Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic.     

PPAS: privacy protection authentication scheme for VANET

Vehicular ad hoc network (VANET) can increase the traffic efficiency by allowing arbitrary vehicles to broadcast the messages to other vehicles and road side units (RSUs). But due to the openness of the wireless network, VANET is very vulnerable to forgery attack. Thus, the security and privacy of the messages should be provided, to make sure that the real identity of vehicles can be traceable by authorized party while not be revealed to other vehicles. The existing solutions can neither satisfy the privacy requirement nor have an effective message verification scheme on vehicles. A secure and privacy protect authentication scheme is proposed in this paper, which comprises local authentication and roaming authentication for VANET based on bilinear pairing and can provide secure communications and anonymous authentication among RSUs and vehicles.     

Efficient TPA-based auditing scheme for secure cloud storage

In recent years, how to design efficient auditing protocol to verify the integrity of users’ data, which is stored in cloud services provider (CSP), becomes a research focus. Homomorphic message authentication code (MAC) and homomorphic signature are two popular techniques to respectively design private and public auditing protocols. On the one hand, it is not suitable for the homomorphic-MAC-based auditing protocols to be outsourced to third-party auditor (TPA), who has more professional knowledge and computational abilities, although they have high efficiencies. On the other hand, the homomorphic-signature-based ones are very suitable for employing TPA without compromising user’s signing key but have very low efficiency (compared to the former case). In this paper, we propose a new auditing protocol, which perfectly combines the advantages of above two cases. In particular, it is almost as efficient as a homomorphic-MAC-based protocol proposed by Zhang et al. recently. Moreover, it is also suitable for outsourcing to TPA because it does not compromise the privacy of users’ signing key, which can be seen from our security analysis. Finally, numerical analysis and experimental results demonstrate the high-efficiency of our protocol.

     

End-to-end security scheme for Machine Type Communication based on Generic Authentication Architecture

Machine Type Communication (MTC) and its related services have become the new business growth-point of mobile communication. However, application market with the size of about a hundred of million makes end-to-end security facing grand challenges, especially the repeated construction of authentication facilities for different applications. According to features of MTC, an end-to-end security scheme is proposed, which is based on the Generic Authentication Architecture (GAA), and is thus suitable for MTC communication in application layer. User authentication and session key agreement are achieved by the assistance of operator network in this scheme. Hence, the MTC server can only focus on service delivery. Performance of the proposal is also analyzed, and from this procedure, we obtain the function of lifetime of master session key against expected number of bootstrapping request. Finally, it is shown how the operator could set an optimized lifetime of master session key.     

Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.’s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.     

Robust IoT-based nursing-care support system with smart bio-objects

Background

The significant advancement in the mobile sensing technologies has brought great interests on application development for the Internet-of-Things (IoT). With the advantages of contactlessness data retrieval and efficient data processing of intelligent IoT-based objects, versatile innovative types of on-demand medical relevant services have promptly been developed and deployed. Critical characteristics involved within the data processing and operation must thoroughly be considered. To achieve the efficiency of data retrieval and the robustness of communications among IoT-based objects, sturdy security primitives are required to preserve data confidentiality and entity authentication.

Methods

A robust nursing-care support system is developed for efficient and secure communication among mobile bio-sensors, active intelligent objects, the IoT gateway and the backend nursing-care server in which further data analysis can be performed to provide high-quality and on-demand nursing-care service.

Results

We realize the system implementation with an IoT-based testbed, i.e. the Raspberry PI II platform, to present the practicability of the proposed IoT-oriented nursing-care support system in which a user-friendly computation cost, i.e. 6.33 ms, is required for a normal session of our proposed system. Based on the protocol analysis we conducted, the security robustness of the proposed nursing-care support system is guaranteed.

Conclusions

According to the protocol analysis and performance evaluation, the practicability of the proposed method is demonstrated. In brief, we can claim that our proposed system is very suitable for IoT-based environments and will be a highly competitive candidate for the next generation of nursing-care service systems.

     

Enterprise imaging and big data: A review from a medical physics perspective

In recent years enterprise imaging (EI) solutions have become a core component of healthcare initiatives, while a simultaneous rise in big data has opened up a number of possibilities in how we can analyze and derive insights from large amounts of medical data. Together they afford us a range of opportunities that can transform healthcare in many fields. This paper provides a review of recent developments in EI and big data in the context of medical physics. It summarizes the key aspects of EI and big data in practice, with discussion and consideration of the steps necessary to implement an EI strategy. It examines the benefits that a healthcare service can achieve through the implementation of an EI solution by looking at it through the lenses of: compliance, improving patient care, maximizing revenue, optimizing workflows, and applications of artificial intelligence that support enterprise imaging. It also addresses some of the key challenges in enterprise imaging, with discussion and examples presented for those in systems integration, governance, and data security and privacy.     

Mutual authentication scheme of IoT devices in fog computing environment

The radical shift in the technology with the advent of connected things has led to the significant proliferation in demand for IoT devices, commonly called ‘smart devices’. These devices are capable of data collection, which can help in umpteen applications, particularly in healthcare. With the tremendous growth in these resource-constrained end devices, there has been a substantial increase in the number of attack varieties. Since these end devices deal with the sensitive data that might cause severe damage if not handled properly. Hence, defending its integrity, preserving its privacy, and maintaining its confidentiality as well as availability is of utmost importance. However, there are many protocols, models, architecture tools, etc. proposed to provide security. Nevertheless, almost every solution propound so far is not fully resilient and lacks in giving full protection to the system in some way or the other. So here, we have proposed a lightweight anonymous mutual authentication scheme for end devices and fog nodes.

     

Resilient sensor authentication in SCADA by integrating physical unclonable function and blockchain

Industrial Control Systems and Supervisory Control and Data Acquisition (ICS/SCADA) systems are profound backbones of the national critical infrastructures and are essential to the sustainability of society since they help monitoring and controlling the cyber-enable services, such as energy, transportation, healthcare, etc. Modern SCADA systems continue to use the legacy communication protocols that lack adequate security mechanisms to provide trusted device authentication and ensure data flow integrity. Furthermore, advent of state-of-the-art network-capable sensor technology exposes many unique vulnerabilities to the adversaries. Thus, integrity of the data originated from field sensors along with their identity must be managed carefully in order to enhance reliability of ICS/SCADA ecosystems. In this paper, we present a blockchain-based SRAM PUF Authentication and Integrity (BloSPAI) protocol that aims to ensure a continuous authentication of field sensors and provide a robust data flow integrity process by leveraging distributed ledger and hardware security primitives. The prototype of the protocol has been implemented in a sensor-integrated Raspberry PI testbed that is interfaced with a permissioned blockchain network. We discuss the performance and overhead aspects of the proposed BloSPAI protocol and compare with state-of-art cybersecurity solutions. Through experimental evaluation demonstrates the relationship between the size of the blockchain network impacts the throughput in terms of time to commit transactions and overall systems setup time.

     

Efficient chameleon hashing-based privacy-preserving auditing in cloud storage

Cloud storage is an important application service in cloud computing, it allows data users to store and access their files anytime, from anywhere and with any device. To ensure the security of the outsourced data, data user needs to periodically check data integrity. In some cases, the identity privacy of data user must be protected. However, in the existing preserving identity privacy protocols, data tag generation is mainly based on complex ring signature or group signature. It brings a heavy burden to data user. To ensure identity privacy of data user, in this paper we propose a novel identity privacy-preserving public auditing protocol by utilizing chameleon hash function. It can achieve the following properties: (1) the identity privacy of data user is preserved for cloud server; (2) the validity of the outsourced data is verified; (3) data privacy can be preserved for the auditor in auditing process; (4) computation cost to produce data tag is very low. Finally, we also show that our scheme is provably secure in the random oracle model, the security of the proposed scheme is related to the computational Diffie–Hellman problem and hash function problem.     

SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing

Attribute-based encryption (ABE) is an access control mechanism that ensures efficient data sharing among dynamic groups of users by setting up access structures indicating who can access what. However, ABE suffers from expensive computation and privacy issues in resource-constrained environments such as IoT devices. In this paper, we present SHARE-ABE, a novel collaborative approach for preserving privacy that is built on top of Ciphertext-Policy Attribute-Based Encryption (CP-ABE). Our approach uses Fog computing to outsource the most laborious decryption operations to Fog nodes. The latter collaborate to partially decrypt the data using an original and efficient chained architecture. Additionally, our approach preserves the privacy of the access policy by introducing false attributes. Furthermore, we introduce a new construction of a collaboration attribute that allows users within the same group to combine their attributes while satisfying the access policy. Experiments and analyses of the security properties demonstrate that the proposed scheme is secure and efficient especially for resource-constrained IoT devices.

     

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.     

健康医疗可穿戴设备数据隐私相关问题研究

归纳、总结健康医疗可穿戴设备采集的数据内容,重点绘制健康医疗可穿戴设备的数据流动环节,并将数据流动划分为采集、上传、集成交互以及信息反馈等主要环节,并分析各主要环节中以及其他方面存在及潜在的数据安全与隐私问题,希望能为健康医疗可穿戴设备的数据隐私保护机制提供不同角度的理论参考。     

Step to improve neural cryptography against flipping attacks

Synchronization of neural networks by mutual learning has been demonstrated to be possible for constructing key exchange protocol over public channel. However, the neural cryptography schemes presented so far are not the securest under regular flipping attack (RFA) and are completely insecure under majority flipping attack (MFA). We propose a scheme by splitting the mutual information and the training process to improve the security of neural cryptosystem against flipping attacks. Both analytical and simulation results show that the success probability of RFA on the proposed scheme can be decreased to the level of brute force attack (BFA) and the success probability of MFA still decays exponentially with the weights' level L. The synchronization time of the parties also remains polynomial with L. Moreover, we analyze the security under an advanced flipping attack.     

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.     

Fatal collision? Are wireless headsets a risk in treating patients?

Wireless-enabled headsets that connect to the internet can provide remote transcribing of patient examination notes. Audio and video can be captured and transmitted by wireless signals sent from the computer screen in the frame of the glasses. But using wireless glass-type devices can expose the user to a specific absorption rates (SAR) of 1.11–1.46 W/kg of radiofrequency radiation. That RF intensity is as high as or higher than RF emissions of some cell phones. Prolonged use of cell phones used ipsilaterally at the head has been associated with statistically significant increased risk of glioma and acoustic neuroma. Using wireless glasses for extended periods to teach, to perform surgery, or conduct patient exams will expose the medical professional to similar RF exposures which may impair brain performance, cognition and judgment, concentration and attention and increase the risk for brain tumors. The quality of medical care may be compromised by extended use of wireless-embedded devices in health care settings. Both medical professionals and their patients should know the risks of such devices and have a choice about allowing their use during patient exams. Transmission of sensitive patient data over wireless networks may increase the risk of hacking and security breaches leading to losses of private patient medical and financial data that are strictly protected under HIPPA health information privacy laws.     

临床路径的应用效果和存在的问题

临床路径是一种包含了质量保证、循证医学、整体护理、持续质量改进的诊疗标准方法。它应用与临床工作中，在一定程度上能够降低医疗费用，节省卫生资源，提高病人满意度，促进医护间的相互协作。但同时，在其推广和发展的过程中，也存在一些问题。     

Genomics and privacy: implications of the new reality of closed data for the field

Open source and open data have been driving forces in bioinformatics in the past. However, privacy concerns may soon change the landscape, limiting future access to important data sets, including personal genomics data. Here we survey this situation in some detail, describing, in particular, how the large scale of the data from personal genomic sequencing makes it especially hard to share data, exacerbating the privacy problem. We also go over various aspects of genomic privacy: first, there is basic identifiability of subjects having their genome sequenced. However, even for individuals who have consented to be identified, there is the prospect of very detailed future characterization of their genotype, which, unanticipated at the time of their consent, may be more personal and invasive than the release of their medical records. We go over various computational strategies for dealing with the issue of genomic privacy. One can "slice" and reformat datasets to allow them to be partially shared while securing the most private variants. This is particularly applicable to functional genomics information, which can be largely processed without variant information. For handling the most private data there are a number of legal and technological approaches-for example, modifying the informed consent procedure to acknowledge that privacy cannot be guaranteed, and/or employing a secure cloud computing environment. Cloud computing in particular may allow access to the data in a more controlled fashion than the current practice of downloading and computing on large datasets. Furthermore, it may be particularly advantageous for small labs, given that the burden of many privacy issues falls disproportionately on them in comparison to large corporations and genome centers. Finally, we discuss how education of future genetics researchers will be important, with curriculums emphasizing privacy and data security. However, teaching personal genomics with identifiable subjects in the university setting will, in turn, create additional privacy issues and social conundrums.     

CEDAR: communication efficient distributed analysis for regressions

Electronic health records (EHRs) offer great promises for advancing precision medicine and, at the same time, present significant analytical challenges. Particularly, it is often the case that patient-level data in EHRs cannot be shared across institutions (data sources) due to government regulations and/or institutional policies. As a result, there are growing interests about distributed learning over multiple EHRs databases without sharing patient-level data. To tackle such challenges, we propose a novel communication efficient method that aggregates the optimal estimates of external sites, by turning the problem into a missing data problem. In addition, we propose incorporating posterior samples of remote sites, which can provide partial information on the missing quantities and improve efficiency of parameter estimates while having the differential privacy property and thus reducing the risk of information leaking. The proposed approach, without sharing the raw patient level data, allows for proper statistical inference. We provide theoretical investigation for the asymptotic properties of the proposed method for statistical inference as well as differential privacy, and evaluate its performance in simulations and real data analyses in comparison with several recently developed methods.