Fingerprint Agreement Using Enhanced Kerberos Authentication Protocol on M-Health

Cloud computing becomes an important application development platform for processing user data with high security. Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner. Thus, ensuring the security and confidentiality of the data while processing in the centralized network is very difficult. The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network. Intruders are very active over the network like real authenticated user to hack the personal sensitive data, such as bank balance, health data, personal data, and confidential documents over the cloud network. In this research, a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare. Conditions of patients are monitored using wireless sensor devices and are then transferred to the server. Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network. Biometric security process is a procedure with the best security in most of the authentication field. Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network. The Kerberos protocol is used in trust node to ensure security. Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form, which refers to the fingerprint image of both sender and receiver. The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.     

基于跨层优化资源分配的图像流认证方法

图像流认证的丢包鲁棒性问题是图像认证研究的难题之一。现有的流级认证算法通常是在信源-信道分离编码条件下针对某种特定的图像编码方式而设计的,在抵抗丢包能力方面具有很大的局限性。针对上述问题,提出一种丢包鲁棒的图像认证优化模型,并在此基础上提出了在信源-信道联合编码条件下实现信源-认证-信道码率的跨层优化资源分配（Cross-Layer Optimization Resource Allocation,CLORA）方法。首先以可信图像的端到端质量和认证代价为优化目标,结合基于图认证和基于前向纠错码（Forward Error Correction,FEC）认证方法,建立认证优化模型（Authentication Optimization Model,AOM）,将图像认证的抗丢包优化问题等价成构造最优认证图（Optimal Authentication Graph,OAG）。然后利用图像码流的编码相关性和认证相关性,给出了求解OAG问题的等价条件,并在低计算复杂度下给出了构造OAG图的两个原子操作。最后提出了基于CLORA框架的认证优化方法。由于AOM模型仅利用码流的编码相关性信息,因而可以适用于不同的图像编码算法。JPEG 2000码流的实验结果表明,在相同丢包率下本文算法的端到端可信质量比已有算法平均提高了1.6dB,能够获得更优的丢包鲁棒性和端到端率失真（Rate-Distortion,R-D）性能。     

An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes

Deniable authentication scheme is one of useful tools for secure communications. The scheme allows a sender to prove the authenticity of a message to a specified receiver without permitting the receiver to prove that the message was authenticated by the sender. Non-interactive schemes are more attractive than interactive schemes in terms of communication overhead, and thus several non-interactive deniable authentication scheme have been proposed. In this paper, we propose an efficient non-interactive deniable authentication scheme based on trapdoor commitment scheme. We construct an efficient trapdoor commitment scheme which provides very efficient commitment evaluation operation. Then we design an efficient non-interactive deniable authentication scheme by using the trapdoor commitment scheme. We also prove the security of our scheme under firmly formalized security model.     

一种基于椭圆曲线可认证的电子注册方案

文章提出了一种基于椭圆曲线可认证的电子注册方案。注册码的生成与验证环节采用了椭圆曲线的思想。注册码的网上分配是基于一种椭圆曲线数字签名可认证密钥分配方案。整个过程保证了网上电子注册的安全可靠性,同时还对其安全性进行了分析。     

Communication-resource-aware adaptive watermarking for multimedia authentication in wireless multimedia sensor networks

Efficient multimedia and specifically image authentication is critical and in demand to protect data vulnerability in wireless multimedia sensor networks (WMSN). This is to prevent malicious intruders from modifying and forging image contents over a network. Watermarking technique has been widely used to assert an image data authentication over wired networks; however, resource constraints (e.g. processing power, communication energy) in small sensors and the state of error-prone wireless channels result in fundamental challenges for developing efficient watermarking schemes in WMSN. These challenges include how to embed/protect/extract watermark efficiently and robustly in low-cost sensors and how to transmit authenticated image and multimedia with high energy efficiency. In this paper, we propose a communication-resource-aware and adaptive watermarking scheme for multimedia authentication in WMSN. Our contribution is two folds. First, the transmission quality for the watermark as well as watermarked multimedia authenticity by embedding watermark with adaptive coding redundancies, and by unequally allocating network resources to protect the image and multimedia packets with the watermark information. Second, communication energy efficiency and real time performance are achieved with the watermark being adaptive to the network condition and the processing delay reduced due to the exploited inter-frame correlation. The simulation and experimental results demonstrate that the proposed adaptive watermarking system can achieve considerable gains in terms of energy saving, image transmission quality and multimedia authentication performance.     

静态图像编码研究进展

多媒体及Internet的迅速发展导致了对图像编码技术更高的要求。首先以波形编码、第二代编码技术和分形编码技术为线索对静态图像编码技术的发展及编码技术中所存在的一些问题进行了讨论,并从图像编解码的观点讨论了图像在有噪信道上传输的误码率情况和适应于传输的一些图像编码技术;同时对即将成为新的静态图像编码标准的JPEG－2000的目标、编码机制、POI编码的Maxshift方法以及对码流的直接操作等情况进行了讨论。尽管压缩效果一直是任何编码方案所追求的目标,但其它特性,像基于内容的编码、可分级性编码以及鲁棒性编码等也是选择一个好的编码方案时应该考虑的,据此最后对图像编码技术的发展方向进行了展望。     

椭圆曲线上具有信息恢复的签名方案的研究

基于椭圆曲线的数字签名系统设计是目前数字签名系统设计的热点之一。论文在椭圆曲线上设计出自我鉴定公钥来建立一个新的数字签名方案,该方案利用用户标识和公钥就可以在通过签名恢复信息的同时又具备认证功能。并在此基础上提出两个扩展方案:一个满足了认证加密、恢复明文的功能;另一个则是第二个方案在处理大信息时的推广。     

FGS视频流的码率分配算法研究

该文针对精细可分级编码(FGS)比特流在时变带宽网络上的传输,提出了一种基于视频序列率失真(R-D)特性的FGS增强层的码率分配算法,目标是减少接收端解码视频质量的波动,同时保持视频总体质量最优。首先建立一个在多帧图像增强层之间进行码率分配的最优化问题形式,并进行了合理的简化,然后利用线性内插原则建立描述各帧图像增强层率失真特性的R-D模型。由于各帧图像R-D曲线的单调特性,如此建立起来的最优化问题可以用简单的算法求出最优解。仿真结果表明,这个方案在保证解码视频质量恒定和保持视频总体质量最优两方面均收到了良好的效果,同时该方案的简易性使得它的实现和应用成为可能。     

Two ID-based authenticated schemes with key agreement for mobile environments

With the rapid development of electronic commerce transactions on mobile devices, achieving secure communications between communication parties is an important issue. The typical solutions are authenticated key agreement protocols, designed to efficiently implement secure channels for two or more parties communicating via a public network by providing them with a shared secret key, called a session key. In this paper, we propose two key agreement schemes based on elliptic curve cryptosystems suited for mobile environments. The first one is an identity-based remote mutual authentication with key agreement scheme, and it is used to establish a session key between the client and the server. In the second one, we extend the proposed two-party authentication key exchange scheme to develop an efficient three-party authenticated key agreement scheme for establishing a session key between two users with the help of a trusted server. Both our proposed schemes achieve efficiency, practicability, simplicity, and strong notions of security.     

一种基于可逆脆弱水印的图像认证算法

通过向图像嵌入水印,可实现图像的真伪鉴定。然而由于量化误差、信息嵌入及截断误差等原因,含水印图像在被确认为真实无误后,无法将原始图像恢复出来。采用可逆水印可以解决这一问题。该文提出了一种可逆脆弱水印算法,它可对图像进行真伪认证,并在图像通过认证后,恢复出原始图像。     

基于身份的公开可验证的认证加密方案

利用椭圆曲线上的双线性映射的特性，提出了一个新的基于身份体制的安全有效的认证加密方案。该方案与其它方案相比最显著的优点在于在基于身份的密码体制上实现了认证部分与消息恢复的分离，该体制在拥有基于身份密码体制的独特优点的同时，又达到任何第3方都可以认证密文，但同时又只有指定的接收者才有能力去恢复出明文的效果。此外，该方案具有很高的安全性和效率。     

传感器节点相互协作的广播认证

针对无线传感器网络（WSN）中基于数字签名的公钥加密体制的广播认证需要耗费大量的能量,以及传感器节点资源有限的问题,为了减少传感器节点的能量耗费和加快传感器节点的认证,提出一种传感器节点相互协作的广播认证方案。首先,用户向无线传感器网络的组网络广播其签名信息,但不广播签名信息中点的纵坐标;然后,组网络中的高能量节点依据点的横坐标和椭圆曲线方程计算得出纵坐标,并将其广播给组内的一般节点,同时利用vBNN-IBS数字签名对用户广播的签名信息进行认证,并转播有效的签名信息;最后,组网络内的一般节点收到纵坐标后,利用椭圆曲线方程验证其有效性和正确性,同时执行和高能节点相同的签名认证过程,并转播有效的签名信息。此外,该方案通过整合立即撤销和自动撤销以最大限度地减小授权撤销列表（ARL）的长度。仿真实验表明,当认证节点收到来自邻居节点的数据包达到一定数目时,该方案的能量耗费和认证总时间比利用WSN中传感器节点间的相互协作来加速vBNN-IBS的签名方案分别减少了41%和66%。     

A color image authenticated encryption using conic curve and Mersenne twister

A robust secure image transmission scheme has to achieve all the security services as confidentiality, authentication, integrity and nonrepudiation with a reasonable efficiency. An authenticated image encryption scheme which achieves all these services is proposed in this paper. The scheme uses pseudorandom sequence Public-key cryptosystem design based on factoring and discrete logarithmsenerated by Mersenne’s twister with XOR operation for image encryption and proposes two hard problems based digital signature: conic curve discrete logarithm problem (CCDLP) and Integer Factorization Problem (IFP) which achieves a highly secure system with efficient point operations and inverses. For efficient transmission, the image signature is embedded in the cipher image. Security analysis of the scheme is provided. According to the results, the proposed scheme is efficient and achieves an excellent long term security.

     

Practical authentication scheme for SIP

The Session Initiation Protocol (SIP) is commonly used to establish Voice over IP (VoIP) calls. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we propose a secure and practical password-only authenticated key agreement scheme for SIP using elliptic curve cryptography(ECC). Our scheme is remarkable efficient and quite simple to use. And yet we can provide the rigorous proof of the security for it. Therefore, the end result is more suited to be a candidate for SIP authentication scheme. In addition, we also suggest an extended scheme capable of providing anonymity, privacy, and location privacy to protect the user’s personal information and his real identity.     

Full and partial deniability for authentication schemes

Deniable authentication is a type of authentication protocol with the special property of deniability. However, there have been several different definitions of deniability in authentication protocols. In this paper, we clarify this issue by defining two types of deniable authentication: In the first type of deniable authentication, the receiver of the authenticated message cannot prove to a third party that the sender has authenticated any message to him. We call this type of deniability full deniability. In the second type of deniable authentication, whilst the receiver can prove to a third party that the sender has authenticated some message to him, but he cannot prove to a third party that the sender has authenticated any particular message to the receiver. We call this type of deniability partial deniability. Note that partial deniability is not implied by full deniability, and that it has applications different from those of full deniability. Consequently, we present two identity-based authentication schemes and prove that one is fully deniable while the other is partially deniable. These two schemes can be useful in different scenarios.     

Improvements of authenticated encryption schemes with message linkages for message flows

Recently, Tseng et al. proposed two authenticated encryption schemes (basic scheme and generalized scheme) with message linkages, which are efficient in terms of the communication and computation costs in comparison with all the previously proposed schemes. The basic authenticated encryption scheme suited for only after receiving the entire signature blocks, the recipient can then recover the message blocks. In order to allow the receiver to perform the receiving and the recovering processes simultaneously according to application requirements and the transmission efficiency of the network, the generalized authenticated encryption scheme was then proposed. In this paper, we show that both Tseng et al.’s authenticated encryption schemes do not achieve integrity and authentication. Improvements are then proposed to repair the weaknesses.     

对TAKASIP协议的分析和改进

会话初始化协议(SIP)提供了认证和协商会话密钥,能保证后续会话的安全。2010年,Yoon等(YOON E-J,YOO K-Y.A three-factor authenticated key agreement scheme for SIP on elliptic curves.NSS'10:4th International Conference on Network and System Security.Piscataway:IEEE,2010:334-339)提出一种新的三要素SIP认证密钥协商协议TAKASIP。但TAKASIP协议不能抵抗内部攻击、服务器伪装攻击、离线口令猜测攻击、身份冒充攻击和丢失标记攻击,并且没有提供双向认证。在TAKASIP协议基础上提出一种基于椭圆曲线密码三要素SIP认证协议ETAKASIP以解决上述问题。ETAKASIP基于椭圆曲线离散对数难题和椭圆曲线密码系统,提供了高安全性。该协议只需7次椭圆曲线点乘运算、1次椭圆曲线加法运算和最高6次哈希运算,有较高的运算效率。     

Relay-assisted hierarchical adaptation scheme for multi-user scalable video delivery to heterogeneous mobile devices

In multi-user video (MUV) delivery scenarios,the available resources of receiver devices,such as processing capability,link packet error rate (PER),and bandwidth,are usually different.We propose a relay-assisted hierarchical adaptation (RHA) scheme to maximize the total perceptual quality of all users when transmitting video streams coded via scalable video coding (SVC).First,MUV bitstreams are adaptively extracted under the constraints of network bandwidth and individual decoding capacity.Next,the relay links are introduced as substitutes of possible bad direct links for packets retransmissions.Approximately equal opportunity of transmission is allocated to each stream while the packets inside a stream are scheduled according to their priorities.The priorities are determined by the links states and packets loss distortions.Simulation results show that our RHA scheme has significant performance improvements compared with other schemes.     

Full and partial deniability for authentication schemes

Deniable authentication is a type of authentication protocol with the special property of deniability. However, there have been several different definitions of deniability in authentication protocols. In this paper, we clarify this issue by defining two types of deniable authentication: In the first type of deniable authentication, the receiver of the authenticated message cannot prove to a third party that the sender has authenticated any message to him. We call this type of deniability full deniability. In the second type of deniable authentication, whilst the receiver can prove to a third party that the sender has authenticated some message to him, but he cannot prove to a third party that the sender has authenticated any particular message to the receiver. We call this type of deniability partial deniability. Note that partial deniability is not implied by full deniability, and that it has applications different from those of full deniability. Consequently, we present two identity-based authentication schemes and prove that one is fully deniable while the other is partially deniable. These two schemes can be useful in different scenarios.     

Scalable watermark extraction for real-time authentication of JPEG 2000 images

This paper proposes a novel scalable authentication scheme that utilizes the progressive enhancement functionality in JPEG 2000 scalable image coding. The proposed method first models the wavelet-based quality scalable coding to identify the effect of the quantization and de-quantization on wavelet coefficient magnitudes and the data embedded within such coefficients as a watermark. A relationship is then established between the watermark extraction rule and the embedding rule, using the magnitudes of the reconstructed and original coefficients. It ranks the wavelet coefficients according to their ability to retain the embedded watermark data intact under various quantization levels corresponding to quality enhancements. Then watermark data is embedded into wavelet coefficients according to their rank followed by JPEG 2000 embedded coding. At the decoder as more and more quality and resolution layers are decoded the authentication metric is improved, thus resulting in gradually increasing complexity of the authentication process according to the number of quality and resolution enhancements. The low complexity authentication is available at low quality low resolution decoding, enabling real-time authentication for resource constrained applications without affecting the authentication metric. Compared to the existing methods, the proposed method results in highly robust scalable authentication of JPEG 2000 coded images.