YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Cheng Hongbing,Rong Chunming,Tan Zhenghua,Zeng Qingkai

2012-01-01

Abstract:Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing.

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Kashif Sharif

DOI: https://doi.org/10.1109/trustcom53373.2021.00063

2021-01-01

Abstract:Biometrics identification has been used in a growing number of fields in recent years, since it is more secure, classified and convenient. With the development of cloud computing, database systems are able to upload large amounts of biometric data to cloud server for storage and identification to save local memory and improve computational efficiency. However, this involves potential privacy concerns because of the introduction of third-party platforms. In this paper, we achieve computational and communication efficiency in biometric identification, while preserving the privacy of data. Specifically, the database system firstly encrypts all biometric data and query data. Then, it sends the ciphertext to a cloud server to carry out matching tasks. Finally, the cloud server returns the index of final matches to the system so that it can check whether the biometric vector is legal or not. Detailed security analysis indicates that the proposed scheme can resist powerful attacks. Beyond that, Experiments show that the scheme is more efficient in computation and communication than stat of art biometric identification schemes.

Jasmine, R. Megiba

DOI: https://doi.org/10.1007/s11276-024-03780-8

IF: 2.701

2024-06-11

Wireless Networks

Abstract:Today, cloud computing has received greater attention for storing and processing huge amounts of data over the internet. Security concerns are one of the most challenging issues that have affected the growth of cloud computing services. Data storage in the cloud is unsecured using a password system that can be easily stolen by intruders. Hence, there is a need to achieve cloud data security using multimodal biometric cryptosystem-based authentication and encryption systems and to mitigate the risk of attackers, especially in the case of accessing the data from unauthorized users. In this paper, we propose a Secure Multimodal Cloud Authentication and Authorization Scheme (SMCAAS) framework that brings additional security to both encryption and authentication for user biometric identification against different attacks in the cloud environment. In the SMCAAS framework, we presented an improved encryption system using the Biometric Identity Based Encryption Method (BIBE) to facilitate the exchange of the trapdoor between the user's Biometric Identity Record (BIR) and the cloud server with additional security measures in cloud computing environments. Then a trusted cryptographic hash function uses the Secure Hash Algorithm-512 (SHA-512) to authenticate the biometric user who intends to access the system. Based on the derived two steps, the Multimodal Biometric Authentication Module (MBAM) module performs multimodal biometric features to provide additional security and is designed to verify the user's biometric identity in a cloud environment. Informal security analysis proves that the SMCAAS approach is secure against different attacks. Numerical results demonstrate that the SMCAAS approach obtains high security in terms of error rate (ERR) and biometric quality metrics, and also that the performance measures of the encryption and decryption time for the message file achieve less average time than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qin Zou,Jianfeng Wang,Jun Ye,Jian Shen,Xiaofeng Chen

DOI: https://doi.org/10.1007/s00500-016-2153-7

IF: 3.732

2016-01-01

Soft Computing

Abstract:Mobile could computing (MCC) is the availability of cloud computing services in the mobile ecosystem. MCC integrates the cloud computing into the mobile environment and has been introduced to be a potential technology for mobile devices. Although mobile devices brought us lots of convenience, it is still difficult or impossible to perform some expensive tasks due to the limited resources such as computing abilities, battery lifetime, processing abilities, and storage capacity. Therefore, many researchers focus on designing applications which could run on mobile devices in mobile cloud computing. Among them, secure encrypted image search has attracted considerable interest recently. However, it also suffers from some challenges such as privacy of images, and distance matching over ciphertexts. In this paper, we introduce a novel encryption search scheme for content-based image retrieval using comparable encryption and order-preserving encryption technology. Because of avoiding the usage of the homomorphic encryption, our construction greatly reduces computation overhead on client side and improves the precision of fuzzy search compared with previous solutions.

Zaid Ameen Abduljabbar,Hai Jin,Zaid Alaa Hussien,Ali A. Yassin,Mohammed Abdulridha Hussain,Salah H. Abbdal,Deqing Zou

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids.2016.25

2016-01-01

Abstract:Recently, security issues are obstructing the development and using of cloud computing services. Authentication plays an important role in the cloud security, and numerous concerns have been raised to prevent an unauthorized users to access the entities' resources (sender and receiver) within the cloud environment. Existing solutions are based on one-time authentication scheme, in which a user's password is applicable only for one login session. However, none of the proposed schemes are sufficiently secure to prevent known forms of attack. In addition, these schemes often suffer from significant overhead in the key management.For this reason, we propose a robust one-time authentication scheme based on a non-interactive one-time biometric key to generate one-time login request message. The key used in our scheme has two strong building blocks; that is, it is biometrically based on the extraction of features from the entities' irises, and cryptographically based on the strong key-based message authentication code MAC-SHA-512 and Rivest Cipher 4. The proposed scheme exhibits several important security attributes, such as key agreement, biometric key management, a single authentication request for each user's login, mutual authentication, invulnerability, and efficiency.

Vishruti Kakkad,Meshwa Patel,Manan Shah

DOI: https://doi.org/10.1007/s41939-019-00049-y

2019-05-10

Abstract:Cloud computing is a major blooming technology which has numerous applications in today’s market and is rightly so hyped. Images are a major part of today’s internet data traffic, especially due to widespread social media, and hence, its security is crucial. However, in the present scenario, the images in cloud are a major issue in terms of security. Since the user who has uploaded the image has no control over the security of images, the cloud provider has to ensure maximum security in terms of authentication and prevention from attacks. The main objective of this paper is to provide a method to enhance the safety of images on cloud. This paper presents an idea of securing images on cloud platform using biometric authentication. Different steps involved in biometric authentication and secure upload and access of images are explained, and integration of all the steps is done at the end as a case study which puts light on the whole process in which methods are best-regarding results and compatibility. The proposed algorithm in this paper presents the idea of authentication of images in two basic steps of image compression using standard discrete wavelet transform method followed by image encryption using the hybrid method of SHA and blowfish. This image is then stored into the database of cloud and accessed whenever the user requests it. A structured and comprehensive view of encryption methods, types of biometrics and to secure data as well as images is provided in this paper.

Haifeng Li,Caihui Lan,Xingbing Fu,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.3390/s20174720

IF: 3.9

2020-01-01

Sensors

Abstract:With the explosion of various mobile devices and the tremendous advancement in cloud computing technology, mobile devices have been seamlessly integrated with the premium powerful cloud computing known as an innovation paradigm named Mobile Cloud Computing (MCC) to facilitate the mobile users in storing, computing and sharing their data with others. Meanwhile, Attribute Based Encryption (ABE) has been envisioned as one of the most promising cryptographic primitives for providing secure and flexible fine-grained “one to many” access control, particularly in large scale distributed system with unknown participators. However, most existing ABE schemes are not suitable for MCC because they involve expensive pairing operations which pose a formidable challenge for resource-constrained mobile devices, thus greatly delaying the widespread popularity of MCC. To this end, in this paper, we propose a secure and lightweight fine-grained data sharing scheme (SLFG-DSS) for a mobile cloud computing scenario to outsource the majority of time-consuming operations from the resource-constrained mobile devices to the resource-rich cloud servers. Different from the current schemes, our novel scheme can enjoy the following promising merits simultaneously: (1) Supporting verifiable outsourced decryption, i.e., the mobile user can ensure the validity of the transformed ciphertext returned from the cloud server; (2) resisting decryption key exposure, i.e., our proposed scheme can outsource decryption for intensive computing tasks during the decryption phase without revealing the user’s data or decryption key; (3) achieving a CCA security level; thus, our novel scheme can be applied to the scenarios with higher security level requirement. The concrete security proof and performance analysis illustrate that our novel scheme is proven secure and suitable for the mobile cloud computing environment.

Jing Li,Zhitao Guan,Xiaojiang Du,Zijian Zhang,Jun Wu

DOI: https://doi.org/10.1109/icc.2017.7996492

2017-01-01

Abstract:With the increasing number of mobile applications and the popularity of cloud computing, the combination of these two techniques that named mobile cloud computing (MCC) attracts great attention in recent years. A promising public key encryption scheme, Attribute-Based Encryption (ABE), especially the Ciphertext Policy Attribute-Based Encryption (CP-ABE), has been used for realizing fine-grained access control on encrypted data stored in MCC. However, the computational overhead of encryption and decryption grow with the complexity of the access policy. Thus, maintaining data security as well as efficiency of data processing in MCC are important and challenging issues. In this paper, we propose an efficient encryption method based on CP-ABE, which can lower the overhead on data owners. To further reduce the decryption overhead on data receivers, we additionally propose a verifiable outsourced decryption scheme. By security analysis and performance evaluation, the proposed scheme is proved to be secure as well as efficient.

Mohammad Wazid,Ashok Kumar Das,Saru Kumari,Xiong Li,Fan Wu

DOI: https://doi.org/10.1002/sec.1591

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Cloud computing, the conjoin of many types of computing, has made a great impact on the life of everyone. People from anywhere can access the different cloud-based services by using the Internet. A user, who wants to access some cloud-based service, needs to register himself/herself to an authority (service provider), and after that, he/she can use the service. To access the service, each user needs to authenticate to that particular cloud server. Several user authentication schemes for cloud computing have been presented but mostly have limitations/drawbacks as they are prone to various known attacks, such as privileged insider, user and server impersonation, and strong reply attacks, and they also have lack of functionality features. Moreover, these schemes do not provide efficient password change phase. In order to overcome these drawbacks, we propose a new provably secure biometric-based user authentication and key agreement scheme for cloud computing. The proposed scheme overcomes the weaknesses of the existing schemes and supports extra functionality features including user anonymity and efficient password and biometric update phase for multi-server environment. The careful formal security analysis under standard model and informal security analysis and the simulation results for formal security verification using the most acceptable AVISPA tool show that the proposed scheme is secure against various known possible attacks. The analysis of computation and communication overheads of our scheme depicts its efficiency over other related existing schemes, and thus, the proposed scheme is suitable for the cloud computing environment. Copyright (C) 2016 John Wiley & Sons, Ltd.

Doyel Pal,Praveenkumar Khethavath,Tingting Chen,Yuan Zhang

DOI: https://doi.org/10.1002/dac.3293

2017-01-01

International Journal of Communication Systems

Abstract:Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.

Vinoth Kumar M,K Venkatachalam,Prabu P,Abdulwahab Almutairi,Mohamed Abouhawwash

DOI: https://doi.org/10.7717/peerj-cs.569

2021-07-30

PeerJ Computer Science

Abstract:Cloud computing is one of the evolving fields of technology, which allows storage, access of data, programs, and their execution over the internet with offering a variety of information related services. With cloud information services, it is essential for information to be saved securely and to be distributed safely across numerous users. Cloud information storage has suffered from issues related to information integrity, data security, and information access by unauthenticated users. The distribution and storage of data among several users are highly scalable and cost-efficient but results in data redundancy and security issues. In this article, a biometric authentication scheme is proposed for the requested users to give access permission in a cloud-distributed environment and, at the same time, alleviate data redundancy. To achieve this, a cryptographic technique is used by service providers to generate the bio-key for authentication, which will be accessible only to authenticated users. A Gabor filter with distributed security and encryption using XOR operations is used to generate the proposed bio-key (biometric generated key) and avoid data deduplication in the cloud, ensuring avoidance of data redundancy and security. The proposed method is compared with existing algorithms, such as convergent encryption (CE), leakage resilient (LR), randomized convergent encryption (RCE), secure de-duplication scheme (SDS), to evaluate the de-duplication performance. Our comparative analysis shows that our proposed scheme results in smaller computation and communication costs than existing schemes.

computer science, information systems, artificial intelligence, theory & methods

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Kai Xi,Tohari Ahmad,Fengling Han,Jiankun Hu

DOI: https://doi.org/10.1002/sec.225

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment. Copyright (C) 2010 John Wiley & Sons, Ltd.

Maoxu Lyu,Xuejun Li,Hui Li

DOI: https://doi.org/10.1109/DSC.2017.8

2017-01-01

Abstract:In order to realize data sharing in mobile cloud computing, decentralized attribute-based encryption (ABE) has been widely concerned. However, the existing ABE schemes are full of flaws. First, the main drawback of ABE is that the computation cost of encryption and decryption are expensive. Second, the existing ABE schemes are inapplicable due to the inefficiency of user revocation. Besides, in a decentralized ABE scheme, a user's private keys must be tied to the global identifier (GID) to resist collusion attack, however, it will compromise the user's privacy. To deal with these problems, we proposed an efficient decentralized ABE scheme via using the offline/online encryption and the verifiable outsource decryption concepts. Meanwhile, we proposed an anonymous key issuing protocol to achieve privacy preserving. Security analysis and experimental result shows that our scheme is secure and significantl.y reduce the computation cost for both encryption and decryption.

Qian Wang,Shengshan Hu,Kui Ren,Meiqi He,Minxin Du,Zhibo Wang

DOI: https://doi.org/10.1007/978-3-319-24177-7_10

2015-01-01

Abstract:Biometric identification has been incredibly useful in the law enforcement to authenticate an individual’s identity and/or to figure out who someone is, typically by scanning a database of records for a close enough match. In this work, we investigate the privacy-preserving biometric identification outsourcing problem, where the database owner outsources both the large-scale encrypted database and the computationally intensive identification job to the semi-honest cloud, relieving itself from data storage and computation burden. We present new privacy-preserving biometric identification protocols, which substantially reduce the computation burden on the database owner. Our protocols build on new biometric data encryption, distance-computation and matching algorithms that novelly exploit inherent structures of biometric data and properties of identification operations. A thorough security analysis shows that our solutions are practically-secure, and the ultimate solution offers a higher level of privacy protection than the-state-of-the-art on biometric identification outsourcing. We evaluate our protocols by implementing an efficient privacy-preserving fingerprint-identification system, showing that our protocols meet both the security and efficiency needs well, and they are appropriate for use in various privacy-preserving biometric identification applications.

Yuanpeng Xie,Hong Wen,Bin Wu,Yixin Jiang,Jiaxiao Meng

DOI: https://doi.org/10.1109/tcc.2015.2513388

IF: 5.697

2015-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud computing is an Internet-based computing pattern through which shared resources are provided to devices on-demand. It is an emerging but promising paradigm to integrating mobile devices into cloud computing, and the integration performs in the cloud based hierarchical multi-user data-shared environment. With integrating into cloud computing, security issues such as data confidentiality and user authority may arise in the mobile cloud computing system, and it is concerned as the main constraints to the developments of mobile cloud computing. In order to provide safe and secure operation, a hierarchical access control method using modified hierarchical attribute-based encryption (M-HABE) and a modified three-layer structure is proposed in this paper. In a specific mobile cloud computing model, enormous data which may be from all kinds of mobile devices, such as smart phones, functioned phones and PDAs and so on can be controlled and monitored by the system, and the data can be sensitive to unauthorized third party and constraint to legal users as well. The novel scheme mainly focuses on the data processing, storing and accessing, which is designed to ensure the users with legal authorities to get corresponding classified data and to restrict illegal users and unauthorized legal users get access to the data, which makes it extremely suitable for the mobile cloud computing paradigms.

Liehuang Zhu,Chuan Zhang,Chang Xu,Ximeng Liu,Cheng Huang

DOI: https://doi.org/10.1109/access.2018.2819166

IF: 3.9

2018-01-01

IEEE Access

Abstract:Biometric identification has become increasingly popular in recent years. With the development of cloud computing, database owners are motivated to outsource the large size of biometric data and identification tasks to the cloud to get rid of the expensive storage and computation costs, which, however, brings potential threats to users' privacy. In this paper, we propose an efficient and privacy-preserving biometric identification outsourcing scheme. Specifically, the biometric To execute a biometric identification, the database owner encrypts the query data and submits it to the cloud. The cloud performs identification operations over the encrypted database and returns the result to the database owner. A thorough security analysis indicates that the proposed scheme is secure even if attackers can forge identification requests and collude with the cloud. Compared with previous protocols, experimental results show that the proposed scheme achieves a better performance in both preparation and identification procedures.

Chunsheng Zhu,Victor C. M. Leung,Xiping Hu,Lei Shu,Laurence T. Yang

DOI: https://doi.org/10.1109/greencom-ithings-cpscom.2013.138

2013-01-01

Abstract:Recently, the arising of cloud computing (CC) concept and explosive growth of mobile applications induce a novel technology, i.e., mobile cloud computing (MCC). By integrating CC into mobile environment, MCC alleviates limitations of mobile devices and proliferates a variety of new fascinating mobile services. The key to enable MCC is to equip mobile users with the data processing and storage abilities in the clouds via wireless networks. In this paper, aiming at facilitating the research of MCC and inducing more research topics regarding MCC, we offer a review of the key issues that concern the feasibility of MCC and identify the corresponding novel techniques to mitigate these key issues. Moreover, we propose a potential framework to enhance the robustness of MCC incorporating these novel techniques.