Ziaul Haque Choudhury,M. Munir Ahamed Rabbani

DOI: https://doi.org/10.1080/19361610.2019.1630226

2019-12-03

Journal of Applied Security Research

Abstract:An e-passport contains the personal and biometric information of a person. It has some current and possible applications relating to national security and law enforcement such as border security, illegal immigration, terrorism, criminals, fake passport, and so on. In the past decade, a number of countries have implemented the e-passport based on Machine Readable Travel Documents (MRTD) and International Civil Aviation Organization (ICAO) standardization. However, there is a threat scenario in the privacy infringement problem due to Radio Frequency Identification Device (RFID) such as data leakage threats, identity theft, tracking, and host listing. In this article, a multimodal biometric, secure encrypted data and encrypted biometric encoded in the Quick Response Code (QR code) based e-passport authentication method is proposed for national security application. Further, Personal information and biometric data are encrypted by applying the Advanced Encryption Standard (AES) and the Secure Hash Algorithm (SHA) 256 algorithm. More specifically, face recognition based on facial marks size detection and hand geometry detection is used for a biometric passport to enhance and secure the authentication level. The proposed method achieved an accuracy level of 92% for IITK (Indian Institute of Technology, Kanpur) dataset, an accuracy level of 93% for FEI (Fundação Educacional Inaciana) dataset in mark size detection and an accuracy level of 96.67% achieved in the hand geometry detection.

Jiagen Li,Rulin Liu,Haoxiang Lin,Shuqian Ye,Min Ye,Xiaopu Wang,Xi Zhu

DOI: https://doi.org/10.1021/acsami.1c18808

2021-12-06

Abstract:The trend of digitalization has produced rapidly increasing data interaction and authentication demand in today's internet of things ecosystem. To face the challenge, we demonstrated a micro-scale label by direct laser writing to perform as a passport between the physical and digital worlds. On this label, the user information is encrypted into three-dimensional geometric structures by a tensor network and then authenticated through the decryption system based on computer vision. A two-step printing methodology is applied to code the randomly distributed fluorescence from doped quantum dots, which achieved physical unclonable functions (PUFs) of the passport. The 10⁵ bits/mm² data storage density enables abundant encrypted information from physical worlds, for example, the biometric data of human users. This passport guarantees the strong correlation between the user's privacy data and the PUF-assisted codes, successfully overcoming the illegal transfer of authentication information. Due to its ultra-high security level and convenience, the printed passport has enormous potential in future digital twin authentication anytime anywhere, including personal identity, valuable certificates, and car networking.

materials science, multidisciplinary,nanoscience & nanotechnology

Tore Frederiksen

DOI: https://doi.org/10.1145/3465481.3469212

2021-08-17

Abstract:As governments around the world decide to deploy digital health passports as a tool to curb the spread of Covid-19, it becomes increasingly important to consider how these can be constructed with privacy-by-design. In this paper we discuss the privacy and security issues of common approaches for constructing digital health passports. We then show how to construct, and deploy, secure and private digital health passports, in a simple and efficient manner. We do so by using a protocol for distributed password-based token issuance, secret sharing and by leveraging modern smart phones’ secure hardware. Our solution only requires a constant amount of asymmetric cryptographic operations and a single round of communication between the user and the party verifying the user’s digital health passport, and only two rounds between the user and the server issuing the digital health passport.

Xiuli Chai,Gongyao Cao,Zhifeng Fu,Zhihua Gan,Binjie Wang,Yushu Zhang

DOI: https://doi.org/10.1016/j.bspc.2024.106424

IF: 5.1

2024-01-01

Biomedical Signal Processing and Control

Abstract:With the rapid development of telemedicine technology, electronic medical records (EMR) are facing security issues such as illegal access, leakage and malicious tampering during the transmission of electronic patient information (EPI). In view of this, a high-capacity RDHEI based on adaptive pixel modulation and high bit-plane based redundancy matrix coding (HBP-RMC) is proposed to effectively achieve patient privacy protection by embedding private data such as electronic medical records and authentication information into encrypted medical images. Specifically, the carrier image is encrypted using designed block-level disruption and adaptive pixel-modulation to preserve pixel-correlation. This method provides the basis for high embedding rates while ensuring the overall security of the image. Next, an accurate block-level pixel prediction is proposed to make full use of the high correlation to generate considerable redundancy and in balance with high prediction accuracy. Then the proposed HBP-RMC is used to maximally convert the redundant information into the embeddable space and effectively limit the size of the auxiliary information. At the decoding end, users can realize separable image restoration and information extraction according to their own keys. The maximum ERs of our scheme on the BOWS-2 and BOSSbase datasets can reach 2.9332 bpp and 3.0249 bpp, respectively. Extensive experiments prove that our algorithm outperforms some existing state-of-the-art schemes.

Hongli Wan,Minqing Zhang,Yan Ke,Zongbao Jiang,Fuqiang Di

DOI: https://doi.org/10.1016/j.jksuci.2024.102217

IF: 9.006

2024-10-26

Journal of King Saud University - Computer and Information Sciences

Abstract:The separable reversible data hiding in encrypted domain (RDH-ED) algorithm leaves out the embedding space for the information before or after encryption and makes the operation of extracting the information and restoring the image not interfere with each other. The encryption method employed not only affects the embedding space of the information and separability, but is more crucial for ensuring security. However, the commonly used XOR, scram-bling or combination methods fall short in security, especially against known plaintext attack (KPA). Therefore, in or-der to improve the security of RDH-ED and be widely applicable, this paper proposes a high-security RDH-ED encryption algorithm that can be used to reserve space before encryption (RSBE) and free space after encryption (FSAE). During encryption, the image undergoes block XOR, global intra-block bit-plane scrambling (GIBS) and inter-block scrambling sequentially. The GIBS key is created through chaotic mapping transformation. Subsequently, two RDH-ED algorithms based on this encryption are proposed. Experimental results indicate that the algorithm outlined in this paper maintains consistent key communication traffic post key conversion. Additionally, its computational complexity remains at a constant level, satisfying separability criteria, and is suitable for both RSBE and FSAE methods. Simultaneously, while satisfying the security of a single encryption technique, we have expanded the key space to 2 8Np×Np!×8!Np , enabling resilience against various existing attack methods. Notably, particularly in KPA testing scenarios, the average decryption success rate is a mere 0.0067% and 0.0045%, highlighting its exceptional security. Overall, this virtually unbreakable system significantly enhances image security while preserving an appropriate embedding capacity.

computer science, information systems

Yan Ke,Minqing Zhang,Xinpeng Zhang,Yiliang Han,Jia Liu

DOI: https://doi.org/10.48550/arxiv.2208.14510

2022-01-01

Abstract: Considering the prospects of public key embedding (PKE) mechanism in active forensics on the integrity or identity of ciphertext for distributed deep learning security, two reversible data hiding in encrypted domain (RDH-ED) algorithms with PKE mechanism are proposed, in which all the elements of the embedding function shall be open to the public, while the extraction function could be performed only by legitimate users. The first algorithm is difference expansion in single bit encrypted domain (DE-SBED), which is optimized from the homomorphic embedding framework based on the bit operations of DE in spatial domain. DE-SBED is suitable for the ciphertext of images encrypted from any single bit encryption and learning with errors (LWE) encryption is selected in this paper. Pixel value ordering is introduced to reduce the distortion of decryption and improve the embedding rates (ER). To apply to more flexible applications, public key recoding on encryption redundancy (PKR-ER) algorithm is proposed. Public embedding key is constructed by recoding on the redundancy from the probabilistic decryption of LWE. It is suitable for any plaintext regardless of the type of medium or the content. By setting different quantization rules for recoding, decryption and extraction functions are separable. No distortion exists in the directly decrypted results of the marked ciphertext and ER could reach over 1.0 bits per bit of plaintext. Correctness and security of the algorithms are proved theoretically by deducing the probability distributions of ciphertext and quantization variable. Experimental results demonstrate the performances in correctness, one-way attribute of security and efficiency of the algorithms.

Yingqiang Qiu,Qichao Ying,Xiaodan Lin,Yaowen Zhang,Zhenxing Qian

DOI: https://doi.org/10.1109/access.2020.2969252

IF: 3.9

2020-01-01

IEEE Access

Abstract:Typical reversible data hiding in encrypted image (RDH-EI) methods merely embed data in the encrypted domain, ignoring the requirement of the image owner for data embedding. To address this issue, this paper proposes a novel RDH-EI method with dual data embedding based on generalized integer transformation (GIT). The image owner first vacates embedding room, and performs data embedding before image encryption. After data encryption, the remote server utilizes the vacated room to further embed additional data into the encrypted image. The embedded data by the image owner and remote server can be extracted exactly, and the original image can be recovered losslessly. The experimental results prove the effectiveness of the proposed method.

Pieter Hartel,Rolf van Wegberg

DOI: https://doi.org/10.1186/s40163-023-00185-4

2023-03-08

Crime Science

Abstract:Law enforcement agencies struggle with criminals using end-to-end encryption (E2EE). A recent policy paper states: "while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement". The main argument is that E2EE hampers attribution and prosecution of criminals who rely on encrypted communication - ranging from drug syndicates to child sexual abuse material (CSAM) platforms. This statement - in policy circles dubbed 'going dark' - is not yet supported by empirical evidence. That is why, in our work, we analyse public court data from the Netherlands to show to what extent law enforcement agencies and the public prosecution service are impacted by the use of E2EE in bringing cases to court and their outcome. Our results show that in cases brought to court, the Dutch courts appear to be as successful in convicting offenders who rely on E2EE as those who do not. Our data do not permit us to draw conclusions on the effect of E2EE on criminal investigations.

John C. Polley,Ilias Politis,Christos Xenakis,Adarbad Master,Michał Kępkowski

DOI: https://doi.org/10.48550/arXiv.2103.04142

2021-03-06

Cryptography and Security

Abstract:With the COVID-19 pandemic entering a second phase and vaccination strategies being applied by countries and governments worldwide, there is an increasing expectation by people to return to normal life. There is currently a debate about immunity passports, privacy, and the enablement of individuals to safely enter everyday social life, workplace, and travel. Such digital immunity passports and vaccination certificates should meet people's expectations for privacy while enabling them to present to 3rd party verifiers tamper-evident credentials. This paper provides a comprehensive answer to the technological, ethical and security challenges, by proposing an architecture that provides to individuals, employers, and government agencies, a digital, decentralized, portable, immutable, and non-refutable health status cryptographic proof. It can be used to evaluate the risk of allowing individuals to return to work, travel, and public life activities.

Yike Zhang,Wenbin Luo

DOI: https://doi.org/10.1109/TCSVT.2022.3183391

2023-02-16

Abstract:As an essential technique for data privacy protection, reversible data hiding in encrypted images (RDHEI) methods have drawn intensive research interest in recent years. In response to the increasing demand for protecting data privacy, novel methods that perform RDHEI are continually being developed. We propose two effective multi-MSB (most significant bit) replacement-based approaches that yield comparably high data embedding capacity, improve overall processing speed, and enhance reconstructed images' quality. Our first method, Efficient Multi-MSB Replacement-RDHEI (EMR-RDHEI), obtains higher data embedding rates (DERs, also known as payloads) and better visual quality in reconstructed images when compared with many other state-of-the-art methods. Our second method, Lossless Multi-MSB Replacement-RDHEI (LMR-RDHEI), can losslessly recover original images after an information embedding process is performed. To verify the accuracy of our methods, we compared them with other recent RDHEI techniques and performed extensive experiments using the widely accepted BOWS-2 dataset. Our experimental results showed that the DER of our EMR-RDHEI method ranged from 1.2087 bit per pixel (bpp) to 6.2682 bpp with an average of 3.2457 bpp. For the LMR-RDHEI method, the average DER was 2.5325 bpp, with a range between 0.2129 bpp and 6.0168 bpp. Our results demonstrate that these methods outperform many other state-of-the-art RDHEI algorithms. Additionally, the multi-MSB replacement-based approach provides a clean design and efficient vectorized implementation.

Cryptography and Security

Mónica P. Arenas,Georgios Fotiadis,Gabriele Lenzini,Mohammadamin Rakeei

DOI: https://doi.org/10.1016/j.cose.2024.104131

IF: 5.105

2024-09-29

Computers & Security

Abstract:Coating objects with microscopic droplets of liquid crystals makes it possible to identify and authenticate objects as if they had biometric-like features: this is extremely valuable as an anti-counterfeiting measure. How to extract features from images has been studied elsewhere, but exchanging data about features is not enough if we wish to build secure cryptographic authentication protocols. What we need are authentication tokens (i.e., bitstrings), strategies to cope with noise, always present when processing images, and solutions to protect the original features so that it is impossible to reproduce them from the tokens. Secure sketches and fuzzy extractors are the cryptographic toolkits that offer these functionalities, but they must be instantiated to work with the peculiar specific features extracted from images of liquid crystals. We show how this can work and how we can obtain uniform, error-tolerant, and random strings, and how they are used to authenticate liquid crystal coated objects. Our protocol reminds an existing biometric-based protocol, but only apparently. Using the original protocol as-it-is would make the process vulnerable to an attack that exploits certain physical peculiarities of our liquid crystal coatings. Instead, our protocol is robust against the attack. We prove all our security claims formally, by modeling and verifying in Proverif, our protocol and its cryptographic schemes. We implement and benchmark our solution, measuring both the performance and the quality of authentication.

computer science, information systems

Florian Otterbein,Tim Ohlendorf,Marian Margraf

DOI: https://doi.org/10.48550/arXiv.1701.04013

2017-01-15

Abstract:Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations with the help of his personal electronic ID card and a corresponding card reader. While there are several solutions available for desktop use of the eID infrastructure, mobile approaches have to be payed more attention. In this paper we present a new approach for using the German eID concept on an Android device without the need of the actual identity card and card reader. A security evaluation of our approach reveals that two non-critical vulnerabilities on the architecture can't be avoided. Nevertheless, no sensitive information are compromised. A proof of concept shows that an actual implementation faces some technical issues which have to be solved in the future.

Cryptography and Security

Qingbo Yan,Haowen Yan,Liming Zhang

DOI: https://doi.org/10.1111/tgis.13254

IF: 2.568

2024-10-11

Transactions in GIS

Abstract:As a fundamental component that supports business connectivity and enables intelligent decision‐making, vector spatial data encounter increasing copyright and security challenges throughout their lifecycle. There is an imminent need for a comprehensive lifecycle protection solution to ensure data security and adherence to copyright laws. This study introduces an integrated protection scheme designed to address copyright and security issues across the entire lifecycle of vector spatial data. First, DNA encryption is applied to the vector spatial data, with the key subsequently encrypted using the RSA public key. Concurrently, GD‐PBIBD fingerprint encoding is used to generate a fingerprint sequence. Thereafter, this sequence is scrambled using logistic mapping, and a quantization mechanism embeds the scrambled fingerprint sequence into the coordinates. Subsequently, the RSA private key is used to decrypt the key and extract the fingerprint information. Finally, logistic mapping is employed to restore the fingerprint sequence, and Hamming distance calculations are used to identify colluding users and trace potential data leaks. Experimental studies indicate that the proposed DNA encryption algorithm is effective for various types of vector spatial data, including point, polyline, and polygon data. It features a large key space and high key sensitivity. Furthermore, the GD‐PBIBD fingerprint encoding is simple to construct, offers excellent imperceptibility, and provides robust resistance to both single‐ and multi‐user attacks. This research addresses the gap in full lifecycle copyright and security protection for vector spatial data and offers a holistic solution for secure data circulation, thereby demonstrating significant practical value.

geography

Niusen Chen,Bo Chen,Weisong Shi

DOI: https://doi.org/10.48550/arXiv.2203.16349

2022-03-31

Abstract:Nowadays, mobile devices have been used broadly to store and process sensitive data. To ensure confidentiality of the sensitive data, Full Disk Encryption (FDE) is often integrated in mainstream mobile operating systems like Android and iOS. FDE however cannot defend against coercive attacks in which the adversary can force the device owner to disclose the decryption key. To combat the coercive attacks, Plausibly Deniable Encryption (PDE) is leveraged to plausibly deny the very existence of sensitive data. However, most of the existing PDE systems for mobile devices are deployed at the block layer and suffer from deniability compromises. Having observed that none of existing works in the literature have experimentally demonstrated the aforementioned compromises, our work bridges this gap by experimentally confirming the deniability compromises of the block-layer mobile PDE systems. We have built a mobile device testbed, which consists of a host computing device and a flash storage device. Additionally, we have deployed both the hidden volume PDE and the steganographic file system at the block layer of the testbed and performed disk forensics to assess potential compromises on the raw NAND flash. Our experimental results confirm it is indeed possible for the adversary to compromise the block-layer PDE systems by accessing the raw NAND flash in practice. We also discuss potential issues when performing such attacks in real world.

Cryptography and Security

Iulian Aciobăniței,Ștefan-Ciprian Arseni,Emil Bureacă,Mihai Togan

DOI: https://doi.org/10.3390/electronics13040757

IF: 2.9

2024-02-15

Electronics

Abstract:The current shift towards digital transactions emphasizes the need for robust Qualified Electronic Signature (QES) frameworks that safeguard integrity and privacy. Having the potential to become the leading type of adopted QES, the main challenge that Remote QESs present to end users is choosing between transmitting the entire document or only its digest to the Trust Service Provider (TSP). The first option compromises the document's confidentiality, while the second one requires the development of signature applications compliant with advanced signature formats, a task that often needs additional time and resources. In this paper, we introduce a comprehensive strategy for remote QESs, designed for seamless integration with current client applications, while simultaneously maintaining user privacy. The main topics approached in this paper are the following: a comprehensive architecture for privacy-aware remote QES systems, relevant standards and legislation, integration scenarios for clients, and remote QES standard protocols to assure communication between client and TSP environments. Furthermore, we also explore the integration of our proposed solution with an enhanced long-term preservation service that uses Ethereum smart contracts and methodologies to implement signature applications with advanced electronic signatures via open-source libraries while ensuring document privacy. The main result of this work is a flexible on-premise module that provides the ability to sign, validate, and preserve documents, with a minimal integration effort.

engineering, electrical & electronic,computer science, information systems,physics, applied

Paul Balanoiu

DOI: https://doi.org/10.48550/arXiv.1002.3475

2010-02-18

Abstract:Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system.

Cryptography and Security

Mohsin Shah,Weiming Zhang,Honggang Hu,Xiaojuan Dong,Nenghai Yu

DOI: https://doi.org/10.1049/iet-ipr.2018.6120

IF: 2.3

2019-01-01

IET Image Processing

Abstract:Advances in signal processing in the encrypted domain and cloud computing have given rise to privacy-preserving technologies. In recent years, reversible data hiding in encrypted images (RDH-EI) has received attention from the research community because additional data can be embedded into an encrypted image without accessing its original content, and the encrypted image can be losslessly recovered after extracting the embedded data. Although the recent development of RDH-EI compatible with homomorphic public key cryptosystems has intensified research interest, most of the existing mature RDH schemes cannot be transplanted to the encrypted domain due to the limitations of the underlying cryptosystems. In this paper, prediction error expansion based RDH-ED using probabilistic and homomorphic properties of the Paillier cryptosystem is presented. This work implements non-integer mean value computation in the encrypted domain without any interactive protocol between the content owner and the cloud server. This work presents mathematical detail of pixel prediction (mean), prediction error, error expansion and data embedding in the encrypted domain and data extraction and content recovery in the plain domain. Experimental results from standard test images reveal that the proposed scheme outperforms other state-of-the-art encrypted domain schemes.

Chunqiang Yu,Chenmei Ye,Xianquan Zhang,Zhenjun Tang,Shanhua Zhan

DOI: https://doi.org/10.3390/math7100976

IF: 2.4

2019-10-15

Mathematics

Abstract:In this paper, we propose a separable reversible data hiding method in encrypted image (RDHEI) based on two-dimensional permutation and exploiting modification direction (EMD). The content owner uses two-dimensional permutation to encrypt original image through encryption key, which provides confidentiality for the original image. Then the data hider divides the encrypted image into a series of non-overlapping blocks and constructs histogram of adjacent encrypted pixel errors. Secret bits are embedded into a series of peak points of the histogram through EMD. Direct decryption, data extraction and image recovery can be performed separately by the receiver according to the availability of encryption key and data-hiding key. Different from some state-of-the-art RDHEI methods, visual quality of the directly decrypted image can be further improved by the receiver holding the encryption key. Experimental results demonstrate that the proposed method outperforms some state-of-the-art methods in embedding capacity and visual quality.

mathematics

Haoli Ge,Yan Chen,Zhenxing Qian,Jianjun Wang

DOI: https://doi.org/10.1109/tcsvt.2018.2863029

IF: 5.859

2019-01-01

IEEE Transactions on Circuits and Systems for Video Technology

Abstract:This paper proposes a novel method of reversible data hiding in encrypted images (RDH-EI). We first provide an RDH-EI approach using single-level embedding, in which three parties are involved, including an image owner, a data hider, and a recipient. The image owner encrypts an original image into a ciphertext image. After dividing the original image into blocks, the owner pseudo-randomly permutes all blocks by a permutation key. With an encryption key, the image owner further encrypts the contents of all blocks using a stream cipher algorithm, during which pixels inside each block share the same stream bytes. Once the encrypted image is uploaded onto the server, a data hider embeds additional messages into the ciphertext. The data hider divides the encrypted image into blocks and selects peak pixels from each block using an embedding key. With the peak pixels, the data hider embeds an additional message using histogram shifting inside each block. On the receiver side, a recipient extracts the hidden message using the embedding key, and losslessly recover the original image with the permutation key and the encryption key. Based on the single-level algorithm, we further construct a multi-level approach. The embedding process is iteratively used to generate the marked encrypted images. Compared with state-of-the-art works, the proposed method achieves a better embedding efficiency and an error-free recovery.

Yorick Last,Jorrit Geels,Hanna Schraffenberger

DOI: https://doi.org/10.1145/3613905.3650977

2024-10-09

Abstract:Documents are largely stored and shared digitally. Yet, digital documents are still commonly signed using (copies of) handwritten signatures, which are sensitive to fraud. Though secure, cryptography-based signature solutions exist, they are hardly used due to usability issues. This paper proposes to use digital identity wallets for securely and intuitively signing digital documents with verified personal data. Using expert feedback, we implemented this vision in an interactive prototype. The prototype was assessed in a moderated usability test (N = 15) and a subsequent unmoderated remote usability test (N = 99). While participants generally expressed satisfaction with the system, they also misunderstood how to interpret the signature information displayed by the prototype. Specifically, signed documents were also trusted when the document was signed with irrelevant personal data of the signer. We conclude that such unwarranted trust forms a threat to usable digital signatures and requires attention by the usable security community.

Human-Computer Interaction