An efficient biometrics-based remote user authentication scheme using smart cards

In this paper, we propose an efficient biometric-based remote user authentication scheme using smart cards, in which the computation cost is relatively low compared with other related schemes. The security of the proposed scheme is based on the one-way hash function, biometrics verification and smart card. Moreover, the proposed scheme enables the user to change their passwords freely and provides mutual authentication between the users and the remote server. In addition, many remote authentication schemes use timestamps to resist replay attacks. Therefore, synchronized clock is required between the user and the remote server. In our scheme, it does not require synchronized clocks between two entities because we use random numbers in place of timestamps.     

An efficient key management scheme for user access control in outsourced databases

Recently, researches on key management scheme for user access control in outsourced databases have been actively done. Because outsourced databases require dealing with a lot of users and data resources, an efficient key management scheme for reducing the number of authentication keys is required. However, the existing schemes have a critical problem that the cost of key management is rapidly increasing as the number of keys becomes larger. To solve the problem, we propose an efficient key management scheme for user access control in outsourced databases. For this, we propose an Resource Set Tree(RST)-based key generation algorithm to reduce key generation cost by merging duplicated data resources. In addition, we propose a hierarchical Chinese Remainder Theorem(CRT)-based key assignment algorithm which can verify a user permission to gain accesses to outsourced databases. Our algorithm can reduce key update cost because the redistribution of authentication keys is not required. We also provide the analytic cost models of our algorithms and verify the correctness of the theoretical analysis by comparing them with experiment results. Finally, we show from the performance analysis that the proposed scheme outperforms the existing schemes in terms of both key generation cost and update cost.     

An efficient user identification scheme based on ID-based cryptosystem

Tseng-Jan modified a non-interactive public key distribution system and also proposed several applications based on the Maurer–Yacobi scheme. In their scheme, a user can prove his identity to another user without revealing his secret key. They use a challenge-response-type interactive protocol to achieve their objective. However, in wireless environment, waiting for a corresponding response from the other is time-wasting and consumes the battery of the mobile device. The ability of computing and the capacity of the battery of a mobile device are limited. Therefore, we propose an efficient scheme based on ID-based cryptosystem that is more suitable to be applied in the mobile environment.     

具有隐私保护的动态高效车载云管理方案

由车辆自主形成的车载云用于交通传感数据的本地化处理和消耗,实现高时效性的智能交通管理。针对车载云的高度动态性、自组织性和高时效性特点及其车联网中用户身份和位置隐私保护需求带来的车载云管理挑战,设计了基于非对称群密钥协商协议的动态自组织车载云管理方案,通过车辆自组织的群密钥协商自动形成车载云,利用群密钥控制车载云服务提供与访问,利用群密钥更新动态管理车载云。该方案使用可追踪的一次性假名技术实现车辆的匿名认证和条件隐私保护,并在群密钥协商阶段只使用一次双线性,使运算实现了更高的效率;密钥协商和更新过程利用支持批量验证的轻量级签名实现高效的消息源认证和完整性认证,在确保效率的前提下保证自组织环境下车载云通信的安全性;密钥协商协议的动态密钥更新机制实现车载云中车辆的动态加入或退出,适应车载云的动态性特点。在随机预言机模型和求逆计算Diffie-Hellman(ICDH)问题困难假设下,证明了非对称群密钥协商方案满足选择明文安全性。安全性分析显示所提方案能够保护车辆用户的身份和位置隐私,能够实现恶意车辆的合法追踪,保证通信的保密性、完整性和防假冒以及车载云动态管理的前向安全性。性能对比分析证明所...     

A highly secured and streamlined cloud collaborative editing scheme along with an efficient user revocation in cloud computing

These days with the expanded fame of cloud computing, the interest for cloud-based collaborative editing service is rising. The encryption method is utilized to ensure and secure the data, during the collaborative editing process. In the encryption process, the cloud requires more time to work the collaborative editing. This paper proposes an efficient scheme for reducing the encryption burden over the cooperative users, as the possibilities of cooperative users read and write data by means of any gadget. In the proposed scheme, the encrypted file sent by the data owner is split into smaller segments and stored in the cloud by the cloud service provider (CSP) along with specific tags. Once the cooperative user receives and decrypts the file from the CSP, it modifies and encrypts only the modified segment and resends to the CSP. The CSP after verifying the signature replace the original file segment in the cloud with the modified segment based on the tag information. The scheme that is put forward is performed based on the modified ciphertext-policy hierarchical attribute–based encryption, and the security process is done based on the attribute-based signature schemes. This work employs a proficient attribute updating method to accomplish the dynamic change of users' attributes, consisting granting new attributes, revoking previous attributes, and regranting formerly revoked attributes. A writer's attributes and keys have been revoked, and the stale information cannot be written.     

An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks

Peer-to-Peer Networking and Applications - Recently the advances in a variety of hardware/software technologies and wireless networking have brought explosive growth of mobile network/device...     

An adaptive resource management scheme in cloud computing

There are various significant issues in resource allocation, such as maximum computing performance and green computing, which have attracted researchers’ attention recently. Therefore, how to accomplish tasks with the lowest cost has become an important issue, especially considering the rate at which the resources on the Earth are being used. The goal of this research is to design a sub-optimal resource allocation system in a cloud computing environment. A prediction mechanism is realized by using support vector regressions (SVRs) to estimate the number of resource utilization according to the SLA of each process, and the resources are redistributed based on the current status of all virtual machines installed in physical machines. Notably, a resource dispatch mechanism using genetic algorithms (GAs) is proposed in this study to determine the reallocation of resources. The experimental results show that the proposed scheme achieves an effective configuration via reaching an agreement between the utilization of resources within physical machines monitored by a physical machine monitor and service level agreements (SLA) between virtual machines operators and a cloud services provider. In addition, our proposed mechanism can fully utilize hardware resources and maintain desirable performance in the cloud environment.     

An efficient MAC scheme for secure network coding with probabilistic detection

Network coding is vulnerable to pollution attacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to verify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability.Meanwhile, our scheme is able to efficiently restrict pollution propagation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.     

A probabilistic justification for using tf×idf term weighting in information retrieval

This paper presents a new probabilistic model of information retrieval. The most important modeling assumption made is that documents and queries are defined by an ordered sequence of single terms. This assumption is not made in well-known existing models of information retrieval, but is essential in the field of statistical natural language processing. Advances already made in statistical natural language processing will be used in this paper to formulate a probabilistic justification for using tf×idf term weighting. The paper shows that the new probabilistic interpretation of tf×idf term weighting might lead to better understanding of statistical ranking mechanisms, for example by explaining how they relate to coordination level ranking. A pilot experiment on the TREC collection shows that the linguistically motivated weighting algorithm outperforms the popular BM25 weighting algorithm. Received: 17 December 1998 / Revised: 31 May 1999     

一种基于Smart Card的远程用户身份验证方案的安全性讨论

身份验证是计算机通信的一个重要方面。由于密码验证协议的简单性,它已经被广泛地用于身份验证。最近,Lee氏等利用Smart Card,提出了一个基于随机数的远程用户验证方案。指出了这个方案并不像其提出者所声称的那样安全,同时提出了两种攻击方法以破解其验证方案。     

An efficient scheme for secure domain medical image fusion over cloud

Multimedia Tools and Applications - The exponential growth in the medical images is making the healthcare industry move towards cloud-based paradigm, which has vast storage and high end processing...     

A blockchain-based medical data preservation scheme for telecare medical information systems

International Journal of Information Security - With rapid technological development, mobile computing and wireless transmission have become mature. These two technologies can be combined for...     

云计算环境中高效可扩展的元数据管理方法

针对现有可扩展的元数据管理方法存在性能较低问题,提出一种高效可扩展的元数据管理方法,它首先采用动态二叉映射树来实现元数据服务器精确定位,然后采用延迟更新方法来动态更新二叉映射树,最后提出动态K叉编码树的元数据组织方法以提高元数据服务器扩展时选择迁移元数据的速度。实验结果表明,它有效提高了云计算环境中可扩展元数据管理方法的效率。     

An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks

Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints.Considering that most large-scale WSNs follow a two-tiered architecture,we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs.The proposed approach reduces the computational load,since it performs only simple operations,such as exclusive-OR and a one-way hash function.This feature is more suitable for the resource-limited sensor nodes and mobile devices.And it is unnecessary for master nodes to forward login request messages to the base station,or maintain a long user list.In addition,pseudonym identity is introduced to preserve user anonymity.Through clever design,our proposed scheme can prevent smart card breaches.Finally,security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.     

An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks

User authentication with unlinkability is one of the corner stone services for many security and privacy services which are required to secure communications in wireless sensor networks (WSNs). Recently, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs, and claimed that their scheme achieves identity and password protection, and the resiliency of stolen smart card attacks. However, we observe that Xue et al.’s scheme is subject to identity guessing attack, tracking attack, privileged insider attack and weak stolen smart card attack. In order to fix the drawbacks, we propose an enhanced authentication scheme with unlinkability. Additionally, the proposed scheme further cuts the computational cost. Therefore, the proposed scheme not only remedies its security flaws but also improves its performance. It is more suitable for practical applications of WSNs than Xue et al.’s scheme.     

Secure deduplication with efficient user revocation in cloud storage

Secure deduplication is a promising solution to greatly reduce the storage space of the cloud. However, the encryption key is deterministically derived from the plaintext, such that who owns the plaintext has the derived key to decrypt the ciphertext. Therefore, how to revoke a user in deduplication schemes is a critical challenge. In the existing work, when updating the data authority, the data owner has to download the data from the cloud, decrypt, re-encrypt and finally upload them to the cloud. This process increases the communication and computation overheads. In this paper, we first propose a multi-user updatable encryption scheme. Specifically, the data owner can update the remote ciphertext under a new group key by sending an update token to the cloud. Then we adopt this technique to propose a new secure deduplication scheme supporting efficiently revoking an unauthorized user. In our scheme, the data owner just needs to send a token to the cloud to update the data authority, which saves the communication and computation costs. The security and efficiency analysis demonstrate that our proposed deduplication scheme can achieve the desired security properties with high efficiency.     

Towards secure and efficient user authentication scheme using smart card for multi-server environments

Two user authentication schemes for multi-server environments have been proposed by Tsai and Wang et al., respectively. However, there are some flaws existing in both schemes. Therefore, a new scheme for improving these drawbacks is proposed in this paper. The proposed scheme has the following benefits: (1) it complies with all the requirements for multi-server environments; (2) it can withstand all the well-known attacks at the present time; (3) it is equipped with a more secure key agreement procedure; and (4) it is quite efficient in terms of the cost of computation and transmission. In addition, the analysis and comparisons show that the proposed scheme outperforms the other related schemes in various aspects.     

An efficient clustering scheme using support vector methods

Support vector clustering involves three steps—solving an optimization problem, identification of clusters and tuning of hyper-parameters. In this paper, we introduce a pre-processing step that eliminates data points from the training data that are not crucial for clustering. Pre-processing is efficiently implemented using the R*-tree data structure. Experiments on real-world and synthetic datasets show that pre-processing drastically decreases the run-time of the clustering algorithm. Also, in many cases reduction in the number of support vectors is achieved. Further, we suggest an improvement for the step of identification of clusters.     

Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards

In 2002, Chien et al. proposed an efficient remote authentication scheme using smart cards, in which only few hashing operations are required. Later, Ku et al. gave an improved scheme to repair the security pitfalls found in Chien et al.'s scheme. Also Yoon et al. presented an enhancement on Ku et al.'s scheme. In this paper, we show that both Ku et al.'s scheme and Yoon et al.'s scheme are still vulnerable to the guessing attack, forgery attack and denial of service (DoS) attack. In addition, their schemes lack efficiency when users input wrong passwords. To remedy these flaws, this paper proposes an efficient improvement over Ku et al.'s and Yoon et al.'s schemes with more security. The computation cost, security, and efficiency of the improved scheme are embarking for the real application in the resource-limited environment.