Biblio

The development of cloud computing has brought a lot of advantages, such as reducing the hardware cost and a more convenient storage solution. Because of the convenient and cheap storage solution, a large number of users put their valuable data onto the cloud. There have been more and more outsourcing data security and privacy issues. Several schemes using attribute-based encryption (ABE) have been proposed in cloud computing outsourcing data access control; However, most of them have stubborn in complex access control policy. To implement scalable, flexible and fine-grained access control in cloud storage, this paper proposes an attribute-based solution with time restriction delegate by extending the Ciphertext-policy attribute-based encryption (CP-ABE). This scheme not only realizes the scalability and fine-grained access control, but also gives a solution for the data delegate. Our delegate mechanism can let the users entrusted the data which in their visit range to others, and the ability to set a time limit. Finally, we prove the security of our scheme based on the security of the Ciphertext-policy attribute-based encryption (CP-ABE) by Bethencourt et al. and analyze its performance and computational complexity. Experiments for our scheme are implemented and the result shows that it is both efficient and flexible in dealing with access control for outsourced data in cloud computing.

With data becoming available in larger quantities and at higher rates, new data processing paradigms have been proposed to handle high-volume, fast-moving data. Data Stream Processing is one such paradigm wherein transient data streams flow through sets of continuous queries, only returning results when data is of interest to the querier. To avoid the large costs associated with maintaining the infrastructure required for processing these data streams, many companies will outsource their computation to third-party cloud services. This outsourcing, however, can lead to private data being accessed by parties that a data provider may not trust. The literature offers solutions to this confidentiality and access control problem but they have fallen short of providing a complete solution to these problems, due to either immense overheads or trust requirements placed on these third-party services. To address these issues, we have developed PolyStream, an enhancement to existing data stream management systems that enables data providers to specify attribute-based access control policies that are cryptographically enforced while simultaneously allowing many types of in-network data processing. We detail the access control models and mechanisms used by PolyStream, and describe a novel use of security punctuations that enables flexible, online policy management and key distribution. We detail how queries are submitted and executed using an unmodified Data Stream Management System, and show through an extensive evaluation that PolyStream yields a 550x performance gain versus the state-of-the-art system StreamForce in CODASPY 2014, while providing greater functionality to the querier.

Attribute-based methods provide authorization to parties based on whether their set of attributes (e.g., age, organization, etc.) fulfills a policy. In attribute-based encryption (ABE), authorized parties can decrypt, and in attribute-based credentials (ABCs), authorized parties can authenticate themselves. In this paper, we combine elements of ABE and ABCs together with garbled circuits to construct attribute-based key exchange (ABKE). Our focus is on an interactive solution involving a client that holds a certificate (issued by an authority) vouching for that client's attributes and a server that holds a policy computable on such a set of attributes. The goal is for the server to establish a shared key with the client but only if the client's certified attributes satisfy the policy. Our solution enjoys strong privacy guarantees for both the client and the server, including attribute privacy and unlinkability of client sessions. Our main contribution is a construction of ABKE for arbitrary circuits with high (concrete) efficiency. Specifically, we support general policies expressible as boolean circuits computed on a set of attributes. Even for policies containing hundreds of thousands of gates the performance cost is dominated by two pairing computations per policy input. Put another way, for a similar cost to prior ABE/ABC solutions, which can only support small formulas efficiently, we can support vastly richer policies. We implemented our solution and report on its performance. For policies with 100,000 gates and 200 inputs over a realistic network, the server and client spend 957 ms and 176 ms on computation, respectively. When using offline preprocessing and batch signature verification, this drops to only 243 ms and 97 ms.

Big data is the next frontier for modernization, rivalry, and profitability. It is the foundation of all the major trends such as social networks, mobile devices, healthcare, stock markets etc. Big data is efficiently stored in the cloud because of its high-volume, high-speed and high-assortment data resources. An unauthorized user access control is the gravest threat of huge information in the cloud environment because of the remote file storage. Attribute Based Encryption (ABE) is an efficient access control procedure to guarantee end-to-end security for huge information in the cloud. Most often existing ABE working principle is based on bilinear pairing. In this paper, we construct a peculiar ABE for big data in the cloud. Our proposed scheme is based on quadratic residue and attribute union which is based on fundamental arithmetic theorem.

In ciphertext policy attribute-based encryption scheme, access policies are associated with ciphertext and tied to it. It is necessary to hide the access policy in the most sensitive spots such as political, medical and economic fields, that is, receiver's anonymity. In this paper, we propose an efficient CP-ABE construction with hidden policy and prove it to be fully secure under static assumptions applying the dual system encryption methodology. Access structures in our construction are AND gates on positive, negative and wildcard attributes and the ciphertext size is short, which is only concerned with the number of wildcards.

In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the \$d\$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using \$\textbackslashtextsf\Python\\$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.

Secure Data Sharing (SDS) enables users to share data in the cloud in a confidential and integrity-preserving manner. Many recent SDS approaches are based on Attribute-Based Encryption (ABE), leveraging the advantage that ABE allows to address a multitude of users with only one ciphertext. However, ABE approaches often come with the downside that they require a central fully-trusted entity that is able to decrypt any ciphertext in the system. In this paper, we investigate on whether ABE could be used to efficiently implement Decentralized Secure Data Sharing (D-SDS), which explicitly demands that the authorization and access control enforcement is carried out solely by the owner of the data, without the help of a fully-trusted third party. For this purpose, we did a comprehensive analysis of recent ABE approaches with regard to D-SDS requirements. We found one ABE approach to be suitable, and we show different alternatives to employ this ABE approach in a group-based D-SDS scenario. For a realistic estimation of the resource consumption, we give concrete resource consumption values for workloads taken from real-world system traces and exemplary up-to-date mobile devices. Our results indicate that for the most D-SDS operations, the resulting computation times and outgoing network traffic will be acceptable in many use cases. However, the computation times and outgoing traffic for the management of large groups might prevent using mobile devices.

This poster documents three approaches that we are undertaking to increase security awareness within undergraduate computer science classes. The first approach is a verbal password entry system, with surreptitious photos being taken when the mobile device is stolen. The second approach is a lab where students develop a password entry and verification system between a mobile device and a remote server. The third approach is a captcha system, where students implement a simple challenge that can be verified. Like password entry, the captcha communications must be secure and difficult to automatically manipulate. Unlike password entry, the captcha is meant to allow humans access while denying other computers.

Text-based Captchas have been widely used to deter misuse of services on the Internet. However, many designs have been broken. It is intellectually interesting and practically relevant to look for alternative designs, which are currently a topic of active research. We motivate the study of Chinese Captchas as an interesting alternative design - co-unterintuitively, it is possible to design Chinese Captchas that are universally usable, even to those who have never studied Chinese language. More importantly, we ask a fundamental question: is the segmentation-resistance principle established for Roman-character based Captchas applicable to Chinese based designs? With deep learning techniques, we offer the first evidence that computers do recognize individual Chinese characters well, regardless of distortion levels. This suggests that many real-world Chinese schemes are insecure, in contrast to common beliefs. Our result offers an essential guideline to the design of secure Chinese Captchas, and it is also applicable to Captchas using other large-alphabet languages such as Japanese.

In this paper, we present an experimental system for controlling human access to information systems. Also, the system allows analyzing the morphology of red blood cells of microscope images of patients with sicklemia.

Three-dimensional typography (3D typography) refers to the arrangement of text in three-dimensional space. It injects vitality into the letters, thereby giving the viewer a strong impression that is hard to forget. These days, 3D typography plays an important role in daily life beyond the artistic design. It is easy to observe the 3D typography used in the 3D virtual space such as movie or games. Also it is used frequently in signboard or furniture design. Despite its noticeable strength, most of the 3D typography is generated by just a simple extrusion of flat 2D typography. Comparing with 2D typography, 3D typography is more difficult to generate in short time due to its high complexity.

While many text-based CAPTCHA schemes have been broken, hollow CAPTCHAs as a new technology have been used by many websites. The generation method of currently used hollow CAPTCHAs is investigated, we found there is color difference between the boundary of characters contour lines and noise arcs. An algorithm of noise arcs removal to deal with this vulnerability is proposed. Furthermore, a de-noising and segmentation scheme for hollow CAPTCHAs with noise arcs is presented. The scheme is verified by the real CAPTCHA data from the website Sina Weibo. The success segmentation rate is 77%. Finally, some advice is given to improve the design of hollow CAPTCHA.

Some of the common works like, upload and retrieval of data, buying and selling things, earning and donating or transaction of money etc., are the most common works performed in daily life through internet. For every user who is accessing the internet regularly, their highest priority is to make sure that there data is secured. Users are willing to pay huge amount of money to the service provider for maintaining the security. But the intention of malicious users is to access and misuse others data. For that they are using zombie bots. Always Bots are not the only malicious, legitimate authorized user can also impersonate to access the data illegally. This makes the job tougher to discriminate between the bots and boots. For providing security form that threats, here we are proposing a novel RSJ Approach by User Authentication. RSJ approach is a secure way for providing the security to the user form both bots and malicious users.

Accounts on web services are always exposed to the menace of attacks. Especially, a large number of accounts can be used for unfair uses such as stealth marketing or SPAM attacks. Needless to say, acquisition of those accounts and attacks are automatically done by software programs called bots. Therefore, a technology called CAPTCHA is usually used in the acquisition of accounts for web services in order to distinguish human beings from bots. The most popular kind of CAPTCHA methods is text-based CAPTCHA in which distorted alphabets and numbers appear with obstacles or noise. However, it is known that all of text-based CAPTCHA algorithms can be analyzed by computers. In addition, too much distortion or noise prevents human beings from alphabets or numbers. There are other kinds of CAPTCHA methods such as image CAPTCHA and audio CAPTCHA. However, they also have problems in use. As a related work, an effective text-based CAPTCHA algorithm was proposed to which amodal completion is applied. The CAPTCHA provides computers a large amount of calculation cost while amodal completion helps human beings to recognize characters momentarily. On the other hand, momentary recognition is uncomfortable for human beings since extreme concentration is required within ten seconds. Therefore, in this paper, we propose an improved algorithm to which amodal completion and aftereffects are applied. The aftereffects extend time for recognition of characters from a moment to several seconds.

Consider n anonymous nodes each initially supporting an opinion in \1, 2, …, k\ and suppose that they should all learn the opinion with the largest support. Per round, each node contacts a random other node and exchanges B bits with it, where typically B is at most O(log n). This basic distributed computing problem is called the plurality consensus problem (in the gossip model) and it has received extensive attention. An efficient plurality protocol is one that converges to the plurality consensus as fast as possible, and the standard assumption is that each node has memory at most polylogarithmic in n. The best known time bound is due to Becchetti et al. [SODA'15], reaching plurality consensus in O(k log n) rounds using log(k+1) bits of local memory, under some mild assumptions. As stated by Becchetti et al., achieving a poly-logarithmic time complexity remained an open question. Resolving this question, we present an algorithm that with high probability reaches plurality consensus in O(log k log n) rounds, while having message and memory size of log k + O (1) bits. This even holds under considerably more relaxed assumptions regarding the initial bias (towards plurality) compared to those of prior work. The algorithm is based on a very simple and arguably natural mechanism.

Advances in Device-to-Device (D2D) ecosystems have brought on mobile applications that utilise nearby mobile devices in order to improve users' quality of experience (QoE). The interactions between the mobile devices have to be transparent to the end users and can be of many services – opportunistic networking, traffic offloading, computation offloading, cooperative streaming and P2P based k-anonymity location privacy service, to name a few. Whenever mobile users are willing to "ask for help" from their neighbours, they need to make non trivial decisions in order to maximise their utility. Current motivation approaches for mobile users that participate in such environments are of two types: (i) credit-based and (ii) reputation-based. These approaches rely either on centralised authorities or require prohibitively many messages or require tamper resistant security modules. In this paper we propose a trust-based approach that does not require synchronisation between the mobile users. Moreover, we present the three-way tradeoff between, consistency, message exchange and awareness and we conclude that our approach can provide first-rate data to neighbour selection mechanisms for D2D ecosystems with much less overhead.

Digital Signage (DS) is one of the popular IoT technologies deployed in the urban space. DS can provide wayfinding and urban information to city dwellers and convey targeted messaging and advertising to people approaching the DS. With the rise of the online-to-offline (O2O) mobile commerce, DS also become an important marketing tool in urban retailing. However, most digital signage systems today lack interactive feature and context-aware recommendation engine. Few interactive digital signage systems available today are also insufficient in engaging anonymous viewers and also not considering temporal interaction between viewer and DS system. To overcome the above challenges, this paper proposes a context-aware recommender system framework with novel temporal interaction scheme for IoT based interactive digital signage deployed in urban space to engage anonymous viewer. The results of experiments indicate that the proposed framework improves the advertising effectiveness for DS system deployed in public in urban space.

Anonymous communication systems are vulnerable to long term passive "intersection attacks". Not all users of an anonymous communication system will be online at the same time, this leaks some information about who is talking to who. A global passive adversary observing all communications can learn the set of potential recipients of a message with more and more confidence over time. Nearly all deployed anonymous communication tools offer no protection against such attacks. In this work, we introduce TASP, a protocol used by an anonymous communication system that mitigates intersection attacks by intelligently grouping clients together into anonymity sets. We find that with a bandwidth overhead of just 8% we can dramatically extend the time necessary to perform a successful intersection attack.

This paper proposed a novel sparse representation-based infrared target tracking method using multi-feature fusion to compensate for incomplete description of single feature. In the proposed method, we extract the intensity histogram and the data on-Local Entropy and Local Contrast Mean Difference information for feature representation. To combine various features, particle candidates and multiple feature descriptors of dictionary templates were encoded as kernel matrices. Every candidate particle was sparsely represented as a linear combination of a set of atom vectors of a dictionary. Then, the sparse target template representation model was efficiently constructed using a kernel trick method. Finally, under the framework of particle filter the weights of particles were determined by sparse coefficient reconstruction errors for tracking. For tracking, a template update strategy employing Adaptive Structural Local Sparse Appearance Tracking (ASLAS) was implemented. The experimental results on benchmark data set demonstrate the better performance over many existing ones.

Person tracking is crucial in any automatic person surveillance systems. In this problem, person localization and re-identification (Re-ID) are both simultaneously processed to show separated trajectories for each individual. In this paper, we propose to use mixture of WiFi and camera systems for person tracking in indoor surveillance regions covered by WiFi signals and disjointed camera FOVs (Field of View). A fusion method is proposed to combine the position observations achieved from each single system of WiFi or camera. The combination is done based on an optimal assignment between the position observations and predicted states from camera and WiFi systems. The correction step of Kalman filter is then applied for each tracker to give out state estimations of locations. The fusion method allows tracking by identification in non-overlapping cameras, with clear identity information taken from WiFi adapter. The experiments on a multi-model dataset show outperforming tracking results of the proposed fusion method in comparison with vision-based only method.

Memory efficiency and locality have substantial impact on the performance of programs, particularly when operating on large data sets. Thus, memory- or I/O-efficient algorithms have received significant attention both in theory and practice. The widespread deployment of multicore machines, however, brings new challenges. Specifically, since the memory (RAM) is shared across multiple processes, the effective memory-size allocated to each process fluctuates over time. This paper presents techniques for designing and analyzing algorithms in a cache-adaptive setting, where the RAM available to the algorithm changes over time. These techniques make analyzing algorithms in the cache-adaptive model almost as easy as in the external memory, or DAM model. Our techniques enable us to analyze a wide variety of algorithms — Master-Method-style algorithms, Akra-Bazzi-style algorithms, collections of mutually recursive algorithms, and algorithms, such as FFT, that break problems of size N into subproblems of size Theta(Nc). We demonstrate the effectiveness of these techniques by deriving several results: 1. We give a simple recipe for determining whether common divide-and-conquer cache-oblivious algorithms are optimally cache adaptive. 2. We show how to bound an algorithm's non-optimality. We give a tight analysis showing that a class of cache-oblivious algorithms is a logarithmic factor worse than optimal. 3. We show the generality of our techniques by analyzing the cache-oblivious FFT algorithm, which is not covered by the above theorems. Nonetheless, the same general techniques can show that it is at most O(loglog N) away from optimal in the cache adaptive setting, and that this bound is tight. These general theorems give concrete results about several algorithms that could not be analyzed using earlier techniques. For example, our results apply to Fast Fourier Transform, matrix multiplication, Jacobi Multipass Filter, and cache-oblivious dynamic-programming algorithms, such as Longest Common Subsequence and Edit Distance. Our results also give algorithm designers clear guidelines for creating optimally cache-adaptive algorithms.

To increase transparency and interactive control in Recommender Systems, we extended the Matrix Factorization technique widely used in Collaborative Filtering by learning an integrated model of user-generated tags and latent factors derived from user ratings. Our approach enables users to manipulate their preference profile expressed implicitly in the (intransparent) factor space through explicitly presented tags. Furthermore, it seems helpful in cold-start situations since user preferences can be elicited via meaningful tags instead of ratings. We evaluate this approach and present a user study that to our knowledge is the most extensive empirical study of tag-enhanced recommending to date. Among other findings, we obtained promising results in terms of recommendation quality and perceived transparency, as well as regarding user experience, which we analyzed by Structural Equation Modeling.

In recent years, named entity linking (NEL) tools were primarily developed as general approaches, whereas today numerous tools are focusing on specific domains such as e.g. the mapping of persons and organizations only, or the annotation of locations or events in microposts. However, the available benchmark datasets used for the evaluation of NEL tools do not reflect this focalizing trend. We have analyzed the evaluation process applied in the NEL benchmarking framework GERBIL [16] and its benchmark datasets. Based on these insights we extend the GERBIL framework to enable a more fine grained evaluation and in deep analysis of the used benchmark datasets according to different emphases. In this paper, we present the implementation of an adaptive filter for arbitrary entities as well as a system to automatically measure benchmark dataset properties, such as the extent of content-related ambiguity and diversity. The implementation as well as a result visualization are integrated in the publicly available GERBIL framework.

Minutiae are important features in the fingerprints matching. The effective of minutiae extraction depends greatly on the results of fingerprint enhancement. This paper proposes a novel fingerprint enhancement method for direct gray scale extracting minutiae based on combining Gabor filters with the Adaptive Modified Finite Radon Transform (AMFRAT) filters. First, the proposed method uses Gabor filters as band-pass filters for deleting the noise and clarifying ridges. Next, AMFRAT filters are applied for connecting broken ridges together, filling the created holes and clarifying linear symmetry of ridges quickly. AMFRAT is the MFRAT filter, the window size of which is adaptively adjusted according to the coherence values. The small window size is for high curvature ridge areas (small coherence value), and vice versa. As the result, the ridges are the linear symmetry areas, and more suitable for direct gray scale minutiae extraction. Finally, linear symmetry filter is only used for locating minutiae in an inverse model, as "lack of linear symmetry" occurs at minutiae points. Experimental results on FVC2004 databases DB4 (set A) shows that the proposed method is capable of improving the goodness index (GI).

We present an adaptive multi-rate ray sampling algorithm targeting mobile ray-tracing GPUs. We efficiently combine two existing algorithms, adaptive supersampling and undersampling, into a single framework targeting ray-tracing GPUs and extend it to a new multi-rate sampling scheme by utilizing tile-based rendering and frame-to-frame coherency. The experimental results show that our implementation is a versatile solution for future ray-tracing GPUs as it provides up to 2.98 times better efficiency in terms of performance per Watt by reducing the number of rays to be fed into the dedicated hardware and minimizing the memory operations.