Visible to the public International Conferences: AsiaJCIS 2015, Taiwan

SoS Newsletter- Advanced Book Block

 

 
SoS Logo

International Conferences:

AsiaJCIS 2015

Taiwan


The 2015 10th Asia Joint Conference on Information Security (AsiaJCIS) was held 24-26 May 2015 in Kaohsiung, Taiwan. There were 24 papers accepted on topics including anonymity and privacy; data security mobile and wireless security; privacy preserving analysis; secure payment; symmetric key encryption and digital signature; and system security.  



Wen-Chung Kuo; Hong-Ji Wei; Yu-Hui Chen; Jiin-Chiou Cheng, “An Enhanced Secure Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-Server Environments,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 1–5, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.11
Abstract: In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that their scheme could overcome all of security issues in Chuang-Chen’s scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Unfortunately, we discover that Choi’s proposed scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail. In order to solve these security issues, we propose an enhanced secure anonymous authentication scheme with key agreement based on smart cards and biometrics for multi-server environments in this paper. According to our performance and security analysis, it can prove that our proposed scheme is more efficiency and security in comparison to previous schemes.
Keywords: authorisation; biometrics (access control); smart cards; Chuang-Chen’s scheme; authentication phase; biometrics; denial of service attack; enhanced secure anonymous authentication scheme; multiserver environments; perfect forward secrecy; security analysis; security enhanced anonymous multiserver authenticated key agreement scheme; smart card loss attack; Authentication; Fingerprint recognition; Iris recognition; Servers; Smart cards; anonymous; authentication protocol; biometrics; multi-server architecture; smart card (ID#: 15-6794)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153847&isnumber=7153836

 

Chia-Mei Chen; Tien-Ho Chang, “The Cryptanalysis of WPA & WPA2 in the Rule-Based Brute Force Attack, an Advanced and Efficient Method,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 37–41,
24–26 May 2015. doi:10.1109/AsiaJCIS.2015.14
Abstract: The development of kinds of mobile device is a nonlinear but in a tremendous hopping way. The security of wireless LAN is far more important, and its mainly present protection is the WPA & WPA2 protocol which is a complex tough algorithm. This exploratory study shows that there is a security gap by the social human factors which are the weak passwords. Traditionally, brute force password attack is using the dictionary files that is aimless and extremely labor work. Now, we proposed 10 rule-based methods which are globally inclusive and culturally exclusive and prove the insecurity of WPA & WPA2 by 100 empirical and valuable real wireless encrypted packets of WPA & WPA2. The evidence shows that there is a 68% of cracking rate and then do the passwords patterns analysis as well.
Keywords: computer network security; cryptographic protocols; mobile computing; mobile handsets; wireless LAN; WPA protocol; WPA2 protocol; brute force password attack; complex tough algorithm; cracking rate; cryptanalysis; dictionary files; mobile device; passwords patterns; rule-based brute force attack; rule-based methods; security gap; social human factors; weak passwords; wireless LAN; wireless encrypted packets; Communication system security; Dictionaries; Encryption; Force; Wireless LAN; Wireless communication; brute force attack; cryptanalysis; WPA & WPA2; dictionary attack; rule-based; wireless security (ID#: 15-6795)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153933&isnumber=7153836

 

He-Ming Ruan; Ming-Hwa Tsai; Yen-Nun Huang; Yen-Hua Liao; Chin-Laung Lei, “Discovery of De-identification Policies Considering Re-identification Risks and Information Loss,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 69–76, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.23
Abstract: In data analysis, it is always a tough task to strike the balance between the privacy and the applicability of the data. Due to the demand for individual privacy, the data are being more or less obscured before being released or outsourced to avoid possible privacy leakage. This process is so called de-identification. To discuss a de-identification policy, the most important two aspects should be the re-identification risk and the information loss. In this paper, we introduce a novel policy searching method to efficiently find out proper de-identification policies according to acceptable re-identification risk while retaining the information resided in the data. With the UCI Machine Learning Repository as our real world dataset, the re-identification risk can therefore be able to reflect the true risk of the de-identified data under the de-identification policies. Moreover, using the proposed algorithm, one can then efficiently acquire policies with higher information entropy.
Keywords: data analysis; data privacy; entropy; learning (artificial intelligence); risk analysis; UCI machine learning repository; data analysis; deidentification policies; deidentified data; information entropy; information loss; privacy leakage; reidentification risks; Computational modeling; Data analysis; Data privacy; Lattices; Privacy; Synthetic aperture sonar; Upper bound; De-identification; HIPPA; Safe Harbor (ID#: 15-6796)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153938&isnumber=7153836

 

Jheng-Jia Huang; Wen-Shenq Juang; Chun-I Fan, “A Secure and Efficient Smartphone Payment Scheme in IoT/Cloud Environments,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 91–96, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.20
Abstract: In IoT/Cloud environments, to provide an efficient and flexible payment service is very important since the client/device may not have a large storage and computation capability to finish the payment process. In these environments, any thin client/device may issue a service request to the cloud. For the fast progress of smartphone systems, a smartphone can help the client/device to finish the payment process with the help of the carrier. Although the smart phone may have more storage and computation capability than the client/device, the computation ability is also restricted. In this paper, in order to provide an efficient payment and authentication service framework in the IOT/Cloud environments, we propose a secure and efficient smartphone payment scheme in IoT/Cloud environments. Our proposed scheme can satisfy the properties including low communication and computation cost, no time synchronization problem, unforgeability, non-repudiation, and integrity. Also our scheme can achieve the security requirements including mutual authentication, session key agreement, and preventing all various well-known attacks.
Keywords: Internet of Things; authorisation; cloud computing; network computers; public key cryptography; smart phones; IoT environment; attack prevention; authentication service framework; cloud environment; communication cost; computation ability; computation capability; computation cost; mutual authentication; payment service; service request; session key agreement; smart phone payment scheme; storage capability; thin-client; thin-device; Authentication; Electronic countermeasures; Elliptic curve cryptography; Smart phones; Cloud; ECC; IoT; Payment; Smartphone (ID#: 15-6797)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153941&isnumber=7153836

 

Nai-Wei Lo; Meng-Chih Chiang; Chao Yang Hsu, “Hash-Based Anonymous Secure Routing Protocol in Mobile Ad Hoc Networks,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 55–62, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.27
Abstract: A mobile ad hoc network (MANET) is composed of multiple wireless mobile devices in which an infrastructure less network with dynamic topology is built based on wireless communication technologies. Novel applications such as location-based services and personal communication Apps used by mobile users with handheld wireless devices utilize MANET environments. In consequence, communication anonymity and message security have become critical issues for MANET environments. In this study, a novel secure routing protocol with communication anonymity, named as Hash-based Anonymous Secure Routing (HASR) protocol, is proposed to support identity anonymity, location anonymity and route anonymity, and defend against major security threats such as replay attack, spoofing, route maintenance attack, and denial of service (DoS) attack. Security analyses show that HASR can achieve both communication anonymity and message security with efficient performance in MANET environments.
Keywords: cryptography; mobile ad hoc networks; mobile computing; mobility management (mobile radio); routing protocols; telecommunication network topology; telecommunication security; DoS attack; HASR protocol; Hash-based anonymous secure routing protocol; MANET; denial of service attack; dynamic network topology; handheld wireless devices; location-based services; message security; mobile users; personal communication Apps; route maintenance attack; wireless communication technologies; wireless mobile devices; Cryptography; Mobile ad hoc networks; Nickel; Routing; Routing protocols; communication anonymity; message security; mobile ad hoc network (ID#: 15-6798)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153936&isnumber=7153836

 

Kosugi, T.; Hayafuji, T.; Mambo, M., “On the Traceability of the Accountable Anonymous Channel,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 6–11, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.29
Abstract: Anonymous channels guaranteeing anonymity of senders such as Tor are effective for whistle-blowing and other privacy sensitive scenarios. However, there is a risk of being abused for illegal activities. As a countermeasure to illegal activities using an anonymous channel, it is natural to construct an accountable anonymous channel which can revoke anonymity of senders when an unlawful message was sent out from them. In this paper, we point out that an accountable anonymous channel THEMIS does not provide anonymity in a perfect way and there is a possibility that attackers can identify senders even if messages are not malicious. Feasibility of tracing senders is analyzed by using simulation. Moreover, we give a simple remedy of the flaw in THEMIS.
Keywords: computer network security; cryptographic protocols; data privacy; THEMIS accountable anonymous channel traceability; attacker possibility; illegal activity; privacy sensitive scenario; sender anonymity; sender tracing; unlawful message; whistle-blowing scenario; Art; Encryption; Mathematical model; Payloads; Public key; Receivers (ID#: 15-6799)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153848&isnumber=7153836

 

Yu Liu; Goto, N.; Kanaoka, A.; Okamoto, E., “Privacy Preserved Rule-Based Risk Analysis through Secure Multi-Party Computation,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 77–84, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.32
Abstract: Network systems are becoming the core components of technical information infrastructures. The protection of network systems from malicious attacks is an urgent priority in our society. However, considering that all security threats are very complicated, easily missed, and error-prone, dealing with network vulnerabilities has brought about enormous challenges to network management. Therefore, one reasonable solution for a risk analysis is delegating an analysis of a network system to third parties that have more professional knowledge regarding a risk analysis. Highly confidential data such as the network configuration and vulnerabilities, as well as each hosts, are needed when delegating a risk analysis to a third party. Such confidential data may cause information leakage if no protection is provided. In this paper, we proposed a risk analysis system based on a rule-based risk analysis method. The prototype system was developed using Fairplay MP, a secure multi-party computation system, and was evaluated for a small network environment.
Keywords: computer network security; data protection; risk analysis; transport protocols; FairplayMP; confidential data; information leakage; malicious attacks; network configuration; network management; network system protection; network vulnerabilities; privacy preserved rule-based risk analysis; rule-based risk analysis method; secure multiparty computation; security threats; technical information infrastructures; Computational modeling; Engines; Ports (Computers); Privacy; Protocols; Risk analysis; Servers; Network risk analysis; multiparty computation; privacy preserving (ID#: 15-6800)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153939&isnumber=7153836

 

Feng, Y.; Hori, Y.; Sakurai, K., “A Proposal for Detecting Distributed Cyber-Attacks Using Automatic Thresholding,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 152–159, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.22
Abstract: Distributed attacks have reportedly caused the most serious losses in the modern cyber environment. Thus, how to avoid and detect distributed attacks has become one of the most important topics in the cyber security community. Of many approaches for avoiding and detecting cyber-attacks, behavior-based method has been attracting great attentions from many researchers and developers. It is well known that, for behavior-based cyber-attack detections, the algorithm for extracting normal modes from historic traffic is critically important. In this paper, after the newest algorithms for extracting normal behavior mode from historic traffics are discussed, a novel algorithm is proposed. Its efficiency is examined by experiments using dark net traffic data.
Keywords: security of data; automatic thresholding; cyber security community; darknet traffic data; distributed cyber-attacks detection; historic traffic; modern cyber environment; Asia; Information security; Joints; Anomaly detection; Behavior-based Detection; Cyber attacks; Frequency distribution (ID#: 15-6801)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153950&isnumber=7153836

 

Chien-Lung Hsu; Tzu-Wei Lin, “Privacy-Preserved Key Agreement with User Authentication,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 12–17, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.18
Abstract: With the progress of information technology, the computer crimes are emerging in an endless stream. It is because of the user’s privacy should be protected, when the user submit a service request to the service provider, both of them should check the identity of the other, and then build a shared key to accomplish the service request. In this paper, we adopt the identity-based cryptosystem and the elliptic curve cryptosystem to design a privacy-preserved key agreement with user authentication. This protocol can achieve several properties: mutual authentication, deniability, and forward secrecy. Besides, the performance of the proposed protocol based on RSA is better than previous studies.
Keywords: computer crime; cryptographic protocols; data protection; public key cryptography; RSA; computer crimes; deniability; elliptic curve cryptosystem; forward secrecy; identity-based cryptosystem; information technology; mutual authentication; privacy-preserved key agreement; service provider; service request; shared key; user authentication; user privacy protection; Authentication; Elliptic curve cryptography; Protocols; elliptic curve; identity-based; key agreement; shared key; user privacy (ID#: 15-6802)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153849&isnumber=7153836

 

Pei-Yih Ting; Shao-Da Huang; Tzong-Sun Wu; Han-Yu Lin, “A Provable Watermark-Based Copyright Protection Scheme,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp.124–129, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.28
Abstract: Watermark-based copyright protection techniques have been investigated for more than two decades in the signal processing and the digital rights management communities. Most efforts have been devoted on hiding the watermark and increasing the robustness of the embedded watermark under common signal processing operations and geometric transformations. In this paper, we build our scheme based on these previous well developed signal processing techniques but focus on how to employ unpredictable signature-seeded pseudo random bit sequence to make the false negative watermark detection rate computationally negligible. The ultimate goal is to resolve the ownership dispute of an exhibited digital media under adversarial watermark removal attacks.
Keywords: copyright; digital rights management; digital signatures; watermarking; adversarial watermark removal attacks; digital rights management communities; embedded watermark; false negative watermark detection rate; geometric transformations; provable watermark-based copyright protection scheme; signal processing operations; signal processing techniques; unpredictable signature-seeded pseudo random bit sequence; Cryptography; Digital signatures; Random sequences; Robustness; Signal processing; Watermarking; copyright protection; digital signature; pseudo random bit sequence; watermark (ID#: 15-6803)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153946&isnumber=7153836

 

Nai-Wei Lo; Chi-Kai Yu; Chao Yang Hsu, “Intelligent Display Auto-Lock Scheme for Mobile Devices,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 48–54, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.30
Abstract: In recent years people in modern societies have heavily relied on their own intelligent mobile devices such as smartphones and tablets to get personal services and improve work efficiency. In consequence, quick and simple authentication mechanisms along with energy saving consideration are generally adopted by these smart handheld devices such as screen auto-lock schemes. When a smart device activates its screen lock mode to protect user privacy and data security on this device, its screen auto-lock scheme will be executed at the same time. Device user can setup the length of time period to control when to activate the screen lock mode of a smart device. However, it causes inconvenience for device users when a short time period is set for invoking screen auto-lock. How to get balance between security and convenience for individual users to use their own smart devices has become an interesting issue. In this paper, an intelligent display (screen) auto-lock scheme is proposed for mobile users. It can dynamically adjust the unlock time period setting of an auto-lock scheme based on derived knowledge from past user behaviors.
Keywords: authorisation; data protection; display devices; human factors; mobile computing; smart phones; authentication mechanisms; data security; energy saving; intelligent display auto-lock scheme; intelligent mobile devices; mobile users; personal services; screen auto-lock schemes; smart handheld devices; smart phones; tablets; unlock time period; user behaviors; user convenience; user privacy protection; user security; work efficiency improvement; Authentication; IEEE 802.11 Standards; Mathematical model; Smart phones; Time-frequency analysis; Android platform; display auto-lock; smartphone (ID#: 15-6804)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153935&isnumber=7153836

 

Adachi, T.; Omote, K., “An Approach to Predict Drive-by-Download Attacks by Vulnerability Evaluation and Opcode,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 145–151, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.17
Abstract: Drive-by-download attacks exploit vulnerabilities in Web browsers, and users are unnoticeably downloading malware which accesses to the compromised Web sites. A number of detection approaches and tools against such attacks have been proposed so far. Especially, it is becoming easy to specify vulnerabilities of attacks, because researchers well analyze the trend of various attacks. Unfortunately, in the previous schemes, vulnerability information has not been used in the detection/prediction approaches of drive-by-download attacks. In this paper, we propose a prediction approach of “malware downloading” during drive-by-download attacks (approach-I), which uses vulnerability information. Our experimental results show our approach-I achieves the prediction rate (accuracy) of 92%, FNR of 15% and FPR of 1.0% using Naive Bayes. Furthermore, we propose an enhanced approach (approach-II) which embeds Opcode analysis (dynamic analysis) into our approach-I (static approach). We implement our approach-I and II, and compare the three approaches (approach-I, II and Opcode approaches) using the same datasets in our experiment. As a result, our approach-II has the prediction rate of 92%, and improves FNR to 11% using Random Forest, compared with our approach-I.
Keywords: Web sites; invasive software; learning (artificial intelligence); system monitoring; FNR; FPR; Opcode analysis; Web browsers; attack vulnerabilities; drive-by-download attack prediction; dynamic analysis; malware downloading; naive Bayes; prediction rate; random forest; static approach; vulnerability evaluation; vulnerability information; Browsers; Feature extraction; Machine learning algorithms; Malware; Predictive models; Probability; Web pages; Drive-by-Download Attacks; Malware; Supervised Machine Learning (ID#: 15-6805)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153949&isnumber=7153836

 

Kawaguchi, N.; Omote, K., “Malware Function Classification Using APIs in Initial Behavior,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 138–144, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.15
Abstract: Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze. However, estimating malware functions has been difficult due to the increasing sophistication of malware. Although various approaches for malware detection and classification have been considered, the classification accuracy is still low. In this paper, we propose a new classification method which estimates malware’s functions from APIs observed by dynamic analysis on a host. We examining whether the proposed method can correctly classify unknown malware based on function by machine learning. The results show that the our new method can classify each malware’s function with an average accuracy of 83.4%.
Keywords: Internet; invasive software; learning (artificial intelligence); pattern classification; API; Internet; dynamic analysis; efficient malware analysis; illegal tools; initial behavior; machine learning; malware detection; malware function classification; malware proliferation; Accuracy; Data mining; Feature extraction; Machine learning algorithms; Malware; Software; Support vector machines; machine learning; malware classification (ID#: 15-6806)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153948&isnumber=7153836

 

Chih-Hung Hsieh; Yu-Siang Shen; Chao-Wen Li; Jain-Shing Wu, “iF2: An Interpretable Fuzzy Rule Filter for Web Log Post-Compromised Malicious Activity Monitoring,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 130–137, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.19
Abstract: To alleviate the loads of tracking web log file by human effort, machine learning methods are now commonly used to analyze log data and to identify the pattern of malicious activities. Traditional kernel based techniques, like the neural network and the support vector machine (SVM), typically can deliver higher prediction accuracy. However, the user of a kernel based techniques normally cannot get an overall picture about the distribution of the data set. On the other hand, logic based techniques, such as the decision tree and the rule-based algorithm, feature the advantage of presenting a good summary about the distinctive characteristics of different classes of data such that they are more suitable to generate interpretable feedbacks to domain experts. In this study, a real web-access log dataset from a certain organization was collected. An efficient interpretable fuzzy rule filter (iF2) was proposed as a filter to analyze the data and to detect suspicious internet addresses from the normal ones. The historical information of each internet address recorded in web log file is summarized as multiple statistics. And the design process of iF2 is elaborately modeled as a parameter optimization problem which simultaneously considers 1) maximizing prediction accuracy, 2) minimizing number of used rules, and 3) minimizing number of selected statistics. Experimental results show that the fuzzy rule filter constructed with the proposed approach is capable of delivering superior prediction accuracy in comparison with the conventional logic based classifiers and the expectation maximization based kernel algorithm. On the other hand, though it cannot match the prediction accuracy delivered by the SVM, however, when facing real web log file where the ratio of positive and negative cases is extremely unbalanced, the proposed iF2 of having optimization flexibility results in a better recall rate and enjoys one major advantage due to providing the user with an overall picture of the underlying distributions.
Keywords: Internet; data mining; fuzzy set theory; learning (artificial intelligence); neural nets; pattern classification; statistical analysis; support vector machines; Internet address; SVM; Web log file tracking; Web log post-compromised malicious activity monitoring; Web-access log dataset; decision tree; expectation maximization based kernel algorithm; fuzzy rule filter; iF2; interpretable fuzzy rule filter; kernel based techniques; log data analysis; logic based classifiers; logic based techniques; machine learning methods; malicious activities; neural network; parameter optimization problem; recall rate; rule-based algorithm; support vector machine; Accuracy; Internet; Kernel; Monitoring; Optimization; Prediction algorithms; Support vector machines; Fuzzy Rule Based Filter; Machine Learning; Parameter Optimization; Pattern Recognition; Post-Compromised Threat Identification; Web Log Analysis (ID#: 15-6807)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153947&isnumber=7153836

 

Kitajima, N.; Yanai, N.; Nishide, T.; Hanaoka, G.; Okamoto, E., “Constructions of Fail-Stop Signatures for Multi-Signer Setting,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 112–123, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.26
Abstract: Fail-stop signatures (FSS) provide the security for a signer against a computationally unbounded adversary by enabling the signer to provide a proof of forgery. Conventional FSS schemes are for a single-signer setting, but in the real world, there is a case where a countersignature of multiple signers (e.g. A signature between a bank, a user, and a consumer) is required. In this work, we propose a framework of FSS capturing a multi-signer setting and call the primitive fail-stop multisignatures (FSMS). We propose a generic construction of FSMS via the bundling homomorphisms proposed by Pfitzmann and then propose a provably secure instantiation of the FSMS scheme from the factoring assumption. Our proposed schemes can be also extended to fail-stop aggregate signatures (FSAS).
Keywords: digital signatures; FSAS; FSMS scheme; bundling homomorphisms; fail-stop aggregate signatures; generic construction; multisigner setting; primitive fail-stop multisignatures; proof of forgery; single-signer setting; Adaptation models; Computational modeling; Forgery; Frequency selective surfaces; Games; Public key; Fail-stop multisignatures; Fail-stop signatures; Family of bundling homomorphisms; Information-theoretic security (ID#: 15-6808)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153945&isnumber=7153836

 

Jonghyun Baek; Heung Youl Youm, “Secure and Lightweight Authentication Protocol for NFC Tag Based Services,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 63–68, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.35
Abstract: Near Field Communication (NFC) technology is one of the most promising technologies in the field of mobile application services recently. The integration of NFC technology and smart mobile device (e.g., smart phones, tablet PC and etc.) stimulates the daily increasing popularity of NFC-based mobile applications which having proliferated in the mobile society. However, this proliferation of NFC-based mobile services in a mobile environment can cause another security threat in the field of mobile application services. Recently, mobile phishing and smishing are one of the most serious security issues in the mobile application services. And, the NFC tag-based mobile services (i.e. NFC tag based services) also have the same problem because an NFC tag have security vulnerabilities. Actually, NFC-enabled device can communicate with NFC tag using specified data format, be called NFC Data Exchange Format (NDEF). The NDEF message is composed one or more NDEF records such as text, URI, Smart post (text and URL) and so on. Therefore, if an attacker overwrite the NDEF message in a tag or replace a NFC tag with hacked tag, they might deliver a mobile malware to an NFC-enabled device. In this paper, a secure and lightweight authentication protocols for NFC tag based services is proposed which effectively achieves security with preventing spoofing, DoS, data modification and phishing attack. And, this authentication protocols are also requires less memory storage and computational power for low-cost NFC tags.
Keywords: computer crime; cryptographic protocols; electronic data interchange; invasive software; mobile communication; mobile computing; near-field communication; smart phones; telecommunication security; telecommunication services; unsolicited e-mail; NDEF message; NDEF records; NFC data exchange format; NFC tag-based mobile services; NFC technology; NFC-based mobile applications; NFC-based mobile services; NFC-enabled device; data format; data modification; lightweight authentication protocol; memory storage; mobile application services; mobile environment; mobile malware; mobile phishing; mobile smishing; mobile society; near field communication; phishing attack; smart mobile device; smart phones; tablet PC; Authentication; Malware; Mobile communication; Protocols; Servers; Uniform resource locators; NFC; Malware; Authentication Protocol; NFC tag (ID#: 15-6809)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153937&isnumber=7153836

 

Chun-I Fan; Chien-Nan Wu; Chun-Hung Chen; Yi-Fan Tseng; Cheng-Chun Feng, “Attribute-Based Proxy Re-encryption with Dynamic Membership,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no. pp. 26–32, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.21
Abstract: Cloud computing has been developed rapidly in recent years, and offers novel concepts and innovations in computer use. The applications of cloud computing are that people can put their data on cloud and also can designate a proxy to help them to execute a number of tasks in certain situations. The proxy re-encryption which is a cryptographic primitive has been proposed to solve this problem. In the proxy re-encryption system, when a user (e.g., Alice) wants to send a cipher text that is encrypted by her public key and stored in the cloud to another user (e.g., Bob), she can designate a proxy to transform the cipher text into a different cipher text that can be decrypted by Bob’s private key. Recently, Fan et al. proposed an attribute-based encryption scheme with dynamic membership. However, we found that their scheme may be flawed. In this paper we will modify Fan et al.’s scheme to fix the flaw. Based on our modified scheme and the proxy re-encryption, we also propose an attribute-based proxy re-encryption under bilinear pairing. Furthermore, the proposed scheme has rich access policies and dynamic membership.
Keywords: cloud computing; private key cryptography; public key cryptography; attribute-based encryption scheme; attribute-based proxy reencryption; bilinear pairing; ciphertext; cloud computing; cryptographic primitive; dynamic membership; private key; public key; rich access policies; Computer science; Encryption; Indexes; Polynomials; Sun; attribute-based encryption; information security; proxy re-encryption (ID#: 15-6810)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153851&isnumber=7153836

 

Hung-Yu Chien, “De-synchronization Attack on Quadratic Residues-Based RFID Ownership Transfer,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 42–47, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.13
Abstract: Radio Frequency Identification (RFID) ownership transfer protocol aims at securely updating RFID tag’s internal state and key such that only the current owner of a tag is allowed to access the tag when it is transferred from one owner to the next. Doss et al. [32] proposed two very promising RFID ownership transfer protocols which represented state of the art and were claimed to own excellent security performance and computational performance. However, we will show our de-synchronization attack on these protocols.
Keywords: cryptographic protocols; radiofrequency identification; RFID ownership transfer protocol; RFID tag; de-synchronization attack; quadratic residues-based RFID ownership transfer; radio frequency identification ownership transfer protocol; security performance; Authentication; Cryptography; Privacy; Protocols; Radiofrequency identification; Servers; RFID; Security; authentication; ownership transfer; quadric residues (ID#: 15-6811)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153934&isnumber=7153836

 

Chen-Ming Hsu; Jen-Chun Lee; Wei-Kuei Chen, “An Efficient Detection Algorithm for Copy-Move Forgery,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 33–36, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.16
Abstract: The most common method of tampering with a digital image is copy-move forgery, in which a part of an image is duplicated and used to substitute another part of the same image at a different location. In this paper, we present an efficient and robust method to detect such artifacts. First, the tampered image is segmented into overlapping fixed-size blocks, and the Gabor filter is applied to each block. Thus, the image of Gabor magnitude represents each block. Secondly, statistical features are extracted from the histogram of orientated Gabor magnitude (HOGM) of overlapping blocks, and reduced features are generated for similarity measurement. Finally, feature vectors are sorted lexicographically, and duplicated image blocks are identified by finding similarity block pairs after suitable post-processing. Experimental results demonstrate that the proposed method can detect multiple examples of copy-move forgery and locate precisely the duplicated regions, even when dealing with images distorted by translation, rotation, JPEG compression, blurring, and brightness adjustment.
Keywords: Gabor filters; brightness; feature extraction; image coding; image forensics; image representation; image restoration; image segmentation; Gabor filter; HOGM; copy-move forgery detection algorithm; digital image tampering method; duplicated image block identification; histogram-of-orientated Gabor magnitude; image JPEG compression; image blurring; image brightness adjustment; image representation; image rotation; image translation; lexicographically sorted feature vectors; overlapping fixed-size blocks; overlapping image blocks; reduced feature generation; similarity block; similarity measurement; statistical feature extraction; tampered image segmentation; Brightness; Feature extraction; Forgery; Histograms; Image coding; Robustness; Transform coding; Copy-Move forgery; Digital image forensics; Duplicated region detection; Gabor magnitude (ID#: 15-6812)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153852&isnumber=7153836

 

Hakju Kim; Kwangjo Kim, “Preliminary Design of a Novel Lightweight Authenticated Encryption Scheme Based on the Sponge Function,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp.110–111, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.24
Abstract: The authenticated encryption plays a key cryptographic primitive that provides confidentiality, integrity, and authenticity in an efficient manner. This paper presents a preliminary design of a novel lightweight authenticated encryption scheme based on the duplex construction of the sponge function supporting the most required features of the authenticated encryption schemes.
Keywords: cryptography; message authentication; confidentiality; duplex construction; integrity; key cryptographic primitive; lightweight authenticated encryption scheme; sponge function; Algorithm design and analysis; Bit rate; Encryption; NIST; Robustness; Authenticated Encryption; CAESAR; Sponge Function; Symmetric Key Cryptography (ID#: 15-6813)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153944&isnumber=7153836
 


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.