Science.gov

Sample records for authentication scheme based

  1. Graph state-based quantum authentication scheme

    NASA Astrophysics Data System (ADS)

    Liao, Longxia; Peng, Xiaoqi; Shi, Jinjing; Guo, Ying

    2017-04-01

    Inspired by the special properties of the graph state, a quantum authentication scheme is proposed in this paper, which is implemented with the utilization of the graph state. Two entities, a reliable party, Trent, as a verifier and Alice as prover are included. Trent is responsible for registering Alice in the beginning and confirming Alice in the end. The proposed scheme is simple in structure and convenient to realize in the realistic physical system due to the use of the graph state in a one-way quantum channel. In addition, the security of the scheme is extensively analyzed and accordingly can resist the general individual attack strategies.

  2. Password authentication scheme based on the quadratic residue problem

    NASA Astrophysics Data System (ADS)

    Ali, Muhammad Helmi; Ismail, Eddie Shahril

    2017-04-01

    In this paper, we propose a new password-authentication scheme based on quadratic residue problem with the following advantages: the scheme does not require a verification file, and the scheme can withstand replay attacks and resist from the guessing and impersonation attacks. We next discuss the advantages of our designated scheme over other schemes in terms of security and efficiency.

  3. Revisiting Quantum Authentication Scheme Based on Entanglement Swapping

    NASA Astrophysics Data System (ADS)

    Naseri, Mosayeb

    2016-05-01

    The crucial issue of quantum communication protocol is its security. In this paper, the security of the Quantum Authentication Scheme Based on Entanglement Swapping proposed by Penghao et al. (Int J Theor Phys., doi: 10.1007/s10773-015-2662-7) is reanalyzed. It is shown that the original does not complete the task of quantum authentication and communication securely. Furthermore a simple improvement on the protocol is proposed.

  4. Biometrics based authentication scheme for session initiation protocol.

    PubMed

    Xie, Qi; Tang, Zhixiong

    2016-01-01

    Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

  5. Graph State-Based Quantum Group Authentication Scheme

    NASA Astrophysics Data System (ADS)

    Liao, Longxia; Peng, Xiaoqi; Shi, Jinjing; Guo, Ying

    2017-02-01

    Motivated by the elegant structure of the graph state, we design an ingenious quantum group authentication scheme, which is implemented by operating appropriate operations on the graph state and can solve the problem of multi-user authentication. Three entities, the group authentication server (GAS) as a verifier, multiple users as provers and the trusted third party Trent are included. GAS and Trent assist the multiple users in completing the authentication process, i.e., GAS is responsible for registering all the users while Trent prepares graph states. All the users, who request for authentication, encode their authentication keys on to the graph state by performing Pauli operators. It demonstrates that a novel authentication scheme can be achieved with the flexible use of graph state, which can synchronously authenticate a large number of users, meanwhile the provable security can be guaranteed definitely.

  6. Image integrity authentication scheme based on fixed point theory.

    PubMed

    Li, Xu; Sun, Xingming; Liu, Quansheng

    2015-02-01

    Based on the fixed point theory, this paper proposes a new scheme for image integrity authentication, which is very different from digital signature and fragile watermarking. By the new scheme, the sender transforms an original image into a fixed point image (very close to the original one) of a well-chosen transform and sends the fixed point image (instead of the original one) to the receiver; using the same transform, the receiver checks the integrity of the received image by testing whether it is a fixed point image and locates the tampered areas if the image has been modified during the transmission. A realization of the new scheme is based on Gaussian convolution and deconvolution (GCD) transform, for which an existence theorem of fixed points is proved. The semifragility is analyzed via commutativity of transforms, and three commutativity theorems are found for the GCD transform. Three iterative algorithms are presented for finding a fixed point image with a few numbers of iterations, and for the whole procedure of image integrity authentication; a fragile authentication system and a semifragile one are separately built. Experiments show that both the systems have good performance in transparence, fragility, security, and tampering localization. In particular, the semifragile system can perfectly resist the rotation by a multiple of 90° flipping and brightness attacks.

  7. A privacy authentication scheme based on cloud for medical environment.

    PubMed

    Chen, Chin-Ling; Yang, Tsai-Tung; Chiang, Mao-Lun; Shih, Tzay-Farn

    2014-11-01

    With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients' privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device's characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

  8. A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

    PubMed

    Lee, Tian-Fu; Liu, Chuan-Ming

    2013-06-01

    A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

  9. A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi; Wang, Chun-Cheng

    2015-11-01

    To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das's authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

  10. A User Authentication Scheme Based on Elliptic Curves Cryptography for Wireless Ad Hoc Networks

    PubMed Central

    Chen, Huifang; Ge, Linlin; Xie, Lei

    2015-01-01

    The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes. PMID:26184224

  11. A User Authentication Scheme Based on Elliptic Curves Cryptography for Wireless Ad Hoc Networks.

    PubMed

    Chen, Huifang; Ge, Linlin; Xie, Lei

    2015-07-14

    The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

  12. Password-based authenticated key exchange scheme using smart card

    NASA Astrophysics Data System (ADS)

    Liu, Hui; Zhong, Shaojun

    2013-03-01

    A protocol that allows any two entities to negotiate a shared session key is commonly called a key exchange protocol. If the protocol provides a function to authenticate each other, we call the protocol authenticated key exchange protocol (AKE). Password authentication key exchange (PAKE) is the AKE protocol in which the two entities share a humanmemorable password. Most of current PAKE relies on the existence of a public key infrastructure, which sometime is impossible for a certain environments such as low computational device due to the computation overhead. In this paper, we propose password-based authenticated key exchange using smart card. Compared to previous PAKE, our protocol is more efficient because our protocol is based on ECC. Thereby, the proposed protocol can be well applied to low computation device.

  13. A secure biometrics-based authentication scheme for telecare medicine information systems.

    PubMed

    Yan, Xiaopeng; Li, Weiheng; Li, Ping; Wang, Jiantao; Hao, Xinhong; Gong, Peng

    2013-10-01

    The telecare medicine information system (TMIS) allows patients and doctors to access medical services or medical information at remote sites. Therefore, it could bring us very big convenient. To safeguard patients' privacy, authentication schemes for the TMIS attracted wide attention. Recently, Tan proposed an efficient biometrics-based authentication scheme for the TMIS and claimed their scheme could withstand various attacks. However, in this paper, we point out that Tan's scheme is vulnerable to the Denial-of-Service attack. To enhance security, we also propose an improved scheme based on Tan's work. Security and performance analysis shows our scheme not only could overcome weakness in Tan's scheme but also has better performance.

  14. A rhythm-based authentication scheme for smart media devices.

    PubMed

    Lee, Jae Dong; Jeong, Young-Sik; Park, Jong Hyuk

    2014-01-01

    In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience.

  15. A Rhythm-Based Authentication Scheme for Smart Media Devices

    PubMed Central

    Lee, Jae Dong; Park, Jong Hyuk

    2014-01-01

    In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience. PMID:25110743

  16. Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme.

    PubMed

    Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

    2016-01-01

    With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

  17. Improved dynamic ID-based authentication scheme for telecare medical information systems.

    PubMed

    Cao, Tianjie; Zhai, Jingxuan

    2013-04-01

    In order to protect users' identity privacy, Chen et al. proposed an efficient dynamic ID-based authentication scheme for telecare medical information systems. However, Chen et al.'s scheme has some weaknesses. In Chen et al.'s scheme, an attacker can track a user by a linkability attack or an off-line identity guessing attack. Chen et al.'s scheme is also vulnerable to an off-line password guessing attack and an undetectable on-line password guessing attack when user's smart card is stolen. In server side, Chen et al.'s scheme needs large computational load to authentication a legal user or reject an illegal user. To remedy the weaknesses in Chen et al.'s scheme, we propose an improved smart card based password authentication scheme. Our analysis shows that the improved scheme can overcome the weaknesses in Chen et al.'s scheme.

  18. Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

    PubMed Central

    Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

    2016-01-01

    With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks. PMID:26866606

  19. Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.

    PubMed

    An, Younghwa

    2012-01-01

    Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

  20. Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

    PubMed Central

    An, Younghwa

    2012-01-01

    Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. PMID:22899887

  1. A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems.

    PubMed

    Wang, Zhiheng; Huo, Zhanqiang; Shi, Wenbo

    2015-01-01

    With rapid development of computer technology and wide use of mobile devices, the telecare medicine information system has become universal in the field of medical care. To protect patients' privacy and medial data's security, many authentication schemes for the telecare medicine information system have been proposed. Due to its better performance, chaotic maps have been used in the design of authentication schemes for the telecare medicine information system. However, most of them cannot provide user's anonymity. Recently, Lin proposed a dynamic identity based authentication scheme using chaotic maps for the telecare medicine information system and claimed that their scheme was secure against existential active attacks. In this paper, we will demonstrate that their scheme cannot provide user anonymity and is vulnerable to the impersonation attack. Further, we propose an improved scheme to fix security flaws in Lin's scheme and demonstrate the proposed scheme could withstand various attacks.

  2. A chaotic map-based authentication scheme for telecare medicine information systems.

    PubMed

    Hao, Xinhong; Wang, Jiantao; Yang, Qinghai; Yan, Xiaopeng; Li, Ping

    2013-04-01

    With the development of Internet, patients could enjoy health-care delivery services through telecare medicine information systems (TMIS) in their home. To control the access to remote medical servers' resources, many authentication schemes using smart cards have been proposed. However, the performance of these schemes is not satisfactory since modular exponential operations are used in these schemes. In the paper, we propose a chaotic map-based authentication scheme for telecare medicine information systems. The security and performance analysis shows our scheme is more suitable for TMIS.

  3. Enhancing of a Password-Based Authentication Scheme Using Smart Cards

    NASA Astrophysics Data System (ADS)

    Lee, Youngsook; Won, Dongho

    A password based remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. This paper discusses the security of Chen et al.'s remote user authentication scheme making use of smart cards. They have recently presented an improved version of Lin, Shen, and Hwang's scheme. But, unlike their claims, in Chen et al.'s scheme, if an attacker gains access to some user's smart card and extracts the information stored in the smart card, he/she can easily find out the user's password. We show this by mounting a dictionary attack on the scheme. In addition, Chen et al.'s scheme does not support its main security goal of authenticating between a remote individual and the server. This is shown via a sever impersonation attack on the scheme. Motivated by these security flaws, we propose a more secure remote user authentication scheme that achieves both two-factor security and mutual authentication.

  4. An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity

    PubMed Central

    Kumari, Saru

    2013-01-01

    The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An's scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An's scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability. PMID:24350272

  5. An improved biometrics-based remote user authentication scheme with user anonymity.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-01-01

    The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An's scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An's scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability.

  6. An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems.

    PubMed

    Chen, Hung-Ming; Lo, Jung-Wen; Yeh, Chang-Kuo

    2012-12-01

    The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

  7. An improved biometrics-based authentication scheme for telecare medical information systems.

    PubMed

    Guo, Dianli; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2015-03-01

    Telecare medical information system (TMIS) offers healthcare delivery services and patients can acquire their desired medical services conveniently through public networks. The protection of patients' privacy and data confidentiality are significant. Very recently, Mishra et al. proposed a biometrics-based authentication scheme for telecare medical information system. Their scheme can protect user privacy and is believed to resist a range of network attacks. In this paper, we analyze Mishra et al.'s scheme and identify that their scheme is insecure to against known session key attack and impersonation attack. Thereby, we present a modified biometrics-based authentication scheme for TMIS to eliminate the aforementioned faults. Besides, we demonstrate the completeness of the proposed scheme through BAN-logic. Compared to the related schemes, our protocol can provide stronger security and it is more practical.

  8. An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem.

    PubMed

    Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

    2015-03-01

    The telecare medical information systems (TMISs) enable patients to conveniently enjoy telecare services at home. The protection of patient's privacy is a key issue due to the openness of communication environment. Authentication as a typical approach is adopted to guarantee confidential and authorized interaction between the patient and remote server. In order to achieve the goals, numerous remote authentication schemes based on cryptography have been presented. Recently, Arshad et al. (J Med Syst 38(12): 2014) presented a secure and efficient three-factor authenticated key exchange scheme to remedy the weaknesses of Tan et al.'s scheme (J Med Syst 38(3): 2014). In this paper, we found that once a successful off-line password attack that results in an adversary could impersonate any user of the system in Arshad et al.'s scheme. In order to thwart these security attacks, an enhanced biometric and smart card based remote authentication scheme for TMISs is proposed. In addition, the BAN logic is applied to demonstrate the completeness of the enhanced scheme. Security and performance analyses show that our enhanced scheme satisfies more security properties and less computational cost compared with previously proposed schemes.

  9. A provably-secure ECC-based authentication scheme for wireless sensor networks.

    PubMed

    Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

    2014-11-06

    A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

  10. A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

    PubMed Central

    Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

    2014-01-01

    A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes. PMID:25384009

  11. A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth.

    PubMed

    Jiang, Qi; Lian, Xinxin; Yang, Chao; Ma, Jianfeng; Tian, Youliang; Yang, Yuanyuan

    2016-11-01

    Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users' concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang's scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.

  12. Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

    PubMed

    Yau, Wei-Chuen; Phan, Raphael C-W

    2013-12-01

    Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

  13. Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

    PubMed

    Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

    2017-04-25

    User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

  14. Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks

    PubMed Central

    Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

    2017-01-01

    User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.’s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme. PMID:28441331

  15. Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce.

    PubMed

    Mishra, Dheerendra; Mukhopadhyay, Sourav; Kumari, Saru; Khan, Muhammad Khurram; Chaturvedi, Ankita

    2014-05-01

    Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove the drawbacks of their scheme.

  16. A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks.

    PubMed

    Liu, Xin; Zhang, Ruisheng; Liu, Qidong

    2017-01-01

    Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research.

  17. A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks

    PubMed Central

    Zhang, Ruisheng; Liu, Qidong

    2017-01-01

    Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research. PMID:28135288

  18. Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

    PubMed

    Zhang, Liping; Zhu, Shaohui

    2015-05-01

    To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

  19. On the security flaws in ID-based password authentication schemes for telecare medical information systems.

    PubMed

    Mishra, Dheerendra

    2015-01-01

    Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

  20. Improvement of a Privacy Authentication Scheme Based on Cloud for Medical Environment.

    PubMed

    Chiou, Shin-Yan; Ying, Zhaoqin; Liu, Junqiang

    2016-04-01

    Medical systems allow patients to receive care at different hospitals. However, this entails considerable inconvenience through the need to transport patients and their medical records between hospitals. The development of Telecare Medicine Information Systems (TMIS) makes it easier for patients to seek medical treatment and to store and access medical records. However, medical data stored in TMIS is not encrypted, leaving patients' private data vulnerable to external leaks. In 2014, scholars proposed a new cloud-based medical information model and authentication scheme which would not only allow patients to remotely access medical services but also protects patient privacy. However, this scheme still fails to provide patient anonymity and message authentication. Furthermore, this scheme only stores patient medical data, without allowing patients to directly access medical advice. Therefore, we propose a new authentication scheme, which provides anonymity, unlinkability, and message authentication, and allows patients to directly and remotely consult with doctors. In addition, our proposed scheme is more efficient in terms of computation cost. The proposed system was implemented in Android system to demonstrate its workability.

  1. Secure biometric image sensor and authentication scheme based on compressed sensing.

    PubMed

    Suzuki, Hiroyuki; Suzuki, Masamichi; Urabe, Takuya; Obi, Takashi; Yamaguchi, Masahiro; Ohyama, Nagaaki

    2013-11-20

    It is important to ensure the security of biometric authentication information, because its leakage causes serious risks, such as replay attacks using the stolen biometric data, and also because it is almost impossible to replace raw biometric information. In this paper, we propose a secure biometric authentication scheme that protects such information by employing an optical data ciphering technique based on compressed sensing. The proposed scheme is based on two-factor authentication, the biometric information being supplemented by secret information that is used as a random seed for a cipher key. In this scheme, a biometric image is optically encrypted at the time of image capture, and a pair of restored biometric images for enrollment and verification are verified in the authentication server. If any of the biometric information is exposed to risk, it can be reenrolled by changing the secret information. Through numerical experiments, we confirm that finger vein images can be restored from the compressed sensing measurement data. We also present results that verify the accuracy of the scheme.

  2. A Selective Group Authentication Scheme for IoT-Based Medical Information System.

    PubMed

    Park, YoHan; Park, YoungHo

    2017-04-01

    The technology of IoT combined with medical systems is expected to support advanced medical services. However, unsolved security problems, such as misuse of medical devices, illegal access to the medical server and so on, make IoT-based medical systems not be applied widely. In addition, users have a high burden of computation to access Things for the explosive growth of IoT devices. Because medical information is critical and important, but users have a restricted computing power, IoT-based medical systems are required to provide secure and efficient authentication for users. In this paper, we propose a selective group authentication scheme using Shamir's threshold technique. The property of selectivity gives the right of choice to users to form a group which consists of things users select and access. And users can get an access authority for those Things at a time. Thus, our scheme provides an efficient user authentication for multiple Things and conditional access authority for safe IoT-based medical information system. To the best of our knowledge, our proposed scheme is the first in which selectivity is combined with group authentication in IoT environments.

  3. A fingerprint encryption scheme based on irreversible function and secure authentication.

    PubMed

    Yang, Yijun; Yu, Jianping; Zhang, Peng; Wang, Shulan

    2015-01-01

    A fingerprint encryption scheme based on irreversible function has been designed in this paper. Since the fingerprint template includes almost the entire information of users' fingerprints, the personal authentication can be determined only by the fingerprint features. This paper proposes an irreversible transforming function (using the improved SHA1 algorithm) to transform the original minutiae which are extracted from the thinned fingerprint image. Then, Chinese remainder theorem is used to obtain the biokey from the integration of the transformed minutiae and the private key. The result shows that the scheme has better performance on security and efficiency comparing with other irreversible function schemes.

  4. A Fingerprint Encryption Scheme Based on Irreversible Function and Secure Authentication

    PubMed Central

    Yu, Jianping; Zhang, Peng; Wang, Shulan

    2015-01-01

    A fingerprint encryption scheme based on irreversible function has been designed in this paper. Since the fingerprint template includes almost the entire information of users' fingerprints, the personal authentication can be determined only by the fingerprint features. This paper proposes an irreversible transforming function (using the improved SHA1 algorithm) to transform the original minutiae which are extracted from the thinned fingerprint image. Then, Chinese remainder theorem is used to obtain the biokey from the integration of the transformed minutiae and the private key. The result shows that the scheme has better performance on security and efficiency comparing with other irreversible function schemes. PMID:25873989

  5. Multiple-image encryption and authentication in interference-based scheme by aid of space multiplexing

    NASA Astrophysics Data System (ADS)

    Wang, Hongjuan; Qin, Yi; Huang, Yiding; Wang, Zhipeng; Zhang, Yingying

    2017-10-01

    Conventional interference-based encryption (IBE) scheme suffers from the silhouette problem, and its capacity is relatively low. In this paper, we introduce sparse representation and space multiplexing into the IBE scheme and propose a method for multiple-image encryption and authentication. We demonstrate, through space multiplexing, the information of multiple images can be encrypted into two phase only masks. The decrypted images are intended to be authenticated by nonlinear correlation rather than be observed by naked eyes, and because of that, the silhouette problem has been thoroughly suppressed. Moreover, the capacity of the IBE scheme is also extensively enhanced. The feasibility and effectiveness of the proposal have been demonstrated by numerical simulations.

  6. Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

    PubMed Central

    Lu, Yanrong; Li, Lixiang; Yang, Xing; Yang, Yixian

    2015-01-01

    Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.’s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes. PMID:25978373

  7. Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards.

    PubMed

    Lu, Yanrong; Li, Lixiang; Yang, Xing; Yang, Yixian

    2015-01-01

    Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.

  8. Authentication and data hiding using a hybrid ROI-based watermarking scheme for DICOM images.

    PubMed

    Al-Qershi, Osamah M; Khoo, Bee Ee

    2011-02-01

    Authenticating medical images using watermarking techniques has become a very popular area of research, and some works in this area have been reported worldwide recently. Besides authentication, many data-hiding techniques have been proposed to conceal patient's data into medical images aiming to reduce the cost needed to store data and the time needed to transmit data when required. In this paper, we present a new hybrid watermarking scheme for DICOM images. In our scheme, two well-known techniques are combined to gain the advantages of both and fulfill the requirements of authentication and data hiding. The scheme divides the images into two parts, the region of interest (ROI) and the region of non-interest (RONI). Patient's data are embedded into ROI using a reversible technique based on difference expansion, while tamper detection and recovery data are embedded into RONI using a robust technique based on discrete wavelet transform. The experimental results show the ability of hiding patient's data with a very good visual quality, while ROI, the most important area for diagnosis, is retrieved exactly at the receiver side. The scheme also shows some robustness against certain levels of salt and pepper and cropping noise.

  9. Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems.

    PubMed

    Jiang, Qi; Ma, Jianfeng; Lu, Xiang; Tian, Youliang

    2014-02-01

    To ensure only authorized access to medical services, several authentication schemes for telecare medicine information systems (TMIS) have been proposed in the literature. Due to its better performance than traditional cryptography, Hao et al. proposed an authentication scheme for TMIS using chaotic map based cryptography. They claimed that their scheme could resist various attacks, including the smart card stolen attack. However, we identify that their scheme is vulnerable to the stolen smart card attack. The reason causing the stolen smart card attack is that the scheme is designed based on the assumption that the scheme itself achieves user untraceability. Then, we propose a robust authentication and key agreement scheme. Compared with the previous schemes, our scheme not only enjoys more security features, but also has better efficiency. Our analysis indicates that designing a two-factor authentication scheme based on the assumption that privacy protection is achieved in the scheme itself may pose potential security risks. The lesson learned is that, we should avoid this situation in the future design of two-factor authentication schemes.

  10. Optical multiple-image authentication scheme based on the phase retrieval algorithm in gyrator domain

    NASA Astrophysics Data System (ADS)

    Sui, Liansheng; Zhang, Xiao; Tian, Ailing

    2017-05-01

    A novel optical multiple-image authentication scheme based on the phase retrieval algorithm is presented in gyrator domain. According to a plain image, only one phase-only mask is obtained as the encrypted result by using the proposed phase retrieval algorithm, which has a fast convergence rate and good performance on mean square error. Afterwards, the sparsely encrypted distribution is extracted from the phase-only mask by selecting a certain percentage of pixels randomly. Different from other multiple-image authentication system based on space multiplexing, all sparsely encrypted distributions of plain images are finally integrated into the ciphertext by making use of the inter-modulation operation of phase masks, where the decryption process can be performed efficiently without any cross-talk noise and the encrypted capacity is nearly unlimited. Only when the secret keys are correct, the content of the plain images can be authenticated, in which the authentication process can be implemented optically by using the architecture of double random phase encoding. Simulation results are given to demonstrate the feasibility and robustness of the proposed scheme.

  11. A QR code based zero-watermarking scheme for authentication of medical images in teleradiology cloud.

    PubMed

    Seenivasagam, V; Velumani, R

    2013-01-01

    Healthcare institutions adapt cloud based archiving of medical images and patient records to share them efficiently. Controlled access to these records and authentication of images must be enforced to mitigate fraudulent activities and medical errors. This paper presents a zero-watermarking scheme implemented in the composite Contourlet Transform (CT)-Singular Value Decomposition (SVD) domain for unambiguous authentication of medical images. Further, a framework is proposed for accessing patient records based on the watermarking scheme. The patient identification details and a link to patient data encoded into a Quick Response (QR) code serves as the watermark. In the proposed scheme, the medical image is not subjected to degradations due to watermarking. Patient authentication and authorized access to patient data are realized on combining a Secret Share with the Master Share constructed from invariant features of the medical image. The Hu's invariant image moments are exploited in creating the Master Share. The proposed system is evaluated with Checkmark software and is found to be robust to both geometric and non geometric attacks.

  12. A QR Code Based Zero-Watermarking Scheme for Authentication of Medical Images in Teleradiology Cloud

    PubMed Central

    Seenivasagam, V.; Velumani, R.

    2013-01-01

    Healthcare institutions adapt cloud based archiving of medical images and patient records to share them efficiently. Controlled access to these records and authentication of images must be enforced to mitigate fraudulent activities and medical errors. This paper presents a zero-watermarking scheme implemented in the composite Contourlet Transform (CT)—Singular Value Decomposition (SVD) domain for unambiguous authentication of medical images. Further, a framework is proposed for accessing patient records based on the watermarking scheme. The patient identification details and a link to patient data encoded into a Quick Response (QR) code serves as the watermark. In the proposed scheme, the medical image is not subjected to degradations due to watermarking. Patient authentication and authorized access to patient data are realized on combining a Secret Share with the Master Share constructed from invariant features of the medical image. The Hu's invariant image moments are exploited in creating the Master Share. The proposed system is evaluated with Checkmark software and is found to be robust to both geometric and non geometric attacks. PMID:23970943

  13. A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

    PubMed

    Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

    2016-11-01

    Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

  14. A robust and novel dynamic-ID-based authentication scheme for care team collaboration with smart cards.

    PubMed

    Chang, Ya-Fen; Chen, Chia-Chen; Chang, Pei-Yu

    2013-04-01

    Nowadays, users/patients may gain desired medical services on-line because of the rapid development of computer network technologies. Conventional healthcare services are provided by a single server. However, care team collaboration by integrating services is the key to improve financial and clinical performance. How a user/patient accesses desired medical services provided by multiple servers becomes a challenge to realize care team collaboration. User authentication plays an important role to protect resources or services from being accessed by unauthorized users. In this paper, we first discuss the perceived security drawbacks of pervasive smart-card-based remote user authentication schemes. Then, we propose a novel dynamic-ID-based user authentication scheme based on elliptic curve cryptosystem (ECC) for multi-server environment with smart cards. The proposed scheme ensures user anonymity and computational efficiency and complies with essential requirements of a secure smart-card-based authentication scheme for multi-server environment to enable care team collaboration.

  15. On the security of a dynamic ID-based authentication scheme for telecare medical information systems.

    PubMed

    Lin, Han-Yu

    2013-04-01

    Telecare medical information systems (TMISs) are increasingly popular technologies for healthcare applications. Using TMISs, physicians and caregivers can monitor the vital signs of patients remotely. Since the database of TMISs stores patients' electronic medical records (EMRs), only authorized users should be granted the access to this information for the privacy concern. To keep the user anonymity, recently, Chen et al. proposed a dynamic ID-based authentication scheme for telecare medical information system. They claimed that their scheme is more secure and robust for use in a TMIS. However, we will demonstrate that their scheme fails to satisfy the user anonymity due to the dictionary attacks. It is also possible to derive a user password in case of smart card loss attacks. Additionally, an improved scheme eliminating these weaknesses is also presented.

  16. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

    PubMed

    Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

    2017-06-23

    In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

  17. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

    PubMed Central

    Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

    2017-01-01

    In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

  18. Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.

    PubMed

    Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Xie, Dong; Yang, Yixian

    2015-06-01

    The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.

  19. A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

    PubMed

    Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

    2013-06-01

    The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

  20. Cryptanalysis and improvement of Yan et al.'s biometric-based authentication scheme for telecare medicine information systems.

    PubMed

    Mishra, Dheerendra; Mukhopadhyay, Sourav; Chaturvedi, Ankita; Kumari, Saru; Khan, Muhammad Khurram

    2014-06-01

    Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan's scheme and proposed an improved scheme to erase the drawbacks of Tan's scheme. We analyze Yan et al.'s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.'s scheme.

  1. An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

    PubMed Central

    Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

    2015-01-01

    In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties. PMID:26709702

  2. An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.

    PubMed

    Moon, Jongho; Choi, Younsung; Jung, Jaewook; Won, Dongho

    2015-01-01

    In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user's management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.'s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.'s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.'s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.

  3. An authenticated image encryption scheme based on chaotic maps and memory cellular automata

    NASA Astrophysics Data System (ADS)

    Bakhshandeh, Atieh; Eslami, Ziba

    2013-06-01

    This paper introduces a new image encryption scheme based on chaotic maps, cellular automata and permutation-diffusion architecture. In the permutation phase, a piecewise linear chaotic map is utilized to confuse the plain-image and in the diffusion phase, we employ the Logistic map as well as a reversible memory cellular automata to obtain an efficient and secure cryptosystem. The proposed method admits advantages such as highly secure diffusion mechanism, computational efficiency and ease of implementation. A novel property of the proposed scheme is its authentication ability which can detect whether the image is tampered during the transmission or not. This is particularly important in applications where image data or part of it contains highly sensitive information. Results of various analyses manifest high security of this new method and its capability for practical image encryption.

  4. An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

    PubMed

    Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

    2016-08-16

    In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

  5. An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks

    PubMed Central

    Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

    2016-01-01

    In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.’s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.’s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes. PMID:27537890

  6. Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme.

    PubMed

    Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

    2017-03-01

    Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

  7. An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems.

    PubMed

    Lee, Tian-Fu

    2013-12-01

    A smartcard-based authentication and key agreement scheme for telecare medicine information systems enables patients, doctors, nurses and health visitors to use smartcards for secure login to medical information systems. Authorized users can then efficiently access remote services provided by the medicine information systems through public networks. Guo and Chang recently improved the efficiency of a smartcard authentication and key agreement scheme by using chaotic maps. Later, Hao et al. reported that the scheme developed by Guo and Chang had two weaknesses: inability to provide anonymity and inefficient double secrets. Therefore, Hao et al. proposed an authentication scheme for telecare medicine information systems that solved these weaknesses and improved performance. However, a limitation in both schemes is their violation of the contributory property of key agreements. This investigation discusses these weaknesses and proposes a new smartcard-based authentication and key agreement scheme that uses chaotic maps for telecare medicine information systems. Compared to conventional schemes, the proposed scheme provides fewer weaknesses, better security, and more efficiency.

  8. An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

    PubMed Central

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2013-01-01

    Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged. PMID:23887085

  9. An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

    PubMed

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2013-07-24

    Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

  10. An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

    PubMed

    Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

    2015-11-01

    Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

  11. Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

    PubMed

    Li, Xiong; Niu, Jianwei; Karuppiah, Marimuthu; Kumari, Saru; Wu, Fan

    2016-12-01

    Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

  12. A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems.

    PubMed

    Mishra, Dheerendra; Srinivas, Jangirala; Mukhopadhyay, Sourav

    2014-10-01

    Advancement in network technology provides new ways to utilize telecare medicine information systems (TMIS) for patient care. Although TMIS usually faces various attacks as the services are provided over the public network. Recently, Jiang et al. proposed a chaotic map-based remote user authentication scheme for TMIS. Their scheme has the merits of low cost and session key agreement using Chaos theory. It enhances the security of the system by resisting various attacks. In this paper, we analyze the security of Jiang et al.'s scheme and demonstrate that their scheme is vulnerable to denial of service attack. Moreover, we demonstrate flaws in password change phase of their scheme. Further, our aim is to propose a new chaos map-based anonymous user authentication scheme for TMIS to overcome the weaknesses of Jiang et al.'s scheme, while also retaining the original merits of their scheme. We also show that our scheme is secure against various known attacks including the attacks found in Jiang et al.'s scheme. The proposed scheme is comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other related existing schemes. Moreover, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

  13. Strong authentication scheme for telecare medicine information systems.

    PubMed

    Pu, Qiong; Wang, Jian; Zhao, Rongyong

    2012-08-01

    The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user's unique identity to accomplish the user authentication and does not need to store or verify others's certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.

  14. An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

    PubMed

    Moon, Jongho; Choi, Younsung; Kim, Jiye; Won, Dongho

    2016-03-01

    Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

  15. A password-based user authentication scheme for the integrated EPR information system.

    PubMed

    Wu, Zhen-Yu; Chung, Yufang; Lai, Feipei; Chen, Tzer-Shyong

    2012-04-01

    With the rapid development of the Internet, digitization and electronic orientation are required in various applications of our daily life. For e-medicine, establishing Electronic patient records (EPRs) for all the patients has become the top issue during the last decade. Simultaneously, constructing an integrated EPR information system of all the patients is beneficial because it can provide medical institutions and the academia with most of the patients' information in details for them to make correct decisions and clinical decisions, to maintain and analyze patients' health. Also beneficial to doctors and scholars, the EPR system can give them record linkage for researches, payment audits, or other services bound to be developed and integrated into medicine. To tackle the illegal access and to prevent the information from theft during transmission over the insecure Internet, we propose a password-based user authentication scheme suitable for information integration.

  16. A Smartcard-Based User Authentication Scheme to Ensure the PFS in Multi-Server Environments

    NASA Astrophysics Data System (ADS)

    Lee, Yun-Seok; Kim, Eun; Seok, Seung-Joon; Jung, Min-Soo

    Nowadays, a user authentication is very important in network environments. For safe authentication, they came up with six essential conditions in earlier studies. And a variety of mechanisms is presented by research scientists. However, they could not achieve the PFS. Because, though all these schemes are assumed that the communication between a smart card and a host is safe, actually it is not. Therefore, in this paper, we will point out what the communication between a smart card and a host is not safe, and propose a new user authentication mechanism that can reach to the PFS. And also, an encryption algorithm is used about 45% less than earlier studies in our proposed scheme. Thus, we can say that enhance the efficiency.

  17. An improved authentication scheme for telecare medicine information systems.

    PubMed

    Wei, Jianghong; Hu, Xuexian; Liu, Wenfen

    2012-12-01

    The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients' privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et al. pointed out that Wu et al.'s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.

  18. A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

    PubMed

    Das, Ashok Kumar

    2015-03-01

    An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

  19. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

    PubMed

    Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

    2016-10-01

    Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

  20. Trust recovery model of Ad Hoc network based on identity authentication scheme

    NASA Astrophysics Data System (ADS)

    Liu, Jie; Huan, Shuiyuan

    2017-05-01

    Mobile Ad Hoc network trust model is widely used to solve mobile Ad Hoc network security issues. Aiming at the problem of reducing the network availability caused by the processing of malicious nodes and selfish nodes in mobile Ad Hoc network routing based on trust model, an authentication mechanism based on identity authentication mobile Ad Hoc network is proposed, which uses identity authentication to identify malicious nodes, And trust the recovery of selfish nodes in order to achieve the purpose of reducing network congestion and improving network quality. The simulation results show that the implementation of the mechanism can effectively improve the network availability and security.

  1. Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems.

    PubMed

    Lee, Tian-Fu

    2014-12-01

    Telecare medicine information systems provide a communicating platform for accessing remote medical resources through public networks, and help health care workers and medical personnel to rapidly making correct clinical decisions and treatments. An authentication scheme for data exchange in telecare medicine information systems enables legal users in hospitals and medical institutes to establish a secure channel and exchange electronic medical records or electronic health records securely and efficiently. This investigation develops an efficient and secure verified-based three-party authentication scheme by using extended chaotic maps for data exchange in telecare medicine information systems. The proposed scheme does not require server's public keys and avoids time-consuming modular exponential computations and scalar multiplications on elliptic curve used in previous related approaches. Additionally, the proposed scheme is proven secure in the random oracle model, and realizes the lower bounds of messages and rounds in communications. Compared to related verified-based approaches, the proposed scheme not only possesses higher security, but also has lower computational cost and fewer transmissions.

  2. A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems.

    PubMed

    Xu, Xin; Zhu, Ping; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua; He, Lian

    2014-01-01

    In the field of the Telecare Medicine Information System, recent researches have focused on consummating more convenient and secure healthcare delivery services for patients. In order to protect the sensitive information, various attempts such as access control have been proposed to safeguard patients' privacy in this system. However, these schemes suffered from some certain security defects and had costly consumption, which were not suitable for the telecare medicine information system. In this paper, based on the elliptic curve cryptography, we propose a secure and efficient two-factor mutual authentication and key agreement scheme to reduce the computational cost. Such a scheme enables to provide the patient anonymity by employing the dynamic identity. Compared with other related protocols, the security analysis and performance evaluation show that our scheme overcomes some well-known attacks and has a better performance in the telecare medicine information system.

  3. Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems.

    PubMed

    Lin, Tsung-Hung; Lee, Tian-Fu

    2014-05-01

    Secure verified-based three-party authentication scheme for data exchange in telecare medicine information systems enables two users only store their verifiers computed from their actual password in authentication server's database. Then the authentication server can verify the users' verifiers and help them to exchange electronic medical records or electronic health records securely and conveniently. This investigation presents an efficient and secure verified-based three-party authentication scheme for data exchange in telecare medicine information systems. The proposed scheme does not use server's public keys and includes the key confirmation without extra numbers of messages and rounds. Compared to related verified-based approaches, the proposed scheme possesses higher security, has lower computational cost and fewer transmissions, and thus is suitable for the telecare medicine information systems.

  4. An Enhanced Secure Authentication Scheme with Anonymity for Wireless Environments

    NASA Astrophysics Data System (ADS)

    Jeon, Woongryul; Kim, Jeeyeon; Nam, Junghyun; Lee, Youngsook; Won, Dongho

    As anonymity increasingly becomes a necessary and legitimate aim in many applications, a number of anonymous authentication schemes have been suggested over the years. Among the many schemes is Lee and Kwon's password-based authentication scheme for wireless environments. Compared with previous schemes, Lee and Kwon's scheme not only improves anonymity by employing random temporary IDs but also provides user-friendliness by allowing human-memorable passwords. In this letter, we point out that Lee and Kwon's scheme, despite its many merits, is vulnerable to off-line password guessing attacks and a forgery attack. In addition, we show how to eliminate these vulnerabilities.

  5. A privacy enhanced authentication scheme for telecare medical information systems.

    PubMed

    Jiang, Qi; Ma, Jianfeng; Ma, Zhuo; Li, Guangsong

    2013-02-01

    The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Most recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme for TMIS, and claimed that their scheme achieves user anonymity. However, we observe that Chen et al.'s scheme achieves neither anonymity nor untraceability, and is subject to the identity guessing attack and tracking attack. In order to protect user privacy, we propose an enhanced authentication scheme which achieves user anonymity and untraceablity. It is a secure and efficient authentication scheme with user privacy preservation which is practical for TMIS.

  6. A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

    PubMed

    Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

    2014-09-01

    Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

  7. An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

    PubMed

    Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

    2015-11-01

    In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

  8. Robust anonymous authentication scheme for telecare medical information systems.

    PubMed

    Xie, Qi; Zhang, Jun; Dong, Na

    2013-04-01

    Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

  9. Efficient asymmetric image authentication schemes based on photon counting-double random phase encoding and RSA algorithms.

    PubMed

    Moon, Inkyu; Yi, Faliu; Han, Mingu; Lee, Jieun

    2016-06-01

    Recently, double random phase encoding (DRPE) has been integrated with the photon counting (PC) imaging technique for the purpose of secure image authentication. In this scheme, the same key should be securely distributed and shared between the sender and receiver, but this is one of the most vexing problems of symmetric cryptosystems. In this study, we propose an efficient asymmetric image authentication scheme by combining the PC-DRPE and RSA algorithms, which solves key management and distribution problems. The retrieved image from the proposed authentication method contains photon-limited encrypted data obtained by means of PC-DRPE. Therefore, the original image can be protected while the retrieved image can be efficiently verified using a statistical nonlinear correlation approach. Experimental results demonstrate the feasibility of our proposed asymmetric image authentication method.

  10. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

    PubMed

    Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

    2017-01-01

    Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

  11. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

    PubMed Central

    Kang, Dongwoo; Lee, Donghoon; Won, Dongho

    2017-01-01

    Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

  12. An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

    PubMed

    Das, Ashok Kumar; Bruhadeshwar, Bezawada

    2013-10-01

    Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

  13. An interference-based optical authentication scheme using two phase-only masks with different diffraction distances

    NASA Astrophysics Data System (ADS)

    Lu, Dajiang; He, Wenqi; Liao, Meihua; Peng, Xiang

    2017-02-01

    A new method to eliminate the security risk of the well-known interference-based optical cryptosystem is proposed. In this method, which is suitable for security authentication application, two phase-only masks are separately placed at different distances from the output plane, where a certification image (public image) can be obtained. To further increase the security and flexibility of this authentication system, we employ one more validation image (secret image), which can be observed at another output plane, for confirming the identity of the user. Only if the two correct masks are properly settled at their positions one could obtain two significant images. Besides, even if the legal users exchange their masks (keys), the authentication process will fail and the authentication results will not reveal any information. Numerical simulations are performed to demonstrate the validity and security of the proposed method.

  14. A Survey of Authentication Schemes in Telecare Medicine Information Systems.

    PubMed

    Aslam, Muhammad Umair; Derhab, Abdelouahid; Saleem, Kashif; Abbas, Haider; Orgun, Mehmet; Iqbal, Waseem; Aslam, Baber

    2017-01-01

    E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

  15. A remote password authentication scheme for multiserver architecture using neural networks.

    PubMed

    Li, L H; Lin, L C; Hwang, M S

    2001-01-01

    Conventional remote password authentication schemes allow a serviceable server to authenticate the legitimacy of a remote login user. However, these schemes are not used for multiserver architecture environments. We present a remote password authentication scheme for multiserver environments. The password authentication system is a pattern classification system based on an artificial neural network. In this scheme, the users only remember user identity and password numbers to log in to various servers. Users can freely choose their password. Furthermore, the system is not required to maintain a verification table and can withstand the replay attack.

  16. dLocAuth: a dynamic multifactor authentication scheme for mCommerce applications using independent location-based obfuscation

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Lami, Ihsan A.

    2012-06-01

    This paper proposes a new technique to obfuscate an authentication-challenge program (named LocProg) using randomly generated data together with a client's current location in real-time. LocProg can be used to enable any handsetapplication on mobile-devices (e.g. mCommerce on Smartphones) that requires authentication with a remote authenticator (e.g. bank). The motivation of this novel technique is to a) enhance the security against replay attacks, which is currently based on using real-time nonce(s), and b) add a new security factor, which is location verified by two independent sources, to challenge / response methods for authentication. To assure a secure-live transaction, thus reducing the possibility of replay and other remote attacks, the authors have devised a novel technique to obtain the client's location from two independent sources of GPS on the client's side and the cellular network on authenticator's side. The algorithm of LocProg is based on obfuscating "random elements plus a client's data" with a location-based key, generated on the bank side. LocProg is then sent to the client and is designed so it will automatically integrate into the target application on the client's handset. The client can then de-obfuscate LocProg if s/he is within a certain range around the location calculated by the bank and if the correct personal data is supplied. LocProg also has features to protect against trial/error attacks. Analysis of LocAuth's security (trust, threat and system models) and trials based on a prototype implementation (on Android platform) prove the viability and novelty of LocAuth.

  17. Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

    PubMed

    Mishra, Dheerendra

    2015-03-01

    Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

  18. A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

    PubMed

    Mishra, Raghavendra; Barnwal, Amit Kumar

    2015-05-01

    The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

  19. A Privacy-Protecting Authentication Scheme for Roaming Services with Smart Cards

    NASA Astrophysics Data System (ADS)

    Son, Kyungho; Han, Dong-Guk; Won, Dongho

    In this work we propose a novel smart card based privacy-protecting authentication scheme for roaming services. Our proposal achieves so-called Class 2 privacy protection, i.e., no information identifying a roaming user and also linking the user's behaviors is not revealed in a visited network. It can be used to overcome the inherent structural flaws of smart card based anonymous authentication schemes issued recently. As shown in our analysis, our scheme is computationally efficient for a mobile user.

  20. An authentication scheme for secure access to healthcare services.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

  1. An Efficient Remote Authentication Scheme for Wireless Body Area Network.

    PubMed

    Omala, Anyembe Andrew; Kibiwott, Kittur P; Li, Fagen

    2017-02-01

    Wireless body area network (WBAN) provide a mechanism of transmitting a persons physiological data to application providers e.g. hospital. Given the limited range of connectivity associated with WBAN, an intermediate portable device e.g. smartphone, placed within WBAN's connectivity, forwards the data to a remote server. This data, if not protected from an unauthorized access and modification may be lead to poor diagnosis. In order to ensure security and privacy between WBAN and a server at the application provider, several authentication schemes have been proposed. Recently, Wang and Zhang proposed an authentication scheme for WBAN using bilinear pairing. However, in their scheme, an application provider could easily impersonate a client. In order to overcome this weakness, we propose an efficient remote authentication scheme for WBAN. In terms of performance, our scheme can not only provide a malicious insider security, but also reduce running time of WBAN (client) by 51 % as compared to Wang and Zhang scheme.

  2. Study on the security of the authentication scheme with key recycling in QKD

    NASA Astrophysics Data System (ADS)

    Li, Qiong; Zhao, Qiang; Le, Dan; Niu, Xiamu

    2016-09-01

    In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.

  3. Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture.

    PubMed

    Ku, Wei-Chi

    2005-07-01

    In 2001, Li et al. proposed a password authentication scheme for the multiserver architecture by using a pattern classification system based on neural networks. Herein, we demonstrate that Li et al's scheme is vulnerable to an offline password guessing attack and a privileged insider's attack, and is not reparable. Additionally, we show that Li et al.'s scheme has several drawbacks in practice.

  4. A Secure User Anonymity and Authentication Scheme Using AVISPA for Telecare Medical Information Systems.

    PubMed

    Mir, Omid; van der Weide, Theo; Lee, Cheng-Chi

    2015-09-01

    Telecare medicine information systems (TMIS) have been known as an effective mechanism to increase quality and security of healthcare services. In other to the protection of patient privacy, several authentication schemes have been proposed in TMIS, however, most of them have a security problems. Recently, Das proposed a secure and robust password-based remote user authentication scheme for the integrated EPR information system. However, in this paper, we show that his scheme have some security flaws. Then, we shall propose a secure authentication scheme to overcome their weaknesses. We prove the proposed scheme with random oracle and also use the BAN logic to prove the correctness of the proposed scheme. Furthermore, we simulate our scheme for the formal security analysis using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool.

  5. Fragile watermarking scheme for H.264 video authentication

    NASA Astrophysics Data System (ADS)

    Wang, Chuen-Ching; Hsu, Yu-Chang

    2010-02-01

    A novel H.264 advanced video coding fragile watermarking method is proposed that enables the authenticity and integrity of the video streams to be verified. The effectiveness of the proposed scheme is demonstrated by way of experimental simulations. The results show that by embedding the watermark information in the last nonzero-quantized coefficient in each discrete cosine transform block, the proposed scheme induces no more than a minor distortion of the video content. In addition, we show that the proposed scheme is able to detect unauthorized changes in the watermarked video content without the original video. The experimental results demonstrate the feasibility of the proposed video authentication system.

  6. An improved anonymous authentication scheme for telecare medical information systems.

    PubMed

    Wen, Fengtong; Guo, Dianli

    2014-05-01

    Telecare medical information system (TMIS) constructs an efficient and convenient connection between patients and the medical server. The patients can enjoy medical services through public networks, and hence the protection of patients' privacy is very significant. Very recently, Wu et al. identified Jiang et al.'s authentication scheme had some security drawbacks and proposed an enhanced authentication scheme for TMIS. However, we analyze Wu et al.'s scheme and show that their scheme suffers from server spoofing attack, off-line password guessing attack, impersonation attack. Moreover, Wu et al.'s scheme fails to preserve the claimed patient anonymity and its password change phase is unfriendly and inefficient. Thereby, we present a novel anonymous authentication scheme for telecare medical information systems to eliminate the aforementioned faults. Besides, We demonstrate the completeness of the proposed scheme through the BAN logic. Furthermore, the security of our proposed scheme is proven through Bellare and Rogaways model. Compared with the related existing schemes, our scheme is more secure.

  7. Efficient and Anonymous Authentication Scheme for Wireless Body Area Networks.

    PubMed

    Wu, Libing; Zhang, Yubo; Li, Li; Shen, Jian

    2016-06-01

    As a significant part of the Internet of Things (IoT), Wireless Body Area Network (WBAN) has attract much attention in this years. In WBANs, sensors placed in or around the human body collect the sensitive data of the body and transmit it through an open wireless channel in which the messages may be intercepted, modified, etc. Recently, Wang et al. presented a new anonymous authentication scheme for WBANs and claimed that their scheme can solve the security problems in the previous schemes. Unfortunately, we demonstrate that their scheme cannot withstand impersonation attack. Either an adversary or a malicious legal client could impersonate another legal client to the application provider. In this paper, we give the detailed weakness analysis of Wang et al.'s scheme at first. Then we present a novel anonymous authentication scheme for WBANs and prove that it's secure under a random oracle model. At last, we demonstrate that our presented anonymous authentication scheme for WBANs is more suitable for practical application than Wang et al.'s scheme due to better security and performance. Compared with Wang et al.'s scheme, the computation cost of our scheme in WBANs has reduced by about 31.58%.

  8. A more secure anonymous user authentication scheme for the integrated EPR information system.

    PubMed

    Wen, Fengtong

    2014-05-01

    Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.'s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.

  9. An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

    PubMed

    Das, Ashok Kumar; Goswami, Adrijit

    2014-06-01

    Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

  10. A user anonymity preserving three-factor authentication scheme for telecare medicine information systems.

    PubMed

    Tan, Zuowen

    2014-03-01

    The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.

  11. Framework for media data and owner authentication based on cryptography, watermarking, and biometric authentication

    NASA Astrophysics Data System (ADS)

    Dittman, Jana; Steinebach, Martin; Croce Ferri, Lucilla; Vielhauer, Claus; Steinmetz, Ralf; Wohlmacher, Petra

    2001-11-01

    Protecting the media of the future - securing the future of the media is an essential task for our new century. Security is defined by security measures, e.g. confidentiality, integrity, authenticity, and non-repudiation. Most of these measures are using watermarking techniques and cryptographic mechanisms like cipher systems, digital signature schemes, and authentication protocols. The security of these mechanisms is mainly based on the authenticity of specific data like keys and attributes - both data must be dedicated to its owner in an authentic manner. Otherwise, the authenticity of data and of owners can not be guaranteed and subsequently, the security can not be assured. Therefore in our paper we want to focus on data and entity (owner) authentication. We introduce a general framework to protect media data by combining different existing techniques: cryptographic, watermarking and biometric approaches. As an example we describe general concepts for a content-fragile watermarking approach for digital images and a generic approach for biometric authentication.

  12. A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks

    PubMed Central

    Wang, Changji; Yuan, Yuan; Wu, Jiayuan

    2017-01-01

    Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication. PMID:28632171

  13. Cryptanalysis of the Kiyomoto-Fukushima-Tanaka Anonymous Attribute Authentication Scheme

    NASA Astrophysics Data System (ADS)

    Park, Haeryong

    Kiyomoto-Fukushima-Tanaka proposed a perfectly ano-nymous attribute authentication scheme that realizes unidentifiable and untraceable authentication with offline revocation checking. The Kiyomoto-Fukushima-Tanaka scheme uses a self-blindable certificate that a user can change randomly. Thus, the certificate is modified for each authentication and the authentication scheme has the unidentifiable property and the untraceable property. However, in this letter, we show that the Kiyomoto-Fukushima-Tanaka scheme is insecure against the impersonation attack.

  14. On the security of two remote user authentication schemes for telecare medical information systems.

    PubMed

    Kim, Kee-Won; Lee, Jae-Dong

    2014-05-01

    The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

  15. Efficient Anonymous Authentication Protocol Using Key-Insulated Signature Scheme for Secure VANET

    NASA Astrophysics Data System (ADS)

    Park, Youngho; Sur, Chul; Jung, Chae Duk; Rhee, Kyung-Hyune

    In this paper, we propose an efficient authentication protocol with conditional privacy preservation for secure vehicular communications. The proposed protocol follows the system model to issue on-the-fly anonymous public key certificates to vehicles by road-side units. In order to design an efficient message authentication protocol, we consider a key-insulated signature scheme for certifying anonymous public keys of vehicles to such a system model. We demonstrate experimental results to confirm that the proposed protocol has better performance than other protocols based on group signature schemes.

  16. A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

    PubMed

    Chang, Ya-Fen; Yu, Shih-Hui; Shiao, Ding-Rui

    2013-04-01

    Connected health care provides new opportunities for improving financial and clinical performance. Many connected health care applications such as telecare medicine information system, personally controlled health records system, and patient monitoring have been proposed. Correct and quality care is the goal of connected heath care, and user authentication can ensure the legality of patients. After reviewing authentication schemes for connected health care applications, we find that many of them cannot protect patient privacy such that others can trace users/patients by the transmitted data. And the verification tokens used by these authentication schemes to authenticate users or servers are only password, smart card and RFID tag. Actually, these verification tokens are not unique and easy to copy. On the other hand, biometric characteristics, such as iris, face, voiceprint, fingerprint and so on, are unique, easy to be verified, and hard to be copied. In this paper, a biometrics-based user authentication scheme will be proposed to ensure uniqueness and anonymity at the same time. With the proposed scheme, only the legal user/patient himself/herself can access the remote server, and no one can trace him/her according to transmitted data.

  17. A reliable RFID mutual authentication scheme for healthcare environments.

    PubMed

    Wu, Zhen-Yu; Chen, Lichin; Wu, Ju-Chuan

    2013-04-01

    Radio frequency identification (RFID) applications have the potential to increase the reliability of healthcare environments. However, there are obvious security and privacy concerns with regard to storing personal and medical data in RFID tags, and the lack of secure authentication systems in healthcare environments remains as a challenge the further use of this technology, one that touches on issues of confidentiality, unforgeability, location privacy, and scalability. This study proposes a novel mutual authentication protocol that considers all of these issues and solves the tradeoff between location privacy and scalability in healthcare environments. A formal proof and analysis is demonstrated to prove the effectiveness of the proposed scheme, and that high reliability has and can be easily deployed and managed. This study also provides a scenario example that applied proposed protocol in the newborn care and management. The result shows that the proposed scheme solves the related tradeoff problem, and is capable of providing both location privacy and scalability. To apply the authentication scheme proposed in this work would be able to increase confidence in future implementations of RFID systems in healthcare environments.

  18. An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem.

    PubMed

    Zhao, Zhenguo

    2014-02-01

    With the development of wireless networks and medical sensors, wireless body area networks are playing more and more important role in the field of healthcare service. The data transmitted in WBANs is very sensitive since it will be used in clinical diagnoses or measurements. Therefore, security and privacy of communication in WBANs derive increasing attentions from the academia and industry. In this paper, we propose an identity (ID)-based efficient anonymous authentication scheme for WBANs using elliptic curve cryptosystem (ECC). Due to the ID-based concept, there is no certificate is needed in the proposed scheme. Moreover, the proposed scheme not only provides mutual authentication between the client and the application provider but also provides client anonymity. Performance analysis shows that improvements of 50.58% and 3.87% in the client side and the application provider side separately. Then the proposed scheme is more suitable for WBANs.

  19. Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol.

    PubMed

    He, Debiao; Kumar, Neeraj; Chilamkurti, Naveen; Lee, Jong-Hyouk

    2014-10-01

    The radio frequency identification (RFID) technology has been widely adopted and being deployed as a dominant identification technology in a health care domain such as medical information authentication, patient tracking, blood transfusion medicine, etc. With more and more stringent security and privacy requirements to RFID based authentication schemes, elliptic curve cryptography (ECC) based RFID authentication schemes have been proposed to meet the requirements. However, many recently published ECC based RFID authentication schemes have serious security weaknesses. In this paper, we propose a new ECC based RFID authentication integrated with an ID verifier transfer protocol that overcomes the weaknesses of the existing schemes. A comprehensive security analysis has been conducted to show strong security properties that are provided from the proposed authentication scheme. Moreover, the performance of the proposed authentication scheme is analyzed in terms of computational cost, communicational cost, and storage requirement.

  20. Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

    PubMed

    Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

    2014-09-01

    Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

  1. Anonymous Three-Party Password-Authenticated Key Exchange Scheme for Telecare Medical Information Systems

    PubMed Central

    Xie, Qi; Hu, Bin; Dong, Na; Wong, Duncan S.

    2014-01-01

    Telecare Medical Information Systems (TMIS) provide an effective way to enhance the medical process between doctors, nurses and patients. For enhancing the security and privacy of TMIS, it is important while challenging to enhance the TMIS so that a patient and a doctor can perform mutual authentication and session key establishment using a third-party medical server while the privacy of the patient can be ensured. In this paper, we propose an anonymous three-party password-authenticated key exchange (3PAKE) protocol for TMIS. The protocol is based on the efficient elliptic curve cryptosystem. For security, we apply the pi calculus based formal verification tool ProVerif to show that our 3PAKE protocol for TMIS can provide anonymity for patient and doctor while at the same time achieves mutual authentication and session key security. The proposed scheme is secure and efficient, and can be used in TMIS. PMID:25047235

  2. Anonymous three-party password-authenticated key exchange scheme for Telecare Medical Information Systems.

    PubMed

    Xie, Qi; Hu, Bin; Dong, Na; Wong, Duncan S

    2014-01-01

    Telecare Medical Information Systems (TMIS) provide an effective way to enhance the medical process between doctors, nurses and patients. For enhancing the security and privacy of TMIS, it is important while challenging to enhance the TMIS so that a patient and a doctor can perform mutual authentication and session key establishment using a third-party medical server while the privacy of the patient can be ensured. In this paper, we propose an anonymous three-party password-authenticated key exchange (3PAKE) protocol for TMIS. The protocol is based on the efficient elliptic curve cryptosystem. For security, we apply the pi calculus based formal verification tool ProVerif to show that our 3PAKE protocol for TMIS can provide anonymity for patient and doctor while at the same time achieves mutual authentication and session key security. The proposed scheme is secure and efficient, and can be used in TMIS.

  3. Quantum secret sharing with identity authentication based on Bell states

    NASA Astrophysics Data System (ADS)

    Abulkasim, Hussein; Hamad, Safwat; Khalifa, Amal; El Bahnasy, Khalid

    Quantum secret sharing techniques allow two parties or more to securely share a key, while the same number of parties or less can efficiently deduce the secret key. In this paper, we propose an authenticated quantum secret sharing protocol, where a quantum dialogue protocol is adopted to authenticate the identity of the parties. The participants simultaneously authenticate the identity of each other based on parts of a prior shared key. Moreover, the whole prior shared key can be reused for deducing the secret data. Although the proposed scheme does not significantly improve the efficiency performance, it is more secure compared to some existing quantum secret sharing scheme due to the identity authentication process. In addition, the proposed scheme can stand against participant attack, man-in-the-middle attack, impersonation attack, Trojan-horse attack as well as information leaks.

  4. Optical authentication based on moiré effect of nonlinear gratings in phase space

    NASA Astrophysics Data System (ADS)

    Liao, Meihua; He, Wenqi; Wu, Jiachen; Lu, Dajiang; Liu, Xiaoli; Peng, Xiang

    2015-12-01

    An optical authentication scheme based on the moiré effect of nonlinear gratings in phase space is proposed. According to the phase function relationship of the moiré effect in phase space, an arbitrary authentication image can be encoded into two nonlinear gratings which serve as the authentication lock (AL) and the authentication key (AK). The AL is stored in the authentication system while the AK is assigned to the authorized user. The authentication procedure can be performed using an optoelectronic approach, while the design process is accomplished by a digital approach. Furthermore, this optical authentication scheme can be extended for multiple users with different security levels. The proposed scheme can not only verify the legality of a user identity, but can also discriminate and control the security levels of legal users. Theoretical analysis and simulation experiments are provided to verify the feasibility and effectiveness of the proposed scheme.

  5. An authentication scheme to healthcare security under wireless sensor networks.

    PubMed

    Hsiao, Tsung-Chih; Liao, Yu-Ting; Huang, Jen-Yan; Chen, Tzer-Shyong; Horng, Gwo-Boa

    2012-12-01

    In recent years, Taiwan has been seeing an extension of the average life expectancy and a drop in overall fertility rate, initiating our country into an aged society. Due to this phenomenon, how to provide the elderly and patients with chronic diseases a suitable healthcare environment has become a critical issue presently. Therefore, we propose a new scheme that integrates healthcare services with wireless sensor technology in which sensor nodes are employed to measure patients' vital signs. Data collected from these sensor nodes are then transmitted to mobile devices of the medical staff and system administrator, promptly enabling them to understand the patients' condition in real time, which will significantly improve patients' healthcare quality. As per the personal data protection act, patients' vital signs can only be accessed by authorized medical staff. In order to protect patients', the system administrator will verify the medical staff's identity through the mobile device using a smart card and password mechanism. Accordingly, only the verified medical staff can obtain patients' vital signs data such as their blood pressure, pulsation, and body temperature, etc.. Besides, the scheme includes a time-bounded characteristic that allows the verified staff access to data without having to have to re-authenticate and re-login into the system within a set period of time. Consequently, the time-bounded property also increases the work efficiency of the system administrator and user.

  6. Security enhanced multi-factor biometric authentication scheme using bio-hash function

    PubMed Central

    Lee, Youngsook; Moon, Jongho

    2017-01-01

    With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. PMID:28459867

  7. Security enhanced multi-factor biometric authentication scheme using bio-hash function.

    PubMed

    Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

    2017-01-01

    With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

  8. Security Improvement on a Remote User Authentication Scheme Using Smart Cards

    NASA Astrophysics Data System (ADS)

    Chen, Tien-Ho; Hsiang, Han-Cheng; Shih, Wei-Kuan

    Authentication is a very important ingredient service for the network system to verify whether a remote user is legal through any insecure channel. Recently, Hsiang and Shih proposed a remote user authentication scheme as an improved scheme over Yoon-Ryu-Yoo's, and asserted that their scheme could escape from masquerade attack, parallel session attack, etc. In this paper, we show that Hsiang and Shih's scheme still suffers from parallel session attack. To mend the problem, we offer a procedure to improve Hsiang and Shih's scheme. Consequently, our scheme is suitable for applications with higher secure requirement.

  9. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

    PubMed

    Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

    2014-01-01

    An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

  10. Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

    PubMed Central

    Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

    2014-01-01

    An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme. PMID:25276847

  11. On securing wireless sensor network--novel authentication scheme against DOS attacks.

    PubMed

    Raja, K Nirmal; Beno, M Marsaline

    2014-10-01

    Wireless sensor networks are generally deployed for collecting data from various environments. Several applications specific sensor network cryptography algorithms have been proposed in research. However WSN's has many constrictions, including low computation capability, less memory, limited energy resources, vulnerability to physical capture, which enforce unique security challenges needs to make a lot of improvements. This paper presents a novel security mechanism and algorithm for wireless sensor network security and also an application of this algorithm. The proposed scheme is given to strong authentication against Denial of Service Attacks (DOS). The scheme is simulated using network simulator2 (NS2). Then this scheme is analyzed based on the network packet delivery ratio and found that throughput has improved.

  12. An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks.

    PubMed

    Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

    2016-06-08

    WSNs (Wireless sensor networks) are nowadays viewed as a vital portion of the IoTs (Internet of Things). Security is a significant issue in WSNs, especially in resource-constrained environments. AKA (Authentication and key agreement) enhances the security of WSNs against adversaries attempting to get sensitive sensor data. Various AKA schemes have been developed for verifying the legitimate users of a WSN. Firstly, we scrutinize Amin-Biswas's currently scheme and demonstrate the major security loopholes in their works. Next, we propose a lightweight AKA scheme, using symmetric key cryptography based on smart card, which is resilient against all well known security attacks. Furthermore, we prove the scheme accomplishes mutual handshake and session key agreement property securely between the participates involved under BAN (Burrows, Abadi and Needham) logic. Moreover, formal security analysis and simulations are also conducted using AVISPA(Automated Validation of Internet Security Protocols and Applications) to show that our scheme is secure against active and passive attacks. Additionally, performance analysis shows that our proposed scheme is secure and efficient to apply for resource-constrained WSNs.

  13. An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks

    PubMed Central

    Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

    2016-01-01

    WSNs (Wireless sensor networks) are nowadays viewed as a vital portion of the IoTs (Internet of Things). Security is a significant issue in WSNs, especially in resource-constrained environments. AKA (Authentication and key agreement) enhances the security of WSNs against adversaries attempting to get sensitive sensor data. Various AKA schemes have been developed for verifying the legitimate users of a WSN. Firstly, we scrutinize Amin-Biswas’s currently scheme and demonstrate the major security loopholes in their works. Next, we propose a lightweight AKA scheme, using symmetric key cryptography based on smart card, which is resilient against all well known security attacks. Furthermore, we prove the scheme accomplishes mutual handshake and session key agreement property securely between the participates involved under BAN (Burrows, Abadi and Needham) logic. Moreover, formal security analysis and simulations are also conducted using AVISPA(Automated Validation of Internet Security Protocols and Applications) to show that our scheme is secure against active and passive attacks. Additionally, performance analysis shows that our proposed scheme is secure and efficient to apply for resource-constrained WSNs. PMID:27338382

  14. Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

    PubMed Central

    Lee, Youngsook; Paik, Juryon

    2014-01-01

    An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme. PMID:25302330

  15. Three-factor anonymous authentication and key agreement scheme for Telecare Medicine Information Systems.

    PubMed

    Arshad, Hamed; Nikooghadam, Morteza

    2014-12-01

    Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan's scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

  16. Security analysis and improvement of an anonymous authentication scheme for roaming services.

    PubMed

    Lee, Youngsook; Paik, Juryon

    2014-01-01

    An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme.

  17. An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

    PubMed

    Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

    2016-10-07

    More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes.

  18. An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks

    PubMed Central

    Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

    2016-01-01

    More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.’s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes. PMID:27739417

  19. A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

    PubMed

    Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

    2016-11-01

    Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

  20. A user authentication scheme using physiological and behavioral biometrics for multitouch devices.

    PubMed

    Koong, Chorng-Shiuh; Yang, Tzu-I; Tseng, Chien-Chao

    2014-01-01

    With the rapid growth of mobile network, tablets and smart phones have become sorts of keys to access personal secured services in our daily life. People use these devices to manage personal finances, shop on the Internet, and even pay at vending machines. Besides, it also helps us get connected with friends and business partners through social network applications, which were widely used as personal identifications in both real and virtual societies. However, these devices use inherently weak authentication mechanism, based upon passwords and PINs that is not changed all the time. Although forcing users to change password periodically can enhance the security level, it may also be considered annoyances for users. Biometric technologies are straightforward because of the simple authentication process. However, most of the traditional biometrics methodologies require diverse equipment to acquire biometric information, which may be expensive and not portable. This paper proposes a multibiometric user authentication scheme with both physiological and behavioral biometrics. Only simple rotations with fingers on multitouch devices are required to enhance the security level without annoyances for users. In addition, the user credential is replaceable to prevent from the privacy leakage.

  1. A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices

    PubMed Central

    Koong, Chorng-Shiuh; Tseng, Chien-Chao

    2014-01-01

    With the rapid growth of mobile network, tablets and smart phones have become sorts of keys to access personal secured services in our daily life. People use these devices to manage personal finances, shop on the Internet, and even pay at vending machines. Besides, it also helps us get connected with friends and business partners through social network applications, which were widely used as personal identifications in both real and virtual societies. However, these devices use inherently weak authentication mechanism, based upon passwords and PINs that is not changed all the time. Although forcing users to change password periodically can enhance the security level, it may also be considered annoyances for users. Biometric technologies are straightforward because of the simple authentication process. However, most of the traditional biometrics methodologies require diverse equipment to acquire biometric information, which may be expensive and not portable. This paper proposes a multibiometric user authentication scheme with both physiological and behavioral biometrics. Only simple rotations with fingers on multitouch devices are required to enhance the security level without annoyances for users. In addition, the user credential is replaceable to prevent from the privacy leakage. PMID:25147864

  2. An Gen2 Based Security Authentication Protocol for RFID System

    NASA Astrophysics Data System (ADS)

    Yi, Xiaoluo; Wang, Liangmin; Mao, Dongmei; Zhan, Yongzhao

    EPC Class-1 Generation-2 specification(Gen2 in brief) has been accepted as the standard for RFID tags under grant number ISO18000-6C. However, Gen2 does not pay due attention to security. For this reason, a Gen2 based security authentication protocol is developed in this paper. In details, we study the security requirements presented in the current Gen2 based RFID authentication protocols[7-13]. Then we point out the security flaws of Chien's mutual authentication protocol[7], and improve the protocol based on a 11 security requirements. Our improved protocol merely uses CRC and PRNG operations supported by Gen2 and meets the 11 security requirements. In contrast to the similar work [14,15] on Chien's protocol or other Gen2 based schemes, our protocol is more secure and our security analysis is much more comprehensive and qualitative.

  3. A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

    PubMed

    Wen, Fengtong

    2013-12-01

    User authentication plays an important role to protect resources or services from being accessed by unauthorized users. In a recent paper, Das et al. proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. This scheme uses three factors, e.g. biometrics, password, and smart card, to protect the security. It protects user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Das et al.'s scheme, and show that the scheme is in fact insecure against the replay attack, user impersonation attacks and off-line guessing attacks. Then, we also propose a robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Compared with the existing schemes, our protocol uses a different user authentication mechanism to resist replay attack. We show that our proposed scheme can provide stronger security than previous protocols. Furthermore, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

  4. A RONI Based Visible Watermarking Approach for Medical Image Authentication.

    PubMed

    Thanki, Rohit; Borra, Surekha; Dwivedi, Vedvyas; Borisagar, Komal

    2017-08-09

    Nowadays medical data in terms of image files are often exchanged between different hospitals for use in telemedicine and diagnosis. Visible watermarking being extensively used for Intellectual Property identification of such medical images, leads to serious issues if failed to identify proper regions for watermark insertion. In this paper, the Region of Non-Interest (RONI) based visible watermarking for medical image authentication is proposed. In this technique, to RONI of the cover medical image is first identified using Human Visual System (HVS) model. Later, watermark logo is visibly inserted into RONI of the cover medical image to get watermarked medical image. Finally, the watermarked medical image is compared with the original medical image for measurement of imperceptibility and authenticity of proposed scheme. The experimental results showed that this proposed scheme reduces the computational complexity and improves the PSNR when compared to many existing schemes.

  5. Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

    PubMed

    Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

    2015-01-01

    Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

  6. Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

    PubMed Central

    Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

    2015-01-01

    Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

  7. Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks

    PubMed Central

    Lee, Tian-Fu

    2015-01-01

    A secure temporal credential-based authenticated key agreement scheme for Wireless Sensor Networks (WSNs) enables a user, a sensor node and a gateway node to realize mutual authentication using temporal credentials. The user and the sensor node then negotiate a common secret key with the help of the gateway node, and establish a secure and authenticated channel using this common secret key. To increase efficiency, recent temporal credential-based authenticated key agreement schemes for WSNs have been designed to involve few computational operations, such as hash and exclusive-or operations. However, these schemes cannot protect the privacy of users and withstand possible attacks. This work develops a novel temporal credential-based authenticated key agreement scheme for WSNs using extended chaotic maps, in which operations are more efficient than modular exponential computations and scalar multiplications on an elliptic curve. The proposed scheme not only provides higher security and efficiency than related schemes, but also resolves their weaknesses. PMID:26121612

  8. Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks.

    PubMed

    Lee, Tian-Fu

    2015-06-25

    A secure temporal credential-based authenticated key agreement scheme for Wireless Sensor Networks (WSNs) enables a user, a sensor node and a gateway node to realize mutual authentication using temporal credentials. The user and the sensor node then negotiate a common secret key with the help of the gateway node, and establish a secure and authenticated channel using this common secret key. To increase efficiency, recent temporal credential-based authenticated key agreement schemes for WSNs have been designed to involve few computational operations, such as hash and exclusive-or operations. However, these schemes cannot protect the privacy of users and withstand possible attacks. This work develops a novel temporal credential-based authenticated key agreement scheme for WSNs using extended chaotic maps, in which operations are more efficient than modular exponential computations and scalar multiplications on an elliptic curve. The proposed scheme not only provides higher security and efficiency than related schemes, but also resolves their weaknesses.

  9. A Novel Physical Layer Assisted Authentication Scheme for Mobile Wireless Sensor Networks.

    PubMed

    Wang, Qiuhua

    2017-02-04

    Physical-layer authentication can address physical layer vulnerabilities and security threats in wireless sensor networks, and has been considered as an effective complementary enhancement to existing upper-layer authentication mechanisms. In this paper, to advance the existing research and improve the authentication performance, we propose a novel physical layer assisted authentication scheme for mobile wireless sensor networks. In our proposed scheme, we explore the reciprocity and spatial uncorrelation of the wireless channel to verify the identities of involved transmitting users and decide whether all data frames are from the same sender. In our proposed scheme, a new method is developed for the legitimate users to compare their received signal strength (RSS) records, which avoids the information from being disclosed to the adversary. Our proposed scheme can detect the spoofing attack even in a high dynamic environment. We evaluate our scheme through experiments under indoor and outdoor environments. Experiment results show that our proposed scheme is more efficient and achieves a higher detection rate as well as keeping a lower false alarm rate.

  10. A Novel Physical Layer Assisted Authentication Scheme for Mobile Wireless Sensor Networks

    PubMed Central

    Wang, Qiuhua

    2017-01-01

    Physical-layer authentication can address physical layer vulnerabilities and security threats in wireless sensor networks, and has been considered as an effective complementary enhancement to existing upper-layer authentication mechanisms. In this paper, to advance the existing research and improve the authentication performance, we propose a novel physical layer assisted authentication scheme for mobile wireless sensor networks. In our proposed scheme, we explore the reciprocity and spatial uncorrelation of the wireless channel to verify the identities of involved transmitting users and decide whether all data frames are from the same sender. In our proposed scheme, a new method is developed for the legitimate users to compare their received signal strength (RSS) records, which avoids the information from being disclosed to the adversary. Our proposed scheme can detect the spoofing attack even in a high dynamic environment. We evaluate our scheme through experiments under indoor and outdoor environments. Experiment results show that our proposed scheme is more efficient and achieves a higher detection rate as well as keeping a lower false alarm rate. PMID:28165423

  11. Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care.

    PubMed

    Xu, Lili; Wu, Fan

    2015-02-01

    Nowadays, connected health care applications are used more and more in the world. Service through the applications can save the patients' time and expense, such as telecare medical information system (TMIS) and integrated electronic patient record (EPR) information system. In the applications, preserving patients' privacy, transmitting messages securely and keeping mutual authentication should all be paid attention. Many authentication schemes have been proposed to make a secure communicating environment. Recently Xie et al. showed that Wen's scheme was insecure because it was under the off-line password guessing attack and without user anonymity and forward security. They gave a new three-factor authentication scheme and claimed that it was secure. However, we find that Xie et al's scheme is vulnerable to the De-synchronization attack and the server has too much storage burden in the scheme. Then we present an improved scheme which overcomes the usual weaknesses and keeps ordinary security characters. Compared with recent schemes of the same kind, our scheme is secure and practical.

  12. Authentication based on gestures with smartphone in hand

    NASA Astrophysics Data System (ADS)

    Varga, Juraj; Švanda, Dominik; Varchola, Marek; Zajac, Pavol

    2017-08-01

    We propose a new method of authentication for smartphones and similar devices based on gestures made by user with the device itself. The main advantage of our method is that it combines subtle biometric properties of the gesture (something you are) with a secret information that can be freely chosen by the user (something you know). Our prototype implementation shows that the scheme is feasible in practice. Further development, testing and fine tuning of parameters is required for deployment in the real world.

  13. A Secure ECC-based RFID Mutual Authentication Protocol to Enhance Patient Medication Safety.

    PubMed

    Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Li, Fagen

    2016-01-01

    Patient medication safety is an important issue in patient medication systems. In order to prevent medication errors, integrating Radio Frequency Identification (RFID) technology into automated patient medication systems is required in hospitals. Based on RFID technology, such systems can provide medical evidence for patients' prescriptions and medicine doses, etc. Due to the mutual authentication between the medication server and the tag, RFID authentication scheme is the best choice for automated patient medication systems. In this paper, we present a RFID mutual authentication scheme based on elliptic curve cryptography (ECC) to enhance patient medication safety. Our scheme can achieve security requirements and overcome various attacks existing in other schemes. In addition, our scheme has better performance in terms of computational cost and communication overhead. Therefore, the proposed scheme is well suitable for patient medication systems.

  14. On Constructing Dynamic and Forward Secure Authenticated Group Key Agreement Scheme from Multikey Encapsulation Mechanism

    PubMed Central

    Fathirad, Iraj; Devlin, John

    2015-01-01

    The approach of instantiating authenticated group key exchange (GAKE) protocol from the multikey encapsulation mechanism (mKEM) has an important advantage of achieving classical requirement of GAKE security in one communication round. In spite of the limitations of this approach, for example, lack of forward secrecy, it is very useful in group environments when maximum communication efficiency is desirable. To enrich this mKEM-based GAKE construction, we suggest an efficient solution to convert this static GAKE framework into a partially dynamic scheme. Furthermore, to address the associated lack of forward-secrecy, we propose two variants of this generic construction which can also provide a means of forward secrecy at the cost of extra communication round. In addition, concerning associated implementation cost of deploying this generic GAKE construction in elliptic curve cryptosystem, we compare the possible instantiations of this model from existing mKEM algorithms in terms of the number of elliptic curve scalar multiplications. PMID:26451388

  15. A multispectral photon-counting double random phase encoding scheme for image authentication.

    PubMed

    Yi, Faliu; Moon, Inkyu; Lee, Yeon H

    2014-05-20

    In this paper, we propose a new method for color image-based authentication that combines multispectral photon-counting imaging (MPCI) and double random phase encoding (DRPE) schemes. The sparsely distributed information from MPCI and the stationary white noise signal from DRPE make intruder attacks difficult. In this authentication method, the original multispectral RGB color image is down-sampled into a Bayer image. The three types of color samples (red, green and blue color) in the Bayer image are encrypted with DRPE and the amplitude part of the resulting image is photon counted. The corresponding phase information that has nonzero amplitude after photon counting is then kept for decryption. Experimental results show that the retrieved images from the proposed method do not visually resemble their original counterparts. Nevertheless, the original color image can be efficiently verified with statistical nonlinear correlations. Our experimental results also show that different interpolation algorithms applied to Bayer images result in different verification effects for multispectral RGB color images.

  16. A Multispectral Photon-Counting Double Random Phase Encoding Scheme for Image Authentication

    PubMed Central

    Yi, Faliu; Moon, Inkyu; Lee, Yeon H.

    2014-01-01

    In this paper, we propose a new method for color image-based authentication that combines multispectral photon-counting imaging (MPCI) and double random phase encoding (DRPE) schemes. The sparsely distributed information from MPCI and the stationary white noise signal from DRPE make intruder attacks difficult. In this authentication method, the original multispectral RGB color image is down-sampled into a Bayer image. The three types of color samples (red, green and blue color) in the Bayer image are encrypted with DRPE and the amplitude part of the resulting image is photon counted. The corresponding phase information that has nonzero amplitude after photon counting is then kept for decryption. Experimental results show that the retrieved images from the proposed method do not visually resemble their original counterparts. Nevertheless, the original color image can be efficiently verified with statistical nonlinear correlations. Our experimental results also show that different interpolation algorithms applied to Bayer images result in different verification effects for multispectral RGB color images. PMID:24854208

  17. A robust and effective smart-card-based remote user authentication mechanism using hash function.

    PubMed

    Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

    2014-01-01

    In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

  18. A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

    PubMed Central

    Odelu, Vanga; Goswami, Adrijit

    2014-01-01

    In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme. PMID:24892078

  19. On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

    PubMed

    Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

    2015-08-01

    Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

  20. An Anonymous User Authentication with Key Agreement Scheme without Pairings for Multiserver Architecture Using SCPKs

    PubMed Central

    Wen, Qiaoyan; Li, Wenmin; Jin, Zhengping; Zhang, Hua

    2013-01-01

    With advancement of computer community and widespread dissemination of network applications, users generally need multiple servers to provide different services. Accordingly, the multiserver architecture has been prevalent, and designing a secure and efficient remote user authentication under multiserver architecture becomes a nontrivial challenge. In last decade, various remote user authentication protocols have been put forward to correspond to the multi-server scenario requirements. However, these schemes suffered from certain security problems or their cost consumption exceeded users' own constrained ability. In this paper, we present an anonymous remote user authentication with key agreement scheme for multi-server architecture employing self-certified public keys without pairings. The proposed scheme can not only retain previous schemes' advantages but also achieve user privacy concern. Moreover, our proposal can gain higher efficiency by removing the pairings operation compared with the related schemes. Through analysis and comparison with the related schemes, we can say that our proposal is in accordance with the scenario requirements and feasible to the multi-server architecture. PMID:23844397

  1. Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps.

    PubMed

    Lee, Tian-Fu; Hsiao, Chia-Hung; Hwang, Shi-Han; Lin, Tsung-Hung

    2017-01-01

    A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes.

  2. Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps

    PubMed Central

    Lee, Tian-Fu; Hsiao, Chia-Hung; Hwang, Shi-Han

    2017-01-01

    A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes. PMID:28759615

  3. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

    PubMed

    Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

    2017-03-21

    At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

  4. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks

    PubMed Central

    Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

    2017-01-01

    At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al’s method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration. PMID:28335572

  5. Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

    PubMed

    Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

    2014-11-01

    Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

  6. Color image authentication scheme via multispectral photon-counting double random phase encoding

    NASA Astrophysics Data System (ADS)

    Moon, Inkyu

    2015-05-01

    In this paper, we present an overview of a color image authentication scheme via multispectral photon-counting (MPCI) double random phase encoding (DRPE). The MPCI makes image sparse distributed and DRPE lets image be stationary white noise which make intruder attacks difficult. In this method, the original RGB image is down-sampled into Bayer image and then be encrypted with DRPE. The encrypted image is photon-counted and transmitted on internet channel. For image authentication, the decrypted Bayer image is interpolated into RBC image with demosaicing algorithm. Experimental results show that the decrypted image is not visually recognized under low light level but can be verified with nonlinear correlation algorithm.

  7. Facelock: familiarity-based graphical authentication

    PubMed Central

    McLachlan, Jane L.; Renaud, Karen

    2014-01-01

    Authentication codes such as passwords and PIN numbers are widely used to control access to resources. One major drawback of these codes is that they are difficult to remember. Account holders are often faced with a choice between forgetting a code, which can be inconvenient, or writing it down, which compromises security. In two studies, we test a new knowledge-based authentication method that does not impose memory load on the user. Psychological research on face recognition has revealed an important distinction between familiar and unfamiliar face perception: When a face is familiar to the observer, it can be identified across a wide range of images. However, when the face is unfamiliar, generalisation across images is poor. This contrast can be used as the basis for a personalised ‘facelock’, in which authentication succeeds or fails based on image-invariant recognition of faces that are familiar to the account holder. In Study 1, account holders authenticated easily by detecting familiar targets among other faces (97.5% success rate), even after a one-year delay (86.1% success rate). Zero-acquaintance attackers were reduced to guessing (<1% success rate). Even personal attackers who knew the account holder well were rarely able to authenticate (6.6% success rate). In Study 2, we found that shoulder-surfing attacks by strangers could be defeated by presenting different photos of the same target faces in observed and attacked grids (1.9% success rate). Our findings suggest that the contrast between familiar and unfamiliar face recognition may be useful for developers of graphical authentication systems. PMID:25024913

  8. Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

    PubMed

    Wu, Fan; Xu, Lili

    2013-08-01

    Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

  9. A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

    PubMed

    Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

    2015-09-01

    The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

  10. A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

    PubMed

    Das, Ashok Kumar; Goswami, Adrijit

    2013-06-01

    Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

  11. Toward Developing Authentic Leadership: Team-Based Simulations

    ERIC Educational Resources Information Center

    Shapira-Lishchinsky, Orly

    2014-01-01

    Although there is a consensus that authentic leadership should be an essential component in educational leadership, no study to date has ever tried to find whether team-based simulations may promote authentic leadership. The purpose of this study was to identify whether principal trainees can develop authentic leadership through ethical decision…

  12. Toward Developing Authentic Leadership: Team-Based Simulations

    ERIC Educational Resources Information Center

    Shapira-Lishchinsky, Orly

    2014-01-01

    Although there is a consensus that authentic leadership should be an essential component in educational leadership, no study to date has ever tried to find whether team-based simulations may promote authentic leadership. The purpose of this study was to identify whether principal trainees can develop authentic leadership through ethical decision…

  13. Multi-watermarking scheme for copyright protection and content authentication of DubaiSat-1 satellite imagery

    NASA Astrophysics Data System (ADS)

    Al-Mansoori, Saeed; Kunhu, Alavi

    2013-09-01

    A non-secure transmission channel is considered as a major challenge in remote sensing. The commercial value of satellite imagery and the sensitive information it contains led engineers to look for different means to secure the ownership of satellite imagery and preventing the illegal use of these resources. Therefore, a blind multi-watermarking scheme for copyright protection and image authentication is proposed. The multi-watermarking scheme is based on designing two back-to-back encoders. The first encoder embeds a robust ownership watermark in a frequency domain of satellite imagery using Discrete Cosine Transform (DCT) approach. Whereas, the second encoder embeds a fragile authentication information into a spatial domain of a watermarked image using Message Digest Encryption Key algorithm. This study was conducted on DubaiSat-1 satellite imagery owned by Emirates Institution for Advanced Science and Technology (EIAST). The simulation results demonstrate that the proposed scheme is robust against many intentional and unintentional attacks. Moreover, it shows a very high ability for tamper detection.

  14. Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

    PubMed

    Arshad, Hamed; Rasoolzadegan, Abbas

    2016-11-01

    Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

  15. A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

    PubMed

    Das, Ashok Kumar

    2015-03-01

    Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

  16. Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle

    PubMed Central

    Park, Namje; Kang, Namhi

    2015-01-01

    The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, “things” are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks. PMID:26712759

  17. Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle.

    PubMed

    Park, Namje; Kang, Namhi

    2015-12-24

    The Internet of Things (IoT), which can be regarded as an enhanced version of machine-to-machine communication technology, was proposed to realize intelligent thing-to-thing communications by utilizing the Internet connectivity. In the IoT, "things" are generally heterogeneous and resource constrained. In addition, such things are connected to each other over low-power and lossy networks. In this paper, we propose an inter-device authentication and session-key distribution system for devices with only encryption modules. In the proposed system, unlike existing sensor-network environments where the key distribution center distributes the key, each sensor node is involved with the generation of session keys. In addition, in the proposed scheme, the performance is improved so that the authenticated device can calculate the session key in advance. The proposed mutual authentication and session-key distribution system can withstand replay attacks, man-in-the-middle attacks, and wiretapped secret-key attacks.

  18. Image authentication based on double-image encryption and partial phase decryption in nonseparable fractional Fourier domain

    NASA Astrophysics Data System (ADS)

    Yuan, Lin; Ran, Qiwen; Zhao, Tieyu

    2017-02-01

    In this paper an image authentication scheme is proposed based on double-image encryption and partial phase decryption in nonseparable Fractional Fourier transform domain. Two original images are combined and transformed into the nonseparable fractional Fourier domain. Only part of the phase information of the encrypted result is kept for decryption while the rest part of phase and all the amplitude information are discarded. The two recovered images are hardly recognized by visual inspection but can be authenticated by the nonlinear correlation algorithm. The numerical simulations demonstrate the viability and validity of the proposed image authentication scheme.

  19. Identity-Based Authenticated Key Agreement Protocols without Bilinear Pairings

    NASA Astrophysics Data System (ADS)

    Cao, Xuefei; Kou, Weidong; Yu, Yong; Sun, Rong

    This letter proposes an identity-based authenticated key agreement protocol. Different from available comparable ones, the new protocol realizes implicit authentication without bilinear pairings which makes it more efficient. The security of proposed protocol can be reduced to the standard Computational Diffie-Hellman problem. Two variants of the protocol are also given, with one achieving the security-efficiency trade-off and the other providing authenticated key agreement between users of different domains.

  20. Continuous-variable quantum identity authentication based on quantum teleportation

    NASA Astrophysics Data System (ADS)

    Ma, Hongxin; Huang, Peng; Bao, Wansu; Zeng, Guihua

    2016-06-01

    A continuous-variable quantum identity authentication protocol, which is based on quantum teleportation, is presented by employing two-mode squeezed vacuum state and coherent state. The proposed protocol can verify user's identity efficiently with a new defined fidelity parameter. Update of authentication key can also be implemented in our protocol. Moreover, the analysis shows its feasibility and security under the general Gaussian-cloner attack on authentication key, which is guaranteed by quantum entanglement, insertion of decoy state and random displacement.

  1. Watermarking protocols for authentication and ownership protection based on timestamps and holograms

    NASA Astrophysics Data System (ADS)

    Dittmann, Jana; Steinebach, Martin; Croce Ferri, Lucilla

    2002-04-01

    Digital watermarking has become an accepted technology for enabling multimedia protection schemes. One problem here is the security of these schemes. Without a suitable framework, watermarks can be replaced and manipulated. We discuss different protocols providing security against rightful ownership attacks and other fraud attempts. We compare the characteristics of existing protocols for different media like direct embedding or seed based and required attributes of the watermarking technology like robustness or payload. We introduce two new media independent protocol schemes for rightful ownership authentication. With the first scheme we ensure security of digital watermarks used for ownership protection with a combination of two watermarks: first watermark of the copyright holder and a second watermark from a Trusted Third Party (TTP). It is based on hologram embedding and the watermark consists of e.g. a company logo. As an example we use digital images and specify the properties of the embedded additional security information. We identify components necessary for the security protocol like timestamp, PKI and cryptographic algorithms. The second scheme is used for authentication. It is designed for invertible watermarking applications which require high data integrity. We combine digital signature schemes and digital watermarking to provide a public verifiable integrity. The original data can only be reproduced with a secret key. Both approaches provide solutions for copyright and authentication watermarking and are introduced for image data but can be easily adopted for video and audio data as well.

  2. Optical hierarchical authentication based on interference and hash function.

    PubMed

    He, Wenqi; Peng, Xiang; Meng, Xiangfeng; Liu, Xiaoli

    2012-11-10

    We propose a method to achieve the purpose of hierarchical authentication on the basis of two beams' interference and the one-way hash function. For this security protection system, only if the "phase key" and the password-controlled "phase lock" of a user are verified simultaneously can one obtain a permission to visit the confidential resources of the system. Moreover, this scheme can not only check the legality of the users but also verify their identity levels so as to grant them corresponding hierarchical access permissions. The authentication process is straightforward; the phase key and the password-controlled phase lock of one user are loading on two spatial light modulators in advance, by which two coherent beams are modulated and then interfere with each other at the output plane leading to an output image. By comparing the output image with all the standard certification images in the database, the system can thus verify the user's identity. However, the system designing process involves an iterative modified phase retrieval algorithm. For an authorized user, a phase lock is first created based on a "digital fingerprint," which is the result of a hash function on a preselected user password. The corresponding phase key can then be determined by use of the phase lock and a designated standard certification image. Theoretical analysis and computer simulations both validate the effectiveness of our method.

  3. Improved chaotic maps-based password-authenticated key agreement using smart cards

    NASA Astrophysics Data System (ADS)

    Lin, Han-Yu

    2015-02-01

    Elaborating on the security of password-based authenticated key agreement, in this paper, the author cryptanalyzes a chaotic maps-based password-authenticated key agreement proposed by Guo and Chang recently. Specifically, their protocol could not achieve strong user anonymity due to a fixed parameter and a malicious adversary is able to derive the shared session key by manipulating the property of Chebyshev chaotic maps. Additionally, the author also presents an improved scheme to eliminate the above weaknesses and still maintain the efficiency.

  4. Hologram authentication based on a secure watermarking algorithm using cellular automata.

    PubMed

    Hwang, Wen-Jyi; Chan, Hao-Tang; Cheng, Chau-Jern

    2014-09-20

    A secure watermarking algorithm for hologram authentication is presented in this paper. The algorithm exploits the noise-like feature of holograms to randomly embed a watermark in the domain of the discrete cosine transform with marginal degradation in transparency. The pseudo random number (PRN) generators based on a cellular automata algorithm with asymmetrical and nonlocal connections are used for the random hiding. Each client has its own unique PRN generators for enhancing the watermark security. In the proposed algorithm, watermarks are also randomly generated to eliminate the requirements of prestoring watermarks in the clients and servers. An authentication scheme is then proposed for the algorithm with random watermark generation and hiding.

  5. Gyrator transform based double random phase encoding with sparse representation for information authentication

    NASA Astrophysics Data System (ADS)

    Chen, Jun-xin; Zhu, Zhi-liang; Fu, Chong; Yu, Hai; Zhang, Li-bo

    2015-07-01

    Optical information security systems have drawn long-term concerns. In this paper, an optical information authentication approach using gyrator transform based double random phase encoding with sparse representation is proposed. Different from traditional optical encryption schemes, only sparse version of the ciphertext is preserved, and hence the decrypted result is completely unrecognizable and shows no similarity to the plaintext. However, we demonstrate that the noise-like decipher result can be effectively authenticated by means of optical correlation approach. Simulations prove that the proposed method is feasible and effective, and can provide additional protection for optical security systems.

  6. Robust EPR-pairs-based quantum secure communication with authentication resisting collective noise

    NASA Astrophysics Data System (ADS)

    Chang, Yan; Zhang, ShiBin; Li, Jian; Yan, LiLi

    2014-10-01

    This work presents two robust quantum secure communication schemes with authentication based on Einstein-Podolsky-Rosen (EPR) pairs, which can withstand collective noises. Two users previously share an identity string representing their identities. The identity string is encoded as decoherence-free states (termed logical qubits), respectively, over the two collective noisy channels, which are used as decoy photons. By using the decoy photons, both the authentication of two users and the detection of eavesdropping were implemented. The use of logical qubits not only guaranteed the high fidelity of exchanged secret message, but also prevented the eavesdroppers to eavesdrop beneath a mask of noise.

  7. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things

    PubMed Central

    Martín-Fernández, Francisco; Caballero-Gil, Pino; Caballero-Gil, Cándido

    2016-01-01

    This paper describes the design and analysis of a new scheme for the authenticated exchange of confidential information in insecure environments within the Internet of Things, which allows a receiver of a message to authenticate the sender and compute a secret key shared with it. The proposal is based on the concept of a non-interactive zero-knowledge proof, so that in a single communication, relevant data may be inferred to verify the legitimacy of the sender. Besides, the new scheme uses the idea under the Diffie–Hellman protocol for the establishment of a shared secret key. The proposal has been fully developed for platforms built on the Android Open Source Project, so it can be used in any device or sensor with this operating system. This work provides a performance study of the implementation and a comparison between its promising results and others obtained with similar schemes. PMID:26751454

  8. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things.

    PubMed

    Martín-Fernández, Francisco; Caballero-Gil, Pino; Caballero-Gil, Cándido

    2016-01-07

    This paper describes the design and analysis of a new scheme for the authenticated exchange of confidential information in insecure environments within the Internet of Things, which allows a receiver of a message to authenticate the sender and compute a secret key shared with it. The proposal is based on the concept of a non-interactive zero-knowledge proof, so that in a single communication, relevant data may be inferred to verify the legitimacy of the sender. Besides, the new scheme uses the idea under the Diffie-Hellman protocol for the establishment of a shared secret key. The proposal has been fully developed for platforms built on the Android Open Source Project, so it can be used in any device or sensor with this operating system. This work provides a performance study of the implementation and a comparison between its promising results and others obtained with similar schemes.

  9. Knuckle based hand correlation for user authentication

    NASA Astrophysics Data System (ADS)

    Sricharan, K. Kumar; Reddy, A. Aneesh; Ramakrishnan, A. G.

    2006-04-01

    Different hand-derived biometric traits have been used for user authentication in many commercial systems. In this paper we have investigated the possibility of using a new biometric trait, the knuckle, for user authentication. Knuckle regions are extracted from the hand images and correlation methods are used for the purpose of verification. Experimental results on a data set of 125 people show that the knuckle is a viable biometric trait, which can be used as an alternative to finger and palm prints or in conjunction with them.

  10. Secure password-based authenticated key exchange for web services

    SciTech Connect

    Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

    2004-11-22

    This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

  11. Patients' Data Management System Protected by Identity-Based Authentication and Key Exchange.

    PubMed

    Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

    2017-03-31

    A secure and distributed framework for the management of patients' information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients' data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed.

  12. Patients’ Data Management System Protected by Identity-Based Authentication and Key Exchange

    PubMed Central

    Rivero-García, Alexandra; Santos-González, Iván; Hernández-Goya, Candelaria; Caballero-Gil, Pino; Yung, Moti

    2017-01-01

    A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients’ data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed. PMID:28362328

  13. The Need for Authenticity-Based Autonomy in Medical Ethics.

    PubMed

    White, Lucie

    2017-08-11

    The notion of respect for autonomy dominates bioethical discussion, though what qualifies precisely as autonomous action is notoriously elusive. In recent decades, the notion of autonomy in medical contexts has often been defined in opposition to the notion of autonomy favoured by theoretical philosophers. Where many contemporary theoretical accounts of autonomy place emphasis on a condition of "authenticity", the special relation a desire must have to the self, bioethicists often regard such a focus as irrelevant to the concerns of medical ethics, and too stringent for use in practical contexts. I argue, however, that the very condition of authenticity that forms a focus in theoretical philosophy is also essential to autonomy and competence in medical ethics. After tracing the contours of contemporary authenticity-based theories of autonomy, I consider and respond to objections against the incorporation of a notion of authenticity into accounts of autonomy designed for use in medical contexts. By looking at the typical problems that arise when making judgments concerning autonomy or competence in a medical setting, I reveal the need for a condition of authenticity-as a means of protecting choices, particularly high-stakes choices, from being restricted or overridden on the basis of intersubjective disagreement. I then turn to the treatment of false and contestable beliefs, arguing that it is only through reference to authenticity that we can make important distinctions in this domain. Finally, I consider a potential problem with my proposed approach; its ability to deal with anorexic and depressive desires.

  14. Digital holographic-based cancellable biometric for personal authentication

    NASA Astrophysics Data System (ADS)

    Verma, Gaurav; Sinha, Aloka

    2016-05-01

    In this paper, we propose a new digital holographic-based cancellable biometric scheme for personal authentication and verification. The realization of cancellable biometric is presented by using an optoelectronic experimental approach, in which an optically recorded hologram of the fingerprint of a person is numerically reconstructed. Each reconstructed feature has its own perspective, which is utilized to generate user-specific fingerprint features by using a feature-extraction process. New representations of the user-specific fingerprint features can be obtained from the same hologram, by changing the reconstruction distance (d) by an amount Δd between the recording plane and the reconstruction plane. This parameter is the key to make the cancellable user-specific fingerprint features using a digital holographic technique, which allows us to choose different reconstruction distances when reissuing the user-specific fingerprint features in the event of compromise. We have shown theoretically that each user-specific fingerprint feature has a unique identity with a high discrimination ability, and the chances of a match between them are minimal. In this aspect, a recognition system has also been demonstrated using the fingerprint biometric of the enrolled person at a particular reconstruction distance. For the performance evaluation of a fingerprint recognition system—the false acceptance ratio, the false rejection ratio and the equal error rate are calculated using correlation. The obtained results show good discrimination ability between the genuine and the impostor populations with the highest recognition rate of 98.23%.

  15. Quantum cloning attacks against PUF-based quantum authentication systems

    NASA Astrophysics Data System (ADS)

    Yao, Yao; Gao, Ming; Li, Mo; Zhang, Jian

    2016-08-01

    With the advent of physical unclonable functions (PUFs), PUF-based quantum authentication systems have been proposed for security purposes, and recently, proof-of-principle experiment has been demonstrated. As a further step toward completing the security analysis, we investigate quantum cloning attacks against PUF-based quantum authentication systems and prove that quantum cloning attacks outperform the so-called challenge-estimation attacks. We present the analytical expression of the false-accept probability by use of the corresponding optimal quantum cloning machines and extend the previous results in the literature. In light of these findings, an explicit comparison is made between PUF-based quantum authentication systems and quantum key distribution protocols in the context of cloning attacks. Moreover, from an experimental perspective, a trade-off between the average photon number and the detection efficiency is discussed in detail.

  16. Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

    PubMed

    Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

    2015-11-01

    The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

  17. Efficient model checking of network authentication protocol based on SPIN

    NASA Astrophysics Data System (ADS)

    Tan, Zhi-hua; Zhang, Da-fang; Miao, Li; Zhao, Dan

    2013-03-01

    Model checking is a very useful technique for verifying the network authentication protocols. In order to improve the efficiency of modeling and verification on the protocols with the model checking technology, this paper first proposes a universal formalization description method of the protocol. Combined with the model checker SPIN, the method can expediently verify the properties of the protocol. By some modeling simplified strategies, this paper can model several protocols efficiently, and reduce the states space of the model. Compared with the previous literature, this paper achieves higher degree of automation, and better efficiency of verification. Finally based on the method described in the paper, we model and verify the Privacy and Key Management (PKM) authentication protocol. The experimental results show that the method of model checking is effective, which is useful for the other authentication protocols.

  18. An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

    PubMed

    Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

    2014-02-11

    Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

  19. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

    PubMed Central

    Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

    2014-01-01

    Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

  20. An efficient and secure attribute based signcryption scheme with LSSS access structure.

    PubMed

    Hong, Hanshu; Sun, Zhixin

    2016-01-01

    Attribute based encryption (ABE) and attribute based signature (ABS) provide flexible access control with authentication for data sharing between users, but realizing both functions will bring about too much computation burden. In this paper, we combine the advantages of CP-ABE with ABS and propose a ciphertext policy attribute based signcryption scheme. In our scheme, only legal receivers can decrypt the ciphertext and verify the signature signed by data owner. Furthermore, we use linear secret sharing scheme instead of tree structure to avoid the frequent calls of recursive algorithm. By security and performance analysis, we prove that our scheme is secure as well as gains higher efficiency.

  1. Dipstick test for DNA-based food authentication. Application to coffee authenticity assessment.

    PubMed

    Trantakis, Ioannis A; Spaniolas, Stelios; Kalaitzis, Panagiotis; Ioannou, Penelope C; Tucker, Gregory A; Christopoulos, Theodore K

    2012-01-25

    This paper reports DNA-based food authenticity assays, in which species identification is accomplished by the naked eye without the need of specialized instruments. Strongly colored nanoparticles (gold nanoparticles) are employed as reporters that enable visual detection. Furthermore, detection is performed in a low-cost, disposable, dipstick-type device that incorporates the required reagents in dry form, thereby avoiding multiple pipetting and incubation steps. Due to its simplicity, the method does not require highly qualified personnel. The procedure comprises the following steps: (i) PCR amplification of the DNA segment that flanks the unique SNP (species marker); (ii) a 15 min extension reaction in which DNA polymerase extends an allele-specific primer only if it is perfectly complementary with the target sequence; (iii) detection of the products of the extension reaction within a few minutes by the naked eye employing the dipstick. No purification is required prior to application of the extension products to the dipstick. The method is general and requires only a unique DNA sequence for species discrimination. The only instrument needed is a conventional thermocycler for PCR, which is common equipment in every DNA laboratory. As a model, the method was applied to the discrimination of Coffea robusta and arabica species in coffee authenticity assessment. As low as 5% of Robusta coffee can be detected in the presence of Arabica coffee.

  2. An efficient and robust RSA-based remote user authentication for telecare medical information systems.

    PubMed

    Giri, Debasis; Maitra, Tanmoy; Amin, Ruhul; Srivastava, P D

    2015-01-01

    It is not always possible for a patient to go to a doctor in critical or urgent period. Telecare Medical Information Systems (TMIS) provides a facility by which a patient can communicate to a doctor through a medical server via internet from home. To hide the secret information of both parties (a server and a patient), an authentication mechanism is needed in TMIS. In 2013, Khan and Kumari proposed the authentication schemes for TMIS. In this paper, we have shown that Khan and Kumari's scheme is insecure against off-line password guessing attack. We have also shown that Khan and Kumari's scheme does not provide any security if the password of a patient is compromised. To improve the security and efficiency, a new authentication scheme for TMIS has been proposed in this paper. Further, the proposed scheme can resist all possible attacks and has better performance than the related schemes published earlier.

  3. A Secure Mobile-Based Authentication System for e-Banking

    NASA Astrophysics Data System (ADS)

    Rifà-Pous, Helena

    Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

  4. Server-Controlled Identity-Based Authenticated Key Exchange

    NASA Astrophysics Data System (ADS)

    Guo, Hua; Mu, Yi; Zhang, Xiyong; Li, Zhoujun

    We present a threshold identity-based authenticated key exchange protocol that can be applied to an authenticated server-controlled gateway-user key exchange. The objective is to allow a user and a gateway to establish a shared session key with the permission of the back-end servers, while the back-end servers cannot obtain any information about the established session key. Our protocol has potential applications in strong access control of confidential resources. In particular, our protocol possesses the semantic security and demonstrates several highly-desirable security properties such as key privacy and transparency. We prove the security of the protocol based on the Bilinear Diffie-Hellman assumption in the random oracle model.

  5. A network identity authentication system based on Fingerprint identification technology

    NASA Astrophysics Data System (ADS)

    Xia, Hong-Bin; Xu, Wen-Bo; Liu, Yuan

    2005-10-01

    Fingerprint verification is one of the most reliable personal identification methods. However, most of the automatic fingerprint identification system (AFIS) is not run via Internet/Intranet environment to meet today's increasing Electric commerce requirements. This paper describes the design and implementation of the archetype system of identity authentication based on fingerprint biometrics technology, and the system can run via Internet environment. And in our system the COM and ASP technology are used to integrate Fingerprint technology with Web database technology, The Fingerprint image preprocessing algorithms are programmed into COM, which deployed on the internet information server. The system's design and structure are proposed, and the key points are discussed. The prototype system of identity authentication based on Fingerprint have been successfully tested and evaluated on our university's distant education applications in an internet environment.

  6. CENTERA: A Centralized Trust-Based Efficient Routing Protocol with Authentication for Wireless Sensor Networks †

    PubMed Central

    Tajeddine, Ayman; Kayssi, Ayman; Chehab, Ali; Elhajj, Imad; Itani, Wassim

    2015-01-01

    In this paper, we present CENTERA, a CENtralized Trust-based Efficient Routing protocol with an appropriate authentication scheme for wireless sensor networks (WSN). CENTERA utilizes the more powerful base station (BS) to gather minimal neighbor trust information from nodes and calculate the best routes after isolating different types of “bad” nodes. By periodically accumulating these simple local observations and approximating the nodes' battery lives, the BS draws a global view of the network, calculates three quality metrics—maliciousness, cooperation, and compatibility—and evaluates the Data Trust and Forwarding Trust values of each node. Based on these metrics, the BS isolates “bad”, “misbehaving” or malicious nodes for a certain period, and put some nodes on probation. CENTERA increases the node's bad/probation level with repeated “bad” behavior, and decreases it otherwise. Then it uses a very efficient method to distribute the routing information to “good” nodes. Based on its target environment, and if required, CENTERA uses an authentication scheme suitable for severely constrained nodes, ranging from the symmetric RC5 for safe environments under close administration, to pairing-based cryptography (PBC) for hostile environments with a strong attacker model. We simulate CENTERA using TOSSIM and verify its correctness and show some energy calculations. PMID:25648712

  7. CENTERA: a centralized trust-based efficient routing protocol with authentication for wireless sensor networks.

    PubMed

    Tajeddine, Ayman; Kayssi, Ayman; Chehab, Ali; Elhajj, Imad; Itani, Wassim

    2015-02-02

    In this paper, we present CENTERA, a CENtralized Trust-based Efficient Routing protocol with an appropriate authentication scheme for wireless sensor networks (WSN). CENTERA utilizes the more powerful base station (BS) to gather minimal neighbor trust information from nodes and calculate the best routes after isolating different types of "bad" nodes. By periodically accumulating these simple local observations and approximating the nodes' battery lives, the BS draws a global view of the network, calculates three quality metrics-maliciousness, cooperation, and compatibility-and evaluates the Data Trust and Forwarding Trust values of each node. Based on these metrics, the BS isolates "bad", "misbehaving" or malicious nodes for a certain period, and put some nodes on probation. CENTERA increases the node's bad/probation level with repeated "bad" behavior, and decreases it otherwise. Then it uses a very efficient method to distribute the routing information to "good" nodes. Based on its target environment, and if required, CENTERA uses an authentication scheme suitable for severely constrained nodes, ranging from the symmetric RC5 for safe environments under close administration, to pairing-based cryptography (PBC) for hostile environments with a strong attacker model. We simulate CENTERA using TOSSIM and verify its correctness and show some energy calculations.

  8. Provably Secure Password-based Authentication in TLS

    SciTech Connect

    Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo; Pointcheval, David

    2005-12-20

    In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

  9. BossPro: a biometrics-based obfuscation scheme for software protection

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Lami, Ihsan A.; Al-Assam, Hisham

    2013-05-01

    This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect authentication application software from illegitimate use or reverse-engineering. This is especially necessary for mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual person to be authenticated, in real-time. Without this key, the real semantics of the program cannot be understood by an attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a vital aspect in protecting any application running on mobile devices that are increasingly used to perform business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a personalised copy of any application based on the biometric key generated during an enrolment process with the authenticator as well as a nuance created at the time of communication between the client and the authenticator. The obfuscated code is then shipped to the client's mobile devise and integrated with real-time biometric extracted data of the client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this application program to the biometric key of the client, thus making this application unusable for others. Trials and experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based on the Android emulator, prove the concept and novelty of this proposed scheme.

  10. Marketing Education Assessment Guide. Performance-Based Activities with Authentic Assessments Instruments.

    ERIC Educational Resources Information Center

    Everett, Donna R.

    This guide presents performance-based authentic assessment ideas, samples, and suggestions to help marketing teachers and students respond to changes and pressures from outside the classroom. It contains 21 activities, each accompanied by a method of authentic assessment. In most cases, the authentic assessment method is a scoring device. The…

  11. An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity

    PubMed Central

    Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

    2016-01-01

    User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.’s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.’s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance. PMID:27101305

  12. An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity.

    PubMed

    Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

    2016-01-01

    User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.'s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.'s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance.

  13. Digital imaging based classification and authentication of granular food products

    NASA Astrophysics Data System (ADS)

    Carter, R. M.; Yan, Y.; Tomlins, K.

    2006-02-01

    In the food industry there are many types of product that are in the form of particles, granules or grains. Consistent material size and quality within any given sample is an important requirement that is well known in industry. In addition it is possible that samples of material may be of unknown type or have been subject to adulteration, thus making material authentication a real requirement. The present work implements an advanced, but cost-effective, digital imaging and image processing technique to characterize granular foodstuffs either in real time process control or in an off-line, sample-based, manner. The imaging approach not only provides cost-effective and rugged hardware when compared with other approaches but also allows precise characterization of individual grains of material. In this paper the imaging system is briefly described and the parameters it measures are discussed. Both cluster and discriminant analyses are performed to establish the suitability of the measured parameters for authenticity study and a simple fuzzy logic is implemented based on the findings. Tests are performed, using rice as an example, to evaluate the performance of the system for authenticity testing, and encouraging results are achieved.

  14. ID-based encryption scheme with revocation

    NASA Astrophysics Data System (ADS)

    Othman, Hafizul Azrie; Ismail, Eddie Shahril

    2017-04-01

    In 2015, Meshram proposed an efficient ID-based cryptographic encryption based on the difficulty of solving discrete logarithm and integer-factoring problems. The scheme was pairing free and claimed to be secure against adaptive chosen plaintext attacks (CPA). Later, Tan et al. proved that the scheme was insecure by presenting a method to recover the secret master key and to obtain prime factorization of modulo n. In this paper, we propose a new pairing-free ID-based encryption scheme with revocation based on Meshram's ID-based encryption scheme, which is also secure against Tan et al.'s attacks.

  15. Multi-image encryption based on synchronization of chaotic lasers and iris authentication

    NASA Astrophysics Data System (ADS)

    Banerjee, Santo; Mukhopadhyay, Sumona; Rondoni, Lamberto

    2012-07-01

    A new technique of transmitting encrypted combinations of gray scaled and chromatic images using chaotic lasers derived from Maxwell-Bloch's equations has been proposed. This novel scheme utilizes the general method of solution of a set of linear equations to transmit similar sized heterogeneous images which are a combination of monochrome and chromatic images. The chaos encrypted gray scaled images are concatenated along the three color planes resulting in color images. These are then transmitted over a secure channel along with a cover image which is an iris scan. The entire cryptology is augmented with an iris-based authentication scheme. The secret messages are retrieved once the authentication is successful. The objective of our work is briefly outlined as (a) the biometric information is the iris which is encrypted before transmission, (b) the iris is used for personal identification and verifying for message integrity, (c) the information is transmitted securely which are colored images resulting from a combination of gray images, (d) each of the images transmitted are encrypted through chaos based cryptography, (e) these encrypted multiple images are then coupled with the iris through linear combination of images before being communicated over the network. The several layers of encryption together with the ergodicity and randomness of chaos render enough confusion and diffusion properties which guarantee a fool-proof approach in achieving secure communication as demonstrated by exhaustive statistical methods. The result is vital from the perspective of opening a fundamental new dimension in multiplexing and simultaneous transmission of several monochromatic and chromatic images along with biometry based authentication and cryptography.

  16. Authenticity preservation with histogram-based reversible data hiding and quadtree concepts.

    PubMed

    Huang, Hsiang-Cheh; Fang, Wai-Chi

    2011-01-01

    With the widespread use of identification systems, establishing authenticity with sensors has become an important research issue. Among the schemes for making authenticity verification based on information security possible, reversible data hiding has attracted much attention during the past few years. With its characteristics of reversibility, the scheme is required to fulfill the goals from two aspects. On the one hand, at the encoder, the secret information needs to be embedded into the original image by some algorithms, such that the output image will resemble the input one as much as possible. On the other hand, at the decoder, both the secret information and the original image must be correctly extracted and recovered, and they should be identical to their embedding counterparts. Under the requirement of reversibility, for evaluating the performance of the data hiding algorithm, the output image quality, named imperceptibility, and the number of bits for embedding, called capacity, are the two key factors to access the effectiveness of the algorithm. Besides, the size of side information for making decoding possible should also be evaluated. Here we consider using the characteristics of original images for developing our method with better performance. In this paper, we propose an algorithm that has the ability to provide more capacity than conventional algorithms, with similar output image quality after embedding, and comparable side information produced. Simulation results demonstrate the applicability and better performance of our algorithm.

  17. Smartphone-based secure authenticated session sharing in Internet of Personal Things

    NASA Astrophysics Data System (ADS)

    Krishnan, Ram; Ninglekhu, Jiwan

    2015-03-01

    In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

  18. Claims-Based Authentication for a Web-Based Enterprise

    DTIC Science & Technology

    2013-07-01

    generating, escrowing /retrieval, distributing, validating, and revoking certificates are discussed in specifications for DoD Certificates. Users are... agreement that specifies approved primary and derived credentials. The credentials will be configured for such federations. C. Authentication The...Identity is established by the enterprise or the requesting agency as agreed to in the federation agreement . In the enterprise, this is primarily

  19. Design of a mutual authentication based on NTRUsign with a perturbation and inherent multipoint control protocol frames in an Ethernet-based passive optical network

    NASA Astrophysics Data System (ADS)

    Yin, Aihan; Ding, Yisheng

    2014-11-01

    Identity-related security issues inherently present in passive optical networks (PON) still exist in the current (1G) and next-generation (10G) Ethernet-based passive optical network (EPON) systems. We propose a mutual authentication scheme that integrates an NTRUsign digital signature algorithm with inherent multipoint control protocol (MPCP) frames over an EPON system between the optical line terminal (OLT) and optical network unit (ONU). Here, a primitive NTRUsign algorithm is significantly modified through the use of a new perturbation so that it can be effectively used for simultaneously completing signature and authentication functions on the OLT and the ONU sides. Also, in order to transmit their individual sensitive messages, which include public key, signature, and random value and so forth, to each other, we redefine three unique frames according to MPCP format frame. These generated messages can be added into the frames and delivered to each other, allowing the OLT and the ONU to go ahead with a mutual identity authentication process to verify their legal identities. Our simulation results show that this proposed scheme performs very well in resisting security attacks and has low influence on the registration efficiency to to-be-registered ONUs. A performance comparison with traditional authentication algorithms is also presented. To the best of our knowledge, no detailed design of mutual authentication in EPON can be found in the literature up to now.

  20. GEOSS authentication/authorization services: a Broker-based approach

    NASA Astrophysics Data System (ADS)

    Santoro, M.; Nativi, S.

    2014-12-01

    The vision of the Global Earth Observation System of Systems (GEOSS) is the achievement of societal benefits through voluntary contribution and sharing of resources to better understand the relationships between the society and the environment where we live. The GEOSS Common Infrastructure (GCI) allows users to search, access, and use the resources contributed by the GEOSS members. The GEO DAB (Discovery and Access Broker) is the GCI component in charge of interconnecting the heterogeneous data systems contributing to GEOSS. Client applications (i.e. the portals and apps) can connect to GEO DAB as a unique entry point to discover and access resources available through GCI, with no need to implement the many service protocols and models applied by the GEOSS data providers. The GEO DAB implements the brokering approach (Nativi et al., 2013) to build a flexible and scalable System of Systems. User authentication/authorization functionality is becoming more and more important for GEOSS data providers and users. The Providers ask for information about who accessed their resources and, in some cases, want to limit the data download. The Users ask for a profiled interaction with the system based on their needs and expertise level. Besides, authentication and authorization is necessary for GEOSS to provide moderated social services - e.g. feedback messages, data "fit for use" comments, etc. In keeping with the GEOSS principles of building on existing systems and lowering entry-barriers for users, an objective of the authentication/authorization development was to support existing and well-used users' credentials (e.g. Google, Twitter, etc.). Due to the heterogeneity of technologies used by the different providers and applications, a broker-based approach for the authentication/authorization was introduced as a new functionality of GEO DAB. This new capability will be demonstrated at the next GEO XI Plenary (November 2014). This work will be presented and discussed

  1. Authentication Based on Pole-zero Models of Signature Velocity

    PubMed Central

    Rashidi, Saeid; Fallah, Ali; Towhidkhah, Farzad

    2013-01-01

    With the increase of communication and financial transaction through internet, on-line signature verification is an accepted biometric technology for access control and plays a significant role in authenticity and authorization in modernized society. Therefore, fast and precise algorithms for the signature verification are very attractive. The goal of this paper is modeling of velocity signal that pattern and properties is stable for persons. With using pole-zero models based on discrete cosine transform, precise method is proposed for modeling and then features is founded from strokes. With using linear, parzen window and support vector machine classifiers, the signature verification technique was tested with a large number of authentic and forgery signatures and has demonstrated the good potential of this technique. The signatures are collected from three different database include a proprietary database, the SVC2004 and the Sabanci University signature database benchmark databases. Experimental results based on Persian, SVC2004 and SUSIG databases show that our method achieves an equal error rate of 5.91%, 5.62% and 3.91% in the skilled forgeries, respectively. PMID:24696797

  2. Multiple-image encryption scheme based on cascaded fractional Fourier transform.

    PubMed

    Kong, Dezhao; Shen, Xueju; Xu, Qinzu; Xin, Wang; Guo, Haiqiong

    2013-04-20

    A multiple-image encryption scheme based on cascaded fractional Fourier transform is proposed. In the scheme, images are successively coded into the amplitude and phase of the input by cascading stages, which ends up with an encrypted image and a series of keys. The scheme takes full advantage of multikeys and the cascaded relationships of all stages, and it not only realizes image encryption but also achieves higher safety and more diverse applications. So multiuser authentication and hierarchical encryption are achieved. Numerical simulation verifies the feasibility of the method and demonstrates the security of the scheme and decryption characteristics. Finally, flexibility and variability of the scheme in application are discussed, and the simple photoelectric mixed devices to realize the scheme are proposed.

  3. An Authentication Protocol for Future Sensor Networks.

    PubMed

    Bilal, Muhammad; Kang, Shin-Gak

    2017-04-28

    Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN

  4. An Authentication Protocol for Future Sensor Networks

    PubMed Central

    Bilal, Muhammad; Kang, Shin-Gak

    2017-01-01

    Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN

  5. A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments.

    PubMed

    Farash, Mohammad Sabzinejad; Nawaz, Omer; Mahmood, Khalid; Chaudhry, Shehzad Ashraf; Khan, Muhammad Khurram

    2016-07-01

    To enhance the quality of healthcare in the management of chronic disease, telecare medical information systems have increasingly been used. Very recently, Zhang and Qi (J. Med. Syst. 38(5):47, 32), and Zhao (J. Med. Syst. 38(5):46, 33) separately proposed two authentication schemes for telecare medical information systems using radio frequency identification (RFID) technology. They claimed that their protocols achieve all security requirements including forward secrecy. However, this paper demonstrates that both Zhang and Qi's scheme, and Zhao's scheme could not provide forward secrecy. To augment the security, we propose an efficient RFID authentication scheme using elliptic curves for healthcare environments. The proposed RFID scheme is secure under common random oracle model.

  6. Medical Image Tamper Detection Based on Passive Image Authentication.

    PubMed

    Ulutas, Guzin; Ustubioglu, Arda; Ustubioglu, Beste; V Nabiyev, Vasif; Ulutas, Mustafa

    2017-05-08

    Telemedicine has gained popularity in recent years. Medical images can be transferred over the Internet to enable the telediagnosis between medical staffs and to make the patient's history accessible to medical staff from anywhere. Therefore, integrity protection of the medical image is a serious concern due to the broadcast nature of the Internet. Some watermarking techniques are proposed to control the integrity of medical images. However, they require embedding of extra information (watermark) into image before transmission. It decreases visual quality of the medical image and can cause false diagnosis. The proposed method uses passive image authentication mechanism to detect the tampered regions on medical images. Structural texture information is obtained from the medical image by using local binary pattern rotation invariant (LBPROT) to make the keypoint extraction techniques more successful. Keypoints on the texture image are obtained with scale invariant feature transform (SIFT). Tampered regions are detected by the method by matching the keypoints. The method improves the keypoint-based passive image authentication mechanism (they do not detect tampering when the smooth region is used for covering an object) by using LBPROT before keypoint extraction because smooth regions also have texture information. Experimental results show that the method detects tampered regions on the medical images even if the forged image has undergone some attacks (Gaussian blurring/additive white Gaussian noise) or the forged regions are scaled/rotated before pasting.

  7. A new approach to hand-based authentication

    NASA Astrophysics Data System (ADS)

    Amayeh, G.; Bebis, G.; Erol, A.; Nicolescu, M.

    2007-04-01

    Hand-based authentication is a key biometric technology with a wide range of potential applications both in industry and government. Traditionally, hand-based authentication is performed by extracting information from the whole hand. To account for hand and finger motion, guidance pegs are employed to fix the position and orientation of the hand. In this paper, we consider a component-based approach to hand-based verification. Our objective is to investigate the discrimination power of different parts of the hand in order to develop a simpler, faster, and possibly more accurate and robust verification system. Specifically, we propose a new approach which decomposes the hand in different regions, corresponding to the fingers and the back of the palm, and performs verification using information from certain parts of the hand only. Our approach operates on 2D images acquired by placing the hand on a flat lighting table. Using a part-based representation of the hand allows the system to compensate for hand and finger motion without using any guidance pegs. To decompose the hand in different regions, we use a robust methodology based on morphological operators which does not require detecting any landmark points on the hand. To capture the geometry of the back of the palm and the fingers in suffcient detail, we employ high-order Zernike moments which are computed using an effcient methodology. The proposed approach has been evaluated on a database of 100 subjects with 10 images per subject, illustrating promising performance. Comparisons with related approaches using the whole hand for verification illustrate the superiority of the proposed approach. Moreover, qualitative comparisons with state-of-the-art approaches indicate that the proposed approach has comparable or better performance.

  8. Research on user behavior authentication model based on stochastic Petri nets

    NASA Astrophysics Data System (ADS)

    Zhang, Chengyuan; Xu, Haishui

    2017-08-01

    A behavioural authentication model based on stochastic Petri net is proposed to meet the randomness, uncertainty and concurrency characteristics of user behaviour. The use of random models in the location, changes, arc and logo to describe the characteristics of a variety of authentication and game relationships, so as to effectively implement the graphical user behaviour authentication model analysis method, according to the corresponding proof to verify the model is valuable.

  9. Quantization-based semi-fragile public-key watermarking for secure image authentication

    NASA Astrophysics Data System (ADS)

    Schlauweg, Mathias; Proefrock, Dima; Palfner, Torsten; Mueller, Erika

    2005-09-01

    Authentication watermarking approaches can be classified into two kinds: fragile and semi-fragile. In contrast to the latter one, fragile watermarking does not tolerate modifications of any single bit of the watermarked data. Since the transmission of digital data often requires lossy compression, an authentication system should accept non-malicious modifications such as JPEG compression. Semi-fragile techniques aim to discriminate malicious manipulations from admissible manipulations. In our approach, we extract image content dependent information, which is hashed afterwards and encrypted using secure methods known from the classical cryptography. The image data is partitioned into nonoverlapping 4x4 pixel blocks in the spatial domain. The mean values of these blocks form n-dimensional vectors, which are quantized to the nearest lattice point neighbours. Based on the changed vector values, a hash is calculated and asymmetrically encrypted, resulting in a digital signature. Traditional dual subspace approaches divide the signal space into a region for signature generation and a region for signature embedding. To ensure the security of the whole image, we join the two subspaces. The vectors, where to embed the bits using quantization-based data hiding techniques, are predistorted and also used for the signature generation. Our scheme applies error correction coding to gain the robustness of the embedded signature to non-malicious distortions. A second quantization run finally embeds the signature.

  10. Smart environment as a service: three factor cloud based user authentication for telecare medical information system.

    PubMed

    Siddiqui, Zeeshan; Abdullah, Abdul Hanan; Khan, Muhammad Khurram; Alghamdi, Abdullah S

    2014-01-01

    The Telecare Medical Information System (TMIS) provides a set of different medical services to the patient and medical practitioner. The patients and medical practitioners can easily connect to the services remotely from their own premises. There are several studies carried out to enhance and authenticate smartcard-based remote user authentication protocols for TMIS system. In this article, we propose a set of enhanced and authentic Three Factor (3FA) remote user authentication protocols utilizing a smartphone capability over a dynamic Cloud Computing (CC) environment. A user can access the TMIS services presented in the form of CC services using his smart device e.g. smartphone. Our framework transforms a smartphone to act as a unique and only identity required to access the TMIS system remotely. Methods, Protocols and Authentication techniques are proposed followed by security analysis and a performance analysis with the two recent authentication protocols proposed for the healthcare TMIS system.

  11. Usable Multi-factor Authentication and Risk-based Authorization

    DTIC Science & Technology

    2015-06-01

    integrity and liveness of biometric data, enhanced user trust in the authentication process , and balanced the security requirements of the user and the...104 8.2.3 Inline / out of band processing ...considers that the inputs into the authorization decision process may be noisy, including the results of biometric authentication, contextual

  12. User authentication systems based on brain finger-prints

    NASA Astrophysics Data System (ADS)

    Lee, Soo-Young; Jung, Eun-Soo

    2014-05-01

    We propose to use EEG signals to make user authentication for requiring high security. EEG signals were measured while the subjects saw several images in sequences. Since subjects` EEG signals are different for known and unknown images, these EEG sequences may be used to identify each subject. Correlation analysis and classification results show the feasibility of user authentication from EEG signals.

  13. Authenticated quantum secret sharing with quantum dialogue based on Bell states

    NASA Astrophysics Data System (ADS)

    Abulkasim, Hussein; Hamad, Safwat; El Bahnasy, Khalid; Rida, Saad Z.

    2016-08-01

    This work proposes a scheme that combines the advantages of a quantum secret sharing procedure and quantum dialogue. The proposed scheme enables the participants to simultaneously make mutual identity authentications, in a simulated scenario where the boss, Alice, shares a secret with her two agents Bob and Charlie. The secret is protected by checking photons to keep untrustworthy agents and outer attacks from getting useful information. Before the two agents cooperate to recover Alice’s secret, they must authenticate their identity using parts of a pre-shared key. In addition, the whole pre-shared key is reused as part of recovering the secret data to avoid any leaks of information. In comparison with previous schemes, the proposed method can efficiently detect eavesdropping and it is free from information leaks. Furthermore, the proposed scheme proved to be secure against man-in-the-middle attacks, impersonation attacks, entangled-and-measure attacks, participant attacks, modification attacks and Trojan-horse attacks.

  14. An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS.

    PubMed

    Amin, Ruhul; Biswas, G P

    2015-08-01

    Recently, Giri et al.'s proposed a RSA cryptosystem based remote user authentication scheme for telecare medical information system and claimed that the protocol is secure against all the relevant security attacks. However, we have scrutinized the Giri et al.'s protocol and pointed out that the protocol is not secure against off-line password guessing attack, privileged insider attack and also suffers from anonymity problem. Moreover, the extension of password guessing attack leads to more security weaknesses. Therefore, this protocol needs improvement in terms of security before implementing in real-life application. To fix the mentioned security pitfalls, this paper proposes an improved scheme over Giri et al.'s scheme, which preserves user anonymity property. We have then simulated the proposed protocol using widely-accepted AVISPA tool which ensures that the protocol is SAFE under OFMC and CL-AtSe models, that means the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The informal cryptanalysis has been also presented, which confirmed that the proposed protocol provides well security protection on the relevant security attacks. The performance analysis section compares the proposed protocol with other existing protocols in terms of security and it has been observed that the protocol provides more security and achieves additional functionalities such as user anonymity and session key verification.

  15. Breaking and Fixing of an Identity Based Multi-Signcryption Scheme

    NASA Astrophysics Data System (ADS)

    Selvi, S. Sharmila Deva; Vivek, S. Sree; Rangan, C. Pandu

    Signcryption is a cryptographic primitive that provides authentication and confidentiality simultaneously in a single logical step. It is often required that multiple senders have to signcrypt a single message to a certain receiver. Obviously, it is inefficient to signcrypt the messages separately. An efficient alternative is to go for multi-signcryption. The concept of multi-signcryption is similar to that of multi-signatures with the added property - confidentiality. Recently, Jianhong et al. proposed an identity based multi-signcryption scheme. They claimed that their scheme is secure against adaptive chosen ciphertext attack and it is existentially unforgeable. In this paper, we show that their scheme is not secure against chosen plaintext attack and is existentially forgeable, we also provide a fix for the scheme and prove formally that the improved scheme is secure against both adaptive chosen ciphertext attack and existential forgery.

  16. A Public-Key Based Authentication and Key Establishment Protocol Coupled with a Client Puzzle.

    ERIC Educational Resources Information Center

    Lee, M. C.; Fung, Chun-Kan

    2003-01-01

    Discusses network denial-of-service attacks which have become a security threat to the Internet community and suggests the need for reliable authentication protocols in client-server applications. Presents a public-key based authentication and key establishment protocol coupled with a client puzzle protocol and validates it through formal logic…

  17. Praxis and the Language of Improvement: Inquiry-Based Approaches to Authentic Improvement in Australasian Schools

    ERIC Educational Resources Information Center

    Groundwater-Smith, Susan; Mitchell, Jane; Mockler, Nicole

    2016-01-01

    In this paper, we explore the notion of school improvement through the lens of praxis as it relates to equity, inclusion, and transformation, with a particular focus on inquiry-based school and teacher development. We argue that authentic improvement is a consequence of praxis, and highlight, through examples, key ways that authentic school…

  18. Cognitive Effects of an Authentic Computer-Supported, Problem-Based Learning Environment.

    ERIC Educational Resources Information Center

    Arts, Jos A. R.; Gijselaers, Wim H.; Segers, Mien S. R.

    2002-01-01

    Examines the redesign of a problem-based learning (PBL) course and its effects on students' cognitive learning outcomes in a college business course in the Netherlands. Compares the regular PBL course with the new authentic learning environment that included greater authenticity of case studies, more learner control, and social collaboration that…

  19. Praxis and the Language of Improvement: Inquiry-Based Approaches to Authentic Improvement in Australasian Schools

    ERIC Educational Resources Information Center

    Groundwater-Smith, Susan; Mitchell, Jane; Mockler, Nicole

    2016-01-01

    In this paper, we explore the notion of school improvement through the lens of praxis as it relates to equity, inclusion, and transformation, with a particular focus on inquiry-based school and teacher development. We argue that authentic improvement is a consequence of praxis, and highlight, through examples, key ways that authentic school…

  20. A Public-Key Based Authentication and Key Establishment Protocol Coupled with a Client Puzzle.

    ERIC Educational Resources Information Center

    Lee, M. C.; Fung, Chun-Kan

    2003-01-01

    Discusses network denial-of-service attacks which have become a security threat to the Internet community and suggests the need for reliable authentication protocols in client-server applications. Presents a public-key based authentication and key establishment protocol coupled with a client puzzle protocol and validates it through formal logic…

  1. Lightweight Sensor Authentication Scheme for Energy Efficiency in Ubiquitous Computing Environments

    PubMed Central

    Lee, Jaeseung; Sung, Yunsick; Park, Jong Hyuk

    2016-01-01

    The Internet of Things (IoT) is the intelligent technologies and services that mutually communicate information between humans and devices or between Internet-based devices. In IoT environments, various device information is collected from the user for intelligent technologies and services that control the devices. Recently, wireless sensor networks based on IoT environments are being used in sectors as diverse as medicine, the military, and commerce. Specifically, sensor techniques that collect relevant area data via mini-sensors after distributing smart dust in inaccessible areas like forests or military zones have been embraced as the future of information technology. IoT environments that utilize smart dust are composed of the sensor nodes that detect data using wireless sensors and transmit the detected data to middle nodes. Currently, since the sensors used in these environments are composed of mini-hardware, they have limited memory, processing power, and energy, and a variety of research that aims to make the best use of these limited resources is progressing. This paper proposes a method to utilize these resources while considering energy efficiency, and suggests lightweight mutual verification and key exchange methods based on a hash function that has no restrictions on operation quantity, velocity, and storage space. This study verifies the security and energy efficiency of this method through security analysis and function evaluation, comparing with existing approaches. The proposed method has great value in its applicability as a lightweight security technology for IoT environments. PMID:27916962

  2. Lightweight Sensor Authentication Scheme for Energy Efficiency in Ubiquitous Computing Environments.

    PubMed

    Lee, Jaeseung; Sung, Yunsick; Park, Jong Hyuk

    2016-12-01

    The Internet of Things (IoT) is the intelligent technologies and services that mutually communicate information between humans and devices or between Internet-based devices. In IoT environments, various device information is collected from the user for intelligent technologies and services that control the devices. Recently, wireless sensor networks based on IoT environments are being used in sectors as diverse as medicine, the military, and commerce. Specifically, sensor techniques that collect relevant area data via mini-sensors after distributing smart dust in inaccessible areas like forests or military zones have been embraced as the future of information technology. IoT environments that utilize smart dust are composed of the sensor nodes that detect data using wireless sensors and transmit the detected data to middle nodes. Currently, since the sensors used in these environments are composed of mini-hardware, they have limited memory, processing power, and energy, and a variety of research that aims to make the best use of these limited resources is progressing. This paper proposes a method to utilize these resources while considering energy efficiency, and suggests lightweight mutual verification and key exchange methods based on a hash function that has no restrictions on operation quantity, velocity, and storage space. This study verifies the security and energy efficiency of this method through security analysis and function evaluation, comparing with existing approaches. The proposed method has great value in its applicability as a lightweight security technology for IoT environments.

  3. Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks

    PubMed Central

    Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

    2015-01-01

    Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost. PMID:26633396

  4. Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks.

    PubMed

    Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

    2015-11-30

    Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost.

  5. Probabilistic authenticated quantum dialogue

    NASA Astrophysics Data System (ADS)

    Hwang, Tzonelih; Luo, Yi-Ping

    2015-12-01

    This work proposes a probabilistic authenticated quantum dialogue (PAQD) based on Bell states with the following notable features. (1) In our proposed scheme, the dialogue is encoded in a probabilistic way, i.e., the same messages can be encoded into different quantum states, whereas in the state-of-the-art authenticated quantum dialogue (AQD), the dialogue is encoded in a deterministic way; (2) the pre-shared secret key between two communicants can be reused without any security loophole; (3) each dialogue in the proposed PAQD can be exchanged within only one-step quantum communication and one-step classical communication. However, in the state-of-the-art AQD protocols, both communicants have to run a QKD protocol for each dialogue and each dialogue requires multiple quantum as well as classical communicational steps; (4) nevertheless, the proposed scheme can resist the man-in-the-middle attack, the modification attack, and even other well-known attacks.

  6. Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

    NASA Astrophysics Data System (ADS)

    Xie, Qi; Hu, Bin; Chen, Ke-Fei; Liu, Wen-Hao; Tan, Xiao

    2015-11-01

    In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

  7. Protection of Health Imagery by Region Based Lossless Reversible Watermarking Scheme.

    PubMed

    Priya, R Lakshmi; Sadasivam, V

    2015-01-01

    Providing authentication and integrity in medical images is a problem and this work proposes a new blind fragile region based lossless reversible watermarking technique to improve trustworthiness of medical images. The proposed technique embeds the watermark using a reversible least significant bit embedding scheme. The scheme combines hashing, compression, and digital signature techniques to create a content dependent watermark making use of compressed region of interest (ROI) for recovery of ROI as reported in literature. The experiments were carried out to prove the performance of the scheme and its assessment reveals that ROI is extracted in an intact manner and PSNR values obtained lead to realization that the presented scheme offers greater protection for health imageries.

  8. Protection of Health Imagery by Region Based Lossless Reversible Watermarking Scheme

    PubMed Central

    Priya, R. Lakshmi; Sadasivam, V.

    2015-01-01

    Providing authentication and integrity in medical images is a problem and this work proposes a new blind fragile region based lossless reversible watermarking technique to improve trustworthiness of medical images. The proposed technique embeds the watermark using a reversible least significant bit embedding scheme. The scheme combines hashing, compression, and digital signature techniques to create a content dependent watermark making use of compressed region of interest (ROI) for recovery of ROI as reported in literature. The experiments were carried out to prove the performance of the scheme and its assessment reveals that ROI is extracted in an intact manner and PSNR values obtained lead to realization that the presented scheme offers greater protection for health imageries. PMID:26649328

  9. Advanced multimedia security solutions for data and owner authentication

    NASA Astrophysics Data System (ADS)

    Dittmann, Jana; Steinebach, Martin; Croce Ferri, Lucilla; Mayerhoefer, Astrid; Vielhauer, Claus

    2001-12-01

    In this paper we introduce a new content-fragile watermarking concept for multimedia data authentication, especially for a/v data. While previous data authentication watermarking schemes address single media stream only, we discuss the requirements of multimedia protection techniques. Furthermore we introduce our new approach called 3D thumbnail cube. The main idea is based on a 3D hologram over continuing video and audio frames. Beside the data authentication, we face the owner authentication problem as second requirement for manipulation recognition. The watermark for manipulation recognition has to be created by the owner itself. The goal of owner authentication is to ensure that an entity is the one it claims to be. Therefore we introduce a key server and a biometric hash approach. We discuss several strategies and introduce a biometric based framework for owner authentication. With our presented data and owner authentication solutions we can realize an advanced security level.

  10. A Question of Authenticity: The Document-Based Question as an Assessment of Students' Knowledge of History

    ERIC Educational Resources Information Center

    Grant, S. G.; Gradwell, Jill M.; Cimbricz, Sandra K.

    2004-01-01

    In this article we consider the extent to which the Document-Based Question (DBQ) on the New York State Global History and Geography exam represents an authentic task. The DBQ seems like a significant step toward authenticity, especially when compared with traditional forced-choice assessments. Drawing on the characteristics of authentic tasks as…

  11. Authenticating Children's Literature: Raising Cultural Awareness with an Inquiry-Based Project in a Teacher Education Course

    ERIC Educational Resources Information Center

    Smith, Jane; Wiese, Patricia

    2006-01-01

    This article discusses the importance of authentic picture-storybook adaptations of multicultural folktales and describes an action research project through which a children's picture-book adaptation of a traditional tale can be authenticated using an inquiry-based process. In addition to modeling an actual authentication project using "The Golden…

  12. Hierarchical multilevel authentication system for multiple-image based on phase retrieval and basic vector operations

    NASA Astrophysics Data System (ADS)

    Li, Xianye; Meng, Xiangfeng; Yin, Yongkai; Yang, Xiulun; Wang, Yurong; Peng, Xiang; He, Wenqi; Pan, Xuemei; Dong, Guoyan; Chen, Hongyi

    2017-02-01

    A hierarchical multilevel authentication system for multiple-image based on phase retrieval and basic vector operations in the Fresnel domain is proposed, by which more certification images are iteratively encoded into multiple cascaded phase masks according to different hierarchical levels. Based on the secret sharing algorithm by basic vector decomposition and composition operations, the iterated phase distributions are split into n pairs of shadow images keys (SIKs), and then distributed to n different participants (the authenticators). During each level in the high authentication process, any 2 or more participants can be gathered to reconstruct the original meaningful certification images. While in the case of each level in the low authentication process, only one authenticator who possesses a correct pair of SIKs, will gain no significant information of certification image; however, it can result in a remarkable peak output in the nonlinear correlation coefficient of the recovered image and the standard certification image, which can successfully provide an additional authentication layer for the high-level authentication. Theoretical analysis and numerical simulations both verify the feasibility of the proposed method.

  13. Framework Design of Unified Cross-Authentication Based on the Fourth Platform Integrated Payment

    NASA Astrophysics Data System (ADS)

    Yong, Xu; Yujin, He

    The essay advances a unified authentication based on the fourth integrated payment platform. The research aims at improving the compatibility of the authentication in electronic business and providing a reference for the establishment of credit system by seeking a way to carry out a standard unified authentication on a integrated payment platform. The essay introduces the concept of the forth integrated payment platform and finally put forward the whole structure and different components. The main issue of the essay is about the design of the credit system of the fourth integrated payment platform and the PKI/CA structure design.

  14. Location-assured, multifactor authentication on smartphones via LTE communication

    NASA Astrophysics Data System (ADS)

    Kuseler, Torben; Lami, Ihsan A.; Al-Assam, Hisham

    2013-05-01

    With the added security provided by LTE, geographical location has become an important factor for authentication to enhance the security of remote client authentication during mCommerce applications using Smartphones. Tight combination of geographical location with classic authentication factors like PINs/Biometrics in a real-time, remote verification scheme over the LTE layer connection assures the authenticator about the client itself (via PIN/biometric) as well as the client's current location, thus defines the important aspects of "who", "when", and "where" of the authentication attempt without eaves dropping or man on the middle attacks. To securely integrate location as an authentication factor into the remote authentication scheme, client's location must be verified independently, i.e. the authenticator should not solely rely on the location determined on and reported by the client's Smartphone. The latest wireless data communication technology for mobile phones (4G LTE, Long-Term Evolution), recently being rolled out in various networks, can be employed to enhance this location-factor requirement of independent location verification. LTE's Control Plane LBS provisions, when integrated with user-based authentication and independent source of localisation factors ensures secure efficient, continuous location tracking of the Smartphone. This feature can be performed during normal operation of the LTE-based communication between client and network operator resulting in the authenticator being able to verify the client's claimed location more securely and accurately. Trials and experiments show that such algorithm implementation is viable for nowadays Smartphone-based banking via LTE communication.

  15. New communication schemes based on adaptive synchronization.

    PubMed

    Yu, Wenwu; Cao, Jinde; Wong, Kwok-Wo; Lü, Jinhu

    2007-09-01

    In this paper, adaptive synchronization with unknown parameters is discussed for a unified chaotic system by using the Lyapunov method and the adaptive control approach. Some communication schemes, including chaotic masking, chaotic modulation, and chaotic shift key strategies, are then proposed based on the modified adaptive method. The transmitted signal is masked by chaotic signal or modulated into the system, which effectively blurs the constructed return map and can resist this return map attack. The driving system with unknown parameters and functions is almost completely unknown to the attackers, so it is more secure to apply this method into the communication. Finally, some simulation examples based on the proposed communication schemes and some cryptanalysis works are also given to verify the theoretical analysis in this paper.

  16. Optical multiple-image authentication based on cascaded phase filtering structure

    NASA Astrophysics Data System (ADS)

    Wang, Q.; Alfalou, A.; Brosseau, C.

    2016-10-01

    In this study, we report on the recent developments of optical image authentication algorithms. Compared with conventional optical encryption, optical image authentication achieves more security strength because such methods do not need to recover information of plaintext totally during the decryption period. Several recently proposed authentication systems are briefly introduced. We also propose a novel multiple-image authentication system, where multiple original images are encoded into a photon-limited encoded image by using a triple-plane based phase retrieval algorithm and photon counting imaging (PCI) technique. One can only recover a noise-like image using correct keys. To check authority of multiple images, a nonlinear fractional correlation is employed to recognize the original information hidden in the decrypted results. The proposal can be implemented optically using a cascaded phase filtering configuration. Computer simulation results are presented to evaluate the performance of this proposal and its effectiveness.

  17. A secret-sharing-based method for authentication of grayscale document images via the use of the PNG image with a data repair capability.

    PubMed

    Lee, Che-Wei; Tsai, Wen-Hsiang

    2012-01-01

    A new blind authentication method based on the secret sharing technique with a data repair capability for grayscale document images via the use of the Portable Network Graphics (PNG) image is proposed. An authentication signal is generated for each block of a grayscale document image, which, together with the binarized block content, is transformed into several shares using the Shamir secret sharing scheme. The involved parameters are carefully chosen so that as many shares as possible are generated and embedded into an alpha channel plane. The alpha channel plane is then combined with the original grayscale image to form a PNG image. During the embedding process, the computed share values are mapped into a range of alpha channel values near their maximum value of 255 to yield a transparent stego-image with a disguise effect. In the process of image authentication, an image block is marked as tampered if the authentication signal computed from the current block content does not match that extracted from the shares embedded in the alpha channel plane. Data repairing is then applied to each tampered block by a reverse Shamir scheme after collecting two shares from unmarked blocks. Measures for protecting the security of the data hidden in the alpha channel are also proposed. Good experimental results prove the effectiveness of the proposed method for real applications.

  18. A novel secret image sharing scheme based on chaotic system

    NASA Astrophysics Data System (ADS)

    Li, Li; Abd El-Latif, Ahmed A.; Wang, Chuanjun; Li, Qiong; Niu, Xiamu

    2012-04-01

    In this paper, we propose a new secret image sharing scheme based on chaotic system and Shamir's method. The new scheme protects the shadow images with confidentiality and loss-tolerance simultaneously. In the new scheme, we generate the key sequence based on chaotic system and then encrypt the original image during the sharing phase. Experimental results and analysis of the proposed scheme demonstrate a better performance than other schemes and confirm a high probability to resist brute force attack.

  19. An Authentication Protocol for Mobile IPTV Users Based on an RFID-USB Convergence Technique

    NASA Astrophysics Data System (ADS)

    Jeong, Yoon-Su; Kim, Yong-Tae

    With the growing trend towards convergence in broadcast and communications media, Internet Protocol television (IPTV) that delivers real-time multimedia content over diverse types of communications networks (e.g., broadband Internet, cable TV, and satellite TV) has become a mainstream technology. Authenticating mobile IPTV subscribers who are continuously on the move is a challenge. A complex authentication process often impairs conditional access security or service quality as increasing illegal users and delaying service. This paper proposes an RFID-USB authentication protocol, for mobile IPTV users, combined with USIM-based personalized authentication and lightweight authentication that utilizes the RFID-USB technology with an implanted agent module (called an "agent tag") which temporarily enhanced user status information. The proposed authentication protocol adopts a plug-and-play security agent module that is placed in both an RFID tag and an RFID-USB. The implanted security agents cooperate in such a way that multiple RFID tags are connected seamlessly to an RFID-USB.

  20. A Secure and Efficient Handover Authentication Based on Light-Weight Diffie-Hellman on Mobile Node in FMIPv6

    NASA Astrophysics Data System (ADS)

    Choi, Jaeduck; Jung, Souhwan

    This letter proposes a secure and efficient handover authentication scheme that requires a light-weight Diffie-Hellman operation at mobile nodes. Our scheme provides more enhanced securities like the PFS, PBS, and so on than the existing security-context-transfer schemes. Also, the mobile node delegates the exponent operation for the DH to the access router to reduce computational cost on it.

  1. PDE based scheme for multi-modal medical image watermarking.

    PubMed

    Aherrahrou, N; Tairi, H

    2015-11-25

    This work deals with copyright protection of digital images, an issue that needs protection of intellectual property rights. It is an important issue with a large number of medical images interchanged on the Internet every day. So, it is a challenging task to ensure the integrity of received images as well as authenticity. Digital watermarking techniques have been proposed as valid solution for this problem. It is worth mentioning that the Region Of Interest (ROI)/Region Of Non Interest (RONI) selection can be seen as a significant limitation from which suffers most of ROI/RONI based watermarking schemes and that in turn affects and limit their applicability in an effective way. Generally, the ROI/RONI is defined by a radiologist or a computer-aided selection tool. And thus, this will not be efficient for an institute or health care system, where one has to process a large number of images. Therefore, developing an automatic ROI/RONI selection is a challenge task. The major aim of this work is to develop an automatic selection algorithm of embedding region based on the so called Partial Differential Equation (PDE) method. Thus avoiding ROI/RONI selection problems including: (1) computational overhead, (2) time consuming, and (3) modality dependent selection. The algorithm is evaluated in terms of imperceptibility, robustness, tamper localization and recovery using MRI, Ultrasound, CT and X-ray grey scale medical images. From experimental results that we have conducted on a database of 100 medical images of four modalities, it can be inferred that our method can achieve high imperceptibility, while showing good robustness against attacks. Furthermore, the experiment results confirm the effectiveness of the proposed algorithm in detecting and recovering the various types of tampering. The highest PSNR value reached over the 100 images is 94,746 dB, while the lowest PSNR value is 60,1272 dB, which demonstrates the higher imperceptibility nature of the proposed

  2. A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs.

    PubMed

    Wang, Lingling; Liu, Guozhu; Sun, Lijun

    2017-03-24

    Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme.

  3. A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs

    PubMed Central

    Wang, Lingling; Liu, Guozhu; Sun, Lijun

    2017-01-01

    Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme. PMID:28338620

  4. Android Based Behavioral Biometric Authentication via Multi-Modal Fusion

    DTIC Science & Technology

    2014-06-12

    feature fusion to determine if it is more effective than the results from the individual modalities. Comparison results from both tasks (user...5 20.83% 50.00% 52.08% 20.83% Initially, Authentication testing with the smaller window size had negative effects on all FAR and FRR values. However...the FRR to 32.67% and therefore causes too much of an adverse effect on usability to be viable. This negative effect on the FRR is most likely due 36

  5. An efficient identity-based key management scheme for wireless sensor networks using the Bloom filter.

    PubMed

    Qin, Zhongyuan; Zhang, Xinshuai; Feng, Kerong; Zhang, Qunfang; Huang, Jie

    2014-09-26

    With the rapid development and widespread adoption of wireless sensor networks (WSNs), security has become an increasingly prominent problem. How to establish a session key in node communication is a challenging task for WSNs. Considering the limitations in WSNs, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identity-based key management (IBKM) scheme, which exploits the Bloom filter to authenticate the communication sensor node with storage efficiency. The security analysis shows that IBKM can prevent several attacks effectively with acceptable computation and communication overhead.

  6. An Efficient Identity-Based Key Management Scheme for Wireless Sensor Networks Using the Bloom Filter

    PubMed Central

    Qin, Zhongyuan; Zhang, Xinshuai; Feng, Kerong; Zhang, Qunfang; Huang, Jie

    2014-01-01

    With the rapid development and widespread adoption of wireless sensor networks (WSNs), security has become an increasingly prominent problem. How to establish a session key in node communication is a challenging task for WSNs. Considering the limitations in WSNs, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identity-based key management (IBKM) scheme, which exploits the Bloom filter to authenticate the communication sensor node with storage efficiency. The security analysis shows that IBKM can prevent several attacks effectively with acceptable computation and communication overhead. PMID:25264955

  7. Chaotic maps-based password-authenticated key agreement using smart cards

    NASA Astrophysics Data System (ADS)

    Guo, Cheng; Chang, Chin-Chen

    2013-06-01

    Password-based authenticated key agreement using smart cards has been widely and intensively researched. Inspired by the semi-group property of Chebyshev maps and key agreement protocols based on chaotic maps, we proposed a novel chaotic maps-based password-authenticated key agreement protocol with smart cards. In our protocol, we avoid modular exponential computing or scalar multiplication on elliptic curve used in traditional authenticated key agreement protocols using smart cards. Our analysis shows that our protocol has comprehensive characteristics and can withstand attacks, including the insider attack, replay attack, and others, satisfying essential security requirements. Performance analysis shows that our protocol can refrain from consuming modular exponential computing and scalar multiplication on an elliptic curve. The computational cost of our protocol compared with related protocols is acceptable.

  8. Multilevel image authentication using shared secret threshold and phase retrieval

    NASA Astrophysics Data System (ADS)

    Pan, Xuemei; Meng, Xiangfeng; Wang, Yurong; Yang, Xiulun; Peng, Xiang; He, Wenqi; Dong, Guoyan; Chen, Hongyi

    2014-10-01

    A new kind of multilevel authentication system based on the (t, n) threshold secret sharing scheme and the iterative phase retrieval algorithm in Fresnel domain is proposed, in which, the first phase distribution iteratively generated is divided into n parts and delivered to n different participants, during high-level authentication, any t (t ≤ n) or more of them can be collected to reconstruct the original meaningful certification image; While in the case of low-level authentication, any t - 1 or fewer will gain no significant information of certification image, however, it can result in a remarkable peak output in the nonlinear correlation coefficient of the recovered image and the standard certification image, which can successfully provide an additional authentication layer for the high-level authentication. Theoretical analysis and numerical simulations both validate the feasibility of our proposed scheme.

  9. Design of Secure ECG-Based Biometric Authentication in Body Area Sensor Networks.

    PubMed

    Peter, Steffen; Reddy, Bhanu Pratap; Momtaz, Farshad; Givargis, Tony

    2016-04-22

    Body area sensor networks (BANs) utilize wireless communicating sensor nodes attached to a human body for convenience, safety, and health applications. Physiological characteristics of the body, such as the heart rate or Electrocardiogram (ECG) signals, are promising means to simplify the setup process and to improve security of BANs. This paper describes the design and implementation steps required to realize an ECG-based authentication protocol to identify sensor nodes attached to the same human body. Therefore, the first part of the paper addresses the design of a body-area sensor system, including the hardware setup, analogue and digital signal processing, and required ECG feature detection techniques. A model-based design flow is applied, and strengths and limitations of each design step are discussed. Real-world measured data originating from the implemented sensor system are then used to set up and parametrize a novel physiological authentication protocol for BANs. The authentication protocol utilizes statistical properties of expected and detected deviations to limit the number of false positive and false negative authentication attempts. The result of the described holistic design effort is the first practical implementation of biometric authentication in BANs that reflects timing and data uncertainties in the physical and cyber parts of the system.

  10. Design of Secure ECG-Based Biometric Authentication in Body Area Sensor Networks

    PubMed Central

    Peter, Steffen; Pratap Reddy, Bhanu; Momtaz, Farshad; Givargis, Tony

    2016-01-01

    Body area sensor networks (BANs) utilize wireless communicating sensor nodes attached to a human body for convenience, safety, and health applications. Physiological characteristics of the body, such as the heart rate or Electrocardiogram (ECG) signals, are promising means to simplify the setup process and to improve security of BANs. This paper describes the design and implementation steps required to realize an ECG-based authentication protocol to identify sensor nodes attached to the same human body. Therefore, the first part of the paper addresses the design of a body-area sensor system, including the hardware setup, analogue and digital signal processing, and required ECG feature detection techniques. A model-based design flow is applied, and strengths and limitations of each design step are discussed. Real-world measured data originating from the implemented sensor system are then used to set up and parametrize a novel physiological authentication protocol for BANs. The authentication protocol utilizes statistical properties of expected and detected deviations to limit the number of false positive and false negative authentication attempts. The result of the described holistic design effort is the first practical implementation of biometric authentication in BANs that reflects timing and data uncertainties in the physical and cyber parts of the system. PMID:27110785

  11. A broadcast-based key agreement scheme using set reconciliation for wireless body area networks.

    PubMed

    Ali, Aftab; Khan, Farrukh Aslam

    2014-05-01

    Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of

  12. SegAuth: A Segment-based Approach to Behavioral Biometric Authentication

    PubMed Central

    Li, Yanyan; Xie, Mengjun; Bian, Jiang

    2016-01-01

    Many studies have been conducted to apply behavioral biometric authentication on/with mobile devices and they have shown promising results. However, the concern about the verification accuracy of behavioral biometrics is still common given the dynamic nature of behavioral biometrics. In this paper, we address the accuracy concern from a new perspective—behavior segments, that is, segments of a gesture instead of the whole gesture as the basic building block for behavioral biometric authentication. With this unique perspective, we propose a new behavioral biometric authentication method called SegAuth, which can be applied to various gesture or motion based authentication scenarios. SegAuth can achieve high accuracy by focusing on each user’s distinctive gesture segments that frequently appear across his or her gestures. In SegAuth, a time series derived from a gesture/motion is first partitioned into segments and then transformed into a set of string tokens in which the tokens representing distinctive, repetitive segments are associated with higher genuine probabilities than those tokens that are common across users. An overall genuine score calculated from all the tokens derived from a gesture is used to determine the user’s authenticity. We have assessed the effectiveness of SegAuth using 4 different datasets. Our experimental results demonstrate that SegAuth can achieve higher accuracy consistently than existing popular methods on the evaluation datasets. PMID:28573214

  13. High-throughput SNP-based authentication of human cell lines

    PubMed Central

    Castro, Felipe; Dirks, Wilhelm G.; Fähnrich, Silke; Hotz-Wagenblatt, Agnes; Pawlita, Michael; Schmitt, Markus

    2012-01-01

    Use of false cell lines remains a major problem in biological research. Short tandem repeat (STR) profiling represents the gold standard technique for cell line authentication. However, mismatch repair (MMR) deficient cell lines are characterized by microsatellite instability, which could force allelic drifts in combination with a selective outgrowth of otherwise persisting side lines, and thus, are likely to be misclassified by STR-profiling. Based on the high-throughput Luminex platform, we developed a 24-plex SNP-profiling assay, called Multiplex Cell Authentication (MCA), for determining authentication of human cell lines. MCA was evaluated by analysing a collection of 436 human cell lines from the DSMZ, previously characterised by eight loci STR profiling. Both assays showed a very high degree of concordance and similar average matching probabilities (~1 × 10−8 for STR-profiling and ~1 × 10−9 for MCA). MCA enabled the detection of less than 3% contaminating human cells. Analysing MMR deficient cell lines, evidence was obtained for a higher robustness of the MCA compared to STR profiling. In conclusion, MCA could complement routine cell line authentication and replace the standard authentication STR technique in case of MSI cell lines. PMID:22700458

  14. A study on the integrity and authentication of weather observation data using Identity Based Encryption.

    PubMed

    Seo, Jung Woo; Lee, Sang Jin

    2016-01-01

    Weather information provides a safe working environment by contributing to the economic activity of the nation, and plays role of the prevention of natural disasters, which can cause large scaled casualties and damage of property. Especially during times of war, weather information plays a more important role than strategy, tactics and information about trends of the enemy. Also, it plays an essential role for the taking off and landing of fighter jet and the sailing of warships. If weather information, which plays a major role in national security and economy, gets misused for cyber terrorism resulting false weather information, it could be a huge threat for national security and the economy. We propose a plan to safely transmit the measured value from meteorological sensors through a meteorological telecommunication network in order to guarantee the confidentiality and integrity of the data despite cyber-attacks. Also, such a plan allows one to produce reliable weather forecasts by performing mutual authentication through authentication devices. To make sure of this, one can apply an Identity Based Signature to ensure the integrity of measured data, and transmit the encrypted weather information with mutual authentication about the authentication devices. There are merits of this research: It is not necessary to manage authentication certificates unlike the Public Key Infrastructure methodology, and it provides a powerful security measure with the capability to be realized in a small scale computing environment, such as the meteorological observation system due to the low burden on managing keys.

  15. Passive digital image authentication algorithm based on Tchebichef moment invariants

    NASA Astrophysics Data System (ADS)

    Li, Mei; Gu, Zongyun; Kan, Junling

    2010-12-01

    This paper presents a new passive image authenticate algorithm to check and measure the forged pictures and images in the regional copies and sticks. After reducing the image dimension by DWT (Discrete Wavelet Transform), the Tchebichef moment invariants is applied to the fixed sized overlapping blocks of a low-frequency image in the wavelet sub-band, and the eigenvectors are lexicographically sorted. Then, similar eigenvectors are matched by a certain threshold. Finally, the forgery part is identified by the threshold analysis. The experimental results show that proposed method can not only localize the copy forgery regions accurately, but also undergone some attacks like random noise contamination, lossy JPEG(Joint Photographic Experts Group) compression, rotation transformation etc. and reduce the amount of computation and improve the detection efficiency.

  16. Passive digital image authentication algorithm based on Tchebichef moment invariants

    NASA Astrophysics Data System (ADS)

    Li, Mei; Gu, Zongyun; Kan, Junling

    2011-05-01

    This paper presents a new passive image authenticate algorithm to check and measure the forged pictures and images in the regional copies and sticks. After reducing the image dimension by DWT (Discrete Wavelet Transform), the Tchebichef moment invariants is applied to the fixed sized overlapping blocks of a low-frequency image in the wavelet sub-band, and the eigenvectors are lexicographically sorted. Then, similar eigenvectors are matched by a certain threshold. Finally, the forgery part is identified by the threshold analysis. The experimental results show that proposed method can not only localize the copy forgery regions accurately, but also undergone some attacks like random noise contamination, lossy JPEG(Joint Photographic Experts Group) compression, rotation transformation etc. and reduce the amount of computation and improve the detection efficiency.

  17. Authentication of medicinal plants by SNP-based multiplex PCR.

    PubMed

    Lee, Ok Ran; Kim, Min-Kyeoung; Yang, Deok-Chun

    2012-01-01

    Highly variable intergenic spacer and intron regions from nuclear and cytoplasmic DNA have been used for species identification. Noncoding internal transcribed spacers (ITSs) located in 18S-5.8S-26S, and 5S ribosomal RNA genes (rDNAs) represent suitable region for medicinal plant authentication. Noncoding regions from two cytoplasmic DNA, chloroplast DNA (trnT-F intergenic spacer region), and mitochondrial DNA (fourth intron region of nad7 gene) are also successfully applied for the proper identification of medicinal plants. Single-nucleotide polymorphism (SNP) sites obtained from the amplification of intergenic spacer and intron regions are properly utilized for the verification of medicinal plants in species level using multiplex PCR. Multiplex PCR as a variant of PCR technique used to amplify more than two loci simultaneously.

  18. k-Times Anonymous Authentication

    NASA Astrophysics Data System (ADS)

    Teranishi, Isamu; Furukawa, Jun; Sako, Kazue

    We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features: 1) no one, not even an authority, can identify users who have been authenticated within the allowable number, 2) anyone can trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

  19. Review: Authentication and traceability of foods from animal origin by polymerase chain reaction-based capillary electrophoresis.

    PubMed

    Rodríguez-Ramírez, Roberto; González-Córdova, Aarón F; Vallejo-Cordoba, Belinda

    2011-01-31

    This work presents an overview of the applicability of PCR-based capillary electrophoresis (CE) in food authentication and traceability of foods from animal origin. Analytical approaches for authenticating and tracing meat and meat products and fish and seafood products are discussed. Particular emphasis will be given to the usefulness of genotyping in food tracing by using CE-based genetic analyzers.

  20. A weak blind signature scheme based on quantum cryptography

    NASA Astrophysics Data System (ADS)

    Wen, Xiaojun; Niu, Xiamu; Ji, Liping; Tian, Yuan

    2009-02-01

    In this paper, we present a weak blind signature scheme based on the correlation of EPR (Einstein-Padolsky-Rosen) pairs. Different from classical blind signature schemes and current quantum signature schemes, our quantum blind signature scheme could guarantee not only the unconditionally security but also the anonymity of the message owner. To achieve that, quantum key distribution and one-time pad are adopted in our scheme. Experimental analysis proved that our scheme have the characteristics of non-counterfeit, non-disavowal, blindness and traceability. It has a wide application to E-payment system, E-government, E-business, and etc.

  1. Image authentication via sparsity-based phase-shifting digital holography

    NASA Astrophysics Data System (ADS)

    Chen, Wen; Chen, Xudong

    2015-03-01

    Digital holography has been widely studied in recent years, and a number of applications have been demonstrated. In this paper, we demonstrate that sparsity-based phase-shifting digital holography can be applied for image authentication. In phase-shifting digital holography, the holograms are sequentially recorded. Only small parts of each hologram are available for numerical reconstruction. It is found that nonlinear correlation algorithm can be applied to simply authenticate the reconstructed object. The results illustrate that the recovered image can be correctly verified. In the developed system, the recorded holograms are highly compressed which can facilitate data storage or transmission, and one simple authentication strategy has been established instead of applying relatively complex algorithms (such as compressive sensing) to recover the object.

  2. Password Authenticated Key Exchange Based on RSA in the Three-Party Settings

    NASA Astrophysics Data System (ADS)

    Dongna, E.; Cheng, Qingfeng; Ma, Chuangui

    A great deal of password authenticated key exchange (PAKE) protocols have been proposed in recent years. Most of them were based on Diffie-Hellman key exchange. While the approach of designing PAKE protocols with RSA is far from maturity and perfection. In fact, the existing PAKE protocols using RSA or other public-key cryptographic techniques provide an authenticated key exchange only between a client and a server. This paper presents a new efficient PAKE protocol using RSA in the three-party settings (3PAKE-RSA). The novel protocol can be resistant to e-residue attack and provably secure under the RSA assumption in the random oracle model.

  3. A Multiparty Controlled Bidirectional Quantum Secure Direct Communication and Authentication Protocol Based on EPR Pairs

    NASA Astrophysics Data System (ADS)

    Chang, Yan; Zhang, Shi-Bin; Yan, Li-Li; Sheng, Zhi-Wei

    2013-06-01

    A multiparty controlled bidirectional quantum secure direct communication and authentication protocol is proposed based on EPR pair and entanglement swapping. The legitimate identities of communicating parties are encoded to Bell states which act as a detection sequence. Secret messages are transmitted by using the classical XOR operation, which serves as a one-time-pad. No photon with secret information transmits in the quantum channel. Compared with the protocols proposed by Wang et al. [Acta Phys. Sin. 56 (2007) 673; Opt. Commun. 266 (2006) 732], the protocol in this study implements bidirectional communication and authentication, which defends most attacks including the ‘man-in-the-middle’ attack efficiently.

  4. A RFID authentication protocol based on infinite dimension pseudo random number generator for image recognition system

    NASA Astrophysics Data System (ADS)

    Tong, Qiaoling; Zou, Xuecheng; Tong, Hengqing

    2009-10-01

    Radio Frequency Identification (RFID) technology has been widely used in the image recognition system. However, the feature of the RFID system may bring out security threatens. In this paper, we analyze the existing RFID authentication protocols and state an infinite dimension pseudo random number generator to strengthen the protocol security. Then an authentication protocol based on infinite dimension pseudo random number generator is proposed. Compared to the traditional protocols, our method could resist various attack approaches, and protect the tag information and the location privacy of the tag holder efficiently.

  5. TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

    NASA Astrophysics Data System (ADS)

    Nauman, Mohammad; Ali, Tamleek

    Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device - such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

  6. Physiological signal based entity authentication for body area sensor networks and mobile healthcare systems.

    PubMed

    Bao, Shu-Di; Zhang, Yuan-Ting; Shen, Lian-Feng

    2005-01-01

    With the evolution of m-Health, an increasing number of biomedical sensors will be worn on or implanted in an individual in the future for the monitoring, diagnosis, and treatment of diseases. For the optimization of resources, it is therefore necessary to investigate how to interconnect these sensors in a wireless body area network, wherein security of private data transmission is always a major concern. This paper proposes a novel solution to tackle the problem of entity authentication in body area sensor network (BASN) for m-Health. Physiological signals detected by biomedical sensors have dual functions: (1) for a specific medical application, and (2) for sensors in the same BASN to recognize each other by biometrics. A feasibility study of proposed entity authentication scheme was carried out on 12 healthy individuals, each with 2 channels of photoplethysmogram (PPG) captured simultaneously at different parts of the body. The beat-to-beat heartbeat interval is used as a biometric characteristic to generate identity of the individual. The results of statistical analysis suggest that it is a possible biometric feature for the entity authentication of BASN.

  7. Color encryption scheme based on adapted quantum logistic map

    NASA Astrophysics Data System (ADS)

    Zaghloul, Alaa; Zhang, Tiejun; Amin, Mohamed; Abd El-Latif, Ahmed A.

    2014-04-01

    This paper presents a new color image encryption scheme based on quantum chaotic system. In this scheme, a new encryption scheme is accomplished by generating an intermediate chaotic key stream with the help of quantum chaotic logistic map. Then, each pixel is encrypted by the cipher value of the previous pixel and the adapted quantum logistic map. The results show that the proposed scheme has adequate security for the confidentiality of color images.

  8. A network identity authentication protocol of bank account system based on fingerprint identification and mixed encryption

    NASA Astrophysics Data System (ADS)

    Zhu, Lijuan; Liu, Jingao

    2013-07-01

    This paper describes a network identity authentication protocol of bank account system based on fingerprint identification and mixed encryption. This protocol can provide every bank user a safe and effective way to manage his own bank account, and also can effectively prevent the hacker attacks and bank clerk crime, so that it is absolute to guarantee the legitimate rights and interests of bank users.

  9. Simplified authenticated key exchange based on the q(th) root problem

    SciTech Connect

    JOHNSTON,ANNA M.; GEMMELL,PETER S.

    2000-02-29

    Finding a q{sup th} root in GF(p), where p and q are prunes, q is large and q{sup 2} divides (p{minus}1) is a difficult problem equivalent to the discrete logarithm problem using an element of order q as the base. This paper describes an authenticated key exchange algorithm utilizing this hard problem.

  10. Authentic assessment based showcase portfolio on learning of mathematical problem solving in senior high school

    NASA Astrophysics Data System (ADS)

    Sukmawati, Zuhairoh, Faihatuz

    2017-05-01

    The purpose of this research was to develop authentic assessment model based on showcase portfolio on learning of mathematical problem solving. This research used research and development Method (R & D) which consists of four stages of development that: Phase I, conducting a preliminary study. Phase II, determining the purpose of developing and preparing the initial model. Phase III, trial test of instrument for the initial draft model and the initial product. The respondents of this research are the students of SMAN 8 and SMAN 20 Makassar. The collection of data was through observation, interviews, documentation, student questionnaire, and instrument tests mathematical solving abilities. The data were analyzed with descriptive and inferential statistics. The results of this research are authentic assessment model design based on showcase portfolio which involves: 1) Steps in implementing the authentic assessment based Showcase, assessment rubric of cognitive aspects, assessment rubric of affective aspects, and assessment rubric of skill aspect. 2) The average ability of the students' problem solving which is scored by using authentic assessment based on showcase portfolio was in high category and the students' response in good category.

  11. PBL: An Evaluation of the Effectiveness of Authentic Problem-Based Learning (aPBL)

    ERIC Educational Resources Information Center

    Woods, Donald R.

    2012-01-01

    Many different versions of Problem-based Learning (PBL) are used today. To be consistent in evaluating the effectiveness of PBL, the focus in this paper is on what Howard Barrows called authentic PBL (aPBL). In aPBL students are empowered with the learning process; key distinguishing features are that the students teach each other the new…

  12. Problem Based Learning and Authentic Assessment in Digital Pedagogy: Embracing the Role of Collaborative Communities

    ERIC Educational Resources Information Center

    Barber, Wendy; King, Sherry; Buchanan, Sylvia

    2015-01-01

    The purpose of this paper is to qualitatively examine the relationship between problem based learning, authentic assessment and the role of community in fostering learning in digital contexts. The authors used "Digital Moments" to create a meaningful learning environment and build the online class community. They then collaboratively…

  13. Focused Anecdotal Records Assessment: A Tool for Standards-Based, Authentic Assessment

    ERIC Educational Resources Information Center

    Boyd-Batstone, Paul

    2004-01-01

    This article describes the tension between standards-based assessment on a macro level and authentic assessment on a micro level. Content standards arguably supply systematic criteria for quantitative measures to report trends and establish policy. Qualitative measures, such as rubrics, student profiles, and observational records, fill in the gaps…

  14. Authentic Project-Based Design of Professional Development for Teachers Studying Online and Blended Teaching

    ERIC Educational Resources Information Center

    Dabner, Nicki; Davis, Niki; Zaka, Pinelopi

    2012-01-01

    Online learning and teaching is rapidly increasing in many countries, including high schools in the USA and teacher education worldwide. Online and blended approaches to professional and organizational development are, therefore, becoming essential to enable effective and equitable education. Authentic project-based learning to support the…

  15. PBL: An Evaluation of the Effectiveness of Authentic Problem-Based Learning (aPBL)

    ERIC Educational Resources Information Center

    Woods, Donald R.

    2012-01-01

    Many different versions of Problem-based Learning (PBL) are used today. To be consistent in evaluating the effectiveness of PBL, the focus in this paper is on what Howard Barrows called authentic PBL (aPBL). In aPBL students are empowered with the learning process; key distinguishing features are that the students teach each other the new…

  16. "Chemistry Is in the News": Taxonomy of Authentic News Media-Based Learning Activities. Research Report

    ERIC Educational Resources Information Center

    Glaser, Rainer E.; Carson, Kathleen M.

    2005-01-01

    A brief history is given of approaches that aim at achieving a connectedness of the content of organic chemistry courses to real world issues. Recently, such approaches have relied more and more on online media resources, the tools of the Internet and the World Wide Web. We propose a six-level taxonomy of 'authentic news media-based learning…

  17. Multiview image compression based on LDV scheme

    NASA Astrophysics Data System (ADS)

    Battin, Benjamin; Niquin, Cédric; Vautrot, Philippe; Debons, Didier; Lucas, Laurent

    2011-03-01

    In recent years, we have seen several different approaches dealing with multiview compression. First, we can find the H264/MVC extension which generates quite heavy bitstreams when used on n-views autostereoscopic medias and does not allow inter-view reconstruction. Another solution relies on the MVD (MultiView+Depth) scheme which keeps p views (n > p > 1) and their associated depth-maps. This method is not suitable for multiview compression since it does not exploit the redundancy between the p views, moreover occlusion areas cannot be accurately filled. In this paper, we present our method based on the LDV (Layered Depth Video) approach which keeps one reference view with its associated depth-map and the n-1 residual ones required to fill occluded areas. We first perform a global per-pixel matching step (providing a good consistency between each view) in order to generate one unified-color RGB texture (where a unique color is devoted to all pixels corresponding to the same 3D-point, thus avoiding illumination artifacts) and a signed integer disparity texture. Next, we extract the non-redundant information and store it into two textures (a unified-color one and a disparity one) containing the reference and the n-1 residual views. The RGB texture is compressed with a conventional DCT or DWT-based algorithm and the disparity texture with a lossless dictionary algorithm. Then, we will discuss about the signal deformations generated by our approach.

  18. Fast and secure handover of intra-ASN IEEE802.16 network by proposed certificate based pre-authentication

    NASA Astrophysics Data System (ADS)

    Sridevi, B.; Supriya, T. S.; Rajaram, S.

    2013-01-01

    The current generation of wireless networks has been designed predominantly to support voice and more recently data traffic. WiMAX is currently one of the hottest technologies in wireless. The main motive of the mobile technologies is to provide seamless cost effective mobility. But this is affected by Authentication cost and handover delay since on each handoff the Mobile Station (MS) has to undergo all steps of authentication. Pre-Authentication is used to reduce the handover delay and increase the speed of the Intra-ASN Handover. Proposed Pre-Authentication method is intended to reduce the authentication delay by getting pre authenticated by central authority called Pre Authentication Authority (PAA). MS requests PAA for Pre Authentication Certificate (PAC) before performing handoff. PAA verifies the identity of MS and provides PAC to MS and also to the neighboring target Base Stations (tBSs). MS having time bound PAC can skip the authentication process when recognized by target BS during handoff. It also prevents the DOS (Denial Of Service) attack and Replay attack. It has no wastage of unnecessary key exchange of the resources. The proposed work is simulated by NS2 model and by MATLAB.

  19. Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

    PubMed

    Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick; Won, Dongho

    2017-01-01

    The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

  20. A Non-symmetric Digital Image Secure Communication Scheme Based on Generalized Chaos Synchronization System

    NASA Astrophysics Data System (ADS)

    Zhang, Xiao-Hong; Min, Le-Quan

    2005-12-01

    Based on a generalized chaos synchronization system and a discrete Sinai map, a non-symmetric true color (RGB) digital image secure communication scheme is proposed. The scheme first changes an ordinary RGB digital image with 8 bits into unrecognizable disorder codes and then transforms the disorder codes into an RGB digital image with 16 bits for transmitting. A receiver uses a non-symmetric key to verify the authentication of the received data origin, and decrypts the ciphertext. The scheme can encrypt and decrypt most formatted digital RGB images recognized by computers, and recover the plaintext almost without any errors. The scheme is suitable to be applied in network image communications. The analysis of the key space, sensitivity of key parameters, and correlation of encrypted images imply that this scheme has sound security. The project supported by National Natural Science Foundation of China under Grant Nos. 60074034 and 70271068, the Foundation for University Key Teachers, and the Research Fund for the Doctoral Program of Higher Education under Grant No. 20020008004 by the Ministry of Education of China

  1. Educational Statistics Authentic Learning CAPSULES: Community Action Projects for Students Utilizing Leadership and E-Based Statistics

    ERIC Educational Resources Information Center

    Thompson, Carla J.

    2009-01-01

    Since educational statistics is a core or general requirement of all students enrolled in graduate education programs, the need for high quality student engagement and appropriate authentic learning experiences is critical for promoting student interest and student success in the course. Based in authentic learning theory and engagement theory…

  2. Educational Statistics Authentic Learning CAPSULES: Community Action Projects for Students Utilizing Leadership and E-Based Statistics

    ERIC Educational Resources Information Center

    Thompson, Carla J.

    2009-01-01

    Since educational statistics is a core or general requirement of all students enrolled in graduate education programs, the need for high quality student engagement and appropriate authentic learning experiences is critical for promoting student interest and student success in the course. Based in authentic learning theory and engagement theory…

  3. Multimedia data authentication in wavelet domain

    NASA Astrophysics Data System (ADS)

    Wang, Jinwei; Lian, Shiguo; Liu, Zhongxuan; Zhen, Ren; Dai, Yuewei

    2006-04-01

    With the wide application of multimedia data, multimedia content protection becomes urgent. Till now, various means have been reported, which can be classified into several types according to their functionalities, such as data encryption, digital watermarking or data authentication. They are used to protect multimedia data's confidentiality, ownership and integrity, respectively. For multimedia data authentication, some approaches have been proposed. In this paper, a wavelet-based multi-feature semi-fragile authentication scheme is proposed. According to the approximation component and the energy relationship between the subbands of the detail component, global feature and local feature are both generated. Then, the global watermark and local watermark are generated from global feature and local feature, respectively. The watermarks are then embedded into the multimedia data themselves in the wavelet domain. Both the feature extraction and embedding processes are controlled by secret keys to improve the security of the proposed scheme. In the receiver end, the extracted watermark and the one generated from the received image are compared to determine the tampered location. A new authentication method is designed and it is proved valid in the experiments. This authentication scheme is robust to general compression, sensitive to cutting, pasting or modification, efficient in real-time operation, and secure for practical applications.

  4. A PUFs-based hardware authentication BLAKE algorithm in 65 nm CMOS

    NASA Astrophysics Data System (ADS)

    Zhang, Yuejun; Wang, Pengjun; Zhang, Xuelong; Weng, Xinqian; Yu, Zhiyi

    2016-06-01

    This paper presents a hardware authentication BLAKE algorithm based on physical unclonable functions (PUFs) in Taiwan Semiconductor Manufacturing Company low-power 65 nm CMOS. To support hardware authentication feature, PUFs have been organised in BLAKE algorithm as the salt value. The trials table method is used to improve the robust of PUFs, resulting in approximately 100% stability against supply voltage variations form 0.7 V to 1.6 V. By discussing the G-function of BLAKE algorithm, the hardware implementation is considered for acceleration, resulting in significant performance improvements. The die occupies 2.62 mm2 and operates maximum frequency 1.0 GHz at 1.6 V. Measured results show that PUFs have great random characteristic and the authentication chip dissipates an average power of 91 mW under typical condition at 1.2 V and 780 MHz. In comparison with other works, the PUFs-based BLAKE algorithm has hardware authentication feature and improves throughput about 45%.

  5. Limitations of Non Model-Based Recognition Schemes

    DTIC Science & Technology

    1991-05-01

    general classes: model-based vs. non model-based schemes. In this paper we establish some limitation on the class of non model-based recognition schemes. A ...perfect, but is allowed to make mistakes and misidentify each object from a substantial fraction of viewing directions. It follows that every...symmetric objects) a nontrivial recognition scheme exists. We define the notion of a discrimination power of a consistent recognition function for a class

  6. Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems

    ERIC Educational Resources Information Center

    Mattord, Herbert J.

    2012-01-01

    Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from…

  7. Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems

    ERIC Educational Resources Information Center

    Mattord, Herbert J.

    2012-01-01

    Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from…

  8. Quantum group signature scheme based on controlled quantum teleportation

    NASA Astrophysics Data System (ADS)

    Chen, F. L.; Han, Z. F.

    2016-11-01

    Group signature scheme is a method of allowing a member of a group to sign a message anonymously on behalf of the group. The group administrator is in charge of adding group members and has the ability to reveal the original signer in the event of disputes. Based on controlled quantum teleportation with three-particle entangled W states, we propose a new quantum group signature scheme with designated receiver. Security analysis proves that the proposed scheme possesses the characteristics of group signature and resists the usual attacks. Compared with previous proposed schemes, this scheme follows security definition of group signature fully and meets its basic requirements.

  9. Low crosstalk optical hierarchical authentication with a fixed random phase lock based on two beams interference

    NASA Astrophysics Data System (ADS)

    Lu, Dajiang; He, Wenqi; Peng, Xiang

    2015-09-01

    We propose a novel method to achieve the purpose of hierarchical authentication based on two beams interference. In this method, different target images indicating different authentication levels are analytically encoded into corresponding phase-only masks (phase keys) and amplitude-only masks (amplitude keys) with the help of a random phase mask, which is created in advance and acts as the fixed lock of this authentication system. For the authentication process, a legal user can obtain a specified target image at the output plane if his/her phase key, and amplitude key, which should be settled close against the fixed internal phase lock, are respectively illuminated by two coherent beams. By comparing the target image with all the standard certification images in the database, the system can thus verify the user's identity. In simple terms, this system can not only confirm the legality of a user but also distinguish his/her identity level. Moreover, in despite of the internal phase lock of this system being fixed, the crosstalk between different pairs of keys hold by different users is low. Theoretical analysis and numerical simulation are both provided to demonstrate the validity of this method.

  10. Cell Line Data Base: structure and recent improvements towards molecular authentication of human cell lines.

    PubMed

    Romano, Paolo; Manniello, Assunta; Aresu, Ottavia; Armento, Massimiliano; Cesaro, Michela; Parodi, Barbara

    2009-01-01

    The Cell Line Data Base (CLDB) is a well-known reference information source on human and animal cell lines including information on more than 6000 cell lines. Main biological features are coded according to controlled vocabularies derived from international lists and taxonomies. HyperCLDB (http://bioinformatics.istge.it/hypercldb/) is a hypertext version of CLDB that improves data accessibility by also allowing information retrieval through web spiders. Access to HyperCLDB is provided through indexes of biological characteristics and navigation in the hypertext is granted by many internal links. HyperCLDB also includes links to external resources. Recently, an interest was raised for a reference nomenclature for cell lines and CLDB was seen as an authoritative system. Furthermore, to overcome the cell line misidentification problem, molecular authentication methods, such as fingerprinting, single-locus short tandem repeat (STR) profile and single nucleotide polymorphisms validation, were proposed. Since this data is distributed, a reference portal on authentication of human cell lines is needed. We present here the architecture and contents of CLDB, its recent enhancements and perspectives. We also present a new related database, the Cell Line Integrated Molecular Authentication (CLIMA) database (http://bioinformatics.istge.it/clima/), that allows to link authentication data to actual cell lines.

  11. Cell Line Data Base: structure and recent improvements towards molecular authentication of human cell lines

    PubMed Central

    Romano, Paolo; Manniello, Assunta; Aresu, Ottavia; Armento, Massimiliano; Cesaro, Michela; Parodi, Barbara

    2009-01-01

    The Cell Line Data Base (CLDB) is a well-known reference information source on human and animal cell lines including information on more than 6000 cell lines. Main biological features are coded according to controlled vocabularies derived from international lists and taxonomies. HyperCLDB (http://bioinformatics.istge.it/hypercldb/) is a hypertext version of CLDB that improves data accessibility by also allowing information retrieval through web spiders. Access to HyperCLDB is provided through indexes of biological characteristics and navigation in the hypertext is granted by many internal links. HyperCLDB also includes links to external resources. Recently, an interest was raised for a reference nomenclature for cell lines and CLDB was seen as an authoritative system. Furthermore, to overcome the cell line misidentification problem, molecular authentication methods, such as fingerprinting, single-locus short tandem repeat (STR) profile and single nucleotide polymorphisms validation, were proposed. Since this data is distributed, a reference portal on authentication of human cell lines is needed. We present here the architecture and contents of CLDB, its recent enhancements and perspectives. We also present a new related database, the Cell Line Integrated Molecular Authentication (CLIMA) database (http://bioinformatics.istge.it/clima/), that allows to link authentication data to actual cell lines. PMID:18927105

  12. Error function attack of chaos synchronization based encryption schemes.

    PubMed

    Wang, Xingang; Zhan, Meng; Lai, C-H; Gang, Hu

    2004-03-01

    Different chaos synchronization based encryption schemes are reviewed and compared from the practical point of view. As an efficient cryptanalysis tool for chaos encryption, a proposal based on the error function attack is presented systematically and used to evaluate system security. We define a quantitative measure (quality factor) of the effective applicability of a chaos encryption scheme, which takes into account the security, the encryption speed, and the robustness against channel noise. A comparison is made of several encryption schemes and it is found that a scheme based on one-way coupled chaotic map lattices performs outstandingly well, as judged from quality factor. Copyright 2004 American Institute of Physics.

  13. A study of the particularities of an authentication system with a method of an asymmetric holographic encryption based on the DRPE to protect the passwords of the technical devices

    NASA Astrophysics Data System (ADS)

    Nalegaev, S. S.; Krasnov, V. V.

    2016-08-01

    The present work is devoted to research the peculiarities of an authentication system of the technical devices with the use of an optical asymmetric holographic encryption on the basis of the Double Random Phase Encoding (DRPE). The series of the numerical experiments was performed to implement the encryption and the decryption of the initial image. The angular spectrum approach was used as a tool for the simulation of the propagation of the light in the free space forward and backward along the whole optical scheme of the DRPE. In the present work the particularities of the authentication system based on an asymmetric approach of the holographic encryption method DRPE were studied.

  14. Multi-factor authentication

    DOEpatents

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  15. Quantum deniable authentication protocol

    NASA Astrophysics Data System (ADS)

    Shi, Wei-Min; Zhou, Yi-Hua; Yang, Yu-Guang

    2014-07-01

    The proposed quantum identity authentication schemes only involved authentication between two communicators, but communications with deniability capability are often desired in electronic applications such as online negotiation and electronic voting. In this paper, we proposed a quantum deniable authentication protocol. According to the property of unitary transformation and quantum one-way function, this protocol can provide that only the specified receiver can identify the true source of a given message and the specified receiver cannot prove the source of the message to a third party by a transcript simulation algorithm. Moreover, the quantum key distribution and quantum encryption algorithm guarantee the unconditional security of this scheme. Security analysis results show that this protocol satisfies the basic security requirements of deniable authentication protocol such as completeness and deniability and can withstand the forgery attack, impersonation attack, inter-resend attack.

  16. Medical Image Authentication Using DPT Watermarking: A Preliminary Attempt

    NASA Astrophysics Data System (ADS)

    Wong, M. L. Dennis; Goh, Antionette W.-T.; Chua, Hong Siang

    Secure authentication of digital medical image content provides great value to the e-Health community and medical insurance industries. Fragile Watermarking has been proposed to provide the mechanism to authenticate digital medical image securely. Transform Domain based Watermarking are typically slower than spatial domain watermarking owing to the overhead in calculation of coefficients. In this paper, we propose a new Discrete Pascal Transform based watermarking technique. Preliminary experiment result shows authentication capability. Possible improvements on the proposed scheme are also presented before conclusions.

  17. Spatial dimming scheme for optical OFDM based visible light communication.

    PubMed

    Yang, Yang; Zeng, Zhimin; Cheng, Julian; Guo, Caili

    2016-12-26

    A new dimming control scheme termed spatial dimming orthogonal frequency division multiplexing (SD-OFDM) is proposed for multiple-input and multiple output OFDM based visible light communication. The basic idea of SD-OFDM is that the illumination can be represented by the number of glared light emitting diodes (LEDs) in an LED lamp. As the biasing level of LEDs does not adjust to represent the required illumination level, the proposed scheme can significantly mitigate the clipping noise compared to analogue dimming schemes. Furthermore, unlike digital dimming schemes that control illumination levels by setting different duty cycles of pulse width modulation, the proposed scheme is always in the "on-state" for varied illumination levels. Both analytical and simulation results indicate that the proposed scheme is an efficient and feasible dimmable scheme.

  18. Quantum scheme for secret sharing based on local distinguishability

    NASA Astrophysics Data System (ADS)

    Rahaman, Ramij; Parker, Matthew G.

    2015-02-01

    In this paper, we analyze the (im)possibility of the exact distinguishability of orthogonal multipartite entangled states under restricted local operation and classical communication. Based on this local distinguishability analysis, we propose a quantum secret sharing scheme (which we call LOCC-QSS). Our LOCC-QSS scheme is quite general and cost efficient compared to other schemes. In our scheme, no joint quantum operation is needed to reconstruct the secret. We also present an interesting (2 ,n ) -threshold LOCC-QSS scheme, where any two cooperating players, one from each of two disjoint groups of players, can always reconstruct the secret. This LOCC-QSS scheme is quite uncommon, as most (k ,n ) -threshold quantum secret sharing schemes have the restriction k ≥⌈n/2 ⌉ .

  19. Variable Selection and Updating In Model-Based Discriminant Analysis for High Dimensional Data with Food Authenticity Applications*

    PubMed Central

    Murphy, Thomas Brendan; Dean, Nema; Raftery, Adrian E.

    2010-01-01

    Food authenticity studies are concerned with determining if food samples have been correctly labelled or not. Discriminant analysis methods are an integral part of the methodology for food authentication. Motivated by food authenticity applications, a model-based discriminant analysis method that includes variable selection is presented. The discriminant analysis model is fitted in a semi-supervised manner using both labeled and unlabeled data. The method is shown to give excellent classification performance on several high-dimensional multiclass food authenticity datasets with more variables than observations. The variables selected by the proposed method provide information about which variables are meaningful for classification purposes. A headlong search strategy for variable selection is shown to be efficient in terms of computation and achieves excellent classification performance. In applications to several food authenticity datasets, our proposed method outperformed default implementations of Random Forests, AdaBoost, transductive SVMs and Bayesian Multinomial Regression by substantial margins. PMID:20936055

  20. Implementation of authentic assessment in the project based learning to improve student's concept mastering

    NASA Astrophysics Data System (ADS)

    Sambeka, Yana; Nahadi, Sriyati, Siti

    2017-05-01

    The study aimed to obtain the scientific information about increase of student's concept mastering in project based learning that used authentic assessment. The research was conducted in May 2016 at one of junior high school in Bandung in the academic year of 2015/2016. The research method was weak experiment with the one-group pretest-posttest design. The sample was taken by random cluster sampling technique and the sample was 24 students. Data collected through instruments, i.e. written test, observation sheet, and questionnaire sheet. Student's concept mastering test obtained N-Gain of 0.236 with the low category. Based on the result of paired sample t-test showed that implementation of authentic assessment in the project based learning increased student's concept mastering significantly, (sig<0.05).

  1. Source Authentication for Code Dissemination Supporting Dynamic Packet Size in Wireless Sensor Networks †

    PubMed Central

    Kim, Daehee; Kim, Dongwan; An, Sunshin

    2016-01-01

    Code dissemination in wireless sensor networks (WSNs) is a procedure for distributing a new code image over the air in order to update programs. Due to the fact that WSNs are mostly deployed in unattended and hostile environments, secure code dissemination ensuring authenticity and integrity is essential. Recent works on dynamic packet size control in WSNs allow enhancing the energy efficiency of code dissemination by dynamically changing the packet size on the basis of link quality. However, the authentication tokens attached by the base station become useless in the next hop where the packet size can vary according to the link quality of the next hop. In this paper, we propose three source authentication schemes for code dissemination supporting dynamic packet size. Compared to traditional source authentication schemes such as μTESLA and digital signatures, our schemes provide secure source authentication under the environment, where the packet size changes in each hop, with smaller energy consumption. PMID:27409616

  2. Source Authentication for Code Dissemination Supporting Dynamic Packet Size in Wireless Sensor Networks.

    PubMed

    Kim, Daehee; Kim, Dongwan; An, Sunshin

    2016-07-09

    Code dissemination in wireless sensor networks (WSNs) is a procedure for distributing a new code image over the air in order to update programs. Due to the fact that WSNs are mostly deployed in unattended and hostile environments, secure code dissemination ensuring authenticity and integrity is essential. Recent works on dynamic packet size control in WSNs allow enhancing the energy efficiency of code dissemination by dynamically changing the packet size on the basis of link quality. However, the authentication tokens attached by the base station become useless in the next hop where the packet size can vary according to the link quality of the next hop. In this paper, we propose three source authentication schemes for code dissemination supporting dynamic packet size. Compared to traditional source authentication schemes such as μTESLA and digital signatures, our schemes provide secure source authentication under the environment, where the packet size changes in each hop, with smaller energy consumption.

  3. A chaos secure communication scheme based on multiplication modulation

    NASA Astrophysics Data System (ADS)

    Fallahi, Kia; Leung, Henry

    2010-02-01

    A secure spread spectrum communication scheme using multiplication modulation is proposed. The proposed system multiplies the message by chaotic signal. The scheme does not need to know the initial condition of the chaotic signals and the receiver is based on an extended Kalman filter (EKF). This signal encryption scheme lends itself to cheap implementation and can therefore be used effectively for ensuring security and privacy in commercial consumer electronics products. To illustrate the effectiveness of the proposed scheme, a numerical example based on Genesio-Tesi system and also Chen dynamical system is presented and the results are compared.

  4. Efficient Unrestricted Identity-Based Aggregate Signature Scheme

    PubMed Central

    Yuan, Yumin; Zhan, Qian; Huang, Hua

    2014-01-01

    An aggregate signature scheme allows anyone to compress multiple individual signatures from various users into a single compact signature. The main objective of such a scheme is to reduce the costs on storage, communication and computation. However, among existing aggregate signature schemes in the identity-based setting, some of them fail to achieve constant-length aggregate signature or require a large amount of pairing operations which grows linearly with the number of signers, while others have some limitations on the aggregated signatures. The main challenge in building efficient aggregate signature scheme is to compress signatures into a compact, constant-length signature without any restriction. To address the above drawbacks, by using the bilinear pairings, we propose an efficient unrestricted identity-based aggregate signature. Our scheme achieves both full aggregation and constant pairing computation. We prove that our scheme has existential unforgeability under the computational Diffie-Hellman assumption. PMID:25329777

  5. Efficient unrestricted identity-based aggregate signature scheme.

    PubMed

    Yuan, Yumin; Zhan, Qian; Huang, Hua

    2014-01-01

    An aggregate signature scheme allows anyone to compress multiple individual signatures from various users into a single compact signature. The main objective of such a scheme is to reduce the costs on storage, communication and computation. However, among existing aggregate signature schemes in the identity-based setting, some of them fail to achieve constant-length aggregate signature or require a large amount of pairing operations which grows linearly with the number of signers, while others have some limitations on the aggregated signatures. The main challenge in building efficient aggregate signature scheme is to compress signatures into a compact, constant-length signature without any restriction. To address the above drawbacks, by using the bilinear pairings, we propose an efficient unrestricted identity-based aggregate signature. Our scheme achieves both full aggregation and constant pairing computation. We prove that our scheme has existential unforgeability under the computational Diffie-Hellman assumption.

  6. New RSA-Based (Selectively) Convertible Undeniable Signature Schemes

    NASA Astrophysics Data System (ADS)

    Phong, Le Trieu; Kurosawa, Kaoru; Ogata, Wakaha

    In this paper, we design and analyze some new and practical (selectively) convertible undeniable signature (SCUS) schemes in both random oracle and standard model, which enjoy several merits over existing schemes in the literature. In particular, we design the first practical RSA-based SCUS schemes secure in the standard model. On the path, we also introduce two moduli RSA assumptions, including the strong twin RSA assumption, which is the RSA symmetry of the strong twin Diffie-Hellman assumption (Eurocrypt'08).

  7. A continuous buoyancy based convection scheme

    NASA Astrophysics Data System (ADS)

    Guérémy, J.-F.

    2009-04-01

    A new and consistent convection scheme, providing a continuous treatment of this atmospheric process, is described. The main concept ensuring the consistency of the whole system is the buoyancy, key element of any vertical motion. The buoyancy constitutes the forcing term of the convective vertical velocity, which is then used to define the triggering condition, the mass flux, and the rates of entrainment-detrainment. The buoyancy is also used in its vertically integrated form (CAPE) to determine the closure condition. The continuous treatment of convection, from dry thermals to deep precipitating convection, is achieved with the help of a continuous formulation of the entrainment-detrainment rates (depending on the convective vertical velocity) and of the CAPE relaxation time (depending on the convective over-turning time). A Single Column Model (SCM) validation of this scheme is shown, allowing detailed comparisons with observed and explicitly simulated data. Four cases covering the convective spectrum are considered: over ocean, deep convection (TOGA), trade wind shallow convection (BOMEX) and strato-cumulus (FIRE), together with a entire continental diurnal cycle of convection (ARM). The emphasis is put on the characteristics of the scheme which enable a continuous treatment of convection. A General Circulation Model (GCM) 23-year simulation is also presented in order to assess the model climate against the observed one.

  8. A novel fractal image compression scheme with block classification and sorting based on Pearson's correlation coefficient.

    PubMed

    Wang, Jianji; Zheng, Nanning

    2013-09-01

    Fractal image compression (FIC) is an image coding technology based on the local similarity of image structure. It is widely used in many fields such as image retrieval, image denoising, image authentication, and encryption. FIC, however, suffers from the high computational complexity in encoding. Although many schemes are published to speed up encoding, they do not easily satisfy the encoding time or the reconstructed image quality requirements. In this paper, a new FIC scheme is proposed based on the fact that the affine similarity between two blocks in FIC is equivalent to the absolute value of Pearson's correlation coefficient (APCC) between them. First, all blocks in the range and domain pools are chosen and classified using an APCC-based block classification method to increase the matching probability. Second, by sorting the domain blocks with respect to APCCs between these domain blocks and a preset block in each class, the matching domain block for a range block can be searched in the selected domain set in which these APCCs are closer to APCC between the range block and the preset block. Experimental results show that the proposed scheme can significantly speed up the encoding process in FIC while preserving the reconstructed image quality well.

  9. CUE: counterfeit-resistant usable eye movement-based authentication via oculomotor plant characteristics and complex eye movement patterns

    NASA Astrophysics Data System (ADS)

    Komogortsev, Oleg V.; Karpov, Alexey; Holland, Corey D.

    2012-06-01

    The widespread use of computers throughout modern society introduces the necessity for usable and counterfeit-resistant authentication methods to ensure secure access to personal resources such as bank accounts, e-mail, and social media. Current authentication methods require tedious memorization of lengthy pass phrases, are often prone to shouldersurfing, and may be easily replicated (either by counterfeiting parts of the human body or by guessing an authentication token based on readily available information). This paper describes preliminary work toward a counterfeit-resistant usable eye movement-based (CUE) authentication method. CUE does not require any passwords (improving the memorability aspect of the authentication system), and aims to provide high resistance to spoofing and shoulder-surfing by employing the combined biometric capabilities of two behavioral biometric traits: 1) oculomotor plant characteristics (OPC) which represent the internal, non-visible, anatomical structure of the eye; 2) complex eye movement patterns (CEM) which represent the strategies employed by the brain to guide visual attention. Both OPC and CEM are extracted from the eye movement signal provided by an eye tracking system. Preliminary results indicate that the fusion of OPC and CEM traits is capable of providing a 30% reduction in authentication error when compared to the authentication accuracy of individual traits.

  10. Quantum fully homomorphic encryption scheme based on universal quantum circuit

    NASA Astrophysics Data System (ADS)

    Liang, Min

    2015-08-01

    Fully homomorphic encryption enables arbitrary computation on encrypted data without decrypting the data. Here it is studied in the context of quantum information processing. Based on universal quantum circuit, we present a quantum fully homomorphic encryption (QFHE) scheme, which permits arbitrary quantum transformation on any encrypted data. The QFHE scheme is proved to be perfectly secure. In the scheme, the decryption key is different from the encryption key; however, the encryption key cannot be revealed. Moreover, the evaluation algorithm of the scheme is independent of the encryption key, so it is suitable for delegated quantum computing between two parties.

  11. Call Admission Control Scheme Based on Statistical Information

    NASA Astrophysics Data System (ADS)

    Fujiwara, Takayuki; Oki, Eiji; Shiomoto, Kohei

    A call admission control (CAC) scheme based on statistical information is proposed, called the statistical CAC scheme. A conventional scheme needs to manage session information for each link to update the residual bandwidth of a network in real time. This scheme has a scalability problem in terms of network size. The statistical CAC rejects session setup requests in accordance to a pre-computed ratio, called the rejection ratio. The rejection ratio is computed by using statistical information about the bandwidth requested for each link so that the congestion probability is less than an upper bound specified by a network operator. The statistical CAC is more scalable in terms of network size than the conventional scheme because it does not need to keep accommodated session state information. Numerical results show that the statistical CAC, even without exact session state information, only slightly degrades network utilization compared with the conventional scheme.

  12. Copyright protection scheme based on chaos and secret sharing techniques

    NASA Astrophysics Data System (ADS)

    Lou, Der-Chyuan; Shieh, Jieh-Ming; Tso, Hao-Kuan

    2005-11-01

    A copyright protection scheme based on chaos and secret sharing techniques is proposed. Instead of modifying the original image to embed a watermark in it, the proposed scheme extracts a feature from the image first. Then, the extracted feature and the watermark are scrambled by a chaos technique. Finally, the secret sharing technique is used to construct a shadow image. The watermark can be retrieved by performing an XOR operation between the shadow images. The proposed scheme has the following advantages. Firstly, the watermark retrieval does not need the original image. Secondly, the scheme does not need to modify the original image for embedding the watermark. Thirdly, compared with several schemes, the scheme is secure and robust in resisting various attacks.

  13. Comparison of two SVD-based color image compression schemes.

    PubMed

    Li, Ying; Wei, Musheng; Zhang, Fengxia; Zhao, Jianli

    2017-01-01

    Color image compression is a commonly used process to represent image data as few bits as possible, which removes redundancy in the data while maintaining an appropriate level of quality for the user. Color image compression algorithms based on quaternion are very common in recent years. In this paper, we propose a color image compression scheme, based on the real SVD, named real compression scheme. First, we form a new real rectangular matrix C according to the red, green and blue components of the original color image and perform the real SVD for C. Then we select several largest singular values and the corresponding vectors in the left and right unitary matrices to compress the color image. We compare the real compression scheme with quaternion compression scheme by performing quaternion SVD using the real structure-preserving algorithm. We compare the two schemes in terms of operation amount, assignment number, operation speed, PSNR and CR. The experimental results show that with the same numbers of selected singular values, the real compression scheme offers higher CR, much less operation time, but a little bit smaller PSNR than the quaternion compression scheme. When these two schemes have the same CR, the real compression scheme shows more prominent advantages both on the operation time and PSNR.

  14. Comparison of two SVD-based color image compression schemes

    PubMed Central

    Li, Ying; Wei, Musheng; Zhang, Fengxia; Zhao, Jianli

    2017-01-01

    Color image compression is a commonly used process to represent image data as few bits as possible, which removes redundancy in the data while maintaining an appropriate level of quality for the user. Color image compression algorithms based on quaternion are very common in recent years. In this paper, we propose a color image compression scheme, based on the real SVD, named real compression scheme. First, we form a new real rectangular matrix C according to the red, green and blue components of the original color image and perform the real SVD for C. Then we select several largest singular values and the corresponding vectors in the left and right unitary matrices to compress the color image. We compare the real compression scheme with quaternion compression scheme by performing quaternion SVD using the real structure-preserving algorithm. We compare the two schemes in terms of operation amount, assignment number, operation speed, PSNR and CR. The experimental results show that with the same numbers of selected singular values, the real compression scheme offers higher CR, much less operation time, but a little bit smaller PSNR than the quaternion compression scheme. When these two schemes have the same CR, the real compression scheme shows more prominent advantages both on the operation time and PSNR. PMID:28257451

  15. Chemistry Is in the News: Taxonomy of authentic news media-based learning activities1

    NASA Astrophysics Data System (ADS)

    Glaser, Rainer E.; Carson, Kathleen M.

    2005-09-01

    A brief history is given of approaches that aim at achieving a connectedness of the content of organic chemistry courses to real world issues. Recently, such approaches have relied more and more on online media resources, the tools of the Internet and the World Wide Web. We propose a six-level taxonomy of ‘authentic news media-based learning activities’ to provide a conceptual framework for the description and discussion of such approaches. The Chemistry Is in the News project was designed to allow students to draw explicit connections between the course content and real world issues in ways that engage the students in a full range of cognitive skills. The activities consisted in the study, creation, and peer review of news portfolios by student collaborative groups. A news portfolio consists of an authentic news article taken from the popular press with interpretive comments and questions.

  16. Image multiplexing and authentication based on double phase retrieval in fresnel transform domain

    NASA Astrophysics Data System (ADS)

    Chang, Hsuan-Ting; Lin, Che-Hsian; Chen, Chien-Yue

    2017-04-01

    An image multiplexing and authentication method based on the double-phase retrieval algorithm (DPRA) with the manipulations of wavelength and position in the Fresnel transform (FrT) domain is proposed in this study. The DPRA generates two matched phase-only functions (POFs) in the different planes so that the corresponding image can be reconstructed at the output plane. Given a number of target images, all the sets of matched POFs are used to generate the phase-locked system through the phase modulation and synthesis to achieve the multiplexing purpose. To reconstruct a target image, the corresponding phase key and all the correct parameters in the FrT are required. Therefore, the authentication system with high-level security can be achieved. The computer simulation verifies the validity of the proposed method and also shows good resistance to the crosstalk among the reconstructed images.

  17. Authentication of quantum messages.

    SciTech Connect

    Barnum, Howard; Crépeau, Jean-Claude; Gottesman, D.; Smith, A.; Tapp, Alan

    2001-01-01

    Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that both enables A to encrypt and authenticate (with unconditional security) an m qubit message by encoding it into m + s qubits, where the probability decreases exponentially in the security parameter s. The scheme requires a private key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically: authentication and encryption are independent tasks, and one can authenticate a message while leaving it publicly readable. This reasoning has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.

  18. A FRACTAL-BASED STOCHASTIC INTERPOLATION SCHEME IN SUBSURFACE HYDROLOGY

    EPA Science Inventory

    The need for a realistic and rational method for interpolating sparse data sets is widespread. Real porosity and hydraulic conductivity data do not vary smoothly over space, so an interpolation scheme that preserves irregularity is desirable. Such a scheme based on the properties...

  19. A FRACTAL-BASED STOCHASTIC INTERPOLATION SCHEME IN SUBSURFACE HYDROLOGY

    EPA Science Inventory

    The need for a realistic and rational method for interpolating sparse data sets is widespread. Real porosity and hydraulic conductivity data do not vary smoothly over space, so an interpolation scheme that preserves irregularity is desirable. Such a scheme based on the properties...

  20. Fully Integrated Passive UHF RFID Tag for Hash-Based Mutual Authentication Protocol

    PubMed Central

    Mikami, Shugo; Watanabe, Dai; Li, Yang; Sakiyama, Kazuo

    2015-01-01

    Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFID market is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm. We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function. PMID:26491714

  1. Two-factor authentication system based on optical interference and one-way hash function

    NASA Astrophysics Data System (ADS)

    He, Wenqi; Peng, Xiang; Meng, Xiangfeng; Liu, Xiaoli

    2012-10-01

    We present a two-factor authentication method to verify the personal identification who tries to access an optoelectronic system. This method is based on the optical interference principle and the traditional one-way Hash function (e.g. MD5). The authentication process is straightforward, the phase key and the password-controlled phase lock of one user are loading on two Spatial Light Modulators (SLMs) in advance, by which two coherent beams are modulated and then interference with each other at the output plane leading to an output image. By comparing the output image with all the standard certification images in the database, the system can thus verify the user's identity. However, the system designing process involves an iterative Modified Phase Retrieval Algorithm (MPRA). For an uthorized user, a phase lock is first created based on a "Digital Fingerprint (DF)", which is the result of a Hash function on a preselected user password. The corresponding phase key can then be determined by use of the phase lock and a designated standard certification image. Note that the encode/design process can only be realized by digital means while the authentication process could be achieved digitally or optically. Computer simulations were also given to validate the proposed approach.

  2. Simple group password-based authenticated key agreements for the integrated EPR information system.

    PubMed

    Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

    2013-04-01

    The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

  3. An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

    PubMed

    Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

    2016-01-01

    Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

  4. An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography

    PubMed Central

    Reddy, Alavalapati Goutham; Das, Ashok Kumar; Odelu, Vanga; Yoo, Kee-Young

    2016-01-01

    Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.’s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.’s protocol and existing similar protocols. PMID:27163786

  5. Threshold signature scheme based on factoring and discrete logarithms

    NASA Astrophysics Data System (ADS)

    Mohamad, S. A.; Ismail, E. S.

    2012-09-01

    Recently, many documents or messages from an organization need to be signed by more than one person. For that reason, many threshold signatures based on various problems in number theory have been developed. In this paper, a threshold signature scheme based on two most popular number theory problems, namely factoring and discrete logarithms, was proposed. The advantage of this new scheme is based on the fact that it is very hard to solve both factoring and discrete logarithms problems simultaneously. This scheme is also shown secure against several attacks and requires a reasonable time complexity in both signing and verifying phase.

  6. Computer-assisted machine-to-human protocols for authentication of a RAM-based embedded system

    NASA Astrophysics Data System (ADS)

    Idrissa, Abdourhamane; Aubert, Alain; Fournel, Thierry

    2012-06-01

    Mobile readers used for optical identification of manufactured products can be tampered in different ways: with hardware Trojan or by powering up with fake configuration data. How a human verifier can authenticate the reader to be handled for goods verification? In this paper, two cryptographic protocols are proposed to achieve the verification of a RAM-based system through a trusted auxiliary machine. Such a system is assumed to be composed of a RAM memory and a secure block (in practice a FPGA or a configurable microcontroller). The system is connected to an input/output interface and contains a Non Volatile Memory where the configuration data are stored. Here, except the secure block, all the blocks are exposed to attacks. At the registration stage of the first protocol, the MAC of both the secret and the configuration data, denoted M0 is computed by the mobile device without saving it then transmitted to the user in a secure environment. At the verification stage, the reader which is challenged with nonces sendsMACs / HMACs of both nonces and MAC M0 (to be recomputed), keyed with the secret. These responses are verified by the user through a trusted auxiliary MAC computer unit. Here the verifier does not need to tract a (long) list of challenge / response pairs. This makes the protocol tractable for a human verifier as its participation in the authentication process is increased. In counterpart the secret has to be shared with the auxiliary unit. This constraint is relaxed in a second protocol directly derived from Fiat-Shamir's scheme.

  7. A Proxy Signature Scheme Based on Coding Theory

    NASA Astrophysics Data System (ADS)

    Jannati, Hoda; Falahati, Abolfazl

    Proxy signature helps the proxy signer to sign messages on behalf of the original signer. This signature is used when the original signer is not available to sign a specific document. In this paper, we introduce a new proxy signature scheme based on Stern's identification scheme whose security depends on syndrome decoding problem. The proposed scheme is the first code-based proxy signature and can be used in a quantum computer. In this scheme, the operations to perform are linear and very simple thus the signature is performed quickly and can be implemented using smart card in a quite efficient way. The proposed scheme also satisfies unforgeability, undeniability, non-transferability and distinguishability properties which are the security requirements for a proxy signature.

  8. Problem-Based Learning: As Authentic as It Gets.

    ERIC Educational Resources Information Center

    Stepien, William; Gallagher, Shelagh

    1993-01-01

    For three years, Center for Problem-Based Learning at Illinois Mathematics and Science Academy has been developing innovative programs in various K-12 settings. Students meet an "ill-structured problem" (like thorium waste) before receiving instruction. Teachers act as coaches and tutors, probing findings, hypotheses, and conclusions;…

  9. Commentary: Learner-Based Listening and Technological Authenticity

    ERIC Educational Resources Information Center

    Robin, Richard

    2007-01-01

    Language teachers know that even the best technology cannot provide the high degree of interaction required to acquire meaningful proficiency in a foreign language. Even the most polished packages available today cannot evaluate learner input and provide subtle shades of context-based feedback, except in the narrowest of circumstances. In this…

  10. Problem-Based Learning: As Authentic as It Gets.

    ERIC Educational Resources Information Center

    Stepien, William; Gallagher, Shelagh

    1993-01-01

    For three years, Center for Problem-Based Learning at Illinois Mathematics and Science Academy has been developing innovative programs in various K-12 settings. Students meet an "ill-structured problem" (like thorium waste) before receiving instruction. Teachers act as coaches and tutors, probing findings, hypotheses, and conclusions;…

  11. Commentary: Learner-Based Listening and Technological Authenticity

    ERIC Educational Resources Information Center

    Robin, Richard

    2007-01-01

    Language teachers know that even the best technology cannot provide the high degree of interaction required to acquire meaningful proficiency in a foreign language. Even the most polished packages available today cannot evaluate learner input and provide subtle shades of context-based feedback, except in the narrowest of circumstances. In this…

  12. A New Ticket-Based Authentication Mechanism for Fast Handover in Mesh Network.

    PubMed

    Lai, Yan-Ming; Cheng, Pu-Jen; Lee, Cheng-Chi; Ku, Chia-Yi

    2016-01-01

    Due to the ever-growing popularity mobile devices of various kinds have received worldwide, the demands on large-scale wireless network infrastructure development and enhancement have been rapidly swelling in recent years. A mobile device holder can get online at a wireless network access point, which covers a limited area. When the client leaves the access point, there will be a temporary disconnection until he/she enters the coverage of another access point. Even when the coverages of two neighboring access points overlap, there is still work to do to make the wireless connection smoothly continue. The action of one wireless network access point passing a client to another access point is referred to as the handover. During handover, for security concerns, the client and the new access point should perform mutual authentication before any Internet access service is practically gained/provided. If the handover protocol is inefficient, in some cases discontinued Internet service will happen. In 2013, Li et al. proposed a fast handover authentication mechanism for wireless mesh network (WMN) based on tickets. Unfortunately, Li et al.'s work came with some weaknesses. For one thing, some sensitive information such as the time and date of expiration is sent in plaintext, which increases security risks. For another, Li et al.'s protocol includes the use of high-quality tamper-proof devices (TPDs), and this unreasonably high equipment requirement limits its applicability. In this paper, we shall propose a new efficient handover authentication mechanism. The new mechanism offers a higher level of security on a more scalable ground with the client's privacy better preserved. The results of our performance analysis suggest that our new mechanism is superior to some similar mechanisms in terms of authentication delay.

  13. A New Ticket-Based Authentication Mechanism for Fast Handover in Mesh Network

    PubMed Central

    Lai, Yan-Ming; Cheng, Pu-Jen; Lee, Cheng-Chi; Ku, Chia-Yi

    2016-01-01

    Due to the ever-growing popularity mobile devices of various kinds have received worldwide, the demands on large-scale wireless network infrastructure development and enhancement have been rapidly swelling in recent years. A mobile device holder can get online at a wireless network access point, which covers a limited area. When the client leaves the access point, there will be a temporary disconnection until he/she enters the coverage of another access point. Even when the coverages of two neighboring access points overlap, there is still work to do to make the wireless connection smoothly continue. The action of one wireless network access point passing a client to another access point is referred to as the handover. During handover, for security concerns, the client and the new access point should perform mutual authentication before any Internet access service is practically gained/provided. If the handover protocol is inefficient, in some cases discontinued Internet service will happen. In 2013, Li et al. proposed a fast handover authentication mechanism for wireless mesh network (WMN) based on tickets. Unfortunately, Li et al.’s work came with some weaknesses. For one thing, some sensitive information such as the time and date of expiration is sent in plaintext, which increases security risks. For another, Li et al.’s protocol includes the use of high-quality tamper-proof devices (TPDs), and this unreasonably high equipment requirement limits its applicability. In this paper, we shall propose a new efficient handover authentication mechanism. The new mechanism offers a higher level of security on a more scalable ground with the client’s privacy better preserved. The results of our performance analysis suggest that our new mechanism is superior to some similar mechanisms in terms of authentication delay. PMID:27171160

  14. Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

    PubMed

    Zhang, Liping; Tang, Shanyu; Luo, He

    2016-01-01

    In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

  15. Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

    PubMed Central

    Zhang, Liping; Tang, Shanyu; Luo, He

    2016-01-01

    In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

  16. Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing.

    PubMed

    Ehatisham-Ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

    2017-09-06

    Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework.

  17. Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing

    PubMed Central

    Ehatisham-ul-Haq, Muhammad; Azam, Muhammad Awais; Loo, Jonathan; Shuang, Kai; Islam, Syed; Naeem, Usman; Amin, Yasar

    2017-01-01

    Smartphones are context-aware devices that provide a compelling platform for ubiquitous computing and assist users in accomplishing many of their routine tasks anytime and anywhere, such as sending and receiving emails. The nature of tasks conducted with these devices has evolved with the exponential increase in the sensing and computing capabilities of a smartphone. Due to the ease of use and convenience, many users tend to store their private data, such as personal identifiers and bank account details, on their smartphone. However, this sensitive data can be vulnerable if the device gets stolen or lost. A traditional approach for protecting this type of data on mobile devices is to authenticate users with mechanisms such as PINs, passwords, and fingerprint recognition. However, these techniques are vulnerable to user compliance and a plethora of attacks, such as smudge attacks. The work in this paper addresses these challenges by proposing a novel authentication framework, which is based on recognizing the behavioral traits of smartphone users using the embedded sensors of smartphone, such as Accelerometer, Gyroscope and Magnetometer. The proposed framework also provides a platform for carrying out multi-class smart user authentication, which provides different levels of access to a wide range of smartphone users. This work has been validated with a series of experiments, which demonstrate the effectiveness of the proposed framework. PMID:28878177

  18. A biometric signcryption scheme without bilinear pairing

    NASA Astrophysics Data System (ADS)

    Wang, Mingwen; Ren, Zhiyuan; Cai, Jun; Zheng, Wentao

    2013-03-01

    How to apply the entropy in biometrics into the encryption and remote authentication schemes to simplify the management of keys is a hot research area. Utilizing Dodis's fuzzy extractor method and Liu's original signcryption scheme, a biometric identity based signcryption scheme is proposed in this paper. The proposed scheme is more efficient than most of the previous proposed biometric signcryption schemes for that it does not need bilinear pairing computation and modular exponentiation computation which is time consuming largely. The analysis results show that under the CDH and DL hard problem assumption, the proposed scheme has the features of confidentiality and unforgeability simultaneously.

  19. Triangle based TVD schemes for hyperbolic conservation laws

    NASA Technical Reports Server (NTRS)

    Durlofsky, Louis J.; Osher, Stanley; Engquist, Bjorn

    1990-01-01

    A triangle based total variation diminishing (TVD) scheme for the numerical approximation of hyperbolic conservation laws in two space dimensions is constructed. The novelty of the scheme lies in the nature of the preprocessing of the cell averaged data, which is accomplished via a nearest neighbor linear interpolation followed by a slope limiting procedures. Two such limiting procedures are suggested. The resulting method is considerably more simple than other triangle based non-oscillatory approximations which, like this scheme, approximate the flux up to second order accuracy. Numerical results for linear advection and Burgers' equation are presented.

  20. Splitting based finite volume schemes for ideal MHD equations

    NASA Astrophysics Data System (ADS)

    Fuchs, F. G.; Mishra, S.; Risebro, N. H.

    2009-02-01

    We design finite volume schemes for the equations of ideal magnetohydrodynamics (MHD) and based on splitting these equations into a fluid part and a magnetic induction part. The fluid part leads to an extended Euler system with magnetic forces as source terms. This set of equations are approximated by suitable two- and three-wave HLL solvers. The magnetic part is modeled by the magnetic induction equations which are approximated using stable upwind schemes devised in a recent paper [F. Fuchs, K.H. Karlsen, S. Mishra, N.H. Risebro, Stable upwind schemes for the Magnetic Induction equation. Math. Model. Num. Anal., Available on conservation laws preprint server, submitted for publication, URL: ]. These two sets of schemes can be combined either component by component, or by using an operator splitting procedure to obtain a finite volume scheme for the MHD equations. The resulting schemes are simple to design and implement. These schemes are compared with existing HLL type and Roe type schemes for MHD equations in a series of numerical experiments. These tests reveal that the proposed schemes are robust and have a greater numerical resolution than HLL type solvers, particularly in several space dimensions. In fact, the numerical resolution is comparable to that of the Roe scheme on most test problems with the computational cost being at the level of a HLL type solver. Furthermore, the schemes are remarkably stable even at very fine mesh resolutions and handle the divergence constraint efficiently with low divergence errors.

  1. An expert system based intelligent control scheme for space bioreactors

    NASA Technical Reports Server (NTRS)

    San, Ka-Yiu

    1988-01-01

    An expert system based intelligent control scheme is being developed for the effective control and full automation of bioreactor systems in space. The scheme developed will have the capability to capture information from various resources including heuristic information from process researchers and operators. The knowledge base of the expert system should contain enough expertise to perform on-line system identification and thus be able to adapt the controllers accordingly with minimal human supervision.

  2. Genome-based approaches to the authentication of medicinal plants.

    PubMed

    Sucher, Nikolaus J; Carles, Maria C

    2008-05-01

    Medicinal plants are the source of a large number of essential drugs in Western medicine and are the basis of herbal medicine, which is not only the primary source of health care for most of the world's population living in developing countries but also enjoys growing popularity in developed countries. The increased demand for botanical products is met by an expanding industry and accompanied by calls for assurance of quality, efficacy and safety. Plants used as drugs, dietary supplements and herbal medicines are identified at the species level. Unequivocal identification is a critical step at the beginning of an extensive process of quality assurance and is of importance for the characterization of the genetic diversity, phylogeny and phylogeography as well as the protection of endangered species. DNA-based methods have been developed for the identification of medicinal plants. Nuclear and chloroplast DNA is amplified by the polymerase chain reaction and the reaction products are analyzed by gel electrophoresis, sequencing, or hybridization with species-specific probes. Genomic fingerprinting can differentiate between individuals, species and populations and is useful for the detection of the homogeneity of the samples and presence of adulterants. Although sequences from single chloroplast or nuclear genes have been useful for differentiation of species, phylogenetic studies often require consideration of DNA sequence data from more than one gene or genomic region. Phytochemical and genetic data are correlated but only the latter normally allow for differentiation at the species level. The generation of molecular "barcodes" of medicinal plants will be worth the concerted effort of the medicinal plant research community and contribute to the ongoing effort of defining barcodes for every species on earth.

  3. Dropping out of Ethiopia's community-based health insurance scheme.

    PubMed

    Mebratie, Anagaw D; Sparrow, Robert; Yilma, Zelalem; Alemu, Getnet; Bedi, Arjun S

    2015-12-01

    Low contract renewal rates have been identified as one of the challenges facing the development of community-based health insurance (CBHI) schemes. This article uses longitudinal household survey data gathered in 2012 and 2013 to examine dropout in the case of Ethiopia's pilot CBHI scheme. We treat dropout as a function of scheme affordability, health status, scheme understanding and quality of care. The scheme saw enrolment increase from 41% 1 year after inception to 48% a year later. An impressive 82% of those who enrolled in the first year renewed their subscriptions, while 25% who had not enrolled joined the scheme. The analysis shows that socioeconomic status, a greater understanding of health insurance and experience with and knowledge of the CBHI scheme are associated with lower dropout rates. While there are concerns about the quality of care and the treatment meted out to the insured by providers, the overall picture is that returns from the scheme are overwhelmingly positive. For the bulk of households, premiums do not seem to be onerous, basic understanding of health insurance is high and almost all those who are currently enrolled signalled their desire to renew contracts.

  4. Eyebrows Identity Authentication Based on Wavelet Transform and Support Vector Machines

    NASA Astrophysics Data System (ADS)

    Jun-bin, CAO; Haitao, Yang; Lili, Ding

    In order to study the novel biometric of eyebrow,,this paper presents an Eyebrows identity authentication based on wavelet transform and support vector machines. The features of the eyebrows image are extracted by wavelet transform, and then classifies them based on SVM. Verification results of the experiment on an eyebrow database taken from 100 of self-built personal demonstrate the effectiveness of the system. The system has a lower FAR 0.22%and FRR 28% Therefore, eyebrow recongnition may possibly apply to personal identification.

  5. Content-based audio authentication using a hierarchical patchwork watermark embedding

    NASA Astrophysics Data System (ADS)

    Gulbis, Michael; Müller, Erika

    2010-05-01

    Content-based audio authentication watermarking techniques extract perceptual relevant audio features, which are robustly embedded into the audio file to protect. Manipulations of the audio file are detected on the basis of changes between the original embedded feature information and the anew extracted features during verification. The main challenges of content-based watermarking are on the one hand the identification of a suitable audio feature to distinguish between content preserving and malicious manipulations. On the other hand the development of a watermark, which is robust against content preserving modifications and able to carry the whole authentication information. The payload requirements are significantly higher compared to transaction watermarking or copyright protection. Finally, the watermark embedding should not influence the feature extraction to avoid false alarms. Current systems still lack a sufficient alignment of watermarking algorithm and feature extraction. In previous work we developed a content-based audio authentication watermarking approach. The feature is based on changes in DCT domain over time. A patchwork algorithm based watermark was used to embed multiple one bit watermarks. The embedding process uses the feature domain without inflicting distortions to the feature. The watermark payload is limited by the feature extraction, more precisely the critical bands. The payload is inverse proportional to segment duration of the audio file segmentation. Transparency behavior was analyzed in dependence of segment size and thus the watermark payload. At a segment duration of about 20 ms the transparency shows an optimum (measured in units of Objective Difference Grade). Transparency and/or robustness are fast decreased for working points beyond this area. Therefore, these working points are unsuitable to gain further payload, needed for the embedding of the whole authentication information. In this paper we present a hierarchical extension

  6. Do We Need to Design Course-Based Undergraduate Research Experiences for Authenticity?

    PubMed

    Rowland, Susan; Pedwell, Rhianna; Lawrie, Gwen; Lovie-Toon, Joseph; Hung, Yu

    2016-01-01

    The recent push for more authentic teaching and learning in science, technology, engineering, and mathematics indicates a shared agreement that undergraduates require greater exposure to professional practices. There is considerable variation, however, in how "authentic" science education is defined. In this paper we present our definition of authenticity as it applies to an "authentic" large-scale undergraduate research experience (ALURE); we also look to the literature and the student voice for alternate perceptions around this concept. A metareview of science education literature confirmed the inconsistency in definitions and application of the notion of authentic science education. An exploration of how authenticity was explained in 604 reflections from ALURE and traditional laboratory students revealed contrasting and surprising notions and experiences of authenticity. We consider the student experience in terms of alignment with 1) the intent of our designed curriculum and 2) the literature definitions of authentic science education. These findings contribute to the conversation surrounding authenticity in science education. They suggest two things: 1) educational experiences can have significant authenticity for the participants, even when there is no purposeful design for authentic practice, and 2) the continuing discussion of and design for authenticity in UREs may be redundant.

  7. High order accurate finite difference schemes based on symmetry preservation

    NASA Astrophysics Data System (ADS)

    Ozbenli, Ersin; Vedula, Prakash

    2016-11-01

    A new algorithm for development of high order accurate finite difference schemes for numerical solution of partial differential equations using Lie symmetries is presented. Considering applicable symmetry groups (such as those relevant to space/time translations, Galilean transformation, scaling, rotation and projection) of a partial differential equation, invariant numerical schemes are constructed based on the notions of moving frames and modified equations. Several strategies for construction of invariant numerical schemes with a desired order of accuracy are analyzed. Performance of the proposed algorithm is demonstrated using analysis of one-dimensional partial differential equations, such as linear advection diffusion equations inviscid Burgers equation and viscous Burgers equation, as our test cases. Through numerical simulations based on these examples, the expected improvement in accuracy of invariant numerical schemes (up to fourth order) is demonstrated. Advantages due to implementation and enhanced computational efficiency inherent in our proposed algorithm are presented. Extension of the basic framework to multidimensional partial differential equations is also discussed.

  8. Comparison of SNP-based detection assays for food analysis: Coffee authentication.

    PubMed

    Spaniolas, Stelios; Bazakos, Christos; Tucker, Gregory A; Bennett, Malcolm J

    2014-01-01

    Recently, DNA-based authentication methods were developed to serve as complementary approaches to analytical chemistry techniques. The single nucleotide polymorphism (SNP)-based reaction chemistries, when combined with the existing detection methods, could result in numerous analytical approaches, all with particular advantages and disadvantages. The dual aim of this study was (a) to develop SNP-based analytical assays such as the single-base primer extension (SNaPShot) and pyrosequencing in order to differentiate Arabica and Robusta varieties for the authentication of coffee beans and (b) to compare the performances of SNaPshot, pyrosequencing and the previously developed polymerase chain reaction-restriction fragment length polymorphism (PCR-RFLP) using an Agilent 2100 Bioanalyzer on the basis of linearity (R2) and LOD, expressed as percentage of the adulterant species, using green coffee beans (Arabica and Robusta) as a food model. The results showed that SNaPshot analysis exhibited the best LOD, whereas pyrosequencing revealed the best linearity (R2 = 0.997). The PCR-RFLP assay using the Agilent 2100 Bioanalyzer could prove to be a very useful method for a laboratory that lacks sequencing facilities but it can be used only if a SNP creates/deletes a restriction site.

  9. Web-Based Course Delivery and Administration Using Scheme.

    ERIC Educational Resources Information Center

    Salustri, Filippo A.

    This paper discusses the use at the University of Windsor (Ontario) of a small World Wide Web-based tool for course delivery and administration called HAL (HTML-based Administrative Lackey), written in the Scheme programming language. This tool was developed by the author to provide Web-based services for a large first-year undergraduate course in…

  10. Device interoperability and authentication for telemedical appliance based on the ISO/IEEE 11073 Personal Health Device (PHD) Standards.

    PubMed

    Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G

    2012-01-01

    In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.

  11. Design of a MEMS-based retina scanning system for biometric authentication

    NASA Astrophysics Data System (ADS)

    Woittennek, Franziska; Knobbe, Jens; Pügner, Tino; Schelinski, Uwe; Grüger, Heinrich

    2014-05-01

    There is an increasing need for reliable authentication for a number of applications such as e commerce. Common authentication methods based on ownership (ID card) or knowledge factors (password, PIN) are often prone to manipulations and may therefore be not safe enough. Various inherence factor based methods like fingerprint, retinal pattern or voice identifications are considered more secure. Retina scanning in particular offers both low false rejection rate (FRR) and low false acceptance rate (FAR) with about one in a million. Images of the retina with its characteristic pattern of blood vessels can be made with either a fundus camera or laser scanning methods. The present work describes the optical design of a new compact retina laser scanner which is based on MEMS (Micro Electric Mechanical System) technology. The use of a dual axis micro scanning mirror for laser beam deflection enables a more compact and robust design compared to classical systems. The scanner exhibits a full field of view of 10° which corresponds to an area of 4 mm2 on the retinal surface surrounding the optical disc. The system works in the near infrared and is designed for use under ambient light conditions, which implies a pupil diameter of 1.5 mm. Furthermore it features a long eye relief of 30 mm so that it can be conveniently used by persons wearing glasses. The optical design requirements and the optical performance are discussed in terms of spot diagrams and ray fan plots.

  12. Robust Audio Watermarking Scheme Based on Deterministic Plus Stochastic Model

    NASA Astrophysics Data System (ADS)

    Dhar, Pranab Kumar; Kim, Cheol Hong; Kim, Jong-Myon

    Digital watermarking has been widely used for protecting digital contents from unauthorized duplication. This paper proposes a new watermarking scheme based on spectral modeling synthesis (SMS) for copyright protection of digital contents. SMS defines a sound as a combination of deterministic events plus a stochastic component that makes it possible for a synthesized sound to attain all of the perceptual characteristics of the original sound. In our proposed scheme, watermarks are embedded into the highest prominent peak of the magnitude spectrum of each non-overlapping frame in peak trajectories. Simulation results indicate that the proposed watermarking scheme is highly robust against various kinds of attacks such as noise addition, cropping, re-sampling, re-quantization, and MP3 compression and achieves similarity values ranging from 17 to 22. In addition, our proposed scheme achieves signal-to-noise ratio (SNR) values ranging from 29 dB to 30 dB.

  13. Communication scheme based on evolutionary spatial 2×2 games

    NASA Astrophysics Data System (ADS)

    Ziaukas, Pranas; Ragulskis, Tautvydas; Ragulskis, Minvydas

    2014-06-01

    A visual communication scheme based on evolutionary spatial 2×2 games is proposed in this paper. Self-organizing patterns induced by complex interactions between competing individuals are exploited for hiding and transmitting secret visual information. Properties of the proposed communication scheme are discussed in details. It is shown that the hiding capacity of the system (the minimum size of the detectable primitives and the minimum distance between two primitives) is sufficient for the effective transmission of digital dichotomous images. Also, it is demonstrated that the proposed communication scheme is resilient to time backwards, plain image attacks and is highly sensitive to perturbations of private and public keys. Several computational experiments are used to demonstrate the effectiveness of the proposed communication scheme.

  14. Time to unravel the conceptual confusion of authenticity and fidelity and their contribution to learning within simulation-based nurse education. A discussion paper.

    PubMed

    Bland, Andrew J; Topping, Annie; Tobbell, Jane

    2014-07-01

    High-fidelity patient simulation is a method of education increasingly utilised by educators of nursing to provide authentic learning experiences. Fidelity and authenticity, however, are not conceptually equivalent. Whilst fidelity is important when striving to replicate a life experience such as clinical practice, authenticity can be produced with low fidelity. A challenge for educators of undergraduate nursing is to ensure authentic representation of the clinical situation which is a core component for potential success. What is less clear is the relationship between fidelity and authenticity in the context of simulation based learning. Authenticity does not automatically follow fidelity and as a result, educators of nursing cannot assume that embracing the latest technology-based educational tools will in isolation provide a learning environment perceived authentic by the learner. As nursing education programmes increasingly adopt simulators that offer the possibility of representing authentic real world situations, there is an urgency to better articulate and understand the terms fidelity and authenticity. Without such understanding there is a real danger that simulation as a teaching and learning resource in nurse education will never reach its potential and be misunderstood, creating a potential barrier to learning. This paper examines current literature to promote discussion within nurse education, concluding that authenticity in the context of simulation-based learning is complex, relying on far more than engineered fidelity. Copyright © 2014 Elsevier Ltd. All rights reserved.

  15. Authentic science in education: Studies in course-based research at the United States Military Academy

    NASA Astrophysics Data System (ADS)

    Chase, Anthony M.

    This dissertation consists of two studies at the United States Military Academy. Both studies involve the use of Course-based Undergraduate Research Experiences (CUREs). These experiences give students the ability to engage in undergraduate research at an early point in their academic career by replacing traditional laboratory activities with semester-long research projects. Both studies show an implementation of this type of instruction from the Center for Authentic Science Practice in Education (CASPiE). Study 1 shows the specific method of implementation at the military academy and explores learning-based outcomes. Primarily the outcome of critical thinking is demonstrated. Critical thinking is a construct that many curriculum developers and instructors want to foster within their students but often lack clear definitions or evaluation plans. This study gives a definition of critical thinking and an outcome of a critical thinking test. Significant gains in critical thinking are observed by students participating in the CURE as well as significant gains in three affective factors (Interest in Science/Chemistry, Authenticity, Perceived Learning). The gains in critical thinking are then further statistically linked to students’ perceptions of how authentically they saw the research in the course. If they felt that the course was demonstrating more authentic science practices, they gained significantly more in their critical thinking scores. The second study in this dissertation adds an additional transfer focus to the instructional materials that the CURE was meant to support. The treatment group in this study received instruction that was framed expansively. The expansively framed instruction showed students ways that the material was applicable outside of the course. The assessments and instructional materials of this study were transfer assessments with contrasting cases. Instances of negative or “overzealous transfer” were also reported. Findings suggest

  16. Edge-based finite element scheme for the Euler equations

    NASA Astrophysics Data System (ADS)

    Luo, Hong; Baum, Joseph D.; Loehner, Rainald

    1994-06-01

    This paper describes the development, validation, and application of a new finite element scheme for the solution of the compressible Euler equations on unstructured grids. The implementation of the numerical scheme is based on an edge-based data structure, as opposed to a more element-based data structure. The use of this edge-based data structure not only improves the efficiency of the algorithm but also enables a straightforward implementation of the upwind schemes in the context of finite element methods. The algorithm has been tested and validated on some well documented configurations. A flow solution about a complete F-18 fighter is shown to demonstrate the accuracy and robustness of the proposed algorithm.

  17. Edge-based finite element scheme for the Euler equations

    NASA Astrophysics Data System (ADS)

    Luo, Hong; Baum, Joseph D.; Lohner, Rainald

    1994-06-01

    This paper describes the development, validation, and application of a new finite element scheme for the solution of the compressible Euler equations on unstructured grids. The implementation of the numerical scheme is based on an edge-based data structure, as opposed to a more traditional element-based data structure. The use of this edge-based data structure not only improves the efficiency of the algorithm but also enables a straightforward implementation of upwind schemes in the context of finite element methods. The algorithm has been tested and validated on some well-documented configurations. A flow solution about a complete F-18 fighter is shown to demonstrate the accuracy and robustness of the proposed algorithm.

  18. Packet Forwarding Scheme Based on Interworking Architecture for Future Internet

    NASA Astrophysics Data System (ADS)

    Kim, Seokhoon; Ryoo, Intae

    This paper introduces a packet forwarding scheme based on interworking architecture that can provide quite a good QoS by minimizing processing delay which is the major part of the timeliness factor in New Generation IP-based networks. Based on path and resource reservation mechanism, the POSIA makes routers on the packet forwarding path synchronize with each other and then forward packets. We have shown that the POSIA outperforms the existing packet forwarding schemes like IntServ, DiffServ and MPLS through computer simulations using OPNET.

  19. Secure authenticated video equipment

    SciTech Connect

    Doren, N.E.

    1993-07-01

    In the verification technology arena, there is a pressing need for surveillance and monitoring equipment that produces authentic, verifiable records of observed activities. Such a record provides the inspecting party with confidence that observed activities occurred as recorded, without undetected tampering or spoofing having taken place. The secure authenticated video equipment (SAVE) system provides an authenticated series of video images of an observed activity. Being self-contained and portable, it can be installed as a stand-alone surveillance system or used in conjunction with existing monitoring equipment in a non-invasive manner. Security is provided by a tamper-proof camera enclosure containing a private, electronic authentication key. Video data is transferred communication link consisting of a coaxial cable, fiber-optic link or other similar media. A video review station, located remotely from the camera, receives, validates, displays and stores the incoming data. Video data is validated within the review station using a public key, a copy of which is held by authorized panics. This scheme allows the holder of the public key to verify the authenticity of the recorded video data but precludes undetectable modification of the data generated by the tamper-protected private authentication key.

  20. Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

    PubMed Central

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

  1. Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

    PubMed

    Park, Chang-Seop

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

  2. Adaptive PCA based fault diagnosis scheme in imperial smelting process.

    PubMed

    Hu, Zhikun; Chen, Zhiwen; Gui, Weihua; Jiang, Bin

    2014-09-01

    In this paper, an adaptive fault detection scheme based on a recursive principal component analysis (PCA) is proposed to deal with the problem of false alarm due to normal process changes in real process. Our further study is also dedicated to develop a fault isolation approach based on Generalized Likelihood Ratio (GLR) test and Singular Value Decomposition (SVD) which is one of general techniques of PCA, on which the off-set and scaling fault can be easily isolated with explicit off-set fault direction and scaling fault classification. The identification of off-set and scaling fault is also applied. The complete scheme of PCA-based fault diagnosis procedure is proposed. The proposed scheme is first applied to Imperial Smelting Process, and the results show that the proposed strategies can be able to mitigate false alarms and isolate faults efficiently. Copyright © 2013 ISA. Published by Elsevier Ltd. All rights reserved.

  3. Do We Need to Design Course-Based Undergraduate Research Experiences for Authenticity?

    PubMed Central

    Rowland, Susan; Pedwell, Rhianna; Lawrie, Gwen; Lovie-Toon, Joseph; Hung, Yu

    2016-01-01

    The recent push for more authentic teaching and learning in science, technology, engineering, and mathematics indicates a shared agreement that undergraduates require greater exposure to professional practices. There is considerable variation, however, in how “authentic” science education is defined. In this paper we present our definition of authenticity as it applies to an “authentic” large-scale undergraduate research experience (ALURE); we also look to the literature and the student voice for alternate perceptions around this concept. A metareview of science education literature confirmed the inconsistency in definitions and application of the notion of authentic science education. An exploration of how authenticity was explained in 604 reflections from ALURE and traditional laboratory students revealed contrasting and surprising notions and experiences of authenticity. We consider the student experience in terms of alignment with 1) the intent of our designed curriculum and 2) the literature definitions of authentic science education. These findings contribute to the conversation surrounding authenticity in science education. They suggest two things: 1) educational experiences can have significant authenticity for the participants, even when there is no purposeful design for authentic practice, and 2) the continuing discussion of and design for authenticity in UREs may be redundant. PMID:27909029

  4. A Survey of Watermarking Algorithms for Image Authentication

    NASA Astrophysics Data System (ADS)

    Rey, Christian; Dugelay, Jean-Luc

    2002-12-01

    Digital image manipulation software is now readily available on personal computers. It is therefore very simple to tamper with any image and make it available to others. Insuring digital image integrity has therefore become a major issue. Watermarking has become a popular technique for copyright enforcement and image authentication. The aim of this paper is to present an overview of emerging techniques for detecting whether image tampering has taken place. Compared to the techniques and protocols for security usually employed to perform this task, the majority of the proposed methods based on watermarking, place a particular emphasis on the notion of content authentication rather than strict integrity. In this paper, we introduce the notion of image content authentication and the features required to design an effective authentication scheme. We present some algorithms, and introduce frequently used key techniques.

  5. Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

    PubMed

    Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroaki; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

    2015-01-01

    Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

  6. Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

    PubMed Central

    Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

    2015-01-01

    Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic. PMID:26580963

  7. Saffron authentication based on liquid chromatography high resolution tandem mass spectrometry and multivariate data analysis.

    PubMed

    Rubert, Josep; Lacina, Ondrej; Zachariasova, Milena; Hajslova, Jana

    2016-08-01

    Saffron is one of the oldest and most expensive spices, which is often target of fraudulent activities. In this research, a new strategy of saffron authentication based on metabolic fingerprinting was developed. In the first phase, a solid liquid extraction procedure was optimized, the main aim was to isolate as maximal representation of small molecules contained in saffron as possible. In the second step, a detection method based on liquid chromatography coupled with high-resolution mass spectrometry was developed. Initially, principal component analysis (PCA) revealed clear differences between saffron cultivated and packaged in Spain, protected designation of origin (PDO), and saffron packaged in Spain of unknown origin, labeled Spanish saffron. Afterwards, orthogonal partial least square discriminant analysis (OPLS-DA) was favorably used to discriminate between Spanish saffron. The tentative identification of markers showed glycerophospholipids and their oxidized lipids were significant markers according to their origin. Copyright © 2016 Elsevier Ltd. All rights reserved.

  8. Improved Readout Scheme for SQUID-Based Thermometry

    NASA Technical Reports Server (NTRS)

    Penanen, Konstantin

    2007-01-01

    An improved readout scheme has been proposed for high-resolution thermometers, (HRTs) based on the use of superconducting quantum interference devices (SQUIDs) to measure temperature- dependent magnetic susceptibilities. The proposed scheme would eliminate counting ambiguities that arise in the conventional scheme, while maintaining the superior magnetic-flux sensitivity of the conventional scheme. The proposed scheme is expected to be especially beneficial for HRT-based temperature control of multiplexed SQUIDbased bolometer sensor arrays. SQUID-based HRTs have become standard for measuring and controlling temperatures in the sub-nano-Kelvin temperature range in a broad range of low-temperature scientific and engineering applications. A typical SQUIDbased HRT that utilizes the conventional scheme includes a coil wound on a core made of a material that has temperature- dependent magnetic susceptibility in the temperature range of interest. The core and the coil are placed in a DC magnetic field provided either by a permanent magnet or as magnetic flux inside a superconducting outer wall. The aforementioned coil is connected to an input coil of a SQUID. Changes in temperature lead to changes in the susceptibility of the core and to changes in the magnetic flux detected by the SQUID. The SQUID readout instrumentation is capable of measuring magnetic-flux changes that correspond to temperature changes down to a noise limit .0.1 nK/Hz1/2. When the flux exceeds a few fundamental flux units, which typically corresponds to a temperature of .100 nK, the SQUID is reset. The temperature range can be greatly expanded if the reset events are carefully tracked and counted, either by a computer running appropriate software or by a dedicated piece of hardware.

  9. An efficient biometric and password-based remote user authentication using smart card for Telecare Medical Information Systems in multi-server environment.

    PubMed

    Maitra, Tanmoy; Giri, Debasis

    2014-12-01

    The medical organizations have introduced Telecare Medical Information System (TMIS) to provide a reliable facility by which a patient who is unable to go to a doctor in critical or urgent period, can communicate to a doctor through a medical server via internet from home. An authentication mechanism is needed in TMIS to hide the secret information of both parties, namely a server and a patient. Recent research includes patient's biometric information as well as password to design a remote user authentication scheme that enhances the security level. In a single server environment, one server is responsible for providing services to all the authorized remote patients. However, the problem arises if a patient wishes to access several branch servers, he/she needs to register to the branch servers individually. In 2014, Chuang and Chen proposed an remote user authentication scheme for multi-server environment. In this paper, we have shown that in their scheme, an non-register adversary can successfully logged-in into the system as a valid patient. To resist the weaknesses, we have proposed an authentication scheme for TMIS in multi-server environment where the patients can register to a root telecare server called registration center (RC) in one time to get services from all the telecare branch servers through their registered smart card. Security analysis and comparison shows that our proposed scheme provides better security with low computational and communication cost.

  10. Multiple-watermarking scheme based on improved chaotic maps

    NASA Astrophysics Data System (ADS)

    Behnia, S.; Teshnehlab, M.; Ayubi, P.

    2010-09-01

    In this letter a new watermarking scheme for color image is proposed based on a family of the pair-coupled maps. Pair-coupled maps are employed to improve the security of watermarked image, and to encrypt the embedding position of the host image. Another map is also used to determine the pixel bit of host image for the watermark embedding. The purpose of this algorithm is to improve the shortcoming of watermarking such as small key space and low security. Due to the sensitivity to the initial conditions of the introduced pair-coupled maps, the security of the scheme is greatly improved.

  11. Block-based adaptive lifting schemes for multiband image compression

    NASA Astrophysics Data System (ADS)

    Masmoudi, Hela; Benazza-Benyahia, Amel; Pesquet, Jean-Christophe

    2004-02-01

    In this paper, we are interested in designing lifting schemes adapted to the statistics of the wavelet coefficients of multiband images for compression applications. More precisely, nonseparable vector lifting schemes are used in order to capture simultaneously the spatial and the spectral redundancies. The underlying operators are then computed in order to minimize the entropy of the resulting multiresolution representation. To this respect, we have developed a new iterative block-based classification algorithm. Simulation tests carried out on remotely sensed multispectral images indicate that a substantial gain in terms of bit-rate is achieved by the proposed adaptive coding method w.r.t the non-adaptive one.

  12. A second order derivative scheme based on Bregman algorithm class

    NASA Astrophysics Data System (ADS)

    Campagna, Rosanna; Crisci, Serena; Cuomo, Salvatore; Galletti, Ardelio; Marcellino, Livia

    2016-10-01

    The algorithms based on the Bregman iterative regularization are known for efficiently solving convex constraint optimization problems. In this paper, we introduce a second order derivative scheme for the class of Bregman algorithms. Its properties of convergence and stability are investigated by means of numerical evidences. Moreover, we apply the proposed scheme to an isotropic Total Variation (TV) problem arising out of the Magnetic Resonance Image (MRI) denoising. Experimental results confirm that our algorithm has good performance in terms of denoising quality, effectiveness and robustness.

  13. New optical scheme for a polarimetric-based glucose sensor

    NASA Technical Reports Server (NTRS)

    Ansari, Rafat R.; Bockle, Stefan; Rovati, Luigi

    2004-01-01

    A new optical scheme to detect glucose concentration in the aqueous humor of the eye is presented. The ultimate aim is to apply this technique in designing a new instrument for, routinely and frequently, noninvasively monitoring blood glucose levels in diabetic patients without contact (no index matching) between the eye and the instrument. The optical scheme exploits the Brewster reflection of circularly polarized light off of the lens of the eye. Theoretically, this reflected linearly polarized light on its way to the detector is expected to rotate its state of polarization, owing to the presence of glucose molecules in the aqueous humor of a patient's eye. An experimental laboratory setup based on this scheme was designed and tested by measuring a range of known concentrations of glucose solutions dissolved in water. (c) 2004 Society of Photo-Optical Instrumentation Engineers.

  14. A DFIG Islanding Detection Scheme Based on Reactive Power Infusion

    NASA Astrophysics Data System (ADS)

    Wang, M.; Liu, C.; He, G. Q.; Li, G. H.; Feng, K. H.; Sun, W. W.

    2017-07-01

    A lot of research has been done on photovoltaic (the “PV”) power system islanding detection in recent years. As a comparison, much less attention has been paid to islanding in wind turbines. Meanwhile, wind turbines can work in islanding conditions for quite a long period, which can be harmful to equipments and cause safety hazards. This paper presents and examines a double fed introduction generation (the “DFIG”) islanding detection scheme based on feedback of reactive power and frequency and uses a trigger signal of reactive power infusion which can be obtained by dividing the voltage total harmonic distortion (the "THD") by the voltage THD of last cycle to avoid the deterioration of power quality. This DFIG islanding detection scheme uses feedback of reactive power current loop to amplify the frequency differences in islanding and normal conditions. Simulation results show that the DFIG islanding detection scheme is effective.

  15. An ICA based MIMO-OFDM VLC scheme

    NASA Astrophysics Data System (ADS)

    Jiang, Fangqing; Deng, Honggui; Xiao, Wei; Tao, Shaohua; Zhu, Kaicheng

    2015-07-01

    In this paper, we propose a novel ICA based MIMO-OFDM VLC scheme, where ICA is applied to convert the MIMO-OFDM channel into several SISO-OFDM channels to reduce computational complexity in channel estimation, without any spectral overhead. Besides, the FM is first investigated to further modulate the OFDM symbols to eliminate the correlation of the signals, so as to improve the separation performance of the ICA algorithm. In the 4×4MIMO-OFDM VLC simulation experiment, LOS path and NLOS paths are both considered, each transmitting signal at 100 Mb/s. Simulation results show that the BER of the proposed scheme reaches the 10-5 level at SNR=20 dB, which is a large improvement compared to the traditional schemes.

  16. New optical scheme for a polarimetric-based glucose sensor

    NASA Technical Reports Server (NTRS)

    Ansari, Rafat R.; Bockle, Stefan; Rovati, Luigi

    2004-01-01

    A new optical scheme to detect glucose concentration in the aqueous humor of the eye is presented. The ultimate aim is to apply this technique in designing a new instrument for, routinely and frequently, noninvasively monitoring blood glucose levels in diabetic patients without contact (no index matching) between the eye and the instrument. The optical scheme exploits the Brewster reflection of circularly polarized light off of the lens of the eye. Theoretically, this reflected linearly polarized light on its way to the detector is expected to rotate its state of polarization, owing to the presence of glucose molecules in the aqueous humor of a patient's eye. An experimental laboratory setup based on this scheme was designed and tested by measuring a range of known concentrations of glucose solutions dissolved in water. (c) 2004 Society of Photo-Optical Instrumentation Engineers.

  17. Towards second-generation smart card-based authentication in health information systems: the secure server model.

    PubMed

    Hallberg, J; Hallberg, N; Timpka, T

    2001-01-01

    Conventional smart card-based authentication systems used in health care alleviate some of the security issues in user and system authentication. Existing models still do not cover all security aspects. To enable new protective measures to be developed, an extended model of the authentication process is presented. This model includes a new entity referred to as secure server. Assuming a secure server, a method where the smart card is aware of the status of the terminal integrity verification becomes feasible. The card can then act upon this knowledge and restrict the exposure of sensitive information to the terminal as required in order to minimize the risks. The secure server model can be used to illuminate the weaknesses of current approaches and the need for extensions which alleviate the resulting risks.

  18. Research Based Science Education: Bringing Authentic Scientific Research into the Secondary Classroom

    NASA Astrophysics Data System (ADS)

    Sayers, J.

    2003-12-01

    Teachers and students at Northview High School in Brazil, Indiana have the opportunity to engage in authentic scientific research through our participation in two national projects, TLRBSE and PEPP. Teacher Leaders in Research Based Science Education (TLRBSE) is a teacher professional development and retention program coupled with authentic scientific research projects in astronomy. Teacher-Leaders are trained in research-based pedagogy and serve as mentors to less experienced colleagues and work with students to develop science research methods and research projects for the classroom. Astronomical data collected at Kitt Peak by astronomers and teachers is made available on CD for classroom use. Northview is in its second year as a TLRBSE school. The Princeton Earth Physics Project (PEPP) trains mentor teachers in fundamentals of research in seismology. Teachers and students then gain hands on experience in science research through operation of a research quality seismic station sited at the high school. Data from the Northview seismometer are stored locally and also transmitted over the Internet to a database at Indiana University. Students have access to local data as well as seismic databases accessible through the Internet to use for research projects. The Northview Seismic Station has been in operation since 1998. In this presentation, I will describe how these projects have been incorporated into the physics and earth science programs at Northview High School. I will discus how our teachers and students have benefited from the opportunity to take part in hands-on scientific research under the guidance of university faculty. In particular, I will describe our participation in a regional seismic network through seismic data acquisition, data analysis using seismological software, and students' experiences in a university-based student research symposium. I reflect on the some of the successes and barriers to high-school teachers' and students' involvement in

  19. A Broker-based approach for GEOSS authentication/authorization services

    NASA Astrophysics Data System (ADS)

    Santoro, Mattia; Nativi, Stefano

    2015-04-01

    The Group on Earth Observation (GEO) is a voluntary partnership of governments and international organizations coordinating efforts to build a Global Earth Observation System of Systems (GEOSS). GEOSS aims to achieve societal benefits through voluntary contribution and sharing of resources to better understand the relationships between the society and the environment where we live. The GEOSS Common Infrastructure (GCI) implements a digital infrastructure (e-infrastructure) that coordinates access to these systems, interconnecting and harmonizing their data, applications, models, and products. The GCI component implementing the needed interoperability arrangements to interconnect the data systems contributing to GEOSS is the GEO DAB (Discovery and Access Broker). This provides a unique entry point to which client applications (i.e. the portals and apps) can connect for exploiting (search, discover, and access) resources available through GCI. The GEO DAB implements the brokering approach (Nativi et al., 2013) to build a flexible and scalable System of Systems. GEOSS data providers ask for information about who accessed their resources and, in some cases, want to limit the data download. GEOSS users ask for a profiled interaction with the system based on their needs and expertise level. This raised the need for an enrichment of GEO DAB functionalities, i.e. user authentication/authorization. Besides, authentication and authorization is necessary for GEOSS to provide moderated social services - e.g. feedback messages, data "fit for use" comments, etc. In the development of this new functionality, the need to support existing and well-used users' credentials (e.g. Google, Twitter, etc.) stems from GEOSS principles to build on existing systems and lower entry-barriers for users. To cope with these requirements and face the heterogeneity of technologies used by the different data systems and client applications, a broker-based approach for the authentication

  20. Geospatial Authentication

    NASA Technical Reports Server (NTRS)

    Lyle, Stacey D.

    2009-01-01

    A software package that has been designed to allow authentication for determining if the rover(s) is/are within a set of boundaries or a specific area to access critical geospatial information by using GPS signal structures as a means to authenticate mobile devices into a network wirelessly and in real-time has been developed. The advantage lies in that the system only allows those with designated geospatial boundaries or areas into the server. The Geospatial Authentication software has two parts Server and Client. The server software is a virtual private network (VPN) developed in Linux operating system using Perl programming language. The server can be a stand-alone VPN server or can be combined with other applications and services. The client software is a GUI Windows CE software, or Mobile Graphical Software, that allows users to authenticate into a network. The purpose of the client software is to pass the needed satellite information to the server for authentication.

  1. Redesigning a library-based genetics class research project through instructional theory and authentic experience*

    PubMed Central

    Tennant, Michele R; Edwards, Mary; Miyamoto, Michael M

    2012-01-01

    Question: How can the library-based research project of a genetics course be reinvigorated and made sustainable without sacrificing educational integrity? Setting: The University of Florida's Health Science Center Library provides the case study. Methods: Since 1996, the librarian has codeveloped, supported, and graded all components of the project. In 2009, the project evolved from a single-authored paper to a group-work poster, with graded presentations hosted by the library. In 2010, students were surveyed regarding class enhancements. Results: Responses indicated a preference for collaborative work and the poster format and suggested the changes facilitated learning. Instructors reported that the poster format more clearly documented students' understanding of genetics. Conclusion: Results suggest project enhancements contributed to greater appreciation, understanding, and application of classroom material and offered a unique and authentic learning experience, without compromising educational integrity. The library benefitted through increased visibility as a partner in the educational mission and development of a sustainable instructional collaboration. PMID:22514504

  2. Redesigning a library-based genetics class research project through instructional theory and authentic experience.

    PubMed

    Tennant, Michele R; Edwards, Mary; Miyamoto, Michael M

    2012-04-01

    How can the library-based research project of a genetics course be reinvigorated and made sustainable without sacrificing educational integrity? The University of Florida's Health Science Center Library provides the case study. Since 1996, the librarian has codeveloped, supported, and graded all components of the project. In 2009, the project evolved from a single-authored paper to a group-work poster, with graded presentations hosted by the library. In 2010, students were surveyed regarding class enhancements. Responses indicated a preference for collaborative work and the poster format and suggested the changes facilitated learning. Instructors reported that the poster format more clearly documented students' understanding of genetics. Results suggest project enhancements contributed to greater appreciation, understanding, and application of classroom material and offered a unique and authentic learning experience, without compromising educational integrity. The library benefitted through increased visibility as a partner in the educational mission and development of a sustainable instructional collaboration.

  3. Do We Need to Design Course-Based Undergraduate Research Experiences for Authenticity?

    ERIC Educational Resources Information Center

    Rowland, Susan; Pedwell, Rhianna; Lawrie, Gwen; Lovie-Toon, Joseph; Hung, Yu

    2016-01-01

    The recent push for more authentic teaching and learning in science, technology, engineering, and mathematics indicates a shared agreement that undergraduates require greater exposure to professional practices. There is considerable variation, however, in how "authentic" science education is defined. In this paper we present our…

  4. The Role of Authenticity in Design-Based Learning Environments: The Case of Engineering Education

    ERIC Educational Resources Information Center

    Strobel, J.; Wang, J.; Weber, N. R.; Dyehouse, M.

    2013-01-01

    The term "authenticity" is pervasive in the education literature in general and specifically in the design education and engineering education literature; yet, the construct is often used un-reflected and ill defined. The purpose of this paper is (1) to critically examine current conceptualizations of authenticity as principles to design learning…

  5. Do We Need to Design Course-Based Undergraduate Research Experiences for Authenticity?

    ERIC Educational Resources Information Center

    Rowland, Susan; Pedwell, Rhianna; Lawrie, Gwen; Lovie-Toon, Joseph; Hung, Yu

    2016-01-01

    The recent push for more authentic teaching and learning in science, technology, engineering, and mathematics indicates a shared agreement that undergraduates require greater exposure to professional practices. There is considerable variation, however, in how "authentic" science education is defined. In this paper we present our…

  6. The Role of Authenticity in Design-Based Learning Environments: The Case of Engineering Education

    ERIC Educational Resources Information Center

    Strobel, J.; Wang, J.; Weber, N. R.; Dyehouse, M.

    2013-01-01

    The term "authenticity" is pervasive in the education literature in general and specifically in the design education and engineering education literature; yet, the construct is often used un-reflected and ill defined. The purpose of this paper is (1) to critically examine current conceptualizations of authenticity as principles to design learning…

  7. Quantum identity authentication with single photon

    NASA Astrophysics Data System (ADS)

    Hong, Chang ho; Heo, Jino; Jang, Jin Gak; Kwon, Daesung

    2017-10-01

    Quantum identity authentication with single photons is proposed in the paper. It can verify a user's identity without exposing to an authentication key information. The protocol guarantees high efficiency in that it can verify two bits of authentication information using just a single photon. The security of our authentication scheme is analyzed and confirmed in the case of a general attack. Moreover, the proposed protocol is practicable with current technology. Our quantum identity authentication protocol does not require quantum memory registration and any entangled photon sources.

  8. Writing the Book…Literally: The Convergence of Authentic Intellectual Work (AIW) and Project-Based Learning (PBL)

    ERIC Educational Resources Information Center

    Buckmiller, Tom M.; Kruse, Jerrid W.

    2015-01-01

    Using the Project-Based Learning (PBL) and Authentic Intellectual Work (AIW) models, we sought to create coursework that had value beyond the classroom. Refinements in the self-publishing book industry provide the opportunity to present student work to a larger audience and in a different, more engaging format. With the help of free software, our…

  9. Image classification based on scheme of principal node analysis

    NASA Astrophysics Data System (ADS)

    Yang, Feng; Ma, Zheng; Xie, Mei

    2016-11-01

    This paper presents a scheme of principal node analysis (PNA) with the aim to improve the representativeness of the learned codebook so as to enhance the classification rate of scene image. Original images are normalized into gray ones and the scale-invariant feature transform (SIFT) descriptors are extracted from each image in the preprocessing stage. Then, the PNA-based scheme is applied to the SIFT descriptors with iteration and selection algorithms. The principal nodes of each image are selected through spatial analysis of the SIFT descriptors with Manhattan distance (L1 norm) and Euclidean distance (L2 norm) in order to increase the representativeness of the codebook. With the purpose of evaluating the performance of our scheme, the feature vector of the image is calculated by two baseline methods after the codebook is constructed. The L1-PNA- and L2-PNA-based baseline methods are tested and compared with different scales of codebooks over three public scene image databases. The experimental results show the effectiveness of the proposed scheme of PNA with a higher categorization rate.

  10. Threshold secret sharing scheme based on phase-shifting interferometry.

    PubMed

    Deng, Xiaopeng; Shi, Zhengang; Wen, Wei

    2016-11-01

    We propose a new method for secret image sharing with the (3,N) threshold scheme based on phase-shifting interferometry. The secret image, which is multiplied with an encryption key in advance, is first encrypted by using Fourier transformation. Then, the encoded image is shared into N shadow images based on the recording principle of phase-shifting interferometry. Based on the reconstruction principle of phase-shifting interferometry, any three or more shadow images can retrieve the secret image, while any two or fewer shadow images cannot obtain any information of the secret image. Thus, a (3,N) threshold secret sharing scheme can be implemented. Compared with our previously reported method, the algorithm of this paper is suited for not only a binary image but also a gray-scale image. Moreover, the proposed algorithm can obtain a larger threshold value t. Simulation results are presented to demonstrate the feasibility of the proposed method.

  11. Gyrator wavelet transform based non-linear multiple single channel information fusion and authentication

    NASA Astrophysics Data System (ADS)

    Abuturab, Muhammad Rafiq

    2015-11-01

    A novel gyrator wavelet transform based non-linear multiple single channel information fusion and authentication is introduced. In this technique, each user channel is normalized, phase encoded, and modulated by random phase function, and then multiplexed into a single channel user ciphertext. Now, the secret channel of corresponding user is phase encoded, modulated by random phase function, and gyrator transformed, and then multiplexed into a single channel secret ciphertext. The user ciphertext and secret ciphertext are multiplied to get a single channel multiplex image and then inverse gyrator transformed. The resultant spectrum is phase- and amplitude-truncated to obtain the encrypted image and the asymmetric key, respectively. The encrypted image is a single-level 2-D discrete wavelet transformed. The information is decomposed into LL, HL, LH, and HH sub-bands. This process is repeated to obtain three sets of four sub-bands of three different images. Next, the individual sub-band of each encrypted image is fused to get four fused sub-bands. Finally, the four fused sub-bands are inverse single-level 2-D discrete wavelet transformed to obtain final encrypted image. This is the main advantage for the proposed system: using multiple individual decryption keys (authentication key, asymmetric key, secret keys, and sub-band keys) for each user not only expands the key spaces but also supplies non-linear keys to control the system security. Moreover, the orders of gyrator transform provide extra degrees of freedom. The theoretical analysis and numerical simulation results support the proposed method.

  12. Resource Management Scheme Based on Ubiquitous Data Analysis

    PubMed Central

    Lee, Heung Ki; Jung, Jaehee

    2014-01-01

    Resource management of the main memory and process handler is critical to enhancing the system performance of a web server. Owing to the transaction delay time that affects incoming requests from web clients, web server systems utilize several web processes to anticipate future requests. This procedure is able to decrease the web generation time because there are enough processes to handle the incoming requests from web browsers. However, inefficient process management results in low service quality for the web server system. Proper pregenerated process mechanisms are required for dealing with the clients' requests. Unfortunately, it is difficult to predict how many requests a web server system is going to receive. If a web server system builds too many web processes, it wastes a considerable amount of memory space, and thus performance is reduced. We propose an adaptive web process manager scheme based on the analysis of web log mining. In the proposed scheme, the number of web processes is controlled through prediction of incoming requests, and accordingly, the web process management scheme consumes the least possible web transaction resources. In experiments, real web trace data were used to prove the improved performance of the proposed scheme. PMID:25197692

  13. A Cartesian grid-based unified gas kinetic scheme

    NASA Astrophysics Data System (ADS)

    Chen, Songze; Xu, Kun

    2014-12-01

    A Cartesian grid-based unified gas kinetic scheme is developed. In this approach, any oriented boundary in a Cartesian grid is represented by many directional boundary points. The numerical flux is evaluated on each boundary point. Then, a boundary flux interpolation method (BFIM) is constructed to distribute the boundary effect to the flow evolution on regular Cartesian grid points. The BFIM provides a general strategy to implement any kind of boundary condition on Cartesian grid. The newly developed technique is implemented in the unified gas kinetic scheme, where the scheme is reformulated into a finite difference format. Several typical test cases are simulated with different geometries. For example, the thermophoresis phenomenon for a plate with infinitesimal thickness immersed in a rarefied flow environment is calculated under different orientations on the same Cartesian grid. These computational results validate the BFIM in the unified scheme for the capturing of different thermal boundary conditions. The BFIM can be extended to the moving boundary problems as well.

  14. Region of Interest-Based Tamper Detection and Lossless Recovery Watermarking Scheme (ROI-DR) on Ultrasound Medical Images.

    PubMed

    Khor, Hui Liang; Liew, Siau-Chuin; Zain, Jasni Mohd

    2017-06-01

    Tampering on medical image will lead to wrong diagnosis and treatment, which is life-threatening; therefore, digital watermarking on medical image was introduced to protect medical image from tampering. Medical images are divided into region of interest (ROI) and region of non-interest (RONI). ROI is an area that has a significant impact on diagnosis, whereas RONI has less or no significance in diagnosis. This paper has proposed ROI-based tamper detection and recovery watermarking scheme (ROI-DR) that embeds ROI bit information into RONI least significant bits, which will be extracted later for authentication and recovery process. The experiment result has shown that the ROI-DR has achieved a good result in imperceptibility with peak signal-to-noise ratio (PSNR) values approximately 48 dB, it is robust against various kinds of tampering, and the tampered ROI was able to recover to its original form. Lastly, a comparative table with the previous research (TALLOR and TALLOR-RS watermarking schemes) has been derived, where these three watermarking schemes were tested under the same testing conditions and environment. The experiment result has shown that ROI-DR has achieved speed-up factors of 22.55 and 26.65 in relative to TALLOR and TALLOR-RS watermarking schemes, respectively.

  15. Enhancing Community Detection By Affinity-based Edge Weighting Scheme

    SciTech Connect

    Yoo, Andy; Sanders, Geoffrey; Henson, Van; Vassilevski, Panayot

    2015-10-05

    Community detection refers to an important graph analytics problem of finding a set of densely-connected subgraphs in a graph and has gained a great deal of interest recently. The performance of current community detection algorithms is limited by an inherent constraint of unweighted graphs that offer very little information on their internal community structures. In this paper, we propose a new scheme to address this issue that weights the edges in a given graph based on recently proposed vertex affinity. The vertex affinity quantifies the proximity between two vertices in terms of their clustering strength, and therefore, it is ideal for graph analytics applications such as community detection. We also demonstrate that the affinity-based edge weighting scheme can improve the performance of community detection algorithms significantly.

  16. Kinetic energy decomposition scheme based on information theory.

    PubMed

    Imamura, Yutaka; Suzuki, Jun; Nakai, Hiromi

    2013-12-15

    We proposed a novel kinetic energy decomposition analysis based on information theory. Since the Hirshfeld partitioning for electron densities can be formulated in terms of Kullback-Leibler information deficiency in information theory, a similar partitioning for kinetic energy densities was newly proposed. The numerical assessments confirm that the current kinetic energy decomposition scheme provides reasonable chemical pictures for ionic and covalent molecules, and can also estimate atomic energies using a correction with viral ratios. Copyright © 2013 Wiley Periodicals, Inc.

  17. A public key encryption scheme based on idempotent semirings

    NASA Astrophysics Data System (ADS)

    Durcheva, Mariana; Rachev, Martin

    2015-11-01

    The problem of solving two sided linear equations in the idempotent semirings R¯m a x and R¯m i n has been proved to be reducible to the problem mean payoff game which is of the NP∩ coNP type. In the present paper, we use the mentioned security results and construct a new public key encryption scheme based on the hardness of the problem of solving two sided linear equations in the idempotent semirings.

  18. Localized lossless authentication watermark (LAW)

    NASA Astrophysics Data System (ADS)

    Celik, Mehmet U.; Sharma, Gaurav; Tekalp, A. Murat; Saber, Eli S.

    2003-06-01

    A novel framework is proposed for lossless authentication watermarking of images which allows authentication and recovery of original images without any distortions. This overcomes a significant limitation of traditional authentication watermarks that irreversibly alter image data in the process of watermarking and authenticate the watermarked image rather than the original. In particular, authenticity is verified before full reconstruction of the original image, whose integrity is inferred from the reversibility of the watermarking procedure. This reduces computational requirements in situations when either the verification step fails or the zero-distortion reconstruction is not required. A particular instantiation of the framework is implemented using a hierarchical authentication scheme and the lossless generalized-LSB data embedding mechanism. The resulting algorithm, called localized lossless authentication watermark (LAW), can localize tampered regions of the image; has a low embedding distortion, which can be removed entirely if necessary; and supports public/private key authentication and recovery options. The effectiveness of the framework and the instantiation is demonstrated through examples.

  19. A Provably Secure Revocable ID-Based Authenticated Group Key Exchange Protocol with Identifying Malicious Participants

    PubMed Central

    Tsai, Tung-Tso

    2014-01-01

    The existence of malicious participants is a major threat for authenticated group key exchange (AGKE) protocols. Typically, there are two detecting ways (passive and active) to resist malicious participants in AGKE protocols. In 2012, the revocable identity- (ID-) based public key system (R-IDPKS) was proposed to solve the revocation problem in the ID-based public key system (IDPKS). Afterwards, based on the R-IDPKS, Wu et al. proposed a revocable ID-based AGKE (RID-AGKE) protocol, which adopted a passive detecting way to resist malicious participants. However, it needs three rounds and cannot identify malicious participants. In this paper, we fuse a noninteractive confirmed computation technique to propose the first two-round RID-AGKE protocol with identifying malicious participants, which is an active detecting way. We demonstrate that our protocol is a provably secure AGKE protocol with forward secrecy and can identify malicious participants. When compared with the recently proposed ID/RID-AGKE protocols, our protocol possesses better performance and more robust security properties. PMID:24991641

  20. Information processing schemes based on monolayer protected metallic nanoclusters.

    PubMed

    Cervera, Javier; Mafé, Salvador

    2011-09-01

    Nanostructures are potentially useful as building blocks to complement future electronics because of their high versatility and packing densities. The fabrication and characterization of particular nanostructures and the use of new theoretical tools to describe their properties are receiving much attention. However, the integration of these individual systems into general schemes that could perform simple tasks is also necessary because modern electronics operation relies on the concerted action of many basic units. We review here new conceptual schemes that can allow information processing with ligand or monolayer protected metallic nanoclusters (MPCs) on the basis of the experimentally demonstrated and theoretically described electrical characteristics of these nanostructures. In particular, we make use of the tunnelling current through a metallic nanocluster attached to the electrodes by ligands. The nanostructure is described as a single electron transistor (SET) that can be gated by an external potential. This fact permits exploiting information processing schemes in approximately defined arrays of MPCs. These schemes include: (i) binary, multivalued, and reversible logic gates; (ii) an associative memory and a synchronization circuit; and (iii) two signal processing nanodevices based on parallel arrays of MPCs and nanoswitches. In each case, the practical operation of the nanodevice is based on the SET properties of MPCs reported experimentally. We examine also some of the practical problems that should be addressed in future experimental realizations: the stochastic nature of the electron tunnelling, the relatively low operation temperatures, and the limited reliability caused by the weak signals involved and the nanostructure variability. The perspectives to solve these problems are based on the potentially high degree of scalability of the nanostructures.

  1. Geospatial Authentication

    NASA Technical Reports Server (NTRS)

    Lyle, Stacey D.

    2009-01-01

    A software package that has been designed to allow authentication for determining if the rover(s) is/are within a set of boundaries or a specific area to access critical geospatial information by using GPS signal structures as a means to authenticate mobile devices into a network wirelessly and in real-time. The advantage lies in that the system only allows those with designated geospatial boundaries or areas into the server.

  2. Design of Anonymous Attribute Authentication Mechanism

    NASA Astrophysics Data System (ADS)

    Kiyomoto, Shinsaku; Fukushima, Kazuhide; Tanaka, Toshiaki

    Privacy remains an issue for IT services. Users are concerned that their history of service use may be traceable since each user is assigned a single identifier as a means of authentication.
    In this paper, we propose a perfectly anonymous attribute authentication scheme that is both unidentifiable and untraceable. Then, we present the evaluation results of a prototype system using a PC and mobile phone with the scheme. The proposed scheme employs a self-blindable certificate that a user can change randomly; thus the certificate is modified for each authentication, and the authentication scheme is unidentifiable and untraceable. Furthermore, our scheme can revoke self-blindable certificates without leaks of confidential private information and check the revocation status without online access.

  3. Template characterization and correlation algorithm created from segmentation for the iris biometric authentication based on analysis of textures implemented on a FPGA

    NASA Astrophysics Data System (ADS)

    Giacometto, F. J.; Vilardy, J. M.; Torres, C. O.; Mattos, L.

    2011-01-01

    Among the most used biometric signals to set personal security permissions, taker increasingly importance biometric iris recognition based on their textures and images of blood vessels due to the rich in these two unique characteristics that are unique to each individual. This paper presents an implementation of an algorithm characterization and correlation of templates created for biometric authentication based on iris texture analysis programmed on a FPGA (Field Programmable Gate Array), authentication is based on processes like characterization methods based on frequency analysis of the sample, and frequency correlation to obtain the expected results of authentication.

  4. Energy Efficient Cluster Based Scheduling Scheme for Wireless Sensor Networks.

    PubMed

    Janani, E Srie Vidhya; Kumar, P Ganesh

    2015-01-01

    The energy utilization of sensor nodes in large scale wireless sensor network points out the crucial need for scalable and energy efficient clustering protocols. Since sensor nodes usually operate on batteries, the maximum utility of network is greatly dependent on ideal usage of energy leftover in these sensor nodes. In this paper, we propose an Energy Efficient Cluster Based Scheduling Scheme for wireless sensor networks that balances the sensor network lifetime and energy efficiency. In the first phase of our proposed scheme, cluster topology is discovered and cluster head is chosen based on remaining energy level. The cluster head monitors the network energy threshold value to identify the energy drain rate of all its cluster members. In the second phase, scheduling algorithm is presented to allocate time slots to cluster member data packets. Here congestion occurrence is totally avoided. In the third phase, energy consumption model is proposed to maintain maximum residual energy level across the network. Moreover, we also propose a new packet format which is given to all cluster member nodes. The simulation results prove that the proposed scheme greatly contributes to maximum network lifetime, high energy, reduced overhead, and maximum delivery ratio.

  5. Adverse drug reactions: a hospital pharmacy-based reporting scheme.

    PubMed Central

    Winstanley, P A; Irvin, L E; Smith, J C; Orme, M L; Breckenridge, A M

    1989-01-01

    A pharmacy-based adverse drug reaction (ADR) reporting scheme, using pharmacists, nurses and medical practitioners as initiators of reports, was set up at the end of 1984 in the Royal Liverpool Hospital in order to encourage reporting. New reports were inspected at weekly intervals by a staff pharmacist, and a clinical pharmacologist. Reports were forwarded to the Committee on Safety of Medicines if the reaction was considered to be serious by the clinicians, or the ADR team or involved 'black triangle' drugs. The total number of ADR reports was increased eightfold by the introduction of the scheme (from 14 in 1984 to 76, 102 and 94 in 1985, 1986 and 1987 respectively), and this rate of reporting has been sustained. PMID:2775609

  6. Prediction-based association control scheme in dense femtocell networks

    PubMed Central

    Pham, Ngoc-Thai; Huynh, Thong; Hwang, Won-Joo; You, Ilsun; Choo, Kim-Kwang Raymond

    2017-01-01

    The deployment of large number of femtocell base stations allows us to extend the coverage and efficiently utilize resources in a low cost manner. However, the small cell size of femtocell networks can result in frequent handovers to the mobile user, and consequently throughput degradation. Thus, in this paper, we propose predictive association control schemes to improve the system’s effective throughput. Our design focuses on reducing handover frequency without impacting on throughput. The proposed schemes determine handover decisions that contribute most to the network throughput and are proper for distributed implementations. The simulation results show significant gains compared with existing methods in terms of handover frequency and network throughput perspective. PMID:28328992

  7. A new chaotic communication scheme based on adaptive synchronization.

    PubMed

    Xiang-Jun, Wu

    2006-12-01

    A new chaotic communication scheme using adaptive synchronization technique of two unified chaotic systems is proposed. Different from the existing secure communication methods, the transmitted signal is modulated into the parameter of chaotic systems. The adaptive synchronization technique is used to synchronize two identical chaotic systems embedded in the transmitter and the receiver. It is assumed that the parameter of the receiver system is unknown. Based on the Lyapunov stability theory, an adaptive control law is derived to make the states of two identical unified chaotic systems with unknown system parameters asymptotically synchronized; thus the parameter of the receiver system is identified. Then the recovery of the original information signal in the receiver is successfully achieved on the basis of the estimated parameter. It is noticed that the time required for recovering the information signal and the accuracy of the recovered signal very sensitively depends on the frequency of the information signal. Numerical results have verified the effectiveness of the proposed scheme.

  8. Quantitative bioluminometric method for DNA-based species/varietal identification in food authenticity assessment.

    PubMed

    Trantakis, Ioannis A; Christopoulos, Theodore K; Spaniolas, Stelios; Kalaitzis, Panagiotis; Ioannou, Penelope C; Tucker, Gregory A

    2012-02-01

    A method is reported for species quantification by exploiting single-nucleotide polymorphisms (SNPs). These single-base changes in DNA are particularly useful because they enable discrimination of closely related species and/or varieties. As a model, quantitative authentication studies were performed on coffee. These involved the determination of the percentage of Arabica and Robusta species based on a SNP in the chloroplastic trnL(UAA)-trnF(GAA) intraspacer region. Following polymerase chain reaction (PCR), the Robusta-specific and Arabica-specific fragments were subjected to 15 min extension reactions by DNA polymerase using species-specific primers carrying oligo(dA) tags. Biotin was incorporated into the extended strands. The products were captured in streptavidin-coated microtiter wells and quantified by using oligo(dT)-conjugated photoprotein aequorin. Aequorin was measured within 3 s via its characteristic flash-type bioluminescent reaction that was triggered by the addition of Ca(2+). Because of the close resemblance between the two DNA fragments, during PCR one species serves as an internal standard for the other. The percentage of the total luminescence signal obtained from a certain species was linearly related to the percent content of the sample with respect to this species. The method is accurate and reproducible. The microtiter well-based assay configuration allows high sample throughput and facilitates greatly the automation.

  9. Capturing Cognitive Processing Time for Active Authentication

    DTIC Science & Technology

    2014-02-01

    biometrics, extracted from keystroke dynamics , as “something a user is” for active authentication. This scheme performs continual verification in the...fingerprint for continuous authentication. Its effectiveness has been verified through a large-scale dataset. 2.0 INTRODUCTION Keystroke dynamics —the...measure the similarity. A recent survey on biometric authentication using keystroke dynamics classified research papers on the basis of their

  10. A region-based lossless watermarking scheme for enhancing security of medical data.

    PubMed

    Guo, Xiaotao; Zhuang, Tian-Ge

    2009-03-01

    This paper presents a lossless watermarking scheme in the sense that the original image can be exactly recovered from the watermarked one, with the purpose of verifying the integrity and authenticity of medical images. In addition, the scheme has the capability of not introducing any embedding-induced distortion in the region of interest (ROI) of a medical image. Difference expansion of adjacent pixel values is employed to embed several bits. A region of embedding, which is represented by a polygon, is chosen intentionally to prevent introducing embedding distortion in the ROI. Only the vertex information of a polygon is transmitted to the decoder for reconstructing the embedding region, which improves the embedding capacity considerably. The digital signature of the whole image is embedded for verifying the integrity of the image. An identifier presented in electronic patient record (EPR) is embedded for verifying the authenticity by simultaneously processing the watermarked image and the EPR. Combining with fingerprint system, patient's fingerprint information is embedded into several image slices and then extracted for verifying the authenticity.

  11. RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

    PubMed Central

    Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

    2011-01-01

    In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

  12. Signature-based authentication system using watermarking in the ridgelet and Radon-DCT domain

    NASA Astrophysics Data System (ADS)

    Maiorana, Emanuele; Campisi, Patrizio; Neri, Alessandro

    2007-10-01

    In this paper we propose a signature-based biometric system, where watermarking is applied to signature images in order to hide and keep secret some signature features in a static representation of the signature itself. Being a behavioral biometric, signatures are intrinsically different from other commonly used biometric data, possessing dynamic properties which can not be extracted from a single signature image. The marked images can be used for user authentication, letting their static characteristics being analyzed by automatic algorithms or security attendants. When a higher security is needed, the embedded features can be extracted and used, thus realizing a multi-level decision procedure. The proposed watermarking techniques are tailored to images with sharpened edges, just like a signature picture. In order to obtain a robust method, able to hide relevant data while keeping intact the original structure of the host, the mark is embedded as close as possible to the lines that constitute the signature, using the properties of the Radon transform. An extensive set of experimental results, obtained varying the system's parameters and concerning both the mark extraction and the verification performances, show the effectiveness of our approach.

  13. Intersubject Differences in False Nonmatch Rates for a Fingerprint-Based Authentication System

    NASA Astrophysics Data System (ADS)

    Breebaart, Jeroen; Akkermans, Ton; Kelkboom, Emile

    2009-12-01

    The intersubject dependencies of false nonmatch rates were investigated for a minutiae-based biometric authentication process using single enrollment and verification measurements. A large number of genuine comparison scores were subjected to statistical inference tests that indicated that the number of false nonmatches depends on the subject and finger under test. This result was also observed if subjects associated with failures to enroll were excluded from the test set. The majority of the population (about 90%) showed a false nonmatch rate that was considerably smaller than the average false nonmatch rate of the complete population. The remaining 10% could be characterized as "goats due to their relatively high probability for a false nonmatch. The image quality reported by the template extraction module only weakly correlated with the genuine comparison scores. When multiple verification attempts were investigated, only a limited benefit was observed for "goats, since the conditional probability for a false nonmatch given earlier nonsuccessful attempts increased with the number of attempts. These observations suggest that (1) there is a need for improved identification of "goats during enrollment (e.g., using dedicated signal-driven analysis and classification methods and/or the use of multiple enrollment images) and (2) there should be alternative means for identity verification in the biometric system under test in case of two subsequent false nonmatches.

  14. Secure voice-based authentication for mobile devices: vaulted voice verification

    NASA Astrophysics Data System (ADS)

    Johnson, R. C.; Scheirer, Walter J.; Boult, Terrance E.

    2013-05-01

    As the use of biometrics becomes more wide-spread, the privacy concerns that stem from the use of biometrics are becoming more apparent. As the usage of mobile devices grows, so does the desire to implement biometric identification into such devices. A large majority of mobile devices being used are mobile phones. While work is being done to implement different types of biometrics into mobile phones, such as photo based biometrics, voice is a more natural choice. The idea of voice as a biometric identifier has been around a long time. One of the major concerns with using voice as an identifier is the instability of voice. We have developed a protocol that addresses those instabilities and preserves privacy. This paper describes a novel protocol that allows a user to authenticate using voice on a mobile/remote device without compromising their privacy. We first discuss the Vaulted Verification protocol, which has recently been introduced in research literature, and then describe its limitations. We then introduce a novel adaptation and extension of the Vaulted Verification protocol to voice, dubbed Vaulted Voice Verification (V3). Following that we show a performance evaluation and then conclude with a discussion of security and future work.

  15. Security enhancement mechanism based on contextual authentication and role analysis for 2G-RFID systems.

    PubMed

    Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

    2011-01-01

    The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system.

  16. Security Enhancement Mechanism Based on Contextual Authentication and Role Analysis for 2G-RFID Systems

    PubMed Central

    Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

    2011-01-01

    The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system. PMID:22163983

  17. From Pharmacognosia to DNA-Based Medicinal Plant Authentication - Pharmacognosy through the Centuries.

    PubMed

    Heinrich, Michael; Anagnostou, Sabine

    2017-10-01

    For centuries, pharmacognosy was essential for the identification, quality, purity, and, until the end of the 18th century, even for the efficacy of medicinal plants. Since the 19th century, it concentrated on authenticity, purity, quality and the analysis of active substances, and was established as an academic branch discipline within pharmacy and continuously developed into a modern, highly sophisticated science. Even though the paradigm in pharmacy changed in the 19th century with the discovery of morphine and concentrated on single substances that could be synthesized fast by the upcoming industry, medicinal plants always remained an important element of the Materia medica, and during the last decades, medicinal plants continue to be a source of remedies, and natural products are an inspiration for new medicine. In this research, pharmacognostic skills remain an essential element, both with regards to identity, quality assurance of botanicals (both herbal medicines and supplements), and the discovery and development of new medicines. Over the years, the specific pharmacognostical tools have changed dramatically, and most recently, DNA-based techniques have become another element of our spectrum of scientific methods. Georg Thieme Verlag KG Stuttgart · New York.

  18. A proposed classification scheme for Ada-based software products

    NASA Technical Reports Server (NTRS)

    Cernosek, Gary J.

    1986-01-01

    As the requirements for producing software in the Ada language become a reality for projects such as the Space Station, a great amount of Ada-based program code will begin to emerge. Recognizing the potential for varying levels of quality to result in Ada programs, what is needed is a classification scheme that describes the quality of a software product whose source code exists in Ada form. A 5-level classification scheme is proposed that attempts to decompose this potentially broad spectrum of quality which Ada programs may possess. The number of classes and their corresponding names are not as important as the mere fact that there needs to be some set of criteria from which to evaluate programs existing in Ada. An exact criteria for each class is not presented, nor are any detailed suggestions of how to effectively implement this quality assessment. The idea of Ada-based software classification is introduced and a set of requirements from which to base further research and development is suggested.

  19. Authentic leadership.

    PubMed

    Kerfoot, Karlene

    2006-12-01

    There is leadership, and then there is authentic leadership. If you are not willing to engage from your heart, to passionately work to create a greater quality of work life for front-line staff every day, and to push yourself to the ultimate limit to make that happen, you might be a leader, but you will not be perceived as an authentic leader. Authentic leaders love, challenge people to do what they didn't believe was possible, and generate the energy to make the impossible possible by their passion for their people, their patients, and for doing the right thing. Thankfully, there are leaders who are willing to live on the edge, model their love, and inspire people to change the world. Will you be one of them?

  20. Authentic leadership.

    PubMed

    Kerfoot, Karlene

    2006-10-01

    There is leadership, and then there is authentic leadership. If you are not willing to engage from your heart, to passionately work to create a greater quality of work life for front-line staff every day, and to push yourself to the ultimate limit to make that happen, you might be a leader, but you will not be perceived as an authentic leader. Authentic leaders love, challenge people to do what they didn't believe was possible, and generate the energy to make the impossible possible by their passion for their people, their patients, and for doing the right thing. Thankfully, there are leaders who are willing to live on the edge, model their love, and inspire people to change the world. Will you be one of them?

  1. Authenticating cache.

    SciTech Connect

    Smith, Tyler Barratt; Urrea, Jorge Mario

    2012-06-01

    The aim of the Authenticating Cache architecture is to ensure that machine instructions in a Read Only Memory (ROM) are legitimate from the time the ROM image is signed (immediately after compilation) to the time they are placed in the cache for the processor to consume. The proposed architecture allows the detection of ROM image modifications during distribution or when it is loaded into memory. It also ensures that modified instructions will not execute in the processor-as the cache will not be loaded with a page that fails an integrity check. The authenticity of the instruction stream can also be verified in this architecture. The combination of integrity and authenticity assurance greatly improves the security profile of a system.

  2. Access and accounting schemes of wireless broadband

    NASA Astrophysics Data System (ADS)

    Zhang, Jian; Huang, Benxiong; Wang, Yan; Yu, Xing

    2004-04-01

    In this paper, two wireless broadband access and accounting schemes were introduced. There are some differences in the client and the access router module between them. In one scheme, Secure Shell (SSH) protocol is used in the access system. The SSH server makes the authentication based on private key cryptography. The advantage of this scheme is the security of the user's information, and we have sophisticated access control. In the other scheme, Secure Sockets Layer (SSL) protocol is used the access system. It uses the technology of public privacy key. Nowadays, web browser generally combines HTTP and SSL protocol and we use the SSL protocol to implement the encryption of the data between the clients and the access route. The schemes are same in the radius sever part. Remote Authentication Dial in User Service (RADIUS), as a security protocol in the form of Client/Sever, is becoming an authentication/accounting protocol for standard access to the Internet. It will be explained in a flow chart. In our scheme, the access router serves as the client to the radius server.

  3. Undergraduate Biology Lab Courses: Comparing the Impact of Traditionally Based "Cookbook" and Authentic Research-Based Courses on Student Lab Experiences

    ERIC Educational Resources Information Center

    Brownell, Sara E.; Kloser, Matthew J.; Fukami, Tadishi; Shavelson, Rich

    2012-01-01

    Over the past decade, several reports have recommended a shift in undergraduate biology laboratory courses from traditionally structured, often described as "cookbook," to authentic research-based experiences. This study compares a cookbook-type laboratory course to a research-based undergraduate biology laboratory course at a Research 1…

  4. Strengthening Authentication

    ERIC Educational Resources Information Center

    Gale, Doug

    2007-01-01

    The basics of authentication are straightforward. One can prove his or her identity in three ways: (1) something one "has" (for example, a key or a birth certificate); (2) something one "knows" (such as a password); or (3) something one "is" (such as one's fingerprints, used in biometric technologies). In the world of computers and networks, the…

  5. Strengthening Authentication

    ERIC Educational Resources Information Center

    Gale, Doug

    2007-01-01

    The basics of authentication are straightforward. One can prove his or her identity in three ways: (1) something one "has" (for example, a key or a birth certificate); (2) something one "knows" (such as a password); or (3) something one "is" (such as one's fingerprints, used in biometric technologies). In the world of computers and networks, the…

  6. A group signature scheme based on quantum teleportation

    NASA Astrophysics Data System (ADS)

    Wen, Xiaojun; Tian, Yuan; Ji, Liping; Niu, Xiamu

    2010-05-01

    In this paper, we present a group signature scheme using quantum teleportation. Different from classical group signature and current quantum signature schemes, which could only deliver either group signature or unconditional security, our scheme guarantees both by adopting quantum key preparation, quantum encryption algorithm and quantum teleportation. Security analysis proved that our scheme has the characteristics of group signature, non-counterfeit, non-disavowal, blindness and traceability. Our quantum group signature scheme has a foreseeable application in the e-payment system, e-government, e-business, etc.

  7. How to Speak an Authentication Secret Securely from an Eavesdropper

    NASA Astrophysics Data System (ADS)

    O'Gorman, Lawrence; Brotman, Lynne; Sammon, Michael

    When authenticating over the telephone or mobile headphone, the user cannot always assure that no eavesdropper hears the password or authentication secret. We describe an eavesdropper-resistant, challenge-response authentication scheme for spoken authentication where an attacker can hear the user’s voiced responses. This scheme entails the user to memorize a small number of plaintext-ciphertext pairs. At authentication, these are challenged in random order and interspersed with camouflage elements. It is shown that the response can be made to appear random so that no information on the memorized secret can be learned by eavesdroppers. We describe the method along with parameter value tradeoffs of security strength, authentication time, and memory effort. This scheme was designed for user authentication of wireless headsets used for hands-free communication by healthcare staff at a hospital.

  8. Deep Brain Stimulation, Authenticity and Value.

    PubMed

    Pugh, Jonathan; Maslen, Hannah; Savulescu, Julian

    2017-10-01

    Deep brain stimulation has been of considerable interest to bioethicists, in large part because of the effects that the intervention can occasionally have on central features of the recipient's personality. These effects raise questions regarding the philosophical concept of authenticity. In this article, we expand on our earlier work on the concept of authenticity in the context of deep brain stimulation by developing a diachronic, value-based account of authenticity. Our account draws on both existentialist and essentialist approaches to authenticity, and Laura Waddell Ekstrom's coherentist approach to personal autonomy. In developing our account, we respond to Sven Nyholm and Elizabeth O'Neill's synchronic approach to authenticity, and explain how the diachronic approach we defend can have practical utility, contrary to Alexandre Erler and Tony Hope's criticism of autonomy-based approaches to authenticity. Having drawn a distinction between the authenticity of an individual's traits and the authenticity of that person's values, we consider how our conception of authenticity applies to the context of anorexia nervosa in comparison to other prominent accounts of authenticity. We conclude with some reflections on the prudential value of authenticity, and by highlighting how the language of authenticity can be invoked to justify covert forms of paternalism that run contrary to the value of individuality that seems to be at the heart of authenticity.

  9. Text-Based Recall and Extra-Textual Generations Resulting from Simplified and Authentic Texts

    ERIC Educational Resources Information Center

    Crossley, Scott A.; McNamara, Danielle S.

    2016-01-01

    This study uses a moving windows self-paced reading task to assess text comprehension of beginning and intermediate-level simplified texts and authentic texts by L2 learners engaged in a text-retelling task. Linear mixed effects (LME) models revealed statistically significant main effects for reading proficiency and text level on the number of…

  10. Vocabulary Recycling in Children's Authentic Reading Materials: A Corpus-Based Investigation of Narrow Reading

    ERIC Educational Resources Information Center

    Gardner, Dee

    2008-01-01

    Fourteen collections of children's reading materials were used to investigate the claim that collections of authentic texts with a common theme, or written by one author, afford readers with more repeated exposures to new words than unrelated materials. The collections, distinguished by relative thematic tightness, authorship (1 vs. 4 authors),…

  11. Authentic Education by Providing a Situation for Student-Selected Problem-Based Learning

    ERIC Educational Resources Information Center

    Strimel, Greg

    2014-01-01

    Students are seldom given an authentic experience within school that allows them the opportunity to solve real-life complex engineering design problems that have meaning to their lives and/ or the greater society. They are often confined to learning environments that are limited by the restrictions set by course content for assessment purposes and…

  12. Appreciation of Authenticity Promotes Curiosity: Implications for Object-Based Learning in Museums

    ERIC Educational Resources Information Center

    Bunce, Louise

    2016-01-01

    Museum professionals suppose that interacting with authentic objects promotes curiosity and engagement, but this has not been tested. In this research, children and adults visiting the Oxford University Museum of Natural History were shown a taxidermied rabbit or rabbit skeleton. They were asked "Is it real?," "Why?" and were…

  13. Authentic Arts-Based Learning in Teacher Education: A Musical Theatre Experience

    ERIC Educational Resources Information Center

    Ogden, Holly; DeLuca, Christopher; Searle, Michelle

    2010-01-01

    There is increasing concern over disengagement of teacher candidates during on-campus periods of pre-service programs due to the perceived disconnect between educational theory and practice. In response, teacher education has been called to engage candidates in praxis through authentic learning. In this paper, we bring together the fields of…

  14. Authentic Arts-Based Learning in Teacher Education: A Musical Theatre Experience

    ERIC Educational Resources Information Center

    Ogden, Holly; DeLuca, Christopher; Searle, Michelle

    2010-01-01

    There is increasing concern over disengagement of teacher candidates during on-campus periods of pre-service programs due to the perceived disconnect between educational theory and practice. In response, teacher education has been called to engage candidates in praxis through authentic learning. In this paper, we bring together the fields of…

  15. Appreciation of Authenticity Promotes Curiosity: Implications for Object-Based Learning in Museums

    ERIC Educational Resources Information Center

    Bunce, Louise

    2016-01-01

    Museum professionals suppose that interacting with authentic objects promotes curiosity and engagement, but this has not been tested. In this research, children and adults visiting the Oxford University Museum of Natural History were shown a taxidermied rabbit or rabbit skeleton. They were asked "Is it real?," "Why?" and were…

  16. Authentic Game-Based Learning and Teachers' Dilemmas in Reconstructing Professional Practice

    ERIC Educational Resources Information Center

    Chee, Yam San; Mehrotra, Swati; Ong, Jing Chuan

    2015-01-01

    Teachers who attempt pedagogical innovation with authentic digital games face significant challenges because such games instantiate open systems of learner activity, inviting enquiry learning rather than knowledge acquisition. However, school environments are normatively sanctioned cultural spaces where direct instruction and high-stakes tests are…

  17. Improving a Field School Curriculum Using Modularized Lessons and Authentic Case-Based Learning

    ERIC Educational Resources Information Center

    Rea, Roy V.; Hodder, Dexter P.

    2007-01-01

    University course evaluations are replete with student comments expressing frustration with taking time out of work, paying money for, and putting energy into field education projects that lack authentic "real-world" problem-solving objectives. Here, we describe a model for field school education that borrows on pedagogical tools such as…

  18. Improving a Field School Curriculum Using Modularized Lessons and Authentic Case-Based Learning

    ERIC Educational Resources Information Center

    Rea, Roy V.; Hodder, Dexter P.

    2007-01-01

    University course evaluations are replete with student comments expressing frustration with taking time out of work, paying money for, and putting energy into field education projects that lack authentic "real-world" problem-solving objectives. Here, we describe a model for field school education that borrows on pedagogical tools such as…

  19. Authentic Game-Based Learning and Teachers' Dilemmas in Reconstructing Professional Practice

    ERIC Educational Resources Information Center

    Chee, Yam San; Mehrotra, Swati; Ong, Jing Chuan

    2015-01-01

    Teachers who attempt pedagogical innovation with authentic digital games face significant challenges because such games instantiate open systems of learner activity, inviting enquiry learning rather than knowledge acquisition. However, school environments are normatively sanctioned cultural spaces where direct instruction and high-stakes tests are…

  20. Authentic Education by Providing a Situation for Student-Selected Problem-Based Learning

    ERIC Educational Resources Information Center

    Strimel, Greg

    2014-01-01

    Students are seldom given an authentic experience within school that allows them the opportunity to solve real-life complex engineering design problems that have meaning to their lives and/ or the greater society. They are often confined to learning environments that are limited by the restrictions set by course content for assessment purposes and…

  1. Kerberos authentication: The security answer for unsecured networks

    SciTech Connect

    Engert, D.E.

    1995-06-01

    Traditional authentication schemes do not properly address the problems encountered with today`s unsecured networks. Kerbmm developed by MIT, on the other hand is designed to operate in an open unsecured network, yet provide good authentication and security including encrypted session traffic. Basic Kerberos principles as well as experiences of the ESnet Authentication Pilot Project with Cross Realm. Authentication between four National Laboratories will also be described.

  2. Enhanced visual secret sharing for graphical password authentication

    NASA Astrophysics Data System (ADS)

    Rajendra, A. B.; Sheshadri, H. S.

    2013-03-01

    Password is a very common and widely used authentication method to provide security to valuable data. It is desirable to make password more memorable and easier for people to use. Traditionally passwords are alphanumeric, numbers & symbols. Some problems of normal password appear like stolen the password, forgetting the password, week password. Study shows that text-based passwords suffer with both security and authentication problems. To overcome these problems, Graphical passwords have been developed. Visual secret sharing (VSS) scheme is a secret sharing scheme in which an image is converted into shares. No information can be revealed by observing any share (Dotted image). The information about the original image will be revealed only after stacking sufficient number of shares (Dotted images). In this paper, we have used XNOR operation instead of OR operation and contrast of the decrypted image is clearer than existing Enhanced Visual Secret Sharing (EVSS) scheme. Also, we are presenting new approach to authenticate graphical password image using 2-out-of-2 EVSS scheme. Which can be used to protect machines with additional security.

  3. Authentication Binding between SSL/TLS and HTTP

    NASA Astrophysics Data System (ADS)

    Saito, Takamichi; Sekiguchi, Kiyomi; Hatsugai, Ryosuke

    While the Secure Socket Layer or Transport Layer Security (SSL/TLS) is assumed to provide secure communications over the Internet, many web applications utilize basic or digest authentication of Hyper Text Transport Protocol (HTTP) over SSL/TLS. Namely, in the scheme, there are two different authentication schemes in a session. Since they are separated by a layer, these are not convenient for a web application. Moreover, the scheme may also cause problems in establishing secure communication. Then we provide a scheme of authentication binding between SSL/TLS and HTTP without modifying SSL/TLS protocols and its implementation, and we show the effectiveness of our proposed scheme.

  4. On Authentication Method Impact upon Data Sampling Delay in Wireless Sensor Networks

    NASA Astrophysics Data System (ADS)

    Szalachowski, Pawel; Ksiezopolski, Bogdan; Kotulski, Zbigniew

    Traffic in Wireless Sensor Network (WSN) consists of short packets sent by nodes that are usually identical in respect of software applied and their hardware architecture. In such a communication environment it is important to guarantee authentication of the nodes. The most popular way to achieve this basic security service is using Message Authentication Code (MAC). The sensor node's harbware is very limited so the cryptography used must be very efficient. In the article we focus on the influence of the authentication method's performance on delays in data sampling by the sensor nodes. We present efficiency results for MACs generation in the node. We compare the results for approved, standardized and commonly-used schemes: CMAC, GMAC and HMAC based on MD5 and SHA-1. Additionally, we compare the obtained results with the performance of PKC-based authentication method using the ECDSA.

  5. Security analysis and enhanced user authentication in proxy mobile IPv6 networks

    PubMed Central

    Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick

    2017-01-01

    The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN’s identity, password and session key. In this paper, we analyze Alizadeh et al.’s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key. PMID:28719621

  6. An Arbitrated Quantum Signature Scheme Based on Hyperchaotic Quantum Cryptosystem

    NASA Astrophysics Data System (ADS)

    Guo, Ying; Sun, Xin; Zhang, Wei

    2013-07-01

    A chaos-based arbitrated quantum signature (AQS) scheme is designed on the basis of an improved quantum chaotic encryption algorithm whose security is ensured due to the implementation of the quantum one-time pad that embraces the key-dependent chaotic operation string. It involves in a small-scale quantum computation network with three participants in three phases, i.e. initializing phase, signing phase and verifying phase. The signatory signs the encrypted message and then the receiver verifies the signature is valid with the aid of an arbitrator who plays a crucial role when a dispute arises. Analysis shows that the signature can neither be forged nor disavowed by the malicious attackers.

  7. Genetic comparison of breeding schemes based on semen importation and local breeding schemes: framework and application to Costa Rica.

    PubMed

    Vargas, B; van Arendonk, J A M

    2004-05-01

    Local breeding schemes for Holstein cattle of Costa Rica were compared with the current practice based on continuous semen importation (SI) by deterministic simulation. Comparison was made on the basis of genetic response and correlation between breeding goals. A local breeding goal was defined on the basis of prevailing production circumstances and compared against a typical breeding goal for an exporting country. Differences in genetic response were <3%, and the correlation between breeding goals was 0.99. Therefore, difference between breeding objectives proved negligible. For the evaluation of genetic response, the current scheme based on SI was evaluated against a progeny testing (PT) scheme and a closed nucleus (CN) breeding scheme, both local. Selection intensities and accuracy of selection were defined according to current population size and reproduction efficiency parameters. When genotype x environment interaction (G x E) was ignored, SI was the strategy with the highest genetic response: 5.0% above the CN breeding scheme and 33.2% above PT. A correlation between breeding values in both countries lower than one was assumed to assess the effect of G x E. This resulted in permanent effects on the relative efficiencies of breeding strategies because of the reduction in the rate of genetic response when SI was used. When the genetic correlation was assumed equal to 0.75, the genetic response achieved with SI was reduced at the same level as local PT. When an initial difference in average genetic merit of the populations was assumed, this only had a temporal effect on the relative ranking of strategies, which is reverted after some years of selection because the rate of change in genetic responses remains unchanged. Given that the actual levels of genetic correlation between countries may be around 0.60, it was concluded that a local breeding scheme based on a nucleus herd could provide better results than the current strategy based on SI.

  8. Differential Effects of Web-Based and Paper-Based Administration of Questionnaire Research Instruments in Authentic Contexts-of-Use

    ERIC Educational Resources Information Center

    Hardre, Patricia L.; Crowson, H. Michael; Xie, Kui

    2010-01-01

    Questionnaire instruments are routinely translated to digital administration systems; however, few studies have compared the differential effects of these administrative methods, and fewer yet in authentic contexts-of-use. In this study, 326 university students were randomly assigned to one of two administration conditions, paper-based (PBA) or…

  9. System and method for authentication

    DOEpatents

    Duerksen, Gary L.; Miller, Seth A.

    2015-12-29

    Described are methods and systems for determining authenticity. For example, the method may include providing an object of authentication, capturing characteristic data from the object of authentication, deriving authentication data from the characteristic data of the object of authentication, and comparing the authentication data with an electronic database comprising reference authentication data to provide an authenticity score for the object of authentication. The reference authentication data may correspond to one or more reference objects of authentication other than the object of authentication.

  10. Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

    SciTech Connect

    Chevassut, Olivier; Milner, Joseph; Pointcheval, David

    2008-04-21

    The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area.

  11. CURRICULUM MATTERS: Authentic science in schools? - an evidence-based rationale

    NASA Astrophysics Data System (ADS)

    Woolnough, Brian E.

    2000-07-01

    Students can, and should, do open-ended projects in their school science education. This article draws together findings from a series of research investigations into students' research projects in schools. It finds that they are effective in developing core skills in students, especially problem-solving, communication and interpersonal skills; that they improve the attitudes of students towards science and technology and the likelihood that they will enter careers in these areas; and that they allow students to experience and develop one important type of authentic science in schools. It suggests that we now have a rationale for the inclusion of student research projects into the science curriculum and evidence that school science will be enriched and revived by the introduction of such authentic science.

  12. A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System.

    PubMed

    Mohit, Prerna; Amin, Ruhul; Karati, Arijit; Biswas, G P; Khan, Muhammad Khurram

    2017-04-01

    Telecare Medical Information System (TMIS) supports a standard platform to the patient for getting necessary medical treatment from the doctor(s) via Internet communication. Security protection is important for medical records (data) of the patients because of very sensitive information. Besides, patient anonymity is another most important property, which must be protected. Most recently, Chiou et al. suggested an authentication protocol for TMIS by utilizing the concept of cloud environment. They claimed that their protocol is patient anonymous and well security protected. We reviewed their protocol and found that it is completely insecure against patient anonymity. Further, the same protocol is not protected against mobile device stolen attack. In order to improve security level and complexity, we design a light weight authentication protocol for the same environment. Our security analysis ensures resilience of all possible security attacks. The performance of our protocol is relatively standard in comparison with the related previous research.

  13. Food analysis and food authentication by peptide nucleic acid (PNA)-based technologies.

    PubMed

    Sforza, Stefano; Corradini, Roberto; Tedeschi, Tullia; Marchelli, Rosangela

    2011-01-01

    This tutorial review will address the issue of DNA determination in food by using Peptide Nucleic Acid (PNA) probes with different technological platforms, with a particular emphasis on the applications devoted to food authentication. After an introduction aimed at describing PNAs structure, binding properties and their use as genetic probes, the review will then focus specifically on the use of PNAs in the field of food analysis. In particular, the following issues will be considered: detection of genetically modified organisms (GMOs), of hidden allergens, of microbial pathogens and determination of ingredient authenticity. Finally, the future perspectives for the use of PNAs in food analysis will be briefly discussed according to the most recent developments.

  14. Color image authentication using a zone-corrected error-monitoring quantization-based watermarking technique

    NASA Astrophysics Data System (ADS)

    Al-Otum, Hazem Munawer

    2016-08-01

    This article presents a semifragile color image watermarking technique for content authentication. The proposed technique can be implemented with color images and embeds a watermarking sequence into the low-frequency coefficients of the approximation, horizontal, and vertical sub-bands of a modified two-leveled discrete wavelet transform. This is obtained by inserting a predefined value, collected from two of the three R, G, and B color layers, into the third color layer. This gives an ability to monitor modifications by observing the changes occurring in the color layer where the watermark is embedded. Here, two measures were developed to check the technique copyright and authentication performances. Experimental results have shown a high accuracy in detecting and localizing intentional attacks while exhibiting a high robustness against common image processing attacks.

  15. Multimedia authentication for copyright protection

    NASA Astrophysics Data System (ADS)

    Yin, Mingsheng

    2017-06-01

    Multimedia contents are easy to be copied and modified, so it is important to use authentication technology to ensure reliability and copyright security. Multimedia authentication technology is usually divided into digital signature and digital watermarking. In this paper, we introduce some basic image and video authentication technology, such as PCA algorithm and image signature method based on DCT coefficient, LSB -based digital image watermark, SVD-based digital image watermark, and video watermark. Through these digital content security technology, digital contents can be ensured security

  16. A Digital Signature Scheme Based on NP-Complete Lattice Problems

    NASA Astrophysics Data System (ADS)

    Hayashi, Shunichi; Tada, Mitsuru

    In [13], we proposed new decision problems related to lattices, and proved their NP-completeness. In this paper, we present a new public-key identification scheme and a digital signature scheme based on one of the problems in [13]. We also prove the security of our schemes under certain assumptions, and analyze the efficiency of ours.

  17. On the Security of Provably Secure Multi-Receiver ID-Based Signcryption Scheme

    NASA Astrophysics Data System (ADS)

    Tan, Chik-How

    Recently, Duan and Cao proposed an multi-receiver identity-based signcryption scheme. They showed that their scheme is secure against adaptive chosen ciphertext attacks in the random oracle model. In this paper, we show that their scheme is in fact not secure against adaptive chosen ciphertext attacks under their defined security model.

  18. An Anonymous Voting Scheme based on Confirmation Numbers

    NASA Astrophysics Data System (ADS)

    Alam, Kazi Md. Rokibul; Tamura, Shinsuke; Taniguchi, Shuji; Yanase, Tatsuro

    This paper proposes a new electronic voting (e-voting) scheme that fulfills all the security requirements of e-voting i.e. privacy, accuracy, universal verifiability, fairness, receipt-freeness, incoercibility, dispute-freeness, robustness, practicality and scalability; usually some of which are found to be traded. When compared with other existing schemes, this scheme requires much more simple computations and weaker assumptions about trustworthiness of individual election authorities. The key mechanism is the one that uses confirmation numbers involved in individual votes to make votes verifiable while disabling all entities including voters themselves to know the linkages between voters and their votes. Many existing e-voting schemes extensively deploy zero-knowledge proof (ZKP) to achieve verifiability. However, ZKP is expensive and complicated. The confirmation numbers attain the verifiability requirement in a much more simple and intuitive way, then the scheme becomes scalable and practical.

  19. On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

    NASA Astrophysics Data System (ADS)

    Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

    The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible.

  20. EAP-Kerberos: A Low Latency EAP Authentication Method for Faster Handoffs in Wireless Access Networks

    NASA Astrophysics Data System (ADS)

    Zrelli, Saber; Okabe, Nobuo; Shinoda, Yoichi

    The wireless medium is a key technology for enabling ubiquitous and continuous network connectivity. It is becoming more and more important in our daily life especially with the increasing adoption of networking technologies in many fields such as medical care and transportation systems. Although most wireless technologies nowadays provide satisfying bandwidth and higher speeds, several of these technologies still lack improvements with regard to handoff performance. In this paper, we focus on wireless network technologies that rely on the Extensible Authentication Protocol for mutual authentication between the station and the access network. Such technologies include local area wireless networks (IEEE 802.11) as well as broadband wireless networks (IEEE 802.16). We present a new EAP authentication method based on a three party authentication scheme, namely Kerberos, that considerably shortens handoff delays. Compared to other methods, the proposed method has the advantage of not requiring any changes on the access points, making it readily deployable at reasonable costs.

  1. Three-dimensional compression scheme based on wavelet transform

    NASA Astrophysics Data System (ADS)

    Yang, Wu; Xu, Hui; Liao, Mengyang

    1999-03-01

    In this paper, a 3D compression method based on separable wavelet transform is discussed in detail. The most commonly used digital modalities generate multiple slices in a single examination, which are normally anatomically or physiologically correlated to each other. 3D wavelet compression methods can achieve more efficient compression by exploring the correlation between slices. The first step is based on a separable 3D wavelet transform. Considering the difference between pixel distances within a slice and those between slices, one biorthogonal Antoninin filter bank is applied within 2D slices and a second biorthogonal Villa4 filter bank on the slice direction. Then, S+P transform is applied in the low-resolution wavelet components and an optimal quantizer is presented after analysis of the quantization noise. We use an optimal bit allocation algorithm, which, instead of eliminating the coefficients of high-resolution components in smooth areas, minimizes the system reconstruction distortion at a given bit-rate. Finally, to remain high coding efficiency and adapt to different properties of each component, a comprehensive entropy coding method is proposed, in which arithmetic coding method is applied in high-resolution components and adaptive Huffman coding method in low-resolution components. Our experimental results are evaluated by several image measures and our 3D wavelet compression scheme is proved to be more efficient than 2D wavelet compression.

  2. A Robust Conditional Privacy-Preserving Authentication Protocol in VANET

    NASA Astrophysics Data System (ADS)

    Jung, Chae Duk; Sur, Chul; Park, Youngho; Rhee, Kyung-Hyune

    Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for secure vehicular communications. However, ECPP dose not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust conditional privacy-preserving authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in our protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for validity check of RSUs. In order to achieve these goals, we consider a universal re-encryption scheme as our building block.

  3. Cryptanalysis and Improvement on "Robust EPR-Pairs-Based Quantum Secure Communication with Authentication Resisting Collective Noise"

    NASA Astrophysics Data System (ADS)

    Yue, Qiu-Ling; Yu, Chao-Hua; Liu, Bin; Wang, Qing-Le

    2016-10-01

    Recently, Chang et al. [Sci Chin-Phys Mech Astron. 57(10), 1907-1912, 2014] proposed two robust quantum secure communication protocols with authentication based on Einstein-Podolsky-Rosen (EPR) pairs, which can resist collective noise. In this paper, we analyze the security of their protocols, and show that there is a kind of security flaw in their protocols. By a kind of impersonation attack, the eavesdropper can obtain half of the message on average. Furthermore, an improved method of their protocols is proposed to close the security loophole.

  4. Multiparty quantum secret sharing scheme based on the phase shift operations

    NASA Astrophysics Data System (ADS)

    Du, Yu-tao; Bao, Wan-su

    2013-11-01

    Based on a kind of multiparty quantum secret sharing schemes with Bell states, we propose a novel collective attack strategy in this paper. In our strategy, the group of in-attackers can obtain the entire secret information without introducing any error. More interestingly, a new multiparty quantum secret sharing scheme is proposed based on the 3-element phase shift operations. The scheme can resist not only the existing attacks, but also the cheating attack from the dishonest agent. Meanwhile, the scheme improves the efficiency of scheme by reducing the number of the eavesdropping detections and the computation complexity.

  5. Exploring the threshold premium for viable community based health insurance schemes in Nigeria.

    PubMed

    Udeh, Emeka Ihechi; Onwujekwe, Obinna Emmanuel; Adewole, David Ayobami; Onoka, Chima Ariel

    2016-08-02

    The national health insurance scheme of Nigeria recently proposed a national premium for community based insurance scheme. This study determined the capacity of households in the rural and urban areas in Nigeria to pay for the premium and different hypothetical health insurance schemes namely national health insurance scheme, national urban health insurance scheme, national rural health insurance scheme and regional health insurance schemes. It determined the likely impact of different premiums on membership across socio-economic status quintiles, and then determined the threshold premium affordable to rural and urban households. The results show that the mean capacity to pay for the households in different regions ranged from US$194 ± 100 to US$986 ± 907. The threshold premiums of the national health insurance scheme, urban national health insurance and rural health insurance schemes were US$66, US$154 and US$53 respectively. Overall, the threshold premium for rural national health insurance scheme and national health insurance schemes were affordable to the lowest socio economic group. Hence, it is recommended that threshold premium for rural national health insurance scheme be adopted as the maximum premium not to be exceeded in the proposed national health insurance scheme.

  6. An Efficient and Provable Secure Revocable Identity-Based Encryption Scheme

    PubMed Central

    Wang, Changji; Li, Yuan; Xia, Xiaonan; Zheng, Kangjia

    2014-01-01

    Revocation functionality is necessary and crucial to identity-based cryptosystems. Revocable identity-based encryption (RIBE) has attracted a lot of attention in recent years, many RIBE schemes have been proposed in the literature but shown to be either insecure or inefficient. In this paper, we propose a new scalable RIBE scheme with decryption key exposure resilience by combining Lewko and Waters’ identity-based encryption scheme and complete subtree method, and prove our RIBE scheme to be semantically secure using dual system encryption methodology. Compared to existing scalable and semantically secure RIBE schemes, our proposed RIBE scheme is more efficient in term of ciphertext size, public parameters size and decryption cost at price of a little looser security reduction. To the best of our knowledge, this is the first construction of scalable and semantically secure RIBE scheme with constant size public system parameters. PMID:25238418

  7. An efficient and provable secure revocable identity-based encryption scheme.

    PubMed

    Wang, Changji; Li, Yuan; Xia, Xiaonan; Zheng, Kangjia

    2014-01-01

    Revocation functionality is necessary and crucial to identity-based cryptosystems. Revocable identity-based encryption (RIBE) has attracted a lot of attention in recent years, many RIBE schemes have been proposed in the literature but shown to be either insecure or inefficient. In this paper, we propose a new scalable RIBE scheme with decryption key exposure resilience by combining Lewko and Waters' identity-based encryption scheme and complete subtree method, and prove our RIBE scheme to be semantically secure using dual system encryption methodology. Compared to existing scalable and semantically secure RIBE schemes, our proposed RIBE scheme is more efficient in term of ciphertext size, public parameters size and decryption cost at price of a little looser security reduction. To the best of our knowledge, this is the first construction of scalable and semantically secure RIBE scheme with constant size public system parameters.

  8. An Identity-Based (IDB) Broadcast Encryption Scheme with Personalized Messages (BEPM).

    PubMed

    Xu, Ke; Liao, Yongjian; Qiao, Li; Liu, Zhangyun; Yang, Xiaowei

    2015-01-01

    A broadcast encryption scheme with personalized messages (BEPM) is a scheme in which a broadcaster transmits not only encrypted broadcast messages to a subset of recipients but also encrypted personalized messages to each user individually. Several broadcast encryption (BE) schemes allow a broadcaster encrypts a message for a subset S of recipients with public keys and any user in S can decrypt the message with his/her private key. However, these BE schemes can not provide an efficient way to transmit encrypted personalized messages to each user individually. In this paper, we propose a broadcast encryption scheme with a transmission of personalized messages. Besides, the scheme is based on multilinear maps ensure constant ciphertext size and private key size of each user and the scheme can achieve statically security. More realistically, the scheme can be applied to the Conditional Access System (CAS) of pay television (pay-TV) efficiently and safely.

  9. An Identity-Based (IDB) Broadcast Encryption Scheme with Personalized Messages (BEPM)

    PubMed Central

    Xu, Ke; Liao, Yongjian; Qiao, Li

    2015-01-01

    A broadcast encryption scheme with personalized messages (BEPM) is a scheme in which a broadcaster transmits not only encrypted broadcast messages to a subset of recipients but also encrypted personalized messages to each user individually. Several broadcast encryption (BE) schemes allow a broadcaster encrypts a message for a subset S of recipients with public keys and any user in S can decrypt the message with his/her private key. However, these BE schemes can not provide an efficient way to transmit encrypted personalized messages to each user individually. In this paper, we propose a broadcast encryption scheme with a transmission of personalized messages. Besides, the scheme is based on multilinear maps ensure constant ciphertext size and private key size of each user and the scheme can achieve statically security. More realistically, the scheme can be applied to the Conditional Access System (CAS) of pay television (pay-TV) efficiently and safely. PMID:26629817

  10. Authentic Teachers: Student Criteria Perceiving Authenticity of Teachers

    ERIC Educational Resources Information Center

    De Bruyckere, Pedro; Kirschner, Paul A.

    2016-01-01

    Authenticity is seen by many as a key for good learning and education. There is talk of authentic instruction, authentic learning, authentic problems, authentic assessment, authentic tools and authentic teachers. The problem is that while authenticity is an often-used adjective describing almost all aspects of teaching and learning, the concept…

  11. Final report for the network authentication investigation and pilot.

    SciTech Connect

    Eldridge, John M.; Dautenhahn, Nathan; Miller, Marc M.; Wiener, Dallas J; Witzke, Edward L.

    2006-11-01

    New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.

  12. A malware detection scheme based on mining format information.

    PubMed

    Bai, Jinrong; Wang, Junfeng; Zou, Guozhong

    2014-01-01

    Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.

  13. A Malware Detection Scheme Based on Mining Format Information

    PubMed Central

    Bai, Jinrong; Wang, Junfeng; Zou, Guozhong

    2014-01-01

    Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates. PMID:24991639

  14. Noninvasive blood pressure measurement scheme based on optical fiber sensor

    NASA Astrophysics Data System (ADS)

    Liu, Xianxuan; Yuan, Xueguang; Zhang, Yangan

    2016-10-01

    Optical fiber sensing has many advantages, such as volume small, light quality, low loss, strong in anti-jamming. Since the invention of the optical fiber sensing technology in 1977, optical fiber sensing technology has been applied in the military, national defense, aerospace, industrial, medical and other fields in recent years, and made a great contribution to parameter measurement in the environment under the limited condition .With the rapid development of computer, network system, the intelligent optical fiber sensing technology, the sensor technology, the combination of computer and communication technology , the detection, diagnosis and analysis can be automatically and efficiently completed. In this work, we proposed a noninvasive blood pressure detection and analysis scheme which uses optical fiber sensor. Optical fiber sensing system mainly includes the light source, optical fiber, optical detector, optical modulator, the signal processing module and so on. wavelength optical signals were led into the optical fiber sensor and the signals reflected by the human body surface were detected. By comparing actual testing data with the data got by traditional way to measure the blood pressure we can establish models for predicting the blood pressure and achieve noninvasive blood pressure measurement by using spectrum analysis technology. Blood pressure measurement method based on optical fiber sensing system is faster and more convenient than traditional way, and it can get accurate analysis results in a shorter period of time than before, so it can efficiently reduce the time cost and manpower cost.

  15. Experimental quantum-cryptography scheme based on orthogonal states

    NASA Astrophysics Data System (ADS)

    Avella, Alessio; Brida, Giorgio; Degiovanni, Ivo Pietro; Genovese, Marco; Gramegna, Marco; Traina, Paolo

    2010-12-01

    Since, in general, nonorthogonal states cannot be cloned, any eavesdropping attempt in a quantum-communication scheme using nonorthogonal states as carriers of information introduces some errors in the transmission, leading to the possibility of detecting the spy. Usually, orthogonal states are not used in quantum-cryptography schemes since they can be faithfully cloned without altering the transmitted data. Nevertheless, L. Goldberg and L. Vaidman [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.75.1239 75, 1239 (1995)] proposed a protocol in which, even if the data exchange is realized using two orthogonal states, any attempt to eavesdrop is detectable by the legal users. In this scheme the orthogonal states are superpositions of two localized wave packets traveling along separate channels. Here we present an experiment realizing this scheme.

  16. Experimental quantum cryptography scheme based on orthogonal states: preliminary results

    NASA Astrophysics Data System (ADS)

    Avella, Alessio; Brida, Giorgio; Degiovanni, Ivo P.; Genovese, Marco; Gramegna, Marco; Traina, Paolo

    2010-04-01

    Since, in general, non-orthogonal states cannot be cloned, any eavesdropping attempt in a Quantum Communication scheme using non-orthogonal states as carriers of information introduces some errors in the transmission, leading to the possibility of detecting the spy. Usually, orthogonal states are not used in Quantum Cryptography schemes since they can be faithfully cloned without altering the transmitted data. Nevertheless, L. Goldberg and L. Vaidman [Phys. Rev. Lett. 75 (7), pp. 12391243, 1995] proposed a protocol in which, even if the data exchange is realized using two orthogonal states, any attempt to eavesdrop is detectable by the legal users. In this scheme the orthogonal states are superpositions of two localized wave packets which travel along separate channels, i.e. two different paths inside a balanced Mach-Zehnder interferometer. Here we present an experiment realizing this scheme.

  17. Experimental quantum-cryptography scheme based on orthogonal states

    SciTech Connect

    Avella, Alessio; Brida, Giorgio; Degiovanni, Ivo Pietro; Genovese, Marco; Gramegna, Marco; Traina, Paolo

    2010-12-15

    Since, in general, nonorthogonal states cannot be cloned, any eavesdropping attempt in a quantum-communication scheme using nonorthogonal states as carriers of information introduces some errors in the transmission, leading to the possibility of detecting the spy. Usually, orthogonal states are not used in quantum-cryptography schemes since they can be faithfully cloned without altering the transmitted data. Nevertheless, L. Goldberg and L. Vaidman [Phys. Rev. Lett. 75, 1239 (1995)] proposed a protocol in which, even if the data exchange is realized using two orthogonal states, any attempt to eavesdrop is detectable by the legal users. In this scheme the orthogonal states are superpositions of two localized wave packets traveling along separate channels. Here we present an experiment realizing this scheme.

  18. Arbitrated quantum signature scheme based on cluster states

    NASA Astrophysics Data System (ADS)

    Yang, Yu-Guang; Lei, He; Liu, Zhi-Chao; Zhou, Yi-Hua; Shi, Wei-Min

    2016-06-01

    Cluster states can be exploited for some tasks such as topological one-way computation, quantum error correction, teleportation and dense coding. In this paper, we investigate and propose an arbitrated quantum signature scheme with cluster states. The cluster states are used for quantum key distribution and quantum signature. The proposed scheme can achieve an efficiency of 100 %. Finally, we also discuss its security against various attacks.

  19. Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation.

    PubMed

    Yuan, Lifeng; Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

    2016-01-01

    After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t', n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely.

  20. Novel Threshold Changeable Secret Sharing Schemes Based on Polynomial Interpolation

    PubMed Central

    Li, Mingchu; Guo, Cheng; Choo, Kim-Kwang Raymond; Ren, Yizhi

    2016-01-01

    After any distribution of secret sharing shadows in a threshold changeable secret sharing scheme, the threshold may need to be adjusted to deal with changes in the security policy and adversary structure. For example, when employees leave the organization, it is not realistic to expect departing employees to ensure the security of their secret shadows. Therefore, in 2012, Zhang et al. proposed (t → t′, n) and ({t1, t2,⋯, tN}, n) threshold changeable secret sharing schemes. However, their schemes suffer from a number of limitations such as strict limit on the threshold values, large storage space requirement for secret shadows, and significant computation for constructing and recovering polynomials. To address these limitations, we propose two improved dealer-free threshold changeable secret sharing schemes. In our schemes, we construct polynomials to update secret shadows, and use two-variable one-way function to resist collusion attacks and secure the information stored by the combiner. We then demonstrate our schemes can adjust the threshold safely. PMID:27792784