Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Jun Li,Xiaolin Zheng,Deren Chen,William Wei Song

DOI: https://doi.org/10.4018/jwsr.2012070102

2012-01-01

International Journal of Web Services Research

Abstract:In a service-oriented environment, it is inevitable and indeed quite common to deal with web services, whose reliability is unknown to the users. The reputation system is a popular technique currently used for providing a global quality score of a service provider to requesters. However, such global information is far from sufficient for service requesters to choose the most qualified services. In order to tackle this problem, the authors present a trust based architecture containing a computational trust model for quantifying and comparing the trustworthiness of services. In this trust model, they firstly construct a network based on the direct trust relations between participants and rating similarity in service oriented environments, then propose an algorithm for propagating trust in the social network based environment which can produce personalized trust information for a specific service requester, and finally implement the trust model and simulate various malicious behaviors in not only dense but also sparse networks which can verify the attack-resistant and robustness of the proposed approach. The experiment results also demonstrate the feasibility and benefit of the approach.

WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Yan He,Miaoliang Zhu,Chunying Zheng

DOI: https://doi.org/10.1109/CSSE.2008.867

2008-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. As the credentials contain sensitive information, entities disclose credentials circumspectly. Given multiple credential exchange sequences achieving the same result, it is desirable to pick the sequence that discloses a set of minimum sensitive credentials. In this paper, we model the policies participating trust negotiation as a Negotiation Petri Net and propose a trust negotiation MSC strategy, which works by the characteristics of Negotiation Petri Net architecture, the behaviors of auto trust negotiation and the greedy algorithm. We prove that the MSC strategy is complete, efficient and mini-sensitivity cost. It also makes sure that no irrelevant credentials will be disclosed during negotiations.

Yu Chen,Jiguo Li,Chengdong Liu,Jinguang Han,Yichen Zhang,Peng Yi

DOI: https://doi.org/10.1109/tsc.2021.3096420

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Attribute based signature (ABS) is a novel cryptographic primitive, which permits users to sign a message over attributes without revealing other information. A signature only reveals that it is signed by a signer whose some attributes meet an access policy. However, some ABS schemes only support the threshold access policy, where the signing algorithms are limited by the threshold. The threshold access policy can not express precise access control well. In addition, the computation cost of the verification algorithm is heavy since pairing operations are required. Pairing is costly operation comparing to exponentiation. Therefore, existing ABS schemes are not suitable to resource-limited devices, such as RFID tags and smart cards. In order to solve the issues above, we present a novel ABS scheme by using the attribute tree as access policy that expresses flexible access control. We utilize server-aid technique to help the verifier to verify signatures and reduce the computation burden. Our scheme is proved secure against unforgeable and anonymous under chosen-policy selective-message attack in the standard model. Compared with existing schemes, our scheme is more efficient in terms of private key generation and verification. The proposed scheme reduces users’ calculation burden and expresses more flexible access policy.

Jin Li,Man Ho Au,Willy Susilo,Dongqing Xie,Kui Ren

DOI: https://doi.org/10.1145/1755688.1755697

2010-01-01

Abstract:ABSTRACTIn an attribute-based signature (ABS), users sign messages with any predicate of their attributes issued from an attribute authority. Under this notion, a signature attests not to the identity of the individual who signed a message, but a claim regarding the attributes the underlying signer possesses. In ABS, users cannot forge signatures with attributes they do not possess even through colluding. On the other hand, a legitimate signer remains anonymous without the fear of revocation and is indistinguishable among all the users whose attributes satisfying the predicate specified in the signature. ABS is useful in many important applications such as anonymous authentication and attribute-based messaging systems. In this paper, we propose two efficient ABS constructions supporting flexible threshold predicate by exploring a new technique for signature signing. Compared with existed schemes, the new constructions provide better efficiency in terms of both the computational cost and signature size. The first new construction is provably secure in the random oracle model, while the second construction does not rely on the random oracle assumption. To further reduce the trust on attribute authority, we also show an ABS construction with multiple attribute authorities. It is worth noting that the security of all the proposed constructions is not relying on generic group. As an illustrative application, we construct an efficient non-transferable access control system from ABS.

Zhishuo Zhang,Wen Huang,Songying Cai,Lin Yang,Yongjian Liao,Shijie Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.09.017

IF: 5.047

2022-12-01

Computer Communications

Abstract:Fog computing is an emergent computing paradigm that supports the mobility and geographic distribution of Internet of Things (IoT) nodes and delivers context-aware applications with low latency to end-users. In fog computing, the critical obstacle restricting widespread deployment is security and privacy, especially how to build a lightweight fine-grained message authentication scheme in fog computing. In this paper, we first propose and give the formalization definition to a new variant of the attribute-based signature primitive (ABS), which we called Verifier-Policy Attribute-based Signature (VP-ABS). Distinct from the traditional ABS, in our VP-ABS primitive, the signature generated by the signer is decoupled with the access policy, which means the signer can generate a signature associated with some of his own attributes. Therefore, our VP-ABS can be reusable for multiple access policies. Then we also give a concrete VP-ABS construction over Type-3 pairing under Linear Secret Sharing Scheme (LSSS) policy which supports both AND and OR access gates. In addition, we rigorously prove our VP-ABS scheme is existentially unforgeable in the selective policy model under the adaptive chosen message attack (sP-EUF-CMA). Next, we give the feature comparison and theoretical analysis to our VP-ABS scheme as well as some other representative attribute authentication schemes to show the comprehensiveness of our scheme. To prove the correctness of the theoretical analysis and test the actual performance, we also do simulation experiments. Finally, we use our VP-ABS scheme to build an attribute-based fine-grained message authentication scheme for fog nodes in mobile microservices architecture with multiple access policies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jun Li,ZHENG Xiao-lin,CHEN De-ren,XL Zheng,DR Chen

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.05.018

2012-01-01

Abstract:A plethora of Web services competing in offering similar functionalities bring a great challenge in selecting a suitable web service which can satisfy service requesters' preferences. In order to solve the problem described above, we propose a trust-based selection approach for composite service. Bayes' theory is firstly used to compute the direct trust of the target service for a specific service requester, then a trust-based service network is constructed by calculating rating similarity between service requesters and a digraph based trust propagating algorithm is proposed for obtaining the recommended trust of the target service. Finally, a mathematical method is used to combine the direct trust with the recommended trust to obtain a subjective trust value for the target service. The experimental results show that our approach can effectively satisfy different service requesters' preferences and resist various malicious behaviors. Moreover, the results also demonstrate that our approach is robust and feasible even when the network is sparse.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

Manling Zhu,Zhi Jin

DOI: https://doi.org/10.1109/compsac.2009.45

2009-01-01

Abstract:Trust is central to effective interactions in service-oriented computing in which service consumers select the right partners who can and will provide expected services. Available trust models lack of the analysis and reasoning on trustworthiness. This paper proposes an agent-based framework to support the trust evaluation for service selection. A trust ontology has been provided to analyze and reason the relations among trust concepts.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69295-9_41

2008-01-01

Abstract:Trust management is a crucial approach to authenticate user and protect resource in distributed systems. Trust between two unknown parties in different autonomous domain is established based on the parties properties, by which are proven their qualifications through the disclosure of appropriate credentials. Assertion, described as well-defined uniformly semantic structure entities such as credentials, policies and requests, is encrypted by issuer or authority's public key. In this paper, we propose an efficient assertion security protect model based on signcryption scheme for multiple autonomous domain managers and privacy key generators(PKGs). We proved its security including confidentiality, unforgeability, public verifiability, and ciphertext anonymity under the DBDH assumption in the random oracle model, where the proposed scheme has comparable advantage in security and efficiency to other previous ID-based signcryption schemes in multiple PKGs.

Sufen Li,Yushun Fan,Xitong Li

DOI: https://doi.org/10.1080/0951192x.2011.574235

IF: 4.1

2011-01-01

International Journal of Computer Integrated Manufacturing

Abstract:With the increasing popularity of the service-oriented thinking in the business area, an overwhelming number of business services have arisen. These business services collaborate with each other and form a business network or a service-oriented business ecosystem (SOBE). It is a key issue to select appropriate business services to share and integrate them in the SOBE. Trust degrees play an important role in the selection of business services. However, existing researches mainly focus on quality of service (QoS)-based selection methods and few of them take trust degrees into account. In order to select services more accurately, a trust-based approach for selection of business services is proposed based on the formal definition of the SOBE. First, the method for acquisition and calculation of trust values is developed. The method also considers other parameters including QoS attributes, the physical distance between users and business services and the waiting time. Second, one node in a business flow may need to select two or more business services to achieve the user's requirements. Thus, the multi-service selection method for one node is presented. Third, a fuzzy chance-constrained programming model is proposed for the selection of business services by considering four kinds of factors: QoS attributes, trust relationship, physical distance and waiting time. Using the characteristic of fuzzy constraints, a function is developed to convert the fuzzy chance constraints into its crisp equivalents and then the equivalent crisp model is solved by the generic algorithm (GA)-based algorithm. For the case in which no satisfying solution can be found by the GA-based algorithm, a negotiation method is proposed to reach at a satisfying solution. Finally, a case study is conducted to demonstrate the feasibility and effectiveness of the proposed approach.

Pan Jing,Xu Feng,Xin Xianlong,Lue Jian

DOI: https://doi.org/10.1109/icacte.2008.88

2008-01-01

Abstract:Internetware is an abstract of the distributed software system in the open and dynamic Internet which is generally integrated by large numbers of autonomous and heterogeneous software services of various functions. The reliability of the service which acts as a component in Internetware inevitably has an effect on the collaboration in the system and users' satisfaction on the whole system. So picking the right service from the open environment is a critical problem for developers to build high confidence application systems. However, traditional test measures cannot work when facing with dynamically evolutive characters and separated interests between developers of systems and third-party services in the Internetware. Trust and reputation mechanism is a complementary approach which relies on analyzing collected recommendations from past users to evaluate the software. In this paper, we propose a personalized trust-based approach to do service selection automatically for users. It mainly deals with two problems: 1) trustworthiness: as lacking of a global monitor to record runtime performances of services, we design a recommendation collection method based on the user's social network; 2) relevance: since the formation of ratings has an impact on the recommendation, we establish a filtering process to weight information according to recommenders' expectation and capability.

Xu Li,Xiaohui Liang,Rongxing Lu,Shibo He,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/mass.2011.42

2011-01-01

Abstract:Wireless sensor and actor networks (WSANs) are service-oriented environments, where sensors request actors to service their detected events and actors move to deliver the desired services. Because of their openness and unattended nature, these networks are vulnerable to various security attacks. In this paper we address service fraud attacks for the first time, whose objective is to stop the normal use of actor services by fake service requests and/or delivery. To mitigate this type of security attacks, we propose a novel cooperative authentication scheme. With the scheme, a sensor's service request is cooperatively authenticated by the sensors that witness the same event, and an actor's service delivery effort is cooperatively authenticated by the sensors that witness the actor's behavior. Considering the presence of compromised sensor/actor nodes, the trustworthiness of each authenticated service delivery process is subject to location consistency check and witness diversity check. It may then be taken into account to adjust the corresponding actor's trust rating so as to influence future actor service selection. We analyze the communication overhead and the security strength of the scheme. We show that our scheme ensures fraud-resistant actor services in our considered WSAN environment.

Yong Woon Hwang,Taehoon Kim,Daehee Seo,Im-Yeong Lee

DOI: https://doi.org/10.1080/09540091.2023.2287979

2024-01-10

Connection Science

Abstract:In order to provide the reliability of transmitted data in the era of big data, it is necessary to communicate by applying signature technology to data. There are various signature schemes, among which attribute-based signatures perform signatures based on user attributes. This ensures signer anonymity by allowing users to create and verify signatures without exposing the signer's sensitive information. However, the verifier can verify normally if the attribute period expires and a user without signing authority creates and transmits a signature with the existing signing key and attributes. In addition, signers who abuse anonymity can disclose their signing keys and attributes for some purpose (Money, profit) because there is no risk of being caught. Unauthorized users can use public information to sign and send messages. Therefore, in this paper, we propose a Traceable Attribute-based Signature scheme provided with anonymous credentials. The proposed scheme has the feature of verifying the validity of the signer by using the pseudonym ID included in the user list in the cloud server. In addition, the signer's identity is expressed as an Oblivious Transfer-based pseudonym ID. The signer's identity can be verified through tracing in case of a problem.

computer science, artificial intelligence, theory & methods

Surong Yan,Xiaolin Zheng,Deren Chen,Wen-Yu Zhang

DOI: https://doi.org/10.1002/int.20488

IF: 8.993

2011-01-01

International Journal of Intelligent Systems

Abstract:Improving quality of services (QoS) through applying trust and reputation management technology is increasingly popular in the literature and industry. Most existing trust and reputation systems calculate a general trust value or vector based on the gathered feedback without regard to trust's locality and subjectivity; therefore, they cannot effectively support a personal selection with consumer preferences. Our goal is to build a trust and reputation mechanism for facilitating a trustworthy and personal service selection in a service-oriented Web, where service peers can act as a service provider and/or a service consumer. A user-centric trust and reputation mechanism distinguishing the different trust context and content to enable a personal service selection with regard to trust preference in a service-oriented Web is represented in detail. It is widely recognized that reputation-based trust methods must face the challenge of malicious behaviors. To deal with the malicious feedback behaviors, we introduce a "bidirectional" feedback mechanism based on QoS experience similarity in our trust and reputation framework. The test run demonstrates that our method can significantly increase the success rate of service transactions and is effective in resisting various malicious behaviors of service peers, when it is compared to other similar methods. (C) 2011 Wiley Periodicals, Inc.

王远,吕建,徐锋,张林

DOI: https://doi.org/10.3724/sp.j.1001.2008.01350

2008-01-01

Journal of Software

Abstract:Based on the idea of trust evaluation, this paper proposes an Internetware software architecture oriented trust-driven mechanism for selecting services to solve the problem from the aspect of service selection: Firstly, a general, machine-readable description mechanism is proposed to express user requirements and trust evolution policies; secondly, a feed-back trust formation and decision mechanism is introduced and a trust-driven algorithm for selecting services is given; finally, an Internetware software architecture oriented trust-driven service selection framework is proposed for the development of trustable Internetwares. Some development examples indicate that this mechanism can support the development of the trustable Internetwares effectively.

O V Nissenbaum,K Y Ponomarov,A A Zaharov

DOI: https://doi.org/10.1088/1742-6596/998/1/012020

2018-04-01

Journal of Physics: Conference Series

Abstract:This article proposes a three-side cryptographic scheme for verifying device attributes with a Supervisor and a Certification Authority (CA) for attribute-based encryption. Two options are suggested: using a message authentication code and using a digital signature. The first version is suitable for networks with one CA, and the second one for networks with several CAs, including dynamic systems. Also, the addition of this scheme with a blind signature is proposed to preserve the confidentiality of the device attributes from the CA. The introduction gives a definition and a brief historical overview of attribute-based encryption (ABE), addresses the use of ABE in the Internet of Things.

SHI Wenbo,CAO Chun

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0528

2013-01-01

Abstract:Trust Management implements the authorization procedure and access control decision in an open network environment according to the credential issuing and the chain discovery algorithms. However, because of the complexity and dynamic of the trust network, the traditional trust-management system results in a low efficiency in credential discovery. To address the shortage, this paper proposes an autonomous trust-management system which introduces the concept of authority routing table.The system makes sure the direction of the search guides directly to the requester while finding the credential chain. While the trust network is complex and the right request happens frequently, the autonomous trust-management system can reduce the search cost and improve the efficiency in credential discovery.