Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Jaap-Henk Hoepman

DOI: https://doi.org/10.48550/arXiv.2101.09085

2021-01-22

Abstract:This paper studies how to implement a privacy friendly form of ticketing for public transport in practice. The protocols described are inspired by current (privacy invasive) public transport ticketing systems used around the world. The first protocol emulates paper based tickets. The second protocol implements a pay-as-you-go approach, with fares determined when users check-in and check-out. Both protocols assume the use of a smart phone as the main user device to store tickets or travel credit. We see this research as a step towards investigating how to design commonly used infrastructure in a privacy friendly manner in practice, paying particular attention to how to deal with failures.

Cryptography and Security

Yonghua Zhan,Feng Yuan,Rui Shi,Guozhen Shi,Chen Dong

DOI: https://doi.org/10.3390/s24020496

IF: 3.9

2024-01-14

Sensors

Abstract:Electronic tickets (e-tickets) are gradually being adopted as a substitute for paper-based tickets to bring convenience to customers, corporations, and governments. However, their adoption faces a number of practical challenges, such as flexibility, privacy, secure storage, and inability to deploy on IoT devices such as smartphones. These concerns motivate the current research on e-ticket systems, which seeks to ensure the unforgeability and authenticity of e-tickets while simultaneously protecting user privacy. Many existing schemes cannot fully satisfy all these requirements. To improve on the current state-of-the-art solutions, this paper constructs a blockchain-enhanced privacy-preserving e-ticket system for IoT devices, dubbed PriTKT, which is based on blockchain, structure-preserving signatures (SPS), unlinkable redactable signatures (URS), and zero-knowledge proofs (ZKP). It supports flexible policy-based ticket purchasing and ensures user unlinkability. According to the data minimization and revealing principle of GDPR, PriTKT empowers users to selectively disclose subsets of (necessary) attributes to sellers as long as the disclosed attributes satisfy ticket purchasing policies. In addition, benefiting from the decentralization and immutability of blockchain, effective detection and efficient tracing of double spending of e-tickets are supported in PriTKT. Considering the impracticality of existing e-tickets schemes with burdensome ZKPs, we replace them with URS/SPS or efficient ZKP to significantly improve the efficiency of ticket issuing and make it suitable for use on smartphones.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Ghada Arfaoui,Jean-François Lalande,Jacques Traoré,Nicolas Desmoulins,Pascal Berthomé,Saïd Gharout

DOI: https://doi.org/10.48550/arXiv.1505.03048

2015-05-12

Abstract:To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat.

Cryptography and Security

Linke Guo,Chi Zhang,Jinyuan Sun,Yuguang Fang

DOI: https://doi.org/10.1109/TMC.2013.84

IF: 6.075

2013-01-01

IEEE Transactions on Mobile Computing

Abstract:Electronic healthcare (eHealth) systems have replaced paper-based medical systems due to the attractive features such as universal accessibility, high accuracy, and low cost. As a major component of eHealth systems, mobile healthcare (mHealth) applies mobile devices, such as smartphones and tablets, to enable patient-to-physician and patient-to-patient communications for better healthcare and quality of life (QoL). Unfortunately, patients' concerns on potential leakage of personal health records (PHRs) is the biggest stumbling block. In current eHealth/mHealth networks, patients' medical records are usually associated with a set of attributes like existing symptoms and undergoing treatments based on the information collected from portable devices. To guarantee the authenticity of those attributes, PHRs should be verifiable. However, due to the linkability between identities and PHRs, existing mHealth systems fail to preserve patient identity privacy while providing medical services. To solve this problem, we propose a decentralized system that leverages users' verifiable attributes to authenticate each other while preserving attribute and identity privacy. Moreover, we design authentication strategies with progressive privacy requirements in different interactions among participating entities. Finally, we have thoroughly evaluated the security and computational overheads for our proposed schemes via extensive simulations and experiments.

Kai Fan,Panfei Song,Zhao Du,Haojin Zhu,Hui Li,Yintang Yang,Xinghua Li,Chao Yang

DOI: https://doi.org/10.1155/2017/4796373

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:As one of the most important techniques in IoT, NFC (Near Field Communication) is more interesting than ever. NFC is a short-range, high-frequency communication technology well suited for electronic tickets, micropayment, and access control function, which is widely used in the financial industry, traffic transport, road ban control, and other fields. However, NFC is becoming increasingly popular in the relevant field, but its secure problems, such as man-in-the-middle-attack and brute force attack, have hindered its further development. To address the security problems and specific application scenarios, we propose a NFC mobile electronic ticket secure payment and verification scheme in the paper. The proposed scheme uses a CS E-Ticket and offline session key generation and distribution technology to prevent major attacks and increase the security of NFC. As a result, the proposed scheme can not only be a good alternative to mobile e-ticket system but also be used in many NFC fields. Furthermore, compared with other existing schemes, the proposed scheme provides a higher security.

Linke Guo,Chi Zhang,Jinyuan Sun,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2012.45

2012-01-01

Abstract:Recently, eHealth systems have replaced paper based medical system due to its prominent features of convenience and accuracy. Also, since the medical data can be stored on any kind of digital devices, people can easily obtain medical services at any time and any place. However, privacy concern over patient medical data draws an increasing attention. In the current eHealth networks, patients are assigned multiple attributes which directly reflect their symptoms, undergoing treatments, etc. Those life-threatened attributes need to be verified by an authorized medical facilities, such as hospitals and clinics. When there is a need for medical services, patients have to be authenticated by showing their identities and the corresponding attributes in order to take appropriate healthcare actions. However, directly disclosing those attributes for verification may expose real identities. Therefore, existing eHealth systems fail to preserve patients' private attribute information while maintaining original functionalities of medical services. To solve this dilemma, we propose a framework called PAAS which leverages users' verifiable attributes to authenticate users in eHealth systems while preserving their privacy issues. In our system, instead of letting centralized infrastructures take care of authentication, our scheme only involves two end users. We also offer authentication strategies with progressive privacy requirements among patients or between patients and physicians. Based on the security and efficiency analysis, we show our framework is better than existing eHealth systems in terms of privacy preservation and practicality.

Qing Fan,Yumeng Xie,Chuan Zhang,Ximeng Liu,Liehuang Zhu

DOI: https://doi.org/10.1109/tsc.2024.3451145

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:The e-health system enables online healthcare by supporting health data transmission services on medical platforms. Considering the frequent privacy breaches in e-health systems and the issuance of relevant regulations, it is important to ensure the authenticity and privacy of health data. Existing e-health systems either fail to provide data authenticity or neglect privacy protection after patients leave the system. In this article, we put forward a secure and efficient e-health system for data transmission, named PPED, to solve this dilemma. In PPED, we explore a regular signature and a forward-secure signature, which guarantee data authenticity and give the signature a valid period. Then, a specific epochal signature scheme is designed by combining two signature schemes with the time-lock puzzle. Since expired epochal signatures are forgeable, patients after leaving the e-health system can forge expired signatures to deny their relationship with the signed data, thus achieving privacy protection. Detailed security analysis demonstrates the PPED realizes data authenticity and user privacy. Extensive experiments evaluate our system and the results show it is practical in terms of running time.

computer science, information systems, software engineering

Yanwei Gong,Xiaolin Chang,Jelena Mišić,Vojislav B. Mišić

2024-07-20

Abstract:Driverless vehicle as a taxi is gaining more attention due to its potential to enhance urban transportation efficiency. However, both unforeseen incidents led by unsupervised physical users' driverless taxi (DT) rides and personalized needs of users when riding in a DT necessitate the authentication of user identity and attributes. Moreover, safeguarding user identity privacy and quickly tracing malicious users if necessary to enhance the adoption of DTs remains a challenge. This paper proposes a novel Attribute-based Anonymity Enhanced (A2E) authentication scheme for users to access DT service. From the security aspect, A2E has attribute verifiability, which is achieved by designing a user attribute credential based on redactable signature. Meanwhile, this attribute credential also satisfies unlinkability and unforgeability. In addition, A2E has enhanced anonymity, which is achieved by designing a decentralized credential issuance mechanism utilizing ring signature and secret sharing, safeguarding user attributes from association with anonymous identities. Moreover, this mechanism provides traceability and non-frameability to users. From the performance aspect, A2E causes low overhead when tracing malicious users and updating credentials. Besides, both scalability and lightweight are satisfied, which contributes to A2E's practicability. We conduct security analysis and performance evaluation to the security and performance capabilities of A2E.

Cryptography and Security

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tvt.2006.877704

2005-01-01

Abstract:Privacy and security are two important but seemingly contradict objectives in pervasive computing environments (PCEs). On the one hand, service providers want to authenticate service users and make sure they are accessing only authorized services in a legitimate way. On the other hand, users want to maintain necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper we propose a novel privacy enhanced authentication and access control scheme to secure the interactions between mobile users and services in PCEs. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication between a user and a service, while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups.

Caiqin Nong,Shaohua Tang,Yuanyuan Zhang

DOI: https://doi.org/10.1109/desec.2018.8625121

2018-01-01

Abstract:Crowd-sensing applications, such as traffic monitoring and environmental detection, have brought great convenience to people's lives, but they also face with some problems, for example, participant's privacy leakage at sensing phase, querier's privacy leakage at service phase, and so on. However, the existing privacy protection solutions are difficult to solve the above problems simultaneously. In response to this situation, we design a privacy-preserving metro passenger flow acquisition and query system that can settle these issues simultaneously. Our system can not only provide the metro passenger flow query service, which makes it convenient for the people, but also protect the participant's identity and location privacy as well as querier's query privacy. We exploit the Paillier cryptosystem, pseudonym mechanism, and Secure kNN to achieve these properties in our system. Besides, we also realized the participant accountability, which means that a malicious participant can be banned from participating in the system tasks and prosecuted if he/she is detected to “pollutes” the aggregation results. The privacy analysis and experiments demonstrate that our system is practical and meet the privacy preserving and security requirement.

Yang Xu,Quanrun Zeng,Guojun Wang,Cheng Zhang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1007/978-3-030-05345-1_31

2018-01-01

Abstract:The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users' privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users' attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.

Kai Fan,Panfei Song,Zhao Du,Haojin Zhu,Hui Li,Yintang Yang,Xinghua Li,Chao Yang

DOI: https://doi.org/10.1007/978-3-319-42836-9_11

2016-01-01

Abstract:As one of the most important techniques in IoT, NFC (Near Field Communication) is more interested than ever. NFC is a short-range, high-frequency communication technology well suited for electronic tickets, micro-payment and access control function, which is widely used in the financial industry, traffic transport, road ban control and other fields. However, NFC is becoming increasingly popular in the relevant field, but its secure problems, such as man-in-the-middle-attack, brute force attack and so on, have hindered its further development. To address the security problems and specific application scenarios, we propose a NFC mobile electronic ticket secure payment and verification scheme in the paper. The proposed scheme uses a CS E-Ticket and offline session key generation and distribution technology to prevent major attacks and increase the security of NFC. As a result, the proposed scheme can not only be a good alternative to mobile e-ticket system but also be used in many NFC fields. Furthermore, compared with other existing schemes, the proposed scheme provides a higher security.

Xinghua Shan,Zhiqiang Zhang,Fei Ning,Shida Li,Linlin Dai

DOI: https://doi.org/10.1108/rs-01-2023-0005

2023-04-05

Railway Sciences

Abstract:Purpose With the yearly increase of mileage and passenger volume in China's high-speed railway, the problems of traditional paper railway tickets have become increasingly prominent, including complexity of business handling process, low efficiency of ticket inspection and high cost of usage and management. This paper aims to make extensive references to successful experiences of electronic ticket applications both domestically and internationally. The research on key technologies and system implementation of railway electronic ticket with Chinese characteristics has been carried out. Design/methodology/approach Research in key technologies is conducted including synchronization technique in distributed heterogeneous database system, the grid-oriented passenger service record (PSR) data storage model, efficient access to massive PSR data under high concurrency condition, the linkage between face recognition service platforms and various terminals in large scenarios, and two-factor authentication of the e-ticket identification code based on the key and the user identity information. Focusing on the key technologies and architecture the of existing ticketing system, multiple service resources are expanded and developed such as electronic ticket clusters, PSR clusters, face recognition clusters and electronic ticket identification code clusters. Findings The proportion of paper ticket printed has dropped to 20%, saving more than 2 billion tickets annually since the launch of the application of E-ticketing nationwide. The average time for passengers to pass through the automatic ticket gates has decreased from 3 seconds to 1.3 seconds, significantly improving the efficiency of passenger transport organization. Meanwhile, problems of paper ticket counterfeiting, reselling and loss have been generally eliminated. Originality/value E-ticketing has laid a technical foundation for the further development of railway passenger transport services in the direction of digitalization and intelligence.

Xiong Li,Jianwei Niu,Marimuthu Karuppiah,Saru Kumari,Fan Wu

DOI: https://doi.org/10.1007/s10916-016-0629-8

IF: 4.92

2016-01-01

Journal of Medical Systems

Abstract:Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

Debiao He,Sherali Zeadally,Baowen Xu,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2015.2473820

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:By broadcasting messages about traffic status to vehicles wirelessly, a vehicular ad hoc network (VANET) can improve traffic safety and efficiency. To guarantee secure communication in VANETs, security and privacy issues must be addressed before their deployment. The conditional privacy-preserving authentication (CPPA) scheme is suitable for solving security and privacy-preserving problems in VANETs, because it supports both mutual authentication and privacy protection simultaneously. Many identity-based CPPA schemes for VANETs using bilinear pairings have been proposed over the last few years to enhance security or to improve performance. However, it is well known that the bilinear pairing operation is one of the most complex operations in modern cryptography. To achieve better performance and reduce computational complexity of information processing in VANET, the design of a CPPA scheme for the VANET environment that does not use bilinear paring becomes a challenge. To address this challenge, we propose a CPPA scheme for VANETs that does not use bilinear paring and we demonstrate that it could supports both the mutual authentication and the privacy protection simultaneously. Our proposed CPPA scheme retains most of the benefits obtained with the previously proposed CPPA schemes. Moreover, the proposed CPPA scheme yields a better performance in terms of computation cost and communication cost making it be suitable for use by the VANET safety-related applications.

Shunrong Jiang,Xiaoyan Zhu,Liangmin Wang

DOI: https://doi.org/10.3390/s150922419

IF: 3.9

2015-01-01

Sensors

Abstract:Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Xingjian Li,Minsheng Tan

DOI: https://doi.org/10.1088/1742-6596/1757/1/012161

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract With the promotion of “Internet +” and smart cities, as an important data voucher, electronic certificate brings great convenience to people’s life. However, the phenomenon of “data island” based on the electronic certificate database of each city hinders the sharing of an electronic certificate. In addition, problems such as centralization of data storage, poor security, and tamper-proof modification are common in electronic certificate libraries. To solve these problems, we present a blockchain-based electronic certificate sharing scheme, which uses the InterPlanetary File System (IPFS) and Ethereum smart contract to achieve secure storage and data sharing of electronic certificate by taking advantage of the non-tampering and decentralization of blockchain. At the same time, we achieve fine-grained access control by using attribute-based encryption of ciphertext policy and assigning attribute keys to users without affecting retrieval efficiency. Finally, through the simulation and performance analysis of the Ethereum test network, the analysis results show that our scheme is effective and feasible.