YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

SHAO Bing,LU Dong-ming

2000-01-01

Abstract:Data encryption is one of the key techniques for information security. In the beginning of this paper, the present encryption methods are analyzed. Next, we design one practical system which can transmits data in the Internet and has the capacity of digital signature and authentication. Finally, some technical issues encountered in the system implementation are discussed

Yuanchao Shu,Jiming Chen,Fachang Jiang,Yu Gu,Zhiyu Dai,Tian He

DOI: https://doi.org/10.1145/2070942.2071025

2011-01-01

Abstract:To bridge the gap between insufficiency of existing proximity authentication solutions and the increasing demand of high security guarantee for access control systems, we develope a WISP-based access control system combing electronic and mechanical authentication methods. In our authentication, encryption complexity is changeable and trusted users can share privileges with each other. During experiments, our system has achieved 95% authentication accuracy rate with up to 3 different users.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Chengqi Wang,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-016-4198-0

IF: 2.577

2016-01-01

Multimedia Tools and Applications

Abstract:With the increase of security requirements, numerous biometrics based authentication schemes that apply the smart card technology are proposed for multimedia medicine information systems in the last several years. Recently, Lu et al. presented a biometrics based authentication and key agreement scheme using extended Chebyshev chaotic maps. Unfortunately, we find that their scheme is still insecure with respect to issues such as flaws in the both login phase and password change phase. And we show that their scheme is vulnerable to the Denial-of-Service attack, user impersonation attack and server masquerade attack, which also fails to achieve the user anonymity. In order to remedy these weaknesses, we retain the useful properties of Lu et al.’s scheme to propose a robust biometrics based authentication and key agreement scheme for multimedia medicine information systems. The informal and formal security analysis of our scheme are given respectively, which demonstrate that our scheme satisfies the desirable security requirements. Furthermore, the proposed scheme provides some significant features which are not considered in most of the related schemes, such as, biometric information protection and user re-registration or revocation. Thus, our scheme resists the known attacks and is efficient for practical applications in the multimedia medicine information systems.

Zhihua Gan,Mengge Sun,Yalin Song,Xiuli Chai,Donghua Jiang,Guoqiang Long,Xin He

DOI: https://doi.org/10.1088/1402-4896/ace28b

2023-01-01

Physica Scripta

Abstract:Traditional visually meaningful image encryption (VMIE) works by embedding a secret image (SI) into a visually meaningful carrier image (CAI), thus achieving the dual protection of both data information and appearance features. However, the current VMIE algorithm still suffers from problems of reconstruction quality and transmission efficiency. To address these issues, this paper proposes an innovative VMIE algorithm that utilizes a newly designed two-dimensional hyperchaotic map, multi-parameter fractal matrix (MPFM) theory and compressive sensing. The proposed algorithm achieves dual protection of both the semantic information and appearance image data. First, a newly designed 2D infinite triangle folding map (2D-ITFM) is presented to generate a binary key-controlled measurement matrix to measure and compress a plain image (PI) to generate measured image (MI) and decrease the amount of transmission information. Next, based on the hyperchaotic map 2D-ITFM and MPFM, we present the inter-block scrambling (IBS) algorithm and intra-block synchronous sorting diffusion (IBSSD) algorithm, which are used to process the MI and generate SI. Then, the matrix encoding embedding (MEE) technique is utilized to hide the SI into the CAI to produce a visually secure cipher image (CII). Finally, the experimental results demonstrate that our scheme is effective in improving the anti-attack ability while guaranteeing good imperceptibility and reconstruction performance. This scheme can be employed in the field of information security communication.

Ai Ning Li,Sheng Li Hu,Jin Qing Chi,Peng Bo Wu

DOI: https://doi.org/10.4028/www.scientific.net/amm.701-702.1004

2014-12-01

Applied Mechanics and Materials

Abstract:Objectives: Solve the security problems on information transmission between different debarments in hospital management network system. Methods: Put forward a security transmission mechanism based on ECC and AES algorithm which using the hybrid encryption scheme combined with ECC and AES algorithm to ensure the safety of the information transmission process, using the ECC signature algorithm to achieve the identity authentication between different functional departments, using the hash function to realize the integrity authentication of information. Results: This mechanism has been implemented by Java programming and it could effectively ensure the security of information transmission which has been proved by practice. Conclusions: The algorithm of this security Mechanism has been implemented by using java language. Experimental results show that it is effective to keep the security of information transmission..

English Else

Chengzhi Jiang,Chuanfeng Huang,Qiwei Huang,Jian Shi

DOI: https://doi.org/10.3390/sym13091718

2021-09-16

Symmetry

Abstract:The multi-source data collected by the power Internet of Things (IoT) provide the data foundation for the power big data analysis. Due to the limited computational capability and large amount of data collection terminals in power IoT, the traditional security mechanism has to be adapted to such an environment. In order to ensure the security of multi-source data in the power monitoring networks, a security system for multi-source big data in power monitoring networks based on the adaptive combined public key algorithm and an identity-based public key authentication protocol is proposed. Based on elliptic curve cryptography and combined public key authentication, the mapping value of user identification information is used to combine the information in a public and private key factor matrix to obtain the corresponding user key pair. The adaptive key fragment and combination method are designed so that the keys are generated while the status of terminals and key generation service is sensed. An identification-based public key authentication protocol is proposed for the power monitoring system where the authentication process is described step by step. Experiments are established to validate the efficiency and effectiveness of the proposed system. The results show that the proposed model demonstrates satisfying performance in key update rate, key generation quantity, data authentication time, and data security. Finally, the proposed model is experimentally implemented in a substation power IoT environment where the application architecture and security mechanism are described. The security evaluation of the experimental implementation shows that the proposed model can resist a series of attacks such as counterfeiting terminal, data eavesdropping, and tampering.

Bin Li,Qinglei Zhou,Xueming Si,Jinhua Fu

DOI: https://doi.org/10.1109/access.2018.2869174

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the rapid development of the Internet, increasingly more attention has been paid to network security problems. A network security defense technology has become a very important research field. Currently, most network equipment transmits data in plaintext at the data link layer, which exposes important information, such as IP addresses, port numbers, and application protocols, to an attacker and provides an opportunity for network attacks. To protect a network against attacks and ensure its security, this paper proposes a mimic encryption system for network security. Based on the concepts of moving target defense and mimic security defense, using the principles of randomization, dynamism, and diversification, a data link layer mimic encryption system is constructed from the underlying network of an information system. By transforming the frame format, a reconfigurable encryption algorithm, an hash algorithm, and a pseudo-random number generator are used to design different combination encryption modes. Then, the hash value of an encrypted frame is obtained by performing the hash operation, and feedback update is performed to generate new key parameters for the hash key pool. In addition, the pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve "one frame-one key''. Finally, an FPGA is used as the network encryption card, and a CPU is used to realize two-party key agreement and the upper layer application. Using the FPGA + CPU hardware and software collaboration, the attack surface is expanded. Taking advantage of the high anti-interference property of an FPGA, part of the attack against the software system is filtered. The experimental results and analysis show that the encryption and decryption performance of this system in a 10 G network are approximately 500 MB/s. Thus, the system can effectively prevent the leakage of user data and resist network sniffing, vulnerability attacks, exhaustive key search attacks, and ciphertext-only attacks. Moreover, this system provides high security.

Jasmine, R. Megiba

DOI: https://doi.org/10.1007/s11276-024-03780-8

IF: 2.701

2024-06-11

Wireless Networks

Abstract:Today, cloud computing has received greater attention for storing and processing huge amounts of data over the internet. Security concerns are one of the most challenging issues that have affected the growth of cloud computing services. Data storage in the cloud is unsecured using a password system that can be easily stolen by intruders. Hence, there is a need to achieve cloud data security using multimodal biometric cryptosystem-based authentication and encryption systems and to mitigate the risk of attackers, especially in the case of accessing the data from unauthorized users. In this paper, we propose a Secure Multimodal Cloud Authentication and Authorization Scheme (SMCAAS) framework that brings additional security to both encryption and authentication for user biometric identification against different attacks in the cloud environment. In the SMCAAS framework, we presented an improved encryption system using the Biometric Identity Based Encryption Method (BIBE) to facilitate the exchange of the trapdoor between the user's Biometric Identity Record (BIR) and the cloud server with additional security measures in cloud computing environments. Then a trusted cryptographic hash function uses the Secure Hash Algorithm-512 (SHA-512) to authenticate the biometric user who intends to access the system. Based on the derived two steps, the Multimodal Biometric Authentication Module (MBAM) module performs multimodal biometric features to provide additional security and is designed to verify the user's biometric identity in a cloud environment. Informal security analysis proves that the SMCAAS approach is secure against different attacks. Numerical results demonstrate that the SMCAAS approach obtains high security in terms of error rate (ERR) and biometric quality metrics, and also that the performance measures of the encryption and decryption time for the message file achieve less average time than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Lingfeng Wu,Yunhua Wen,Jinghai Yi

DOI: https://doi.org/10.3390/e26080667

2024-08-05

Abstract:Remote data backup technology avoids the risk of data loss and tampering, and has higher security compared to local data backup solutions. However, the data transmission channel for remote data backup is not secure, and the backup server cannot be fully trusted, so users usually encrypt the data before uploading it to the remote server. As a result, how to protect this encryption key is crucial. We design a User-Centric Design (UCD) data backup scheme based on multi-factor authentication to protect this encryption key. Our scheme utilizes a secret sharing scheme to divide the encryption key into three parts, which are stored in the laptop, the smart card, and the server. The encryption key can be easily reconstructed from any two parts with user's private information password, identity and biometrics. As long as the biometrics has enough entropy, our scheme can resist replay attacks, impersonation user attacks, impersonation server attacks, malicious servers and offline password guessing attacks.

Lei Liu,Mingwei Cao,Yeguo Sun

DOI: https://doi.org/10.1371/journal.pone.0258464

IF: 3.7

2021-12-15

PLoS ONE

Abstract:E-documents are carriers of sensitive data, and their security in the open network environment has always been a common problem with the field of data security. Based on the use of encryption schemes to construct secure access control, this paper proposes a fusion data security protection scheme. This scheme realizes the safe storage of data and keys by designing a hybrid symmetric encryption algorithm, a data security deletion algorithm, and a key separation storage method. The scheme also uses file filter driver technology to design a user operation state monitoring method to realize real-time monitoring of user access behavior. In addition, this paper designs and implements a prototype system. Through the verification and analysis of its usability and security, it is proved that the solution can meet the data security protection requirements of sensitive E-documents in the open network environment.

multidisciplinary sciences

Qiwei Lu,Wenchao Huang,Xudong Gong,Xingfu Wang,Yan Xiong,Fuyou Miao

DOI: https://doi.org/10.48550/arXiv.1307.2977

2013-07-11

Abstract:With the rapid development of MANET, secure and practical authentication is becoming increasingly important. The existing works perform the research from two aspects, i.e., (a)secure key division and distributed storage, (b)secure distributed authentication. But there still exist several unsolved problems. Specifically, it may suffer from cheating problems and fault authentication attack, which can result in authentication failure and DoS attack towards authentication service. Besides, most existing schemes are not with satisfactory efficiency due to exponential arithmetic based on Shamir's scheme. In this paper, we explore the property of verifiable secret sharing(VSS) schemes with Chinese Remainder Theorem (CRT), then propose a secret key distributed storage scheme based on CRT-VSS and trusted computing for MANET. Specifically, we utilize trusted computing technology to solve two existing cheating problems in secret sharing area before. After that, we do the analysis of homomorphism property with CRT-VSS and design the corresponding shares-product sharing scheme with better concision. On such basis, a secure distributed Elliptic Curve-Digital Signature Standard signature (ECC-DSS) authentication scheme based on CRT-VSS scheme and trusted computing is proposed. Furthermore, as an important property of authentication scheme, we discuss the refreshing property of CRT-VSS and do thorough comparisons with Shamir's scheme. Finally, we provide formal guarantees towards our schemes proposed in this paper.

Cryptography and Security

B D Deebak,Fadi Al-Turjman,Anand Nayyar

DOI: https://doi.org/10.1007/s11042-020-10134-x

Abstract:The challenge of COVID-19 has become more prevalent across the world. It is highly demanding an intelligent strategy to outline the precaution measures until the clinical trials find a successful vaccine. With technological advancement, Wireless Multimedia Sensor Networks (WMSNs) has extended its significant role in the development of remote medical point-of-care (RM-PoC). WMSN is generally located on a communication device to sense the vital signaling information that may periodically be transmitted to remote intelligent pouch This modern remote system finds a suitable professional system to inspect the environment condition remotely in order to facilitate the intelligent process. In the past, the RM-PoC has gained more attention for the exploitation of real-time monitoring, treatment follow-up, and action report generation. Even though it has additional advantages in comparison with conventional systems, issues such as security and privacy are seriously considered to protect the modern system information over insecure public networks. Therefore, this study presents a novel Single User Sign-In (SUSI) Mechanism that makes certain of privacy preservation to ensure better protection of multimedia data. It can be achieved over the negotiation of a shared session-key to perform encryption or decryption of sensitive data during the authentication phase. To comply with key agreement properties such as appropriate mutual authentication and secure session key-agreement, a proposed system design is incorporated into the chaotic-map. The above assumption claims that it can not only achieve better security efficiencies but also can moderate the computation, communication, and storage cost of some intelligent systems as compared to elliptic-curve cryptography or RSA. Importantly, in order to offer untraceability and user anonymity, the RM-PoC acquires dynamic identities from proposed SUSI. Moreover, the security efficiencies of proposed SUSI are demonstrated using informal and formal analysis of the real-or-random (RoR) model. Lastly, a simulation study using NS3 is extensively conducted to analyze the communication metrics such as transmission delay, throughput rate, and packet delivery ratio that demonstrates the significance of the proposed SUSI scheme.

Taimin Zhang,Xin Lu,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ccdc.2017.7978436

2017-01-01

Abstract:Advanced metering infrastructure (AMI) is designed to collect power consumption information of households for the utility companies and provide real-time price for customers to allow them make informed choices about energy usage. As AMI is a key component in smart grid, cyber security should be considered prior to the AMI system applications to ensure reliable and secure operations of smart grid. This paper proposes an identity-based secure communication scheme for AMI. In our proposed scheme, the limited computing ability of the smart appliances in AMI is considered as well. Furthermore, we specify an identity-based key updating protocol to periodically refresh all public/private key pairs. Our proposed scheme is an easy-to-deploy solution for AMI systems.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

Mingyuan Xin

DOI: https://doi.org/10.1109/cyberc.2015.9

2015-09-01

Abstract:Internet of things has be broadly applied for home, industry, and many other applications. For these applications, secure information transmission becomes a critical issue to ensure the system safety. Hybrid encryption technique is a new cryptographic paradigm and it can be applied to the Internet of Things. It provides the benefit of the symmetric key and asymmetric key performance. It enables strong security and low computational complexity. In this paper, we proposed a mixed encryption algorithm to provide information integrity, confidentiality, non-repudiation on the data transmission for Internet of Things. We demonstrate the security efficiency with the comparison with traditional encryption algorithms.