Search

Your search keyword '"Fushan WEI"' showing total 69 results
Start Over Author "Fushan WEI" Language undetermined
69 results on '"Fushan WEI"'

2. LightSEEN: Real-Time Unknown Traffic Discovery via Lightweight Siamese Networks

Author

Jiaxing Guo, Xieli Zhang, Chunxiang Gu, Ji Li, Fushan Wei, Xinyi Hu, and Wenfen Liu

Subjects
Science (General), Article Subject, Computer Networks and Communications, Computer science, Network packet, business.industry, Feature vector, Encryption, computer.software_genre, Q1-390, Network management, Closed-world assumption, Traffic classification, Convergence (routing), T1-995, Data mining, business, Baseline (configuration management), computer, Technology (General), Information Systems
Abstract

With the increase in the proportion of encrypted network traffic, encrypted traffic identification (ETI) is becoming a critical research topic for network management and security. At present, ETI under closed world assumption has been adequately studied. However, when the models are applied to the realistic environment, they will face unknown traffic identification challenges and model efficiency requirements. Considering these problems, in this paper, we propose a lightweight unknown traffic discovery model LightSEEN for open-world traffic classification and model update under practical conditions. The overall structure of LightSEEN is based on the Siamese network, which takes three simplified packet feature vectors as input on one side, uses the multihead attention mechanism to parallelly capture the interactions among packets, and adopts techniques including 1D-CNN and ResNet to promote the extraction of deep-level flow features and the convergence speed of the network. The effectiveness and efficiency of the proposed model are evaluated on two public data sets. The results show that the effectiveness of LightSEEN is overall at the same level as the state-of-the-art method and LightSEEN has even better true detection rate, but the parameter used in LightSEEN is 0.51 % of the baseline and its average training time is 37.9 % of the baseline.

Published
2021

3. Automated State-Machine-Based Analysis of Hostname Verification in IPsec Implementations

Author

Jiaxing Guo, Chunxiang Gu, Xi Chen, Siqi Lu, and Fushan Wei

Subjects
Hostname, Authentication, Network security, business.industry, computer.internet_protocol, Computer science, Cryptography, Cryptographic protocol, Certificate, Computer security, computer.software_genre, Security testing, Computer Science Applications, Control and Systems Engineering, IPsec, Electrical and Electronic Engineering, business, computer
Abstract

Owing to the advent and rapid development of Internet communication technology, network security protocols with cryptography as their core have gradually become an important means of ensuring secure communications. Among numerous security protocols, certificate authentication is a common method of identity authentication, and hostname verification is a critical but easily neglected process in certificate authentication. Hostname verification validates the identity of a remote target by checking whether the hostname of the communication partner matches any name in the X.509 certificate. Notably, errors in hostname verification may cause security problems with regard to identity authentication. In this study, we use a model-learning method to conduct security testing for hostname verification in internet protocol security (IPsec). This method can analyze the problems entailed in implementing hostname verification in IPsec by effectively inferring the deterministic finite automaton model that can describe the matching situation between the certificate subject name and the hostname for different rules. We analyze two popular IPsec implementations, Strongswan and Libreswan, and find five violations. We use some of these violations to conduct actual attack tests on the IPsec implementation. The results show that under certain conditions, attackers can use these flaws to carry out identity impersonation attacks and man-in-the-middle attacks.

Published
2021

5. An Intelligent Terminal Based Privacy-Preserving Multi-Modal Implicit Authentication Protocol for Internet of Connected Vehicles

Author

Pandi Vijayakumar, Fushan Wei, Sherali Zeadally, Debiao He, and Neeraj Kumar

Subjects
Password, 050210 logistics & transportation, Authentication, Computer science, business.industry, Mechanical Engineering, 05 social sciences, Computer security, computer.software_genre, Authentication server, Computer Science Applications, Terminal (electronics), Authentication protocol, 0502 economics and business, Automotive Engineering, Ciphertext, The Internet, business, computer, Intelligent transportation system
Abstract

The Internet of connected Vehicles (IOV) can collect, process, compute and release the information of intelligent transportation systems. IOV is an integrated service system that can support the applications for automatic driving, intelligent transport and information services. As the number of incidents on IOV has been on the rise in the past few years, IOV security is becoming increasingly important in the IOV architecture. One of the most notable risks of IOV faces is intelligent terminal security. The vehicle’s intelligent terminal can be used to launch for further attacks on the on-board operating system to penetrate into the internal network of connected vehicle, and consequently threaten the safety of the vehicle. Thus, it is of paramount importance that we protect the security of the intelligent terminal. We propose two intelligent terminal based privacy-preserving multi-modal implicit authentication protocols to protect the security of the intelligent terminal in IOV. The proposed protocols use the password and the vehicle owner’s behavior features as the authentication factors to protect the security of the intelligent terminal. Since the vehicle owner’s behavior features are sensitive and the privacy information of the user must be protected, we also consider the privacy protection of the behavior features. Our protocols do not reveal any information about the vehicle owner’s behavior features to the authentication server and the adversary except the ciphertext size of the feature vector. We analyze the security of our proposed protocol and compare them with other related protocols in terms of computation and communications costs. Our results demonstrate that our proposed protocols yield better security and efficiency.

Published
2021

6. CLD-Net: A Network Combining CNN and LSTM for Internet Encrypted Traffic Classification

Author

Xinyi Hu, Chunxiang Gu, and Fushan Wei

Subjects
Science (General), Article Subject, Artificial neural network, Computer Networks and Communications, business.industry, Network packet, Computer science, Encryption, computer.software_genre, Convolutional neural network, Q1-390, Traffic classification, Feature (machine learning), T1-995, The Internet, Data mining, business, computer, Technology (General), Information Systems, Private network
Abstract

The development of the Internet has led to the complexity of network encrypted traffic. Identifying the specific classes of network encryption traffic is an important part of maintaining information security. The traditional traffic classification based on machine learning largely requires expert experience. As an end-to-end model, deep neural networks can minimize human intervention. This paper proposes the CLD-Net model, which can effectively distinguish network encrypted traffic. By segmenting and recombining the packet payload of the raw flow, it can automatically extract the features related to the packet payload, and by changing the expression of the packet interval, it integrates the packet interval information into the model. We use the ability of Convolutional Neural Network (CNN) to distinguish image classes, learn and classify the grayscale images that the raw flow has been preprocessed into, and then use the effectiveness of Long Short-Term Memory (LSTM) network on time series data to further enhance the model’s ability to classify. Finally, through feature reduction, the high-dimensional features learned by the neural network are converted into 8 dimensions to distinguish 8 different classes of network encrypted traffic. In order to verify the effectiveness of the CLD-Net model, we use the ISCX public dataset to conduct experiments. The results show that our proposed model can distinguish whether the unknown network traffic uses Virtual Private Network (VPN) with an accuracy of 98% and can accurately identify the specific traffic (chats, audio, or file) of Facebook and Skype applications with an accuracy of 92.89%.

Published
2021

7. Privacy-Preserving Implicit Authentication Protocol Using Cosine Similarity for Internet of Things

Author

Neeraj Kumar, Pandi Vijayakumar, Ruijie Zhang, Fushan Wei, and Qingfeng Cheng

Subjects
021110 strategic, defence & security studies, Authentication, Thread (network protocol), Computer Networks and Communications, business.industry, Computer science, Cosine similarity, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer Science Applications, Information sensitivity, Terminal (electronics), Hardware and Architecture, Server, Authentication protocol, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, business, Information Systems, Computer network
Abstract

Internet of Things provides complicated value-added services to mobile intelligent terminal users. Different sensors collect various data from the users and transmit the data to the mobile intelligent terminal for storage. Consequently, a great amount of personal and sensitive information related to these rich and colorful applications is stored in the mobile intelligent terminal. Mobile intelligent terminals have become the prominent target of network attackers. Security breach and privacy leakage severely thread the application development of the Internet of Things. We present a privacy-preserving implicit authentication framework using users’ behavior features sensed by the mobile intelligent terminal based on the artificial intelligence methodology. More precisely, we first summarize the security and privacy requirements for the security authentication of the mobile intelligent terminal. Then, we present a privacy-preserving implicit authentication framework using the cosine similarity and partial homomorphic public-key encryption scheme. Finally, a performance evaluation of the proposed protocol is conducted. The result shows that the communication and computation efficiency of our protocol is more efficient than other related protocols.

Published
2021

8. Efficient cloud-aided verifiable secret sharing scheme with batch verification for smart cities

Author

Jian Shen, Fushan Wei, Xingming Sun, Dengzhi Liu, and Yang Xiang

Subjects
Scheme (programming language), Security analysis, Computer Networks and Communications, business.industry, Electronic voting, Computer science, Electronic cash, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Secret sharing, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, business, computer, Software, computer.programming_language
Abstract

With the wide usage of the information and communication technology (ICT) in smart cities, people’s lives become easier and more convenient. Cloud computing, as a burgeoning technology of the ICT, provides consumers with unlimited computing capabilities and storage resources. Using the cloud to promote the progress of the ICT-based applications meets the requirement of the practical usage, and is also in line with the sustainable development. As we all know, the secret sharing is a hot topic in the security community. Many security-assurance applications can be realized with the assistance of secret sharing. In this paper, an efficient cloud-aided verifiable secret sharing scheme is proposed based on the polynomial commitment for smart cities, which can be used in a variety of practical applications such as electronic voting and revocable electronic cash. In the proposed scheme, users can verify the received shares from the cloud. Moreover, in order to meet the requirement of the real-world usage, we extend our scheme to support the batch verification with the aid of a third-party arbitration center. In addition, the aggregate signature is used to verify whether a subset of users possess the shares that indeed sent by the cloud. The security analysis shows that the proposed scheme can satisfy the security requirements of the verifiable secret sharing (VSS) and the performance analysis shows that our scheme is more efficient than previous schemes in terms of the communication and the computation.

Published
2020

9. A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

Author

Ma Jun, Ziwei Ye, Yuanbo Guo, Zhang Ruijie, Fushan Wei, and Ankang Ju

Subjects
Human-Computer Interaction, Risk analysis, 021103 operations research, Risk analysis (engineering), Computer science, Strategy and Management, 0211 other engineering and technologies, 0202 electrical engineering, electronic engineering, information engineering, Profiling (information science), 020201 artificial intelligence & image processing, 02 engineering and technology, Computer Science Applications
Abstract

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.

Published
2020

10. A Mobile Intelligent Terminal Based Anonymous Authenticated Key Exchange Protocol for Roaming Service in Global Mobility Networks

Author

Qi Jiang, Fushan Wei, Ruijie Zhang, and Pandi Vijayakumar

Subjects
Authentication, Control and Optimization, Renewable Energy, Sustainability and the Environment, Computer science, business.industry, Authenticated Key Exchange, Computational Theory and Mathematics, Digital signature, Hardware and Architecture, Authentication protocol, Foreign agent, Roaming, business, Software, Key exchange, Computer network, Anonymity
Abstract

With the rapid development of mobile intelligent terminals, users can conveniently enjoy ubiquitous services in global mobility networks. User authentication and user privacy protection are two important issues for providing secure roaming service in global mobility networks. Until now, many authentication protocols for roaming service with user anonymity are proposed. Unfortunately, most of the existing protocols only have heuristic informal security arguments. Moreover, current works only achieve weak anonymity. A user's identity is only anonymous against eavesdroppers and is known to the home agent and sometimes even the foreign agent. In order to overcome these weaknesses, we propose a privacy-preserving password-authenticated key exchange protocol for roaming service in global mobility networks. The proposed protocol is proven secure in the random oracle model under the CDH and the $q$ q -SDH assumptions. Our protocol achieves stronger user anonymity than other related protocols. The performance comparison shows that our protocol is more efficient in terms of on-line computation and enjoys optimal communication complexity. Consequently, it is more suitable for real applications in global mobility networks.

Published
2020

11. Robust Direct position determination against sensor gain and phase errors with the use of calibration sources

Author

Bin Yang, Ding Wang, Zeyu Yang, and Fushan Wei

Subjects
Calibration (statistics), Iterative method, Computer science, Applied Mathematics, Maximum likelihood, Phase (waves), 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, Artificial Intelligence, Hardware and Architecture, Position (vector), Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Algorithm, Software, Information Systems, Common emitter
Abstract

The direct position determination (DPD) method can provide high localization performance than conventional two-step localization methods. However, the existing DPD methods only consider the scenario of parameters of the receiving arrays, and the localization performance decreases dramatically when the array model is inaccurate in practice. This paper studies the problem for positioning a stationary emitter in the presence of sensor gain and phase errors (SGPEs) aided by calibration sources. To remove these negative effects caused by SGPEs, calibration sources with known positions are introduced. The extended relationship between parameters of calibration sources and errors is used to establish a structural objective function based on the maximum likelihood estimate. The calibration parameters are jointly optimized with target-related parameters and an alternating iterative algorithm is then developed to decouple the multidimensional search into several low-dimensional optimizations. We also derive the Cramer–Rao bound (CRB) to evaluate the performance of the proposed method. Simulation results demonstrate that the proposed method outperforms the existing DPD methods and two-step methods, which incorporates the error information, and the accuracy attains the associated CRB.

Published
2020

12. A Novel Estimator for TDOA and FDOA Positioning of Multiple Disjoint Sources in the Presence of Calibration Emitters

Author

Ding Wang, Peichang Zhang, Zeyu Yang, Fushan Wei, and Cheng Wang

Subjects
General Computer Science, Computer science, Calibration (statistics), 02 engineering and technology, 01 natural sciences, Target localization, unmanned aerial vehicle (UAV), Wireless, General Materials Science, Calibration emitters, time difference of arrival (TDOA), business.industry, 010401 analytical chemistry, General Engineering, Estimator, 021001 nanoscience & nanotechnology, Multilateration, 0104 chemical sciences, frequency difference of arrival (FDOA), FDOA, lcsh:Electrical engineering. Electronics. Nuclear engineering, 0210 nano-technology, business, lcsh:TK1-9971, Algorithm, multiple targets
Abstract

Multiple-target localization is extensively applied in wireless connected networks. However, sensor location uncertainty is known to degrade significantly the target localization accuracy. Fortunately, calibration emitters such as unmanned aerial vehicles (UAV) with known location can be used to reduce the loss in localization accuracy due to sensor location errors. This paper is devoted to the use of UAV calibration emitters for time differences of arrival (TDOA) and frequency differences of arrival (FDOA) positioning of multiple targets. The study starts with deriving the Cramér-Rao bound (CRB) for TDOA/FDOA-based target location estimate when several UAV calibration signals are available. Subsequently, the paper presents an iterative constrained weighted least squares (ICWLS) estimator for multiple-target joint localization using TDOA/FDOA measurements from both target sources and UAV calibration emitters. The newly proposed method consists of two stages. In the first phase, the sensor locations are refined based on the calibration measurements as well as the prior knowledge of sensor locations. The second step provides the estimate of multiple-target locations by combining the measurements of target signals as well as the estimated values in the first phase. An efficient ICWLS algorithm is presented at each stage. Both the two algorithms are implemented by using matrix singular value decomposition (SVD), which is able to provide a closed-form solution and update the weighting matrix at every iteration. Finally, the convergence behavior and estimation mean-square-error (MSE) of the new estimator are deduced. Both theoretical analysis and simulation results show that the developed method can improve the TDOA/FDOA localization accuracy obviously with the help of UAV calibration emitters.

Published
2020

15. tCLD-Net: A Transfer Learning Internet Encrypted Traffic Classification Scheme Based on Convolution Neural Network and Long Short-Term Memory Network

Author

Xinyi Hu, Fushan Wei, Yihang Chen, and Chunxiang Gu

Subjects
Computer science, business.industry, Deep learning, Internet traffic, Encryption, computer.software_genre, Convolutional neural network, Traffic classification, Feature (machine learning), The Internet, Artificial intelligence, Data mining, business, Transfer of learning, computer
Abstract

The Internet is about to enter the era of full encryption. Traditional traffic classification methods only work well in non-encrypted environments. How to identify the specific types of network encrypted traffic in an encrypted environment without decryption is one of the foundations for maintaining cyberspace security. Traffic classification based on machine learning relies heavily on the prior knowledge of experts to construct feature sets. Although traffic classification based on deep learning can reduce human intervention, it requires a large amount of labeled data for parameter determination. This paper proposes a tCLD-Net model that combines transfer learning and deep learning. It can be trained on a small amount of labeled data to distinguish network encrypted traffic with a high accuracy. It pre-trains a CLD-Net model in the source domain data set, and fixes the parameters of the convolutional neural network module in it, and trains and tests it in the target domain data set. In order to verify the effectiveness of the tCLD-Net model, we use the ISCX public data set to conduct experiments. The results show that our proposed model can complete 100 epoches training in 208 seconds when the training set only occupies 20% of the target domain. And achieve a classification accuracy rate about 86%. This is 4% higher than the model without pre-training, and the training time is only one third of the model without pre-training.

Published
2021

16. Iterative constrained weighted least squares estimator for TDOA and FDOA positioning of multiple disjoint sources in the presence of sensor position and velocity uncertainties

Author

Tao Zhang, Changgui Jia, Jiexin Yin, Fushan Wei, and Ding Wang

Subjects
Optimization problem, Computer science, Iterative method, Applied Mathematics, Estimator, 020206 networking & telecommunications, 02 engineering and technology, Multilateration, QR decomposition, symbols.namesake, Computational Theory and Mathematics, Artificial Intelligence, Gaussian noise, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, symbols, FDOA, 020201 artificial intelligence & image processing, Computer Vision and Pattern Recognition, Quadratic programming, Electrical and Electronic Engineering, Statistics, Probability and Uncertainty, Algorithm
Abstract

Sensor position and velocity uncertainties are known to be able to degrade the source localization accuracy significantly. This paper focuses on the problem of locating multiple disjoint sources using time differences of arrival (TDOAs) and frequency differences of arrival (FDOAs) in the presence of sensor position and velocity errors. First, the explicit Cramer–Rao bound (CRB) expression for joint estimation of source and sensor positions and velocities is derived under the Gaussian noise assumption. Subsequently, we compare the localization accuracy when multiple-source positions and velocities are determined jointly and individually based on the obtained CRB results. The performance gain resulted from multiple-target cooperative positioning is also quantified using the orthogonal projection matrix. Next, the paper proposes a new estimator that formulates the localization problem as a quadratic programming with some indefinite quadratic equality constraints. Due to the non-convex nature of the optimization problem, an iterative constrained weighted least squares (ICWLS) method is developed based on matrix QR decomposition, which can be achieved through some simple and efficient numerical algorithms. The newly proposed iterative method uses a set of linear equality constraints instead of the quadratic constraints to produce a closed-form solution in each iteration. Theoretical analysis demonstrates that the proposed method, if converges, can provide the optimal solution of the formulated non-convex minimization problem. Moreover, its estimation mean-square-error (MSE) is able to reach the corresponding CRB under moderate noise level. Simulations are included to corroborate and support the theoretical development in this paper.

Published
2019

17. Security Analysis and Design of Authentication Key Agreement Protocol in Medical Internet of Things

Author

Fushan Wei, Siqi Lu, Xi Chen, Jiaxing Guo, and Chunxiang Gu

Subjects
Key-agreement protocol, Authentication, Security analysis, 020205 medical informatics, Computer science, Data security, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Identity theft, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Replay attack, Secure transmission, computer
Abstract

With the rise and rapid development of the Internet of Things, the electronic healthcare (e-health) system gradually become a universal trend in the global medical industry. As a typical e-health application, Telecare Medical Information System (TMIS) can assist patients and medical staffs in monitoring and communicating for medical aid. However, TMIS usually runs in untrusted public channels, which makes it urgent to provide a secure authentication scheme to achieve user authentication, data security, and privacy protection purposes. In 2014, Li et al. proposed a biometric-based remote user authentication scheme that supported secure transmission and provided patient privacy protection. However, we analyze the scheme of Li et al. and identify that this scheme is vulnerable to identity theft attack, user impersonation attack, replay attack, and key compromise impersonation attack. We improve the original scheme to solve these problems and give the security proof as well as formal analysis of our scheme. Besides, we provide detailed heuristic security analysis to verify that our scheme can resist potential attacks and provide various security properties. Finally, performance analysis shows that the security of the improved protocol is enhanced without excessively increasing the computational cost.

Published
2020

18. A Survey on Blockchain Anomaly Detection Using Data Mining Techniques

Author

Chunxiang Gu, Fushan Wei, Xi Chen, and Ji Li

Subjects
Power graph analysis, Blockchain, Network security, business.industry, Systematic survey, Specific detection, Computer science, Deep learning, computer.software_genre, Graph (abstract data type), Anomaly detection, Artificial intelligence, Data mining, business, computer
Abstract

With the more and more extensive application of blockchain, blockchain security has been widely concerned by the society and deeply studied by scholars, of which anomaly detection is an important problem. Data mining techniques, including conventional machine learning, deep learning and graph learning, have been concentrated for anomaly detection in the last few years. This paper presents a systematic survey of the blockchain anomaly detection results using data mining techniques. The anomaly detection methods are classified into 2 main categories, namely universal detection methods and specific detection methods, which contain 8 subclasses. For each subclass, the corresponding research are listed and compared, presenting a systematic and categorized overview of the current perspectives for blockchain anomaly detection. In addition, this paper contributes in discussing the advantages and disadvantages for the data mining techniques employed, and suggesting future directions for anomaly detection methods. This survey helps researchers to have a general comprehension of the anomaly detection field and its application in blockchain data.

Published
2019

19. Privacy-Preserving and Lightweight Key Agreement Protocol for V2G in the Social Internet of Things

Author

Yang Xiang, Fushan Wei, Tianqi Zhou, Jian Shen, and Xingming Sun

Subjects
Key-agreement protocol, Security analysis, Authentication, Computer Networks and Communications, business.industry, Computer science, 020208 electrical & electronic engineering, Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Smart grid, Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, Protocol (object-oriented programming), computer, Information Systems
Abstract

The concept of the Social Internet of Things (SIoT) can be viewed as the integration of prevailing social networking and the Internet of Things, which is making inroads into the daily operation of many industries. Smart grids, which are cost-effective and environmentally friendly applications, are a promising field of the SIoT. However, security and privacy concerns are the dark aspects of smart grids. The goal of this paper is to address the security and privacy issues in the vehicle-to-grid (V2G) networks with the intention of promoting a more extensive deployment of V2G networks for smart grids. Driven by this motivation, in this paper, we propose a robust key agreement protocol that can achieve mutual authentication without exposing the real identities of users. Efficiency is also a major concern in resource-constrained environments. By leveraging only hash functions and bitwise exclusive-OR operations, the proposed protocol is highly efficient compared with pairing-based protocols. In addition, we define a formal security model for our privacy-preserving key agreement protocol for V2G networks. Using this model, a formal security analysis shows that the proposed protocol is secure. Moreover, an informal security analysis demonstrates that our protocol can withstand different types of attacks.

Published
2018

20. A Provably Secure Anonymous Authenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks

Author

Ke Zhang, Kai Xu, and Fushan Wei

Subjects
Article Subject, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, lcsh:Technology, lcsh:Telecommunication, Public-key cryptography, lcsh:TK5101-6720, Default gateway, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 021110 strategic, defence & security studies, lcsh:T, business.industry, Node (networking), 020206 networking & telecommunications, Computer security model, Authenticated Key Exchange, Authentication protocol, business, Wireless sensor network, Information Systems, Computer network, Anonymity
Abstract

In wireless sensor networks, users sometimes need to retrieve real-time data directly from the sensor nodes. Many authentication protocols are proposed to address the security and privacy aspects of this scenario. However, these protocols still have security loopholes and fail to provide strong user anonymity. In order to overcome these shortcomings, we propose an anonymous authenticated key exchange protocol based on Elliptic Curves Cryptography (ECC). The novel protocol provides strong user anonymity such that even the gateway node and the sensor nodes do not know the real identity of the user. The security of the proposed protocol is conducted in a well-defined security model under the CDH assumption. Compared with other related protocols, our protocol is efficient in terms of communication and enjoys stronger security. The only disadvantage is that our protocol consumes more computation resources due to the usage of asymmetric cryptography mechanisms to realize strong anonymity. Consequently, our protocol is suitable for applications which require strong anonymity and high security in wireless sensor networks.

Published
2018

21. Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks

Author

Bin Li, Yiming Zhao, Ping Wang, Wenting Li, and Fushan Wei

Subjects
Article Subject, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, lcsh:Technology, lcsh:Telecommunication, law.invention, law, Forward secrecy, lcsh:TK5101-6720, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Password, 021110 strategic, defence & security studies, Authentication, Cryptographic primitive, lcsh:T, business.industry, Password cracking, 020206 networking & telecommunications, Lightweight protocol, Smart card, business, Cryptanalysis, computer, Wireless sensor network, Information Systems, Anonymity
Abstract

Nowadays wireless sensor networks (WSNs) have drawn great attention from both industrial world and academic community. To facilitate real-time data access for external users from the sensor nodes directly, password-based authentication has become the prevalent authentication mechanism in the past decades. In this work, we investigate three foremost protocols in the area of password-based user authentication scheme for WSNs. Firstly, we analyze an efficient and anonymous protocol and demonstrate that though this protocol is equipped with a formal proof, it actually has several security loopholes been overlooked, such that it cannot resist against smart card loss attack and violate forward secrecy. Secondly, we scrutinize a lightweight protocol and point out that it cannot achieve the claimed security goal of forward secrecy, as well as suffering from user anonymity violation attack and offline password guessing attack. Thirdly, we find that an anonymous scheme fails to preserve two critical properties of forward secrecy and user friendliness. In addition, by adopting the “perfect forward secrecy (PFS)” principle, we provide several effective countermeasures to remedy the identified weaknesses. To test the necessity and effectiveness of our suggestions, we conduct a comparison of 10 representative schemes in terms of the underlying cryptographic primitives used for realizing forward secrecy.

Published
2018

22. On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services

Author

Fushan Wei, Qi Jiang, and Jianfeng Ma

Subjects
Challenge-Handshake Authentication Protocol, 021103 operations research, Computer Networks and Communications, Computer science, Data_MISCELLANEOUS, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Control and Systems Engineering, Generic Bootstrapping Architecture, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Challenge–response authentication, computer, Data Authentication Algorithm, Information Systems
Abstract

Recently, Tsai and Lo proposed a privacy aware authentication scheme for distributed mobile cloud computing services. It is claimed that the scheme achieves mutual authentication and withstands all major security threats. However, we first identify that their scheme fails to achieve mutual authentication, because it is vulnerable to the service provider impersonation attack. Beside this major defect, it also suffers from some minor design flaws, including the problem of biometrics misuse, wrong password, and fingerprint login, no user revocation facility when the smart card is lost/stolen. Some suggestions are provided to avoid these design flaws in the future design of authentication schemes.

Published
2018

23. A general compiler for password-authenticated group key exchange protocol in the standard model

Author

Fushan Wei, Neeraj Kumar, Sang-Soo Yeo, and Debiao He

Subjects
Password, Computer science, business.industry, Applied Mathematics, Distributed computing, Hash function, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Oakley protocol, computer.software_genre, 01 natural sciences, Authenticated Key Exchange, 010201 computation theory & mathematics, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Discrete Mathematics and Combinatorics, Compiler, business, computer, Protocol (object-oriented programming), Computer network, Standard model (cryptography)
Abstract

Password-authenticated group key exchange (PGKE) protocols are critical for ensuring secure group communications for mobile devices. Until now, only few PGKE protocols have been proposed. However, literature about group key exchange (GKE) protocols consists of many research proposals in last few years. In this paper, we present a protocol compiler based on smooth projective hash functions. The proposed compiler can transform any GKE protocol into a secure PGKE protocol by adding 2 rounds of communication. We conduct the security of our compiler in the standard model without using various other assumptions. Our compiler is round-efficient in the sense that a constant-round PGKE can be derived from the proposal if the underlying protocol is a constant-round GKE protocol.

Published
2018

24. A Provably Secure Anonymous Two-Factor Authenticated Key Exchange Protocol for Cloud Computing

Author

Chuangui Ma, Fushan Wei, and Ruijie Zhang

Subjects
Algebra and Number Theory, Computer science, business.industry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Theoretical Computer Science, Authenticated Key Exchange, Computational Theory and Mathematics, Factor (programming language), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Protocol (object-oriented programming), Information Systems, computer.programming_language, Computer network
Published
2018

25. A provably secure password-based anonymous authentication scheme for wireless body area networks

Author

Jian Shen, Fushan Wei, Li Li, Ruijie Zhang, and Pandi Vijayakumar

Subjects
Password, Password policy, Zero-knowledge password proof, General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Random oracle, S/KEY, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Zero-knowledge proof, Electrical and Electronic Engineering, business, computer, Anonymity, Computer network
Abstract

Wireless body area networks (WBANs) comprise many tiny sensor nodes which are planted in or around a patient’s body. These sensor nodes can collect biomedical data of the patient and transmit these valuable data to a data sink or a personal digital assistant. Later, health care service providers can get access to these data through authorization. The biomedical data are usually personal and privacy. Consequently, data confidentiality and user privacy are primary concerns for WBANs. In order to achieve these goals, we propose an anonymous authentication scheme for WBANs based on low-entropy password and prove its security in the random oracle model. Our scheme enjoys strong anonymity in the sense that only the client knows his identity during the authentication phase of the scheme. Compared with other related proposals, our scheme is efficient in terms of computation. Moreover, the authentication of the client relies on human-rememberable password, which makes our scheme more suitable for applications in WBANs.

Published
2018

26. CBD: A Deep-Learning-Based Scheme for Encrypted Traffic Classification with a General Pre-Training Method

Author

Xinyi Hu, Chunxiang Gu, Yihang Chen, and Fushan Wei

Subjects
Chemical technology, deep learning, TP1-1185, transfer learning, nature language processing, unlabeled pre-training, Biochemistry, Article, Atomic and Molecular Physics, and Optics, Analytical Chemistry, encrypted traffic classification, Electrical and Electronic Engineering, Instrumentation
Abstract

With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model.

Published
2021

27. A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks

Author

Jianfeng Ma, Meixia Miao, Fushan Wei, Limin Shen, and Ximeng Liu

Subjects
Computer Networks and Communications, Computer science, business.industry, Big data, 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, Random oracle, Public-key cryptography, Key distribution in wireless sensor networks, Hardware and Architecture, Data integrity, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), 020201 artificial intelligence & image processing, business, Wireless sensor network, Information Systems, Computer network
Abstract

Affording secure and efficient big data aggregation methods is very attractive in the field of wireless sensor networks (WSNs) research. In real settings, the WSNs have been broadly applied, such as target tracking and environment remote monitoring. However, data can be easily compromised by a vast of attacks, such as data interception and data tampering, etc. In this paper, we mainly focus on data integrity protection, give an identity-based aggregate signature (IBAS) scheme with a designated verifier for WSNs. According to the advantage of aggregate signatures, our scheme not only can keep data integrity, but also can reduce bandwidth and storage cost for WSNs. Furthermore, the security of our IBAS scheme is rigorously presented based on the computational Diffie–Hellman assumption in random oracle model.

Published
2017

28. An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks

Author

Yuanyuan Yang, Youliang Tian, Qi Jiang, Fushan Wei, Jian Shen, and Jianfeng Ma

Subjects
Scheme (programming language), Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Multi-factor authentication, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Elliptic curve cryptography, business, computer, Wireless sensor network, Computer network, computer.programming_language
Abstract

Recently, He et al. proposed an anonymous two-factor authentication scheme following the concept of temporal-credential for wireless sensor networks (WSNs), which is claimed to be secure and capable of withstanding various attacks. However, we reveal that the authentication phase of their scheme has several pitfalls. Firstly, their scheme is susceptible to malicious user impersonation attack, in which a legal but malicious user can impersonate as other registered users. In addition, their scheme is also vulnerable to stolen smart card attack. Furthermore, the scheme cannot provide untraceability and is prone to tracking attack. Then we put forward an untraceable two-factor authentication scheme based on elliptic curve cryptography (ECC) for WSNs. Our new scheme makes up for the missing security features necessary for real-life applications while maintaining the desired features of the original scheme. We prove that the scheme fulfills mutual authentication in the Burrows-Abadi-Needham (BAN) logic. Moreover, by way of informal security analysis, we show that the proposed scheme can resist a variety of attacks and provide more security features than He et al.’s scheme.

Published
2016

29. On the use of calibration emitters for TDOA source localization in the presence of synchronization clock bias and sensor location errors

Author

Changgui Jia, Xin Chen, Ding Wang, Fushan Wei, and Jiexin Yin

Subjects
Calibration (statistics), Computer science, Emitter location, lcsh:Electronics, Phase (waves), Time difference of arrival (TDOA), lcsh:TK7800-8360, Estimator, 020206 networking & telecommunications, 02 engineering and technology, Multilateration, Synchronization, lcsh:Telecommunication, symbols.namesake, Synchronization clock bias, Gaussian noise, Taylor-series, lcsh:TK5101-6720, 0202 electrical engineering, electronic engineering, information engineering, symbols, 020201 artificial intelligence & image processing, Sensor location uncertainty, Cramér–Rao bound (CRB), Algorithm
Abstract

Time difference of arrival (TDOA) positioning is one of the widely applied techniques for locating an emitting source. Unfortunately, synchronization clock bias and random sensor location perturbations are known to significantly degrade the TDOA localization accuracy. This paper studies the use of a set of calibration sources, whose locations are accurately known to an estimator, to reduce the loss in localization accuracy caused by synchronization offsets and sensor location errors. Under the Gaussian noise assumption, we first derive the Cramér–Rao bound (CRB) for parametric estimation with the use of calibration emitters. Some explicit CRB expressions are obtained, and the performance improvement due to the introduction of the calibration sources is also quantified through the CRB analysis. In order to achieve the optimum localization accuracy, we proceed to propose new localization methods using the TDOA measurements from both target source and calibration emitters. Specifically, two dimension-reduction Taylor-series iterative algorithms are developed, and both of them have two stages. The first stage estimates the clock bias and refines the sensor positions by using the calibration TDOA measurements and the prior knowledge of sensor locations. The second stage provides the estimates of source location by combining the TDOA measurements of target signal and the estimated values in the first phase. The mean square errors (MSEs) of the proposed methods are shown analytically to achieve the corresponding CRB by applying the first-order perturbation analysis. Simulations are used to corroborate and support the theoretical development in this paper.

Published
2019

30. Efficient privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage

Author

Xu An Wang, Fushan Wei, Jianfeng Ma, Fatos Xhafa, Weiyi Cai, and Universitat Politècnica de Catalunya. Departament de Ciències de la Computació

Subjects
Cloud storage, Theoretical computer science, Computació en núvol, General Computer Science, Computer science, 02 engineering and technology, computer.software_genre, Encryption, Xifratge (Informàtica), Multiple encryption, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Filesystem-level encryption, 0202 electrical engineering, electronic engineering, information engineering, Cloud computing, Electrical and Electronic Engineering, Data encryption (Computer science), 020203 distributed computing, Database, Predicate encryption, business.industry, Data confidentiality, Cloud data search framework, Client-side encryption, Control and Systems Engineering, Probabilistic encryption, 40-bit encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, On-the-fly encryption, business, Data privacy, computer, Public-key encryption with fine-grained keyword search
Abstract

We present an efficient predicate encryption system for the class of inner-product predicates that is fully secure without random oracles.PEFKS can not only test whether multiple keywords were present in the ciphertext, but also can evaluate the relations of the keywords, such as equal, disjunction/conjunction.We prove that IND-AH-CPA secure PE implies the existence of IND- PEFKS-CPA secure PEFKS, and develop a transformation of PE to PEFKS. The transformation is efficient. We also use it to construct a PEFKS scheme from our PE.We present a privacy preserving framework for implementing efficient predicate encryption with ne-grained searchable capability and roughly analysis its security. Display Omitted With the fast development in Cloud storage technologies and ever increasing use of Cloud data centres, data privacy and confidentiality has become a must. Indeed, Cloud data centres store each time more sensitive data such as personal data, organizational and enterprise data, transactional data, etc. However, achieving confidentiality with flexible searchable capability is a challenging issue. In this article, we show how to construct an efficient predicate encryption with fine-grained searchable capability. Predicate Encryption ( PE ) can achieve more sophisticated and flexible functionality compared with traditional public key encryption. We propose an efficient predicate encryption scheme by utilizing the dual system encryption technique, which can also be proved to be IND-AH-CPA (indistinguishable under chosen plain-text attack for attribute-hiding) secure without random oracle. We also carefully analyse the relationship between predicate encryption and searchable encryption. To that end, we introduce a new notion of Public-Key Encryption with Fine-grained Keyword Search ( PEFKS ). Our results show that an IND-AH-CPA secure PE scheme can be used to construct an IND-PEFKS-CPA (indistinguishable under chosen plain-text attack for public-key encryption with fine-grained keyword search) secure PEFKS scheme. A new transformation of PE-to-PEFKS is also proposed and used to construct an efficient PEFKS scheme based on the transformation from the proposed PE scheme. Finally, we design a new framework for supporting privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage. Compared to most prominent frameworks, our framework satisfies more features altogether and can serve as a basis for developing such frameworks for Cloud data centres.

Published
2016

31. DOAS: Efficient data owner authorized search over encrypted cloud data

Author

Yinbin Miao, Junwei Zhang, Fushan Wei, Zhiquan Liu, Jianfeng Ma, and Ximeng Liu

Subjects
020203 distributed computing, Security analysis, Cryptographic primitive, Database, Computer Networks and Communications, business.industry, Computer science, Data security, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Encryption, Computer security, Random oracle, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Chosen-plaintext attack, business, computer, Software
Abstract

Data outsourcing service can shift the local data storage and maintenance to cloud service provider (CSP) to ease the burden from data owner, but it brings the data security threats as CSP is always considered to honest-but-curious. Therefore, searchable encryption (SE) technique which allows cloud clients (including data owner and data user) to securely search over ciphertext through keywords and selectively retrieve files of interest is of prime importance. However, in practice, data user’s access permission always dynamically varies with data owner’s preferences. Moreover, existing SE schemes which are based on attribute-based encryption (ABE) incur heavy computational burden through attribution revocation and policy updating. To allow data owner to flexibly grant access permissions, we design a secure cryptographic primitive called as efficient data owner authorized search over encrypted data scheme through utilizing identity-based encryption (IBE) technique. The formal security analysis proves that our scheme is secure against chosen-plaintext attack (CPA) and chosen-keyword attack (CKA) without random oracle. Besides, empirical experiments over real-world dataset show that our scheme is efficient and feasible with regard to data access control.

Published
2016

32. VMKDO: Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner

Author

Zhiquan Liu, Jianfeng Ma, Fushan Wei, Ximeng Liu, Yinbin Miao, and Limin Shen

Subjects
020203 distributed computing, Cloud computing security, Cryptographic primitive, Database, Computer Networks and Communications, business.industry, Computer science, Dynamic data, Data_MISCELLANEOUS, Data security, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Data retrieval, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Cloud storage, Software
Abstract

The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.

Published
2016

33. VCSE: Verifiable conjunctive keywords search over encrypted data without secure-channel

Author

Fushan Wei, Cunbo Lu, Yinbin Miao, Jianfeng Ma, Xu An Wang, and Zhiquan Liu

Subjects
Security analysis, Service (systems architecture), Cryptographic primitive, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, business, computer, Software, Secure channel
Abstract

Data outsourcing service has gained remarkable popularity with considerable amount of enterprises and individuals, as it can relief heavy computation and management burden locally. While in most existing models, honest-but-curious cloud service provider (CSP) may return incorrect results and inevitably give rise to serious security breaches, thus the results verification mechanism should be raised to guarantee data accuracy. Furthermore, the construction of secure-channel incurs heavy cryptographic operations and single keyword search returns many irrelevant results. Along these directions, we further design a significantly more effective and secure cryptographic primitive called as verifiable conjunctive keywords search over encrypted data without secure-channel scheme to assure data integrity and availability. Formal security analysis proves that it can effectively stand against outside keyword-guessing attack. As a further contribution, our actual experiments show that it can admit wide applicability in practice.

Published
2016

34. Secure and efficient ECC speeding up algorithms for wireless sensor networks

Author

Chuangui Ma, Fushan Wei, Yunqi Dou, and Jiang Weng

Subjects
0209 industrial biotechnology, Authentication, Computer science, Distributed computing, 020206 networking & telecommunications, Computational intelligence, Ranging, 02 engineering and technology, Energy consumption, Theoretical Computer Science, Key distribution in wireless sensor networks, 020901 industrial engineering & automation, Security service, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Geometry and Topology, Greedy algorithm, Wireless sensor network, Algorithm, Software
Abstract

Wireless sensor networks have been widely used in several applications ranging from environmental and health-care monitoring to military uses. Since sensor networks are typically deployed in hostile environments, broadcast authentication is a fundamental security service in wireless sensor networks. The slow signature verification in existing schemes always causes high energy consumption and long verification delay for broadcast authentication. In this paper, we study the secure and efficient ECC speeding up algorithms for fast authentication in wireless sensor networks. We propose two fast algorithms based on constrained triple base number system to improve the efficiency for situations with and without precomputations. These new algorithms combine the sparsity of constrained TBNS with Yao algorithm to reduce the cost of scalar multiplication. Several experiments have been conducted using Magma software to assess the performance of the proposed algorithms. Our experiments show that the two algorithms are more efficient than existing algorithms. Furthermore, the improvement of efficiency will reduce the energy consumption and thus prolong the network lifetime due to the decrease of computation overhead in signature verification.

Published
2016

35. Improved Cryptanalysis of an ISO Standard Lightweight Block Cipher with Refined MILP Modelling

Author

Jun Yin, Chuangui Ma, Guang Zeng, Lijun Lyu, Fushan Wei, Jian Song, and Chuyan Ma

Subjects
Linear programming, Computer science, 020207 software engineering, Iso standards, 02 engineering and technology, law.invention, Cipher, law, Linear cryptanalysis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Differential (infinitesimal), Cryptanalysis, Algorithm, Block cipher
Abstract

Differential and linear cryptanalysis are two of the most effective attacks on block ciphers. Searching for (near) optimal differential or linear trails is not only useful for the security evaluation of block ciphers against these attacks, but also indispensable to the cryptanalysts who want to attack a cipher with these techniques. In recent years, searching for trails automatically with Mixed-Integer Linear Programming (MILP) gets a lot of attention. At first, Mouha et al. translated the problem of counting the minimum number of differentially active S-boxes into an MILP problem for word-oriented block ciphers. Subsequently, in Asiacrypt 2014, Sun et al. extended Mouha et al.’s method, and presented a technique which can find actual differential or linear characteristics of a block cipher in both the single-key and related-key models. In this paper, we refine the constraints of the 2-XOR operation in order to reduce the overall number of variables and constraints. Experimental results show that MILP models with the refined constraints can be solved more efficiently. We apply our method to HIGHT (an ISO standard), and we find differential (covering 11 rounds) or linear trails (covering 10 rounds) with higher probability or correlation. Moreover, we find so far the longest differential and linear distinguishers of HIGHT.

Published
2018

36. Analysis of GLV/GLS Method for Elliptic Curve Scalar Multiplication

Author

Yunqi Dou, Jiang Weng, Fushan Wei, and Chuangui Ma

Subjects
Multiplication algorithm, Elliptic curve, Speedup, Basis (linear algebra), Dimension (vector space), Precomputation, Applied mathematics, Multiplication, Scalar multiplication, Mathematics
Abstract

GLV method is an important research direction to accelerate the scalar multiplication on classes of elliptic curves with efficiently computable endomorphisms, which can reduce the number of doublings by using Straus-Shamir simultaneous multi-scalar multiplication technique. Researchers explore to generalize the method to higher dimension, and then evaluate the effect of accelerating the scalar multiplication. In this paper, we consider various multi-scalar multiplication algorithms, and analyze the computational cost of scalar multiplication under different dimensions to select the optimal multi-scalar multiplication algorithm and parameters. On this basis, the multi-scalar multiplication algorithm is applied to the GLV method, and the computational cost of scalar multiplication is analyzed. Higher dimension usually means fewer doublings, but more precomputation, there is a trade-off. The analysis results show that the limit of GLV method to accelerate the scalar multiplication is dimension 8, and the GLV method will lose its effect of speedup for higher dimension. In particular, dimension 3 or 4 may be the optimal choice for the case that resource constrained or the cost of endomorphism is large.

Published
2018

37. Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy

Author

Fushan Wei, Shuai Fu, Guangsong Li, Jianfeng Ma, Qi Jiang, and Abdulhameed Alelaiwi

Subjects
Engineering, Data_MISCELLANEOUS, Aerospace Engineering, Ocean Engineering, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, One-time password, Password strength, S/KEY, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 010301 acoustics, Password, Password policy, business.industry, Applied Mathematics, Mechanical Engineering, 020206 networking & telecommunications, Mutual authentication, Multi-factor authentication, Control and Systems Engineering, Challenge–response authentication, business, computer
Abstract

Due to its high level of security, three-factor authentication combining password, smart card and biometrics has received much interest in the past decades. Recently, Islam proposed a dynamic identity-based three-factor authentication scheme using extended chaotic map which attempts to fulfill three-factor security and resist various known attacks, offering many advantages over existing works. However, in this paper we first show that the process of password verification in the login phase is invalid. Besides this defect, it is also vulnerable to user impersonation attack and off-line password guessing attack, under the condition that the smart card is lost or stolen. Furthermore, it fails to preserve biometric template privacy in the case that the password and the smart card are compromised. To remedy these flaws, we propose a robust three-factor authentication scheme, which not only resists various known attacks, but also provides more desired security features. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic. Our scheme provides high security strength as well as low computational cost.

Published
2015

38. A New Privacy-Aware Handover Authentication Scheme for Wireless Networks

Author

Qi Jiang, Fushan Wei, Chuangui Ma, and Guangsong Li

Subjects
Scheme (programming language), Computer science, Wireless network, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data_MISCELLANEOUS, Computer security, computer.software_genre, Computer Science Applications, Handover authentication, Electrical and Electronic Engineering, business, computer, Computer network, computer.programming_language
Abstract

A fast handover authentication scheme is essential to seamless services for delay-sensitive applications in wireless networks. User privacy is a notable issue which should be considered in secure communications. This paper proposes a new privacy-aware handover authentication scheme. The proposed scheme achieves user privacy with good performance.

Published
2014

39. A Compact Construction for Non-monotonic Online/Offline CP-ABE Scheme

Author

Fushan Wei, Qingfeng Cheng, Junqi Zhang, and Xinglong Zhang

Subjects
Scheme (programming language), Theoretical computer science, Computational complexity theory, business.industry, Computer science, Cryptography, Encryption, Public-key cryptography, Multiplication, business, Mobile device, computer, Access structure, computer.programming_language
Abstract

Nowadays the mobile devices are becoming the necessities in our life, while they are generally resource-constrained, CP-ABE schemes designed for mobile devices should have the property of low computational complexity, therefore Online/Offline mechanism has prospect future in cryptographic mechanism. In this paper, we attempt to construct an unbounded Online/Offline CP-ABE scheme based on a non-monotonic access structure. During the offline phase, most of the computations for encryption are done; during the online phase, we transform the non-monotonic access structure with positive attribute sets into a monotonic access structure which is based on the LSSS access structure with positive and negative attribute sets, then it only needs a small amount of addition and multiplication operations for the rest components of encryption. Compared with the original non-monotonic CP-ABE scheme, our scheme remains the same on the public keys and the master secret keys, with only a small increase in computational complexity. The computational complexity during online phase is very small.

Published
2017

40. An Efficient Speeding up Algorithm of Frobenius Based Scalar Multiplication on Koblitz Curves for Cloud Computing

Author

Fushan Wei, Chuangui Ma, Dou Yunqi, and Li Yanbin

Subjects
Speedup, Computer science, business.industry, Parallel algorithm, 02 engineering and technology, Scalar multiplication, 020202 computer hardware & architecture, Public-key cryptography, Elliptic curve, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Frobenius endomorphism, Multiplication, Elliptic curve cryptography, business, Algorithm
Abstract

With the rapid development of wireless sensor network, cloud computing and Internet of Things, the problems of security and privacy are becoming more and more serious. Elliptic curve cryptography as a public key cryptography plays an important role to solve the security issues, in which scalar multiplication is the most important and time-consuming operation. Koblitz curve is a special class of elliptic curve over binary field, Frobenius endomorphism can be used to accelerate the scalar multiplication. By converting single scalar multiplication into simultaneous multiple scalar multiplication, GLV method can use Straus-Shamir trick to calculate the scalar multiplication. In this paper, we combine the idea of Frobenius endomorphism and GLV method to speed up the scalar multiplication on Koblitz curve. Our algorithm can efficiently convert scalar multiplication into multi-scalar multiplication to reduce the cost of point additions and Frobenius operations. Theoretical analysis results show that: Compared with \(\tau \)-and-add algorithm, our 2-dimensional implementation provides a speedup over 19%, 3-dimensional implementation speeds up over 29%. Finally, a parallel scalar multiplication algorithm for Koblitz curve is designed, which can flexibly select the dimension of the parallel algorithm based on the number r of processing unit. Compared with the standard \(\tau \)-and-add algorithm, this algorithm can achieve a speedup of almost r times.

Published
2017

41. E2LSH based multiple kernel approach for object detection

Author

Bicheng Li, Fushan Wei, and Ruijie Zhang

Subjects
Multiple kernel learning, business.industry, Cognitive Neuroscience, Pattern recognition, Kernel principal component analysis, Computer Science Applications, ComputingMethodologies_PATTERNRECOGNITION, Kernel method, Artificial Intelligence, String kernel, Variable kernel density estimation, Kernel embedding of distributions, Radial basis function kernel, Artificial intelligence, Tree kernel, business, Mathematics
Abstract

Multiple kernel learning (MKL) methods is widely used in object detection. The conventional MKL methods employ a linear and stationary kernel combination format which cannot accurately describe the distributions of complex data. This paper proposes an E2LSH based clustering algorithm which combines the advantages of nonlinear multiple kernel combination methods-E2LSH-MKL. E2LSH-MKL is a nonlinear and nonstationary multiple kernel learning method. This method utilizes the Hadamard product to realize nonlinear combination of multiple different kernels in order to make full use of information generated from the nonlinear interaction of different kernels. Besides, the method employs E2LSH-based clustering algorithm to group images into subsets, then assigns cluster-related kernel weights according to relative contributions of different kernels on each image subset to realize nonstationary weighting of multiple kernels to improve learning performance. Finally, E2LSH-MKL is applied to object detection. Experiment results on datasets of TRECVID 2005 and Caltech-256 show that our method is superior to the state-of-the-art multiple kernel learning methods.

Published
2014

42. Medical image classification based on multi-scale non-negative sparse coding

Author

Jian Shen, Ruijie Zhang, Arun Kumar Sangaiah, Fushan Wei, and Xiong Li

Subjects
Diagnostic Imaging, 020205 medical informatics, Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Medicine (miscellaneous), 02 engineering and technology, Pattern Recognition, Automated, Discriminative model, Artificial Intelligence, Predictive Value of Tests, Histogram, Image Interpretation, Computer-Assisted, 0202 electrical engineering, electronic engineering, information engineering, Humans, Computer vision, Medical diagnosis, Contextual image classification, business.industry, Pattern recognition, Sparse approximation, ROC Curve, Feature (computer vision), 020201 artificial intelligence & image processing, Artificial intelligence, business, Neural coding, Semantic gap
Abstract

With the rapid development of modern medical imaging technology, medical image classification has become more and more important in medical diagnosis and clinical practice. Conventional medical image classification algorithms usually neglect the semantic gap problem between low-level features and high-level image semantic, which will largely degrade the classification performance. To solve this problem, we propose a multi-scale non-negative sparse coding based medical image classification algorithm. Firstly, Medical images are decomposed into multiple scale layers, thus diverse visual details can be extracted from different scale layers. Secondly, for each scale layer, the non-negative sparse coding model with fisher discriminative analysis is constructed to obtain the discriminative sparse representation of medical images. Then, the obtained multi-scale non-negative sparse coding features are combined to form a multi-scale feature histogram as the final representation for a medical image. Finally, SVM classifier is combined to conduct medical image classification. The experimental results demonstrate that our proposed algorithm can effectively utilize multi-scale and contextual spatial information of medical images, reduce the semantic gap in a large degree and improve medical image classification performance.

Published
2016

43. User centric three-factor authentication protocol for cloud-assisted wearable devices

Author

Fushan Wei, Xindi Ma, Yuanyuan Qian, Jianfeng Ma, Qi Jiang, and Qingfeng Cheng

Subjects
Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Multi-factor authentication, Elliptic curve cryptosystem, 0202 electrical engineering, electronic engineering, information engineering, Session key, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, Protocol (object-oriented programming), Wearable technology, User-centered design, Computer network
Published
2018

44. Analysis and Enhancement of an Optimized Gateway-Oriented Password-Based Authenticated Key Exchange Protocol

Author

Fushan Wei, Chuangui Ma, and Zhenfeng Zhang

Subjects
Password, Computer science, Applied Mathematics, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Gateway (computer program), Oakley protocol, Computer Graphics and Computer-Aided Design, One-time password, ComputingMilieux_GENERAL, Authenticated Key Exchange, Engineering management, Beijing, Signal Processing, Key (cryptography), Electrical and Electronic Engineering, Key exchange
Abstract

(1) Department of Information Research, Zhengzhou Information Science and Technology Institute, Zhengzhou, China; (2) State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China; (3) Institute of Software, Chinese Academy of Sciences, Beijing, China

Published
2013

45. Ciphertext-Policy Attribute Based Encryption with Large Attribute Universe

Author

Siyu Xiao, Fushan Wei, Aijun Ge, and Chuangui Ma

Subjects
Scheme (programming language), business.industry, Computer science, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, computer.software_genre, Encryption, Ciphertext, Attribute domain, Data mining, Attribute-based encryption, Constant (mathematics), business, computer, Broadcast encryption, computer.programming_language
Abstract

Ciphertext-policy attribute-based encryption(CP-ABE) has become a crucial technical for cloud computing in that it enables one to share data with users under the access policy defined by himself. Generally, the universe of attributes is not fixed before the system setup in practice. So in this paper, we propose a CP-ABE scheme with large attribute universe based on the scheme presented by Chen et al. The number of attributes is independent of the public parameter in our scheme, and it inherents the excellent properties of both constant ciphertext and constant computation cost.

Published
2016

46. A Provably Secure Two-Factor Authenticated Key Exchange Protocol for Wireless Sensor Networks Based on Authenticated Encryption

Author

Ruijie Zhang, Jian Shen, and Fushan Wei

Subjects
Provable security, Authenticated encryption, Key Wrap, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security model, Oakley protocol, Random oracle, Authenticated Key Exchange, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Computer network
Abstract

Two-factor authenticated key exchange (TFAKE) protocols are widely used in wireless sensor networks (WSNs) to provide user authentication and data confidentiality. However, many existing TFAKE protocols are found to be insecure against different attacks. In this paper, we investigate how to design provably secure TFAKE protocols using asymmetric cryptology mechanisms. Our main technique tool is robust authenticated encryption schemes and fuzzy verifiers. We first present a formal security model for TFAKE protocol in WSNs and then propose a novel TFAKE protocol based on authenticated encryption schemes. We prove the security of the proposed protocol in the random oracle model. The performance comparison result shows that our protocol not only enjoys provable security but also has high efficiency. protocols, our protocol is more efficient and enjoys provable security.

Published
2016

47. m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting

Author

Fushan Wei, Zhiquan Liu, Yinbin Miao, Jianfeng Ma, Ximeng Liu, and Xu An Wang

Subjects
Security analysis, Cryptographic primitive, business.industry, Computer science, Medicine (miscellaneous), 020206 networking & telecommunications, Health Informatics, Access control, Cloud computing, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Health Information Management, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Confidentiality, Attribute-based encryption, business, Cloud storage, computer, Information Systems
Abstract

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

Published
2016

48. An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

Author

Chuangui Ma, Ruijie Zhang, Fushan Wei, Jianfeng Ma, and Xu An Wang

Subjects
TheoryofComputation_MISCELLANEOUS, Challenge-Handshake Authentication Protocol, Password, Otway–Rees protocol, General Computer Science, Computer science, business.industry, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Authentication server, Computer security, computer.software_genre, 01 natural sciences, Authenticated Key Exchange, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 010201 computation theory & mathematics, Server, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Key exchange, Computer network
Abstract

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among $n$ authentication servers and is secure unless the adversary corrupts more than $t+1$ servers. Our protocol requires $n>3t$ servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.

Published
2016

49. Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks

Author

Qi Jiang, Fushan Wei, Jianfeng Ma, Chuangui Ma, and Jian Shen

Subjects
Scheme (programming language), Biometrics, business.industry, Computer science, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Multi-factor authentication, Computer security, computer.software_genre, Computer Science Applications, law.invention, Control and Systems Engineering, law, Sensor node, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Electrical and Electronic Engineering, business, Cryptanalysis, Wireless sensor network, computer, computer.programming_language
Abstract

In order to address the scenario in which the user wants to access the real-time data directly from the sensor node in wireless sensor networks (WSNs), Das proposed a two-factor authentication scheme. In 2010, Khan et al. pointed out that Das's scheme has some security flaws and proposed an improved scheme. Recently, Yuan demonstrated that Khan et at.'s improvement is still insure against several attacks. Yuan also proposed an enhanced two-factor user authentication scheme using user's biometrics to fix the security flaws in Khan et al.'s scheme. In this paper, we show that Yuan's scheme still suffers from the stolen smart card attack and the GW-node impersonation attack. Moreover, biometric keys are misused in Yuan's scheme such that even the valid user cannot pass the biometric verification. To remedy these problems, we propose an improved two-factor authenticated key distribution scheme based on fuzzy extractors. Security and performance analysis demonstrates that our scheme is more secure and efficient thanprevious schemes. DOI: http://dx.doi.org/10.5755/j01.itc.45.1.11949

Published
2016

50. m

Author

Yinbin, Miao, Jianfeng, Ma, Ximeng, Liu, Fushan, Wei, Zhiquan, Liu, and Xu An, Wang

Subjects
Electronic Health Records, Humans, Cloud Computing, Algorithms, Computer Security, Confidentiality
Abstract

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

Published
2016

Catalog

Books, media, physical & digital resources
See catalog results