一种块对独立的鲁棒数字图像鉴别方法

随着多媒体数据的广泛使用，其内容的真实性和完整性越来越受到人们的关注，基于内容的多媒体数据鉴别技术成为了一个重要的热点研究领域。根据静态图像的特征，提出了一个用于数字图像的、块对独立的鉴别方法。提取JPEG压缩不变量作为特征，并引入参考块来辅助篡改定位。实验证明，它可以在一定程度上容忍JPEG压缩，对篡改操作敏感，并可以在8^*8像素块的量级上对篡改区域进行精确定位。     

Image authentication based on digital signature and semi-fragile watermarking

This paper proposes an authentication scheme for JPEG images based on digital signature and semi-fragile watermarking. It can detect and locate malicious manipulations made to the image, and verify the ownership of the image at the same time. The algorithm uses the invariance of the order relationship between two DCT coefficients before and after JPEG compression to embed image content dependent watermark, therefore the watermark can survive the JPEG lossy compression. Since the scheme is based on the security of the cryptographic hash function and public key algorithm, it is believed to be secure to the extent that cryptography is believed to be. Theoretical analysis and experimental results show that the proposed scheme has the desired property and good performance for image authentication.     

A digital authentication watermarking scheme for JPEG images with superior localization and security

The drawbacks of the current authentication watermarking schemes for JPEG images, which are inferior localization and the security flaws, are firstly analyzed in this paper. Then, two counterferiting attacks are conducted on them. To overcome these drawbacks, a new digital authentication watermarking scheme for JPEG images with superior localization and security is proposed. Moreover, the probabilities of tamper detection and false detection are deduced under region tampering and collage attack separately. For each image block, the proposed scheme keeps four middle frequency points fixed to embed the watermark, and utilizes the rest of the DCT coefficients to generate 4 bits of watermark information. During the embedding process, each watermark bit is embedded in another image block that is selected by its corresponding secret key. Since four blocks are randomly selected for the watermark embedding of each block, the non-deterministic dependence among the image blocks is established so as to resist collage attack completely. At the receiver, according to judging of the extracted 4 bits of watermark information and the corresponding 9-neighbourhood system, the proposed scheme could discriminate whether the image block is tampered or not. Owing to the diminishing of false detection and the holding of tamper detection, we improve the accuracy of localization in the authentication process. Theoretic analysis and simulation results have proved that the proposed algorithm not only has superior localization, but also enhances the systematic security obviously. Supported by the National Natural Science Foundation of China (Grant No. 60572027), the Program for New Century Excellent Talents in University of China (Grant No. NCET-05-0794), the Sichuan Youth Science & Technology Foundation (Grant No. 03ZQ026-033), the National Defense Pre-research Foundation of China (Grant No. 51430804QT2201) and the Application Basic Foundation of Sichuan Province, China (Grant No. 2006 J13-10)     

Personal authentication using digital retinal images

Traditional authentication (identity verification) systems, used to gain access to a private area in a building or to data stored in a computer, are based on something the user has (an authentication card, a magnetic key) or something the user knows (a password, an identification code). However, emerging technologies allow for more reliable and comfortable user authentication methods, most of them based on biometric parameters. Much work could be found in the literature about biometric-based authentication, using parameters like iris, voice, fingerprints, face characteristics, and others. In this work a novel authentication method is presented and preliminary results are shown. The biometric parameter employed for the authentication is the retinal vessel tree, acquired through retinal digital images, i.e., photographs of the fundus of the eye. It has already been asserted by expert clinicians that the configuration of the retinal vessels is unique for each individual and that it does not vary during his life, so it is a very well-suited identification characteristic. Before the verification process can be executed, a registration step is required to align both the reference image and the picture to be verified. A fast and reliable registration method is used to perform this step, so that the whole authentication process takes about 0.3 s.     

A secure and privacy-preserving lightweight authentication protocol for wireless communications

In wireless networks, seamless roaming allows a mobile user (MU) to utilize its services through a foreign server (FS) when outside his home server (HS). However, security and efficiency of the authentication protocol as well as privacy of MUs are of great concern to achieve an efficient authentication protocol. Conventionally, authentication involves the participation of three entities (MU, HS, and FS); however, involving an HS in the authentication process incurs heavy computational burden on it due to huge amount of roaming requests. Moreover, wireless networks are often susceptible to various forms of passive and active attacks. Similarly, mobile devices have low processing, communication, and power capabilities.

In this paper, we propose an efficient, secure, and privacy-preserving lightweight authentication protocol for roaming MUs in wireless networks without engaging an HS. The proposed authentication protocol uses unlinkable pseudo-IDs and lightweight time-bound group signature to provide strong user anonymity, and a cost-effective cryptographic scheme to achieve security of the authentication protocol. Similarly, we implement a better billing system for MUs and a computationally efficient revocation scheme. Our analysis shows that the protocol has better performance than other related authentication protocols in wireless communications in terms of security, privacy, and efficiency.     

Hiding iris data for authentication of digital images using wavelet theory

This paper introduces an efficient approach to protect the ownership by hiding an iris data into digital image for an authentication purpose. It is based on the theory of wavelets. The idea is to secretly embed biometric data (iris print) in the content of the image identifying the owner. The system is based on an empirical analysis of biometric and watermarking technologies, and it is split into several processes. The first process is based on iris image analysis, which aids the generation of the iris code (watermark); the second and the third processes deal with embedding and detecting a watermark; and the last process deals with the authentication. A new metric that measures the objective quality of the image based on the detected watermark bit is introduced, which does not require the original unmarked image for watermark detection. Simulation results show the effectiveness and efficiency of the proposed approach. The text was submitted by the author in English.     

一种强安全的WSN用户认证及密钥协商方案

针对无线传感器网络双因素用户认证方案中智能卡内敏感信息被破译、公共信道信息传输被侦听引起的匿名性隐患及密码猜测等攻击,在T-M方案的基础上,注册阶段采用哈希加密深度隐藏了用户隐私信息,增强智能卡中元素的抗猜测性;又将网关作为消息中转站提前对用户进行验证,调整了信息传输结构及认证方式,减少节点能耗且加强消息传输的安全防护;同时,在网关端添加写保护用户身份日志表,及时记录用户登录信息,以防资源滥用。理论分析及实验显示了所提方案有效抵御了T-M方案的不足,大大减少了传感节点的通信开销,提供更多的安全防护且具有计费功能。     

An efficient and secure authentication protocol for RFID systems

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.     

A secure and robust digital signature scheme for JPEG2000 image authentication

In this paper, we present a secure and robust content-based digital signature scheme for verifying the authenticity of JPEG2000 images quantitatively, in terms of a unique concept named lowest authenticable bit rates (LABR). Given a LABR, the authenticity of the watermarked JPEG2000 image will be protected as long as its final transcoded bit rate is not less than the LABR. The whole scheme, which is extended from the crypto data-based digital signature scheme, mainly comprises signature generation/verification, error correction coding (ECC) and watermark embedding/extracting. The invariant features, which are generated from fractionalized bit planes during the procedure of embedded block coding with optimized truncation in JPEG2000, are coded and signed by the sender's private key to generate one crypto signature (hundreds of bits only) per image, regardless of the image size. ECC is employed to tame the perturbations of extracted features caused by processes such as transcoding. Watermarking only serves to store the check information of ECC. The proposed solution can be efficiently incorporated into the JPEG2000 codec (Part 1) and is also compatible with Public Key Infrastructure. After detailing the proposed solution, system performance on security as well as robustness will be evaluated.     

基于强认证技术的会话初始协议安全认证模型

针对会话初始协议（SIP）的典型安全威胁,提出了基于强认证技术的SIP安全认证模型,并分析了其安全性。该认证模型通过智能卡和数字证书的强组合实现强认证,并据此对SIP做出相应扩展,将强认证技术有机地融入到SIP协议当中,实现了会话双方的安全认证,保证了SIP消息传输的机密性、真实性、完整性和不可否认性,从而提高了SIP的安全性。     

基于JPEG标准静止图像压缩算法的分析与研究

介绍了JPEG标准、JPEG2000标准及其相比JPEG标准的改进和优点。通过对JPEG标准压缩流程及算法的分析与研究,得到JPEG标准压缩的基本原理：利用人类的视觉特点对亮度分量的精度敏感,而对色度分量的精度迟钝,将RGB颜色模式转换为YCrCb颜色模式;基于视觉特点来抑制高频部分使用离散余弦变换和量化来实现;应用完全可逆的熵编码即霍夫曼编码使比特序列更小。     

数字化校园中统一身份认证系统研究

给出了一种基于IEEE 802.1X协议和Diameter协议的校园网统一身份认证系统。通过对EAP-PEAP协议进行扩展,并且采用Diameter的消息路由机制,该系统能够支持域间身份认证和统一认证令牌的发放,从而解决了校园网身份认证中用户漫游和单点登录的问题。对于此身份认证系统易遭受的攻击类型作了分析,并提出了相应的解决方案。     

一种新的JPEG图像认证半脆弱水印算法

提出了一种用于JPEG图像认证的半脆弱数字水印算法,它根据JPEG图像压缩过程中的DCT系数的不变性原理进行水印生成和嵌入调制,并结合一种有效的算法隐性地考虑到所有非零DCT系数的符号、大小关系,在未增加水印信息嵌入强度的情况下,实现了图像应对变换域攻击的更有效保护。同时,在检测算法中加入对虚警区的判断,增加了对窜改区域定位的准确性。实验表明,该算法实现的水印有很好的视觉透明度,有效的承受JPEG压缩,同时对其他恶意篡改敏感并能够准确定位篡改位置。     

A nonparametric-test-based structural similarity measure for digital images

In image processing, image similarity indices evaluate how much structural information is maintained by a processed image in relation to a reference image. Commonly used measures, such as the mean squared error (MSE) and peak signal to noise ratio (PSNR), ignore the spatial information (e.g. redundancy) contained in natural images, which can lead to an inconsistent similarity evaluation from the human visual perception. Recently, a structural similarity measure (SSIM), that quantifies image fidelity through estimation of local correlations scaled by local brightness and contrast comparisons, was introduced by Wang et al. (2004). This correlation-based SSIM outperforms MSE in the similarity assessment of natural images. However, as correlation only measures linear dependence, distortions from multiple sources or nonlinear image processing such as nonlinear filtering can cause SSIM to under- or overestimate the true structural similarity. In this article, we propose a new similarity measure that replaces the correlation and contrast comparisons of SSIM by a term obtained from a nonparametric test that has superior power to capture general dependence, including linear and nonlinear dependence in the conditional mean regression function as a special case. The new similarity measure applied to images from noise contamination, filtering, and watermarking, provides a more consistent image structural fidelity measure than commonly used measures.     

抗JPEG压缩的新图像认证算法

给出了一种从长度为n=2m-1的二进制信息序列中提取m比特摘要的方法和一种新的图像预处理方法。在此基础上,设计了一种新的适用于多区域篡改的图像认证算法。在JPEG质量因子QF340的情况下,该算法不仅可以区分正常的JPEG压缩失真和恶意篡改,还可以实现多区域篡改检测和准确定位,且具有较高的篡改检测概率和较低的虚警概率。理论分析和仿真实验均证明了该算法的正确性和有效性。     

On designing usable and secure recognition-based graphical authentication mechanisms

In this article we present the development of a new, web-based, graphical authentication mechanism called ImagePass. The authentication mechanism introduces a novel feature based on one-time passwords that increases the security of the system without compromising its usability. Regarding usability, we explore the users’ perception of recognition-based, graphical authentication mechanisms in a web environment. Specifically, we investigate whether the memorability of recognition-based authentication keys is influenced by image content. We also examine how the frequency of use affects the usability of the system and whether user training via mnemonic instructions improves the graphical password recognition rate. The design and development process of the proposed system began with a study that assessed how the users remember abstract, face or single-object images, and showed that single-object images have a higher memorability rate. We then proceeded with the design and development of a recognition-based graphical authentication mechanism, ImagePass, which uses single-objects as the image content and follows usable security guidelines. To conclude the research, in a follow-up study we evaluated the performance of 151 participants under different conditions. We discovered that the frequency of use had a great impact on users’ performance, while the users’ gender had a limited task-specific effect. In contrast, user training through mnemonic instructions showed no differences in the users’ authentication metrics. However, a post-study, focus-group analysis revealed that these instructions greatly influenced the users’ perception for memorability and the usability of the graphical authentication. In general, the results of these studies suggest that single-object graphical authentication can be a complementary replacement for traditional passwords, especially in ubiquitous environments and mobile devices.     

用于图像认证的数字水印技术综述

随着网络技术和媒体信息数字化的飞速发展,用于图像认证的数字水印技术成为目前研究的热点。主要阐述了当前用于认证的数字图像水印技术的特征、认证系统框架,详细讨论了脆弱水印和半脆弱水印的算法和研究现状,并对认证数字水印技术的未来发展方向进行了展望。     

基于安全多方计算的匿名认证方案

把匿名认证抽象为一个具体的安全多方计算问题,转而寻求对该具体问题的求解。基于线性方程组的求解理论,构建了一个匿名认证模型。继而设计了一个两方安全计算矩阵与向量乘积协议,并基于该协议提出了一个完整的匿名认证方案。该方案安全、高效,存储开销小,特别适宜于资源受限的设备或网络。     

基于混沌的图像自恢复安全双水印算法

为提高图像自恢复双水印算法的安全性,提出一种基于混沌的安全双水印算法。该算法首先利用混沌映射将双水印信息加密后再嵌入其他图像块的低位,然后结合图像块内容和嵌入在图像块低位的恢复水印信息,利用混沌映射随机生成用于检测图像块真实性的认证数据。理论分析和实验结果表明该算法在保持篡改恢复质量和不可见性的基础上,有效提高了自恢复双水印算法抵抗内容篡改攻击和字典搜索攻击的能力。     

Privacy preservation and authentication on secure geographical routing in VANET

Abstract

Vehicular Ad hoc Networks (VANETs) play an important role in vehicle-to-vehicle communication as it offers a high level of safety and convenience to drivers. In order to increase the level of security and safety in VANETs, in this paper, we propose a Privacy Preservation and Authentication on Secure Geographical Routing Protocol (PPASGR) for VANET. It provides security by detecting and preventing malicious nodes through two directional antennas such as forward (f-antenna) and backward (b-antenna). The malicious nodes are detected by direction detection, consistency detection and conflict detection. The location of the trusted neighbour is identified using TNT-based location verification scheme after the implementation of the Vehicle Tamper Proof Device (VTPD), Trusted Authority (TA) is generated that produces the anonymous credentials. Finally, VTPD generates pseudo-identity using TA which retrieves the real identity of the sender. Through this approach, the authentication, integrity and confidentiality for routing packets can be achieved. The simulation results show that the proposed approach reduces the packet drop due to attack and improves the packet delivery ratio.