A numerically stable fragile watermarking scheme for authenticating 3D models

This paper analyzes the numerically instable problem in the current 3D fragile watermarking schemes. Some existing fragile watermarking schemes apply the floating-point arithmetic to embed the watermarks. However, these schemes fail to work properly due to the numerically instable problem, which is common in the floating-point arithmetic. This paper proposes a numerically stable fragile watermarking scheme. The scheme views the mantissa part of the floating-point number as an unsigned integer and operates on it by the bit XOR operator. Since there is no numerical problem in the bit operation, this scheme is numerically stable. The scheme can control the watermark strength through changing the embedding parameters. This paper further discusses selecting appropriate embedding parameters to achieve good performance in terms of the perceptual invisibility and the ability to detect unauthorized attacks on the 3D models. The experimental results show that the proposed public scheme could detect attacks such as adding noise, adding/deleting faces, inserting/removing vertices, etc. The comparisons with the existing fragile schemes show that this scheme is easier to implement and use.     

网络中基于单向函数密钥链的广播认证协议

无线传感器网络中的广播认证技术能够保护广播报文不被恶意篡改或伪造,对于战场侦察、森林火险监测等应用具有重要的意义。现有的广播认证协议中基于单向函数密钥链的协议以较高的认证效率得到了研究工作者的普遍认可,对现有的这些认证协议进行了介绍和分析,并提出了可能的进一步研究方向。     

基于集成神经网络的离线手写签名鉴别方法

离线手写签名鉴别是一种基于生物特征的身份识别技术,利用集成神经网络对手写签名进行自动鉴别。该集成神经网络由特征分配网络、神经网络认证主体和决策融合识别网络三部分构成。通过为每个签名者构造独立的分类器,并分别为每个分类器构造认证、识别训练集,解决了离线签名的认证和识别问题。基于此方法的签名鉴别实验获得了比较满意的结果,可以用来辅助人类专家进行签名鉴别。     

Biometrics:Standing Throughout Emerging Technologies

Biometrics technologies have been around for quite some time and many have been deployed for different applications all around the world, ranging from small companies' time and attendance systems to access control systems for nuclear facilities. Biometrics offer a reliable solution for the establishment of the distinctiveness of identity based on who an individual is, rather than what he or she knows or carries. Biometric Systems automatically verify a person's identity based on his/her anatomical and behav...     

基于椭圆曲线的盲数字签名及其身份识别

椭圆曲线密码体制以其特有的优越性被广泛用于进行数据加密和构建数字签名方案。同样,它也可以用来构建盲数字签名方案。介绍了椭圆曲线密码体制的相关知识,基于求解椭圆曲线离散对数问题的困难性,设计了一种基于椭圆曲线离散对数问题的盲数字签名方案,并在此基础上设计了一种身份识别协议,该方案可以同时满足盲数字签名的正确性、匿名性、不可伪造性和不可追踪性等特性要求。从理论上分析该方案是安全的,并具有一定的实用价值。     

基于簇结构的移动Ad Hoc网络的认证协议

与传统网络比较,移动AdHoe网络具有拓扑结构不稳定、终端能源有限、有限带宽及自组织等特点,这使得AdHoe网络的安全问题成了一个极具挑战性的研究课题,而安全问题中认证是基础。文中提出一种基于分簇结构的移动AdHoe网络的认证协议,结合门限加密机制和分布式密钥管理方案,实现各级簇头及簇成员的分布式认证。有效防止了恶意节点对消息的截取、修改、伪造、监视和窃听等外部攻击和防范内部被攻破认证节点对分布式认证的干扰。     

基于ACE的集群呼叫鉴权系统的实现

介绍基于ACE的集群呼叫鉴权系统的设计和实现方法。通过ACE_Even_Handler、ACE_Task、ACE_Reac-tor的派生类的相互配合,程序员可以快速开发UDP网络应用程序。     

基于LDAP和双因素身份认证的统一认证

从目前企业的安全体系和安全策略出发,本文设计了一套适用于目前多种企业应用的统一认证系统,使用LDAP标准协议管理用户信息,实现了统一管理、统一授权;采用了双因素认证服务器作为认证引擎,加强了身份认证的强度。     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.     

A Multi-Stage Secure IoT Authentication Protocol

The Internet of Things (IoT) is a network of heterogeneous and smart devices that can make decisions without human intervention. It can connect millions of devices across the universe. Their ability to collect information, perform analysis, and even come to meaningful conclusions without human capital intervention matters. Such circumstances require stringent security measures and, in particular, the extent of authentication. Systems applied in the IoT paradigm point out high-interest levels since enormous damage will occur if a malicious, wrongly authenticated device finds its way into the IoT system. This research provides a clear and updated view of the trends in the IoT authentication area. Among the issues covered include a series of authentication protocols that have remained research gaps in various studies. This study applies a comparative evaluation of authentication protocols, including their strengths and weaknesses. Thus, it forms the foundation in the IoT authentication field of study. In that direction, a multi authentication architecture that involves secured means is proposed for protocol authentication. Informal analysis can affect the security of the protocols. Burrows-Abadi-Needham (BAN) logic provides proof of the attainment of mutual authentication. NS3 simulator tool is used to compare the performance of the proposed protocol to verify the formal security offered by the BAN logic.