Biblio

We propose a construction of an attribute-based authentication scheme (ABAuth). Our ABAuth is a challenge-and-response protocol which uses an attribute-based key-encapsulation mechanisum (ABKEM). The ABKEM is basically the one proposed by Ostrovsky-Sahai-Waters (ACM-CCS 2007), but in contrast to the original ABKEM our ABKEM is based on an asymmetric bilinear map for better computational efficiency. We also give a proof of one-way-CCA security of ABKEM in the asymmetric case, which leads to concurrent man-in-the-middle security of ABAuth. We note that the selective security is often enough for the case of authentication in contrast to the case of encryption. Then we evaluate our ABAuth by implementation as well as by discussion. We use the TEPLA library TEPLA for the asymmetric bilinear map that is Type-3 pairing on the BN curve.

Securing multi-party communication is very challenging particularly in dynamic networks. Existing multi-recipient cryptographic schemes pose variety of limitations. These include: requiring trust among all recipients to make an agreement, high computational cost for both encryption and decryption, and additional communication overhead when group membership changes. To overcome these limitations, this paper introduces a novel multi-recipient asymmetric cryptographic scheme, AMOUN. This scheme enables the sender to possibly send different messages in one ciphertext to multiple recipients to better utilize network resources, while ensuring that each recipient only retrieves its own designated message. Security analysis demonstrates that proposed scheme is secure against well-known attacks. Evaluation results demonstrate that lightweight AMOUN outperforms RSA and Multi-RSA in terms of computational cost for both encryption and decryption. For a given prime size, in case of encryption, AMOUN achieves 86% and 98% lower average computational cost than RSA and Multi-RSA, respectively; while for decryption, it shows performance improvement of 98% compared to RSA and Multi-RSA.

Bi-dimensional empirical mode decomposition can decompose the source image into several Bi-dimensional Intrinsic Mode Functions. In the process of image decomposition, interpolation is needed and the upper and lower envelopes will be drawn. However, these interpolations and the drawings of upper and lower envelopes require a lot of computation time and manual screening. This paper proposes a simple but effective method that can maintain the characteristics of the original BEMD method, and the Hermite interpolation reconstruction method is used to replace the surface interpolation, and the variable neighborhood window method is used to replace the fixed neighborhood window method. We call it fast bi-dimensional empirical mode decomposition of the variable neighborhood window method based on research characteristics, and we finally complete the image fusion. The empirical analysis shows that this method can overcome the shortcomings that the source image features and details information of BIMF component decomposed from the original BEMD method are not rich enough, and reduce the calculation time, and the fusion quality is better.

With the rapid development of Internet of things (IOT) and big data, the number of network terminal devices and big data transmission are increasing rapidly. Traditional cloud computing faces a great challenge in dealing with this massive amount of data. Fog computing which extends the computing at the edge of the network can provide computation and data storage. Attribute based-encryption can effectively achieve the fine-grained access control. However, the computational complexity of the encryption and decryption is growing linearly with the increase of the number of attributes. In order to reduce the computational cost and guarantee the confidentiality of data, distributed access control with outsourced computation in fog computing is proposed in this paper. In our proposed scheme, fog device takes most of computational cost in encryption and decryption phase. The computational cost of the receiver and sender can be reduced. Moreover, the private key of the user is generated by multi-authority which can enhance the security of data. The analysis of security and performance shows that our proposed scheme proves to be effective and secure.

Forward secure proxy signature (FoSPS) solves the security drawback of private key exposure problem of generating the private key of each time interval. Directed signature scheme solves the public signature verification problem in traditional digital signature by designating the constant one as the signature verifier. Due to excellent properties, the two signature schemes have attracted the research of many experts. Recently, based on the Elliptic curve cryptography (ECC), a new FoSPS scheme and directed signature scheme were proposed. In this paper, we analyze the two schemes and present which the either of both schemes is insecure and do not satisfy the unforgeability. In other words, anyone is able to forge a valid signature but the one does not know the signer's secret key. In the same time, we give the main reasons why the enemy is able to forge the signature by analyzing the two schemes respectively. And we also present a simple improvement idea to overcome existing problems without adding extra computational cost which can make them applied in some environments such as e-medical information system.

The integration of Internet of Things (IoT) and edge computing is currently a new research hotspot. However, the lack of trust between IoT edge devices has hindered the universal acceptance of IoT edge computing as outsourced computing services. In order to increase the adoption of IoT edge computing applications, first, IoT edge computing architecture should establish efficient trust calculation mechanism to alleviate the concerns of numerous users. In this paper, a reliable and lightweight trust mechanism is originally proposed for IoT edge devices based on multi-source feedback information fusion. First, due to the multi-source feedback mechanism is used for global trust calculation, our trust calculation mechanism is more reliable against bad-mouthing attacks caused by malicious feedback providers. Then, we adopt lightweight trust evaluating mechanism for cooperations of IoT edge devices, which is suitable for largescale IoT edge computing because it facilitates low-overhead trust computing algorithms. At the same time, we adopt a feedback information fusion algorithm based on objective information entropy theory, which can overcome the limitations of traditional trust schemes, whereby the trust factors are weighted manually or subjectively. And the experimental results show that the proposed trust calculation scheme significantly outperforms existing approaches in both computational efficiency and reliability.

In recent years, many users have uploaded data to the cloud for easy storage and sharing with other users. At the same time, security and privacy concerns for the data are growing. Attribute-based encryption (ABE) enables both data security and access control by defining users with attributes so that only those users who have matching attributes can decrypt them. For real-world applications of ABE, revocation of users or their attributes is necessary so that revoked users can no longer decrypt the data. In actual implementations, ABE is used in hybrid with a symmetric encryption scheme such as the advanced encryption standard (AES) where data is encrypted with AES and the AES key is encrypted with ABE. The hybrid encryption scheme requires re-encryption of the data upon revocation to ensure that the revoked users can no longer decrypt that data. To re-encrypt the data, the data owner (DO) must download the data from the cloud, then decrypt, encrypt, and upload the data back to the cloud, resulting in both huge communication costs and computational burden on the DO depending on the size of the data to be re-encrypted. In this paper, we propose an attribute-based proxy re-encryption method in which data can be re-encrypted in the cloud without downloading any data by adopting both ABE and Syalim's encryption scheme. Our proposed scheme reduces the communication cost between the DO and cloud storage. Experimental results show that the proposed method reduces the communication cost by as much as one quarter compared to that of the trivial solution.

Rootkits detecting in the Windows operating system is an important part of information security monitoring and audit system. Methods of hided process detection were analyzed. The software is developed which implements the four methods of hidden process detection in a user mode (PID based method, the descriptor based method, system call based method, opened windows based method) to use in the monitoring and audit systems.

The rapid increase of connected devices and the major advances in information and communication technologies have led to great emergence in the Internet of Things (IoT). IoT devices require software adaptation as they are in continuous transition. Multi-agent based solutions offer adaptable composition for IoT systems. Mobile agents can also be used to enable interoperability and global intelligence with smart objects in the Internet of Things. The use of agents carrying personal data and the rapid increasing number of connected IoT devices require the use of security protocols to secure the user data. Elliptic Curve Cryptography (ECC) Algorithm has emerged as an attractive and efficient public-key cryptosystem. We recommend the use of ECC in the proposed Broadcast based Secure Mobile Agent Protocol (BROSMAP) which is one of the most secure protocols that provides confidentiality, authentication, authorization, accountability, integrity and non-repudiation. We provide a methodology to improve BROSMAP to fulfill the needs of Multi-agent based IoT Systems in general. The new BROSMAP performs better than its predecessor and provides the same security requirements. We have formally verified ECC-BROSMAP using Scyther and compared it with BROSMAP in terms of execution time and computational cost. The effect of varying the key size on BROSMAP is also presented. A new ECC-based BROSMAP takes half the time of Rivest-Shamir-Adleman (RSA) 2048 BROSMAP and 4 times better than its equivalent RSA 3072 version. The computational cost was found in favor of ECC-BROSMAP which is more efficient by a factor of 561 as compared to the RSA-BROSMAP.