-commerce protocol." Thesis, 2015. http://hdl.handle.net/1805/10117.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)<br>There are many advantages of mobile agent such as delegation of tasks, asynchronous processing, adaptable service in interfaces, and code shipping. Mobile agents can be utilized in many areas such as electronic commerce, information retrieval, network management, etc. The main problem with mobile agents is security. The three basic security design goals of a system are confidentiality, integrity, and availability. The goal of this thesis concerns the property of secure purchasing by mobile agents. First present Jalal's anonymous authentication protocol. Next, we construct our single mobile agent protocol based on Jalal's authentication technique. Also, we add some addition cryptography techniques to make the data more secure during its migration. Lastly, we build a multiple mobile agent protocol based on the single mobile agent protocol. Here, the multiple mobile agents are capable to make the decision and purchase the item for user.
18
Hung, Ying-Hao, and 洪英豪. "A Research on Certificateless Cryptographic Schemes." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/ckcje9.
Full textAbstract:
博士<br>國立彰化師範大學<br>數學系<br>105<br>Certificateless public-key cryptography (CL-PKC) was introduced to simultaneously solve two important problems in public-key cryptographies (PKC). One is the key escrow problem in ID-based public-key cryptography (ID-PKC) and the other is to eliminate the need of certificates in traditional PKC. In the past, the study of CL-PKC has received significant attention from researchers and numerous cryptographic primitives have been presented such as certificateless encryption (CLE) and certificateless signature (CLS). Indeed, the main cryptographic primitives of the PKC are signatures and encryptions. However, to improve the security and to increase the application of above cryptographic primitives, there was little work on several important topics and applications such as revocable property (revocable short signature), strong security (strong unforgeability without random oracle) and CLE application (anonymous multireceiver encryption).
In the thesis, we first present an efficient revocable certificateless short signature (RCLSS) scheme in the random oracle model, which provides a public revocation mechanism to revoke misbehaving/compromised users and enjoys low communication bandwidth. Then, to improve the security of CLS schemes, we propose a secure CLS scheme without random oracles under the generally adopted security model. Meanwhile, we demonstrate that our CLS scheme possesses strong unforgeability under adaptive chosen-message attacks. Moreover, we extend the CLE schemes and address the issue on both receiver anonymity and multireceiver to propose anonymous multireceiver certificateless encryption (AMCLE) scheme, in which the required decryption cost of each receiver is constant and independent of the number of receivers. Under related assumptions and adversary models, we formally prove that the proposed schemes mentioned above are semantically secure.
However, the security of the mostly previous CLS schemes is based on the hardness of integer factorization or discrete logarithm problems. These two problems would be solved by quantum computers in the future so that the signature schemes based on them will also become insecure. Fortunately, lattice-based cryptography is one of the main candidates for post-quantum cryptography. In this thesis, we address the revocation problem and propose the first revocable CLS (RCLS) scheme over lattices. Based on the short integer solution (SIS) assumption over lattices, we demonstrate that our lattice-based RCLS scheme possesses existential unforgeability against adaptive chosen message attacks.
19
Li, Yuan-Fu, and 李元輔. "A research on security analyses of cryptographic protocols." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/rcwytw.
Full textAbstract:
碩士<br>國立臺中科技大學<br>資訊工程系碩士班<br>101<br>With the rapid development of the Internet technologies recently, various kinds of business activities are done via the Internet for convenience. How to protect the security of users and these activities becomes an important issue. As a result, many e-commerce applications and user authentication schemes have been proposed. In this study, we first introduce three representative schemes for e-commerce applications and user authentication schemes, respectively. The first scheme is an electronic cash scheme providing anonymity revocation proposed by Chen et al. in 2011. Chen et al.’s scheme provides user anonymity and makes a trusted third party able to find the e-cash owner for some special issues to prevent e-cash from being misused. Second, Parakh and Kak proposed two secret sharing schemes for implicit data security in 2011. Parakh and Kak claimed that their secret sharing schemes achieved implicit data security while providing potential space efficiency. The third scheme is a Rabin-cryptosystem-based remote user authentication scheme proposed by Kim et al. in 2011. Kim et al. claimed that their scheme could resist various attacks.
However, we find that Chen et al.’s electronic cash scheme suffers from a fatal flaw. Via the security flaw, a malicious merchant can abuse a payer’s e-cash easily and will not be traced by the trustee. Instead, the legal payer’s identity will be traced because only the customer’s identity is embedded in the e-cash and mutual authentication is not ensured in payment phase. Parakh and Kak’s secret sharing schemes suffer from degree degeneration. This flaw may fatally damage their schemes because the shared secret can be retrieved when the number of involved shareholders is less than the legality threshold. On the other hand, when a user wants to change his/her password in Kim et al.’s authentication scheme, an attacker can intercept the message and send a fabricated message to user without being noticed. After password change phase, a legal user cannot be authenticated by the remote server successfully. Thereupon, the legal user cannot login to the server. In this study, the found security flaws will be shown in detail, and some suggestions and an improvement will be given.
20
Rangwala, Mohammed M. "Secure Digital Provenance: Challenges and a New Design." Thesis, 2014. http://hdl.handle.net/1805/6051.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)<br>Derived from the field of art curation, digital provenance is an unforgeable record of a digital object's chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data.
Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.