外包数据库查询完全性检验

在外包数据库中,查询完整性意味着从服务器返回给客户的结果集是正确的和完全的,即所有的记录都是来自数据拥有者且没有经过任何修改的,同时所有满足查询的记录都返回到客户端而没有遗漏。提出了一个称为“重复表”的新方法来检验查询完全性。在服务器端,每个表都有一个重复表,该表用不同的加密方法或加密密钥加密。从而,服务器不能从数据本身区分原始表和重复表。在查询时,客户分别查询原始表和重复表,得到两个结果集,然后判断是否所有满足查询的记录都出现在结果集中。实验结果表明该方法是有效的。     

多模式生物特征识别的身份验证系统

提出了一种有效的基于多模式生物特征识别的嵌入式身份验证系统,介绍了系统的流程和硬件组成,以及虹膜和掌纹两种生物特征的融合算法及其优化.该算法在图像层对虹膜和掌纹两种生物特征图像进行融合,既融合了两种模式的生物特征信息,又有效地减小了特征模版的大小,与其他传统的生物特征识别算法相比,该算法低运算复杂度的特点使其很适合在嵌入式系统实现.实验结果表明,该多模式生物特征识别身份验证系统准确、有效、安全.     

Usability evaluation of multi-modal biometric verification systems

As a result of the evolution in the field of biometrics, a new breed of techniques and methods for user identity recognition and verification has appeared based on the recognition and verification of several biometric features considered unique to each individual. Signature and voice characteristics, facial features, and iris and fingerprint patterns have all been used to identify a person or just to verify that the person is who he/she claims to be. Although still relatively new, these new technologies have already reached a level of development that allows its commercialization. However, there is a lack of studies devoted to the evaluation of these technologies from a user-centered perspective. This paper is intended to promote user-centered design and evaluation of biometric technologies. Towards this end, we have developed a platform to perform empirical evaluations of commercial biometric identity verification systems, including fingerprint, voice and signature verification. In this article, we present an initial empirical study in which we evaluate, compare and try to get insights into the factors that are crucial for the usability of these systems.     

Privacy-preserving computation of participatory noise maps in the cloud

This paper presents a privacy-preserving system for participatory sensing, which relies on cryptographic techniques and distributed computations in the cloud. Each individual user is represented by a personal software agent, deployed in the cloud, where it collaborates on distributed computations without loss of privacy, including with respect to the cloud service providers. We present a generic system architecture involving a cryptographic protocol based on a homomorphic encryption scheme for aggregating sensing data into maps, and demonstrate security in the Honest-But-Curious model both for the users and the cloud service providers. We validate our system in the context of NoiseTube, a participatory sensing framework for noise pollution, presenting experiments with real and artificially generated data sets, and a demo on a heterogeneous set of commercial cloud providers. To the best of our knowledge our system is the first operational privacy-preserving system for participatory sensing. While our validation pertains to the noise domain, the approach used is applicable in any crowd-sourcing application relying on location-based contributions of citizens where maps are produced by aggregating data – also beyond the domain of environmental monitoring.     

On the error-reject trade-off in biometric verification systems

We address the problem of performance evaluation in biometric verification systems. By formulating the optimum Bayesian decision criterion for a verification system and by assuming the data distributions to be multinormals, we derive two statistical expressions for calculating theoretically the false acceptance and false rejection rates. Generally, the adoption of a Bayesian parametric model does not allow for obtaining explicit expressions for the calculation of the system errors. As far as biometric verification systems are concerned, some hypotheses can be reasonably adopted, thus allowing simple and affordable expressions to be derived. By using two verification system prototypes. Based on hand shape and human face, respectively, we show our results are well founded     

Sub-vector based biometric speaker verification using MLLR super-vector

In this paper, we propose a sub-vector based speaker characterization method for biometric speaker verification, where speakers are represented by uniform segmentation of their maximum likelihood linear regression (MLLR) super-vectors called m-vectors. The MLLR transformation is estimated with respect to universal background model (UBM) without any speech/phonetic information. We introduce two strategies for segmentation of MLLR super-vector: one is called disjoint and other is an overlapped window technique. During test phase, m-vectors of the test utterance are scored against the claimant speaker. Before scoring, m-vectors are post-processed to compensate the session variability. In addition, we propose a clustering algorithm for multiple-class wise MLLR transformation, where Gaussian components of the UBM are clustered into different groups using the concept of expectation maximization (EM) and maximum likelihood (ML). In this case, MLLR transformations are estimated with respect to each class using the sufficient statistics accumulated from the Gaussian components belonging to the particular class, which are then used for m-vector system. The proposed method needs only once alignment of the data with respect to the UBM for multiple MLLR transformations. We first show that the proposed multi-class m-vector system shows promising speaker verification performance when compared to the conventional i-vector based speaker verification system. Secondly, the proposed EM based clustering technique is robust to the random initialization in-contrast to the conventional K-means algorithm and yields system performance better/equal which is best obtained by the K-means. Finally, we show that the fusion of the m-vector with the i-vector further improves the performance of the speaker verification in both score as well as feature domain. The experimental results are shown on various tasks of NIST 2008 speaker recognition evaluation (SRE) core condition.     

Bimodal biometric verification based on face and lips

In this paper, we present a novel approach to person verification by fusing face and lip features. Specifically, the face is modeled by the discriminative common vector and the discrete wavelet transform. Our lip features are simple geometric features based on a lip contour, which can be interpreted as multiple spatial widths and heights from a center of mass. In order to combine these features, we consider two simple fusion strategies: data fusion before training and score fusion after training, working with two different face databases. Fusing them together boosts the performance to achieve an equal error rate as low as 0.4% and 0.28%, respectively, confirming that our approach of fusing lips and face is effective and promising.     

隐私保护的费马问题极值计算协议

隐私保护的计算几何问题是目前安全多方计算领域的一个研究热点。提出了一个费马问题的极值计算问题,费马问题已被广泛地运用在许多领域,比如军事、商业等领域。因此,在保证隐私的前提下,设计了一个基于点积协议的费马问题极值计算协议。提出的协议仅调用了6次点积协议,不仅简化了协议,而且没有使用第三方,安全性更高。给出了协议的正确性,而且对安全性和有效性都进行了详细的理论分析。分析结果标明,所提出的协议是安全的,而且协议复杂度低,也可用于解决其他一些安全多方的计算几何问题。     

Towards verification of computation orchestration

Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed Web Services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of Web Services or communication and so forth. The semantics of Orc is precisely defined. However, there is no automatic verification tool available to verify critical properties against Orc programs. Our goal is to verify the orchestration programs (written in Orc language) which invoke web services to achieve certain goals. To investigate this problem and build useful tools, we explore in two directions. Firstly, we define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc programs. The practical implication is that existing tool supports for Timed Automata, e.g., Uppaal, can be used to simulate and model check Orc programs. An experimental tool has been implemented to automate this approach. Secondly, we start with encoding the operational semantics of Orc language in Constraint Logic Programming (CLP), which allows a systematic translation from Orc to CLP. Powerful constraint solvers like CLP \({(\mathcal{R})}\) are then used to prove traditional safety properties and beyond, e.g., reachability, deadlock-freeness, lower or upper bound of a time interval, etc. Counterexamples are generated when properties are not satisfied. Furthermore, the stepwise execution traces can be automatically generated as the simulation steps. The two different approaches give an insight into the verification problem of Web Service orchestration. The Timed Automata approach has its merits in visualized simulation and efficient verification supported by the well developed tools. On the other hand, the CPL approach gives better expressiveness in both modeling and verification. The two approaches complement each other, which gives a complete solution for the simulation and verification of Computation Orchestration.     

Privacy-preserving and verifiable protocols for scientific computation outsourcing to the cloud

Computation outsourcing to the cloud has become a popular application in the age of cloud computing. Recently, two protocols for secure outsourcing scientific computations, i.e., linear equation solving and linear programming solving, to the cloud were proposed. In this paper, we improve the work by proposing new protocols that achieve significant performance gains. For linear equation solving outsourcing, we achieve the improvement by proposing a completely new protocol. The new protocol employs some special linear transformations and there are no homomorphic encryptions and interactions between the client and the cloud, compared with the previous protocol. For linear programming outsourcing, we achieve the improvement by reformulating the linear programming problem in the standard and natural form. We also introduce a method to reduce the key size by using a pseudorandom number generator. The design of the newly proposed protocols also sheds some insight on constructing secure outsourcing protocols for other scientific computations. Comparisons between our protocols and the previous protocols are given, which demonstrate significant improvements of our proposed protocols. We also carry out numerical experiments to validate the efficiency of our protocols for secure linear equation solving and linear programming outsourcing.     

Partially materialized digest scheme: an efficient verification method for outsourced databases

In the outsourced database model, a data owner publishes her database through a third-party server; i.e., the server hosts the data and answers user queries on behalf of the owner. Since the server may not be trusted, or may be compromised, users need a means to verify that answers received are both authentic and complete, i.e., that the returned data have not been tampered with, and that no qualifying results have been omitted. We propose a result verification approach for one-dimensional queries, called Partially Materialized Digest scheme (PMD), that applies to both static and dynamic databases. PMD uses separate indexes for the data and for their associated verification information, and only partially materializes the latter. In contrast with previous work, PMD avoids unnecessary costs when processing queries that do not request verification, achieving the performance of an ordinary index (e.g., a B⁺-tree). On the other hand, when an authenticity and completeness proof is required, PMD outperforms the existing state-of-the-art technique by a wide margin, as we demonstrate analytically and experimentally. Furthermore, we design two verification methods for spatial queries. The first, termed Merkle R-tree (MR-tree), extends the conventional approach of embedding authentication information into the data index (i.e., an R-tree). The second, called Partially Materialized KD-tree (PMKD), follows the PMD paradigm using separate data and verification indexes. An empirical evaluation with real data shows that the PMD methodology is superior to the traditional approach for spatial queries too.     

基于双服务器模型的可公开验证多元多项式外包计算方案

结合云安全外包计算中的隐私保护问题,针对任意多元多项式函数的外包计算,利用同态加密算法和多线性映射,构造了基于双服务器模型的可公开验证外包计算方案。该方案能够保证多项式函数输入与输出的隐私性和安全性,用户或者任意第三方都可以对云服务器计算的结果进行验证,实现了可公开验证性和可用性。云返回给用户的结果处于密文状态,只有拥有解密密钥的用户才能够输出最终的结果,一定程度上保证了计算结果的安全性。分析结果表明,该方案在标准模型下能够达到输入的选择明文攻击（CPA）安全,用户的计算代价远远小于服务器以及直接计算多项式函数的计算代价。     

Privacy-preserving authentication framework using bloom filter for secure vehicular communications

Vehicular ad hoc networks (VANETs) are the future of the intelligent transportation systems (ITS), which aim to improve traffic safety. The received message in VANETs can contain the malicious content that may affect the entire network; hence, these networks are more prone to such attacks. Thus, security is a major consideration before the deployment of such network. In this paper, a secure privacy-preserving authentication framework is proposed, which employs the use of pseudonyms for anonymous communication. A new digital signature scheme and aggregate verification scheme are designed for vehicular communications, and the ID-based signature scheme is used for vehicle-to-RSU communication. The multiple authorities are involved in revealing the identity of the vehicle in case of revocation. The signature verification scheme is improved by the use of bloom filters, and the results achieved by the proposed scheme have been implemented on a simulated environment.     

Personalization and user verification in wearable systems using biometric walking patterns

In this article, a novel technique for user’s authentication and verification using gait as a biometric unobtrusive pattern is proposed. The method is based on a two stages pipeline. First, a general activity recognition classifier is personalized for an specific user using a small sample of her/his walking pattern. As a result, the system is much more selective with respect to the new walking pattern. A second stage verifies whether the user is an authorized one or not. This stage is defined as a one-class classification problem. In order to solve this problem, a four-layer architecture is built around the geometric concept of convex hull. This architecture allows to improve robustness to outliers, modeling non-convex shapes, and to take into account temporal coherence information. Two different scenarios are proposed as validation with two different wearable systems. First, a custom high-performance wearable system is built and used in a free environment. A second dataset is acquired from an Android-based commercial device in a ‘wild’ scenario with rough terrains, adversarial conditions, crowded places and obstacles. Results on both systems and datasets are very promising, reducing the verification error rates by an order of magnitude with respect to the state-of-the-art technologies.     

Use of random time-intervals (RTIs) generation for biometric verification

We explore the possibility of using human-generated time-series as biometric signature. Adopting a simple psychometric procedure, in which a button is pressed in entirely random manner, successive elapsed times are registered and gathered in a signal reflecting user's internal cognitive processes. By reconstructing and comparing the dynamics across repetitions from the same subject a noticeable consistency was observed. Moreover, the dynamics showed a prominent idiosyncratic character when realizations from different subjects were contrasted. We established an appropriate similarity measure to systematize such comparisons and experimentally verified that it is feasible to restore someone's identity from RTI (random time-interval) signals. By incorporating it in an SVM-based verification system, which was trained and tested using a medium sized dataset (from 40 persons), a considerably low equal error rate (EER) of ∼5% was achieved. RTI signals can be collected effortlessly and this makes our approach appealing, especially in transactions mediated by standard pc terminal keyboards or even telephone keypads.     

External integrity verification for outsourced big data in cloud and IoT: A big picture

As cloud computing is being widely adopted for big data processing, data security is becoming one of the major concerns of data owners. Data integrity is an important factor in almost any data and computation related context. It is not only one of the qualities of service, but also an important part of data security and privacy. With the proliferation of cloud computing and the increasing needs in analytics for big data such as data generated by the Internet of Things, verification of data integrity becomes increasingly important, especially on outsourced data. Therefore, research topics on external data integrity verification have attracted tremendous research interest in recent years. Among all the metrics, efficiency and security are two of the most concerned measurements. In this paper, we will bring forth a big picture through providing an analysis on authenticator-based data integrity verification techniques on cloud and Internet of Things data. We will analyze multiple aspects of the research problem. First, we illustrate the research problem by summarizing research motivations and methodologies. Second, we summarize and compare current achievements of several of the representative approaches. Finally, we introduce our view for possible future developments.     

Exploring correlation for fast skyline computation

Scaling skyline queries over high-dimensional datasets remains to be challenging due to the fact that most existing algorithms assume dimensional independence when establishing the worst-case complexity by discarding correlation distribution. In this paper, we present HashSkyline, a systematic and correlation-aware approach for scaling skyline queries over high-dimensional datasets with three novel features: First, it offers a fast hash-based method to prune non-skyline points by utilizing data correlation characteristics and speed up the overall skyline evaluation for correlated datasets. Second, we develop \(HashSkyline_{GPU}\), which can dramatically reduce the response time for anti-correlated and independent datasets by capitalizing on the parallel processing power of GPUs. Third, the HashSkyline approach uses the pivot cell-based mechanism combined with the correlation threshold to determine the correlation distribution characteristics for a given dataset, enabling adaptive configuration of HashSkyline for skyline query evaluation by auto-switching of \(HashSkyline_{CPU}\) and \(HashSkyline_{GPU}\). We evaluate the validity of HashSkyline using both synthetic datasets and real datasets. Our experiments show that HashSkyline consumes significantly less pre-processing cost and achieves significantly higher overall query performance, compared to existing state-of-the-art algorithms.     

Privacy-preserving kNN query processing algorithms via secure two-party computation over encrypted database in cloud computing

The Journal of Supercomputing - Since studies on privacy-preserving database outsourcing have been spotlighted in a cloud computing, databases need to be encrypted before being outsourced to the...     

On error reduction by the symmetric rejection method in multi-stage biometric verification systems

Pattern Analysis and Applications - A multi-stage biometric verification system serially activates its verifiers and improves performance-cost trade-off by allowing users to submit a subset of the...     

A novel biometric system for signature verification based on score level fusion approach

Multimedia Tools and Applications - The active modality of handwriting is broadly related to signature verification in the context of biometric user authentication systems. Signature verification...