An efficient key management scheme for user access control in outsourced databases

Recently, researches on key management scheme for user access control in outsourced databases have been actively done. Because outsourced databases require dealing with a lot of users and data resources, an efficient key management scheme for reducing the number of authentication keys is required. However, the existing schemes have a critical problem that the cost of key management is rapidly increasing as the number of keys becomes larger. To solve the problem, we propose an efficient key management scheme for user access control in outsourced databases. For this, we propose an Resource Set Tree(RST)-based key generation algorithm to reduce key generation cost by merging duplicated data resources. In addition, we propose a hierarchical Chinese Remainder Theorem(CRT)-based key assignment algorithm which can verify a user permission to gain accesses to outsourced databases. Our algorithm can reduce key update cost because the redistribution of authentication keys is not required. We also provide the analytic cost models of our algorithms and verify the correctness of the theoretical analysis by comparing them with experiment results. Finally, we show from the performance analysis that the proposed scheme outperforms the existing schemes in terms of both key generation cost and update cost.     

An efficient user identification scheme based on ID-based cryptosystem

Tseng-Jan modified a non-interactive public key distribution system and also proposed several applications based on the Maurer–Yacobi scheme. In their scheme, a user can prove his identity to another user without revealing his secret key. They use a challenge-response-type interactive protocol to achieve their objective. However, in wireless environment, waiting for a corresponding response from the other is time-wasting and consumes the battery of the mobile device. The ability of computing and the capacity of the battery of a mobile device are limited. Therefore, we propose an efficient scheme based on ID-based cryptosystem that is more suitable to be applied in the mobile environment.     

An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks

Peer-to-Peer Networking and Applications - Recently the advances in a variety of hardware/software technologies and wireless networking have brought explosive growth of mobile network/device...     

An adaptive resource management scheme in cloud computing

There are various significant issues in resource allocation, such as maximum computing performance and green computing, which have attracted researchers’ attention recently. Therefore, how to accomplish tasks with the lowest cost has become an important issue, especially considering the rate at which the resources on the Earth are being used. The goal of this research is to design a sub-optimal resource allocation system in a cloud computing environment. A prediction mechanism is realized by using support vector regressions (SVRs) to estimate the number of resource utilization according to the SLA of each process, and the resources are redistributed based on the current status of all virtual machines installed in physical machines. Notably, a resource dispatch mechanism using genetic algorithms (GAs) is proposed in this study to determine the reallocation of resources. The experimental results show that the proposed scheme achieves an effective configuration via reaching an agreement between the utilization of resources within physical machines monitored by a physical machine monitor and service level agreements (SLA) between virtual machines operators and a cloud services provider. In addition, our proposed mechanism can fully utilize hardware resources and maintain desirable performance in the cloud environment.     

A blockchain-based medical data preservation scheme for telecare medical information systems

International Journal of Information Security - With rapid technological development, mobile computing and wireless transmission have become mature. These two technologies can be combined for...     

一种基于Smart Card的远程用户身份验证方案的安全性讨论

身份验证是计算机通信的一个重要方面。由于密码验证协议的简单性,它已经被广泛地用于身份验证。最近,Lee氏等利用Smart Card,提出了一个基于随机数的远程用户验证方案。指出了这个方案并不像其提出者所声称的那样安全,同时提出了两种攻击方法以破解其验证方案。     

An efficient scheme for secure domain medical image fusion over cloud

Multimedia Tools and Applications - The exponential growth in the medical images is making the healthcare industry move towards cloud-based paradigm, which has vast storage and high end processing...     

An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks

Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints.Considering that most large-scale WSNs follow a two-tiered architecture,we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs.The proposed approach reduces the computational load,since it performs only simple operations,such as exclusive-OR and a one-way hash function.This feature is more suitable for the resource-limited sensor nodes and mobile devices.And it is unnecessary for master nodes to forward login request messages to the base station,or maintain a long user list.In addition,pseudonym identity is introduced to preserve user anonymity.Through clever design,our proposed scheme can prevent smart card breaches.Finally,security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.     

An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks

User authentication with unlinkability is one of the corner stone services for many security and privacy services which are required to secure communications in wireless sensor networks (WSNs). Recently, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs, and claimed that their scheme achieves identity and password protection, and the resiliency of stolen smart card attacks. However, we observe that Xue et al.’s scheme is subject to identity guessing attack, tracking attack, privileged insider attack and weak stolen smart card attack. In order to fix the drawbacks, we propose an enhanced authentication scheme with unlinkability. Additionally, the proposed scheme further cuts the computational cost. Therefore, the proposed scheme not only remedies its security flaws but also improves its performance. It is more suitable for practical applications of WSNs than Xue et al.’s scheme.     

Towards secure and efficient user authentication scheme using smart card for multi-server environments

Two user authentication schemes for multi-server environments have been proposed by Tsai and Wang et al., respectively. However, there are some flaws existing in both schemes. Therefore, a new scheme for improving these drawbacks is proposed in this paper. The proposed scheme has the following benefits: (1) it complies with all the requirements for multi-server environments; (2) it can withstand all the well-known attacks at the present time; (3) it is equipped with a more secure key agreement procedure; and (4) it is quite efficient in terms of the cost of computation and transmission. In addition, the analysis and comparisons show that the proposed scheme outperforms the other related schemes in various aspects.     

Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards

In 2002, Chien et al. proposed an efficient remote authentication scheme using smart cards, in which only few hashing operations are required. Later, Ku et al. gave an improved scheme to repair the security pitfalls found in Chien et al.'s scheme. Also Yoon et al. presented an enhancement on Ku et al.'s scheme. In this paper, we show that both Ku et al.'s scheme and Yoon et al.'s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. In addition, their schemes lack efficiency when users input wrong passwords. To remedy these flaws, this paper proposes an efficient improvement over Ku et al.'s and Yoon et al.'s schemes with more security. The computation cost, security, and efficiency of the improved scheme are embarking for the real application in the resource-limited environment.     

An efficient clustering scheme using support vector methods

Support vector clustering involves three steps—solving an optimization problem, identification of clusters and tuning of hyper-parameters. In this paper, we introduce a pre-processing step that eliminates data points from the training data that are not crucial for clustering. Pre-processing is efficiently implemented using the R*-tree data structure. Experiments on real-world and synthetic datasets show that pre-processing drastically decreases the run-time of the clustering algorithm. Also, in many cases reduction in the number of support vectors is achieved. Further, we suggest an improvement for the step of identification of clusters.     

A secure and efficient public auditing scheme using RSA algorithm for cloud storage

Cloud storage is widely used by both individual and organizational users due to the many benefits, such as scalability, ubiquitous access, and low maintenance cost (and generally free for individual users). However, there are known security and privacy issues in migrating data to the cloud. To ensure or verify data integrity, a number of cloud data integrity checking schemes with different properties have been presented in the literature. Most existing schemes were subsequently found to be insecure or have high computation and communication costs. More recently in 2016, Yu et al. (Future Gener Comput Syst 62:85–91, 2016) proposed an identity-based auditing scheme for checking the integrity of cloud data. However, in this paper, we reveal that the scheme is vulnerable to data recovery attack. We also present a new identity-based public auditing scheme and formally prove the security of the scheme under the RSA assumption with large public exponents in the random oracle model. We then evaluate the performance of our proposed scheme and demonstrate that in comparison with Yu et al.’s scheme, our proposal is more practical in real-world applications.     

基于代理重签名的支持用户可撤销的云存储数据公共审计方案

针对用户动态可撤销需要新的数据管理员对其前任所管理的数据进行完整性验证的问题,基于单向代理重签名技术提出了具有隐私保护的支持用户可撤销的云存储数据公共审计方案。首先,该方案中所采用的单向代理重签名算法,其代理重签名密钥由当前用户私钥结合已撤销用户公钥生成,不存在私钥泄露问题,能够安全实现数据所有权的转移;其次,该方案证明了恶意的云服务器不能产生伪造的审计证明响应信息来欺骗第三方审计者（TPA）通过审计验证过程;更进一步,该方案采用了随机掩饰码技术,能够有效防止好奇的第三方审计者恢复原始数据块。和Panda方案相比较,所提方案在增加抗合谋攻击功能的基础上,其审计过程中通信开销与计算代价仍全部低于Panda方案。     

An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

As service demands rise and expand single-server user authentication has become unable to satisfy actual application demand. At the same time identity and password based authentication schemes are no longer adequate because of the insecurity of user identity and password. As a result biometric user authentication has emerged as a more reliable and attractive method. However, existing biometric authentication schemes are vulnerable to some common attacks and provide no security proof, some of these biometric schemes are also either inefficient or lack sufficient concern for privacy. In this paper, we propose an anonymous and efficient remote biometric user authentication scheme for a multi-server architecture with provable security. Through theoretical mathematic deduction, simulation implementation, and comparison with related work, we demonstrate that our approach can remove the aforementioned weaknesses and is well suited for a multi-server environment.     

An efficient key assignment scheme based on one-way hash function in a user hierarchy

In order to solve the problems resulted from dynamic access control in a user hier-archy,a cryptographic key assignment scheme is proposed by Prof.Lin to promote the performing ability and to simplify the procedure,However,it may cause the security in danger as the user changes his secret key;besides,some secret keys may be disclosed due to the unsuitable selection of the security classes‘‘‘‘‘‘‘‘ identities.Through setting up a one-way hash function onto Lin‘‘‘‘‘‘‘‘s schem,the propsed modification can greatly improve the security of Lin‘‘‘‘‘‘‘‘s scheme.     

CrowdMed-II: a blockchain-based framework for efficient consent management in health data sharing

World Wide Web - The healthcare industry faces serious problems with health data. Firstly, health data is fragmented and its quality needs to be improved. Data fragmentation means that it is...     

一种改进的远程用户身份认证方案

物联网的快速发展给人们的生产生活带来了极大的便利,但是如何保证用户的信息安全是物联网发展中必须解决的一个重要问题。为了解决该问题,必须在增加较低计算量的前提下,提出安全性更高的身份认证协议。对Nikooghadam等人提出的保护用户身份的协议进行了分析,并在此基础上提出了一种改进的远程用户身份认证协议。采用BAN逻辑进行验证,也进行了性能比较与计算效率分析,结果表明,提出的协议在增加较低计算量的前提下具有更高的安全性。     

An efficient location-based compromise-tolerant key management scheme for sensor networks

Location information has been paid much more attention in sensor network key management schemes. In 2006, Zhang et al. proposed a location-based key management scheme by binding private keys of individual nodes to both their identities and locations. In this Letter, however, we show that their scheme cannot resist key compromise impersonation (KCI) attack, and does not achieve forward secrecy. In fact, an adversary who compromises the location-based secret key of a sensor node A, can masquerade as any other legitimate node or even fake a node to establish the shared key with A, as well as decrypt all previous messages exchanged between A and its neighboring nodes. We then propose a new scheme which provides KCI resilience, perfect forward secrecy and is also immune to various known types of attacks. Moreover, our scheme does not require any pairing operation or map-to-point hash operation, which is more efficient and more suitable for low-power sensor nodes.