Secure CAS‐based authentication scheme for mobile pay‐TV systems

Pay‐television has become a popular added‐value service in mobile systems. Recently, Yeh and Tsaur proposed an authentication scheme for mobile pay‐television based on Sun and Leu's scheme. However, we found that Yeh and Tsaur's scheme has some security flaws, ie, impersonation attack with knowing mobile set's identity card, the adversary impersonates the head‐end system attack, the replay attack, the denial‐of‐service attack, and collusion attack. To overcome these problems, in this paper, we propose an improved scheme by storing a head‐end system signature and using a password. In addition, our proposed scheme keeps all the merits of Yeh and Tsaur's scheme. Furthermore, the performance analysis shows that the computation cost and the communication cost of our scheme are decreased dramatically compared to Yeh and Tsaur's scheme.     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.     

基于混沌序列的视频隐私保护系统设计与实现

视频监控的设计目的是维护社会稳定,对于违法犯罪行为能够及时发现并且采取有效措施.然而这类系统在设计之初却忽略了对于个人隐私的保护问题.视频在传递过程中的泄露或者不法分子非法获取视频很容易侵犯个人隐私,造成不良后果.文章研究了基于混沌序列的图像加密解密算法对视频监控中的人脸进行加密,从而保护个人隐私.本系统有两点功能,一...     

Differential privacy protection scheme based on edge betweenness model

With the continuous development of social network application,user’s personal social data is so sensitive that the problem of privacy protection needs to be solved urgently.In order to reduce the network data sensitivity,a differential privacy protection scheme BCPA based on edge betweenness model was proposed.The 2K sequence corresponding to the graph structure based on the dK model was captured,and 2K sequences based on the edge betweenness centrality were reordered.According to the result of reordering,the 2K sequence was grouped into several sub-sequences,and each sub-sequence was respectively added with noise by a dK perturbation algorithm.Finally,a social network graph satisfying differential privacy was generated according to the new 2K sequences after integration.Based on the real datasets,the scheme was compared with the classical schemes through simulation experiments.The results demonstrate that it improves the accuracy and usability of data while ensuring desired privacy protection level.     

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS.     

CP-ABE based users collaborative privacy protection scheme for continuous query

In location-based services (LBS),as the untrusted LBS server can be seen as an adversary,and it can utilize the attribute as background knowledge to correlate the real location of the user in the set of uncertain locations.Then the adversary can gain the location privacy when the user enjoys the snapshot and continuous query through the correlation inference attack.In order to cope with this attack,the main scheme in privacy protection is to generalize the attribute and achieve attribute anonymity.However,algorithms of this type usually assumes a trusted third party (TTP) which provides the service of similarity attribute finding and comparing,and it is unpractical in the real environment,as the TTP may become the point of attack or the bottleneck of service and it cannot be considered as the trusted one all the time.Thus,to cope with the correlation inference attack as well as the semi-trusted third party,ciphertext policy attribute based encryption (CP-ABE) and users collaboration based attribute anonymous scheme was proposed.In this scheme,the user coupled achieve location and attribute anonymity.Furthermore,this scheme could also provide security for attacks from the semi-trusted third party as well as semi-trusted collaborative users.At last,security analysis and the experiment results further verify the effectiveness of privacy protection and the efficiency of algorithm execution.     

RFID系统隐私保护技术探讨

针对RFID系统日趋重要的隐私数据保护问题进行科学研究,论述了RFID系统隐私数据保护技术的现状及不足之处,提出了建立RFID系统隐私数据保护新方法,包括数据的筛选、数据筛选后的加密,加密所用的密钥的分配管理等三个过程。     

云存储系统中支持用户隐私保护的细粒度访问控制

从云存储实际需求出发,设计了一个云存储环境下支持用户隐私保护和用户属性撤销的多属性权威的属性加密机制,为了保证系统实现的效率和减轻数据持有者的负担,在属性撤销中,复杂的计算任务都委托给可信第三方或云服务器完成。所提方案在DBDH假设下被证明是安全的。     

An efficient EAP‐based proxy signature handover authentication scheme for WRANs over TV white space

The wireless regional area networks (WRANs) operates in the very high frequency and ultra high frequency television white space bands regulated by the IEEE 802.22 standard. The IEEE 802.22 standard supports Extensible Authentication Protocol (EAP)‐based authentication scheme. Due to the participation of a server and the information exchanged between a customer primes equipment and the secondary user base station, it takes around 50 ms to complete a complete EAP authentication that cannot be accepted in a handover procedure in WRANs. In this paper, we propose an EAP‐based proxy signature (EPS) handover authentication scheme for WRANs. The customer primes equipment and secondary user base station accomplish a handover authentication without entailing the server by using the proxy signature. Approved by the logic derivation by Burrows, Abadi, and Needham logic and formal verification by Automated Validation of Internet Security Protocols and Applications, we can conclude that the proposed EPS scheme can obtain mutual authentication and hold the key secrecy with a strong antiattack ability. Additionally, the performance of the EPS scheme in terms of the authentication delay has been investigated by simulation experiments with the results showing that the EPS scheme is much more efficient in terms of low computation delay and less communication resources required than the security scheme regulated in IEEE 802.22 standard.     

Dummy trajectory privacy protection scheme for trajectory publishing based on the spatiotemporal correlation

The spatiotemporal correlation was analyzed between neighboring locations and the trajectories similarity from the movement direction, the reachable time between neighboring locations and the movement distance, and a dummy trajectory privacy protection scheme based on the spatiotemporal correlation was proposed. Security analysis shows that the presented scheme successfully confuses the user's real trajectory with dummy trajectories, thereby pro-tecting the user's trajectory privacy. Furthermore, extensive experiments indicate that the presented scheme not only has the limited computation cost, but also ensures that the generated dummy trajectories are similar to the user's real trajectory.     

A new privacy and authentication protocol for end‐to‐end mobile users

In this papecr, we propose a new privacy and authentication scheme for end‐to‐end mobile users. There are three goals in our scheme. The first allows two end‐to‐end mobile users to communicate privately each other. The second allows two end‐to‐end mobile users to distribute a session key simply. The third allows two end‐to‐end mobile users to mutually authenticate. Copyright © 2003 John Wiley & Sons, Ltd.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

一种复杂场景下的视频流人脸隐私保护技术

查看视频监控的过程中,一些场景存在因为人脸面部信息暴露在监控视频中导致个人隐私信息泄露的风险,有必要对实时视频流中的行人隐私信息进行马赛克处理。目前市面上常见的基于人脸检测的打码方法在实时监控视频流上打码效果受行人姿态、光线影响较大,存在实时性差、漏检较多等问题。针对以上问题,提出了融合人脸检测算法、目标物体检测算法和前置帧关联检测方法的多检测模型,并与传统的人脸检测模型进行对比。实验结果表明,在人脸检测召回率上,所提模型相较于传统人脸检测算法提高了532%。     

k‐strong privacy for radio frequency identification authentication protocols based on physically unclonable functions

This paper examines Vaudenay's privacy model, which is one of the first and most complete privacy models that featured the notion of different privacy classes. We enhance this model by introducing two new generic adversary classes, k‐strong and k‐forward adversaries where the adversary is allowed to corrupt a tag at most k times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay's model. In order to achieve highest privacy level, we study low cost primitives such as physically unclonable functions (PUFs). The common assumption of PUFs is that their physical structure is destroyed once tampered. This is an ideal assumption because the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weakened this assumption by introducing a new definition k‐resistant PUFs. k‐PUFs are tamper resistant against at most k attacks; that is, their physical structure remains still functional and correct until at most k^th physical attack. Furthermore, we prove that strong privacy can be achieved without public‐key cryptography using k PUF‐based authentication. We finally prove that our extended proposal achieves both reader authentication and k‐strong privacy. Copyright © 2014 John Wiley & Sons, Ltd.     

Enhancement authentication protocol using zero‐knowledge proofs and chaotic maps

Application of authentication protocol and key exchange scheme are major research issues in current internet, and entity identification (users or servers) accuracy and security are thereby safeguarded by various types of verification programs. Therefore, in the last 10 years, it was accompanied with productive discussions, but those discussions mainly focus on single issues, and because of the lack of security, there still existed improvements. The concept of zero‐knowledge proofs is well suited for the identification and signing within network system, which has been widely used since proposed in 1985. However, common identification methods are only fit for individual user. In an increasingly complex network environment of today, information is usually conveyed through many unidentified servers, as a result, we have to encrypt messages by adopting different kinds of session keys. As for the chaotic maps technology, it also serves as a new encryption technology, widely adopted in communication protocols and key agreements over the years. As a consequence, in this study, we are going to propose an authentication protocol with key exchange function by taking advantage of characters of zero‐knowledge proofs and chaotic maps, as well as adopt the BAN‐logic to prove the security of this protocol. This study also compares the results of the security analysis of our protocol and related works. As a result, our proposed protocol has more security than others. Copyright © 2015 John Wiley & Sons, Ltd.     

Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update

In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.     

Privacy‐preserving authentication scheme for on‐road on‐demand refilling of pseudonym in VANET

Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.