A novel approach to maximize the sum-rate for MIMO broadcast channels

This paper considers the sum-rate of wireless broadcast systems with multiple antennas at the base station. In a conventional MIMO-BC system with a large number of users, selecting an optimal subset of users to maximizing the overall system capacity is a key design issue. This paper presents a novel approach to investigate the sum-rate using Eigen Value Decomposition (EVD). Particularly, we derive the lower bound on sum-rate of a conventional MIMO-BC using a completely different approach compared to the existing approaches. The paper formulates the rate maximization problem for any number of users and any number of transmitting antennas using EVD approach of the channel matrix. This also shows the impact of channel angle information on the sum-rate of conventional MIMO-BC. Numerical results confirm the benefits of our technique in various MIMO communication scenarios.

A strong provably secure IBE scheme without bilinear map

Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. According to the Menezes-Okamoto-Vanstone (MOV) reduction theory, the IBE scheme based on bilinear map loses the high efficiency of elliptic curve because of the requirement of large security parameters. Therefore, it is important to build a provably secure IBE scheme without bilinear map. To this end, this paper proposes an improved IBE scheme that is different from the previous schemes because this new scheme does not use symmetric encryption algorithm. Furthermore, it can be proven to be secure against adaptively chosen identity and chosen plaintext attacks in the standard model. Elaborated security and performance analysis demonstrate that this new scheme outperforms the previous ones in terms of the time complexity for encryption and decryption.

Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy

In this paper we propose a secure ownership transfer protocol for a multi-tag multi-owner RFID environment that provides individual-owner-privacy. To our knowledge, the existing schemes do not provide individual-owner-privacy and most of the existing schemes do not comply with the EPC Global Class-1 Gen-2 (C1G2) standard since the protocols use expensive hash operations or sophisticated encryption schemes that cannot be implemented on low-cost passive tags that are highly resource constrained. Our work aims to fill these gaps by proposing a protocol that provides individual-owner-privacy, based on simple XOR and 128-bit pseudo-random number generators (PRNG), operations that are easily implemented on low-cost RFID tags while meeting the necessary security requirements thus making it a viable option for large scale implementations. Our protocol also provides additional protection by hiding the pseudo-random numbers during all transmissions using a blind-factor to prevent tracking attacks.

Secure distributed deduplication systems with improved reliability

Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. However, there is only one copy for each file stored in cloud even if such a file is owned by a huge number of users. As a result, deduplication system improves storage utilization while reducing reliability. Furthermore, the challenge of privacy for sensitive data also arises when they are outsourced by users to cloud. Aiming to address the above security challenges, this paper makes the first attempt to formalize the notion of distributed reliable deduplication system. We propose new distributed deduplication systems with higher reliability in which the data chunks are distributed across multiple cloud servers. The security requirements of data confidentiality and tag consistency are also achieved by introducing a deterministic secret sharing scheme in distributed storage systems, instead of using convergent encryption as in previous deduplication systems. Security analysis demonstrates that our deduplication systems are secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement the proposed systems and demonstrate that the incurred overhead is very limited in realistic environments.

Automatic summarization of broadcast cricket videos

Summarization of cricket videos is very important because of three reasons: 1) its long duration making manual highlights generation tedious 2) less explored area compared to other sports like soccer 3) huge viewership. We propose a novel summarization scheme for cricket which exploits its contextual semantics. First, we detect the bowling frames based on which the video is temporally segmented into individual deliveries. Then each temporal segment representing a delivery is classified into an interesting or non-interesting segment based on detection of events namely boundaries and wickets. Due to the high frequency of ads and replays in cricket, we have proposed robust algorithms for their removal. Finally, we have proposed a finite state automaton based modeling of the temporal segments to extract key-frames. We have also extended the framework to include text cues and expert choices and also developed a hierarchical summary. We have tested our algorithm on several broadcast cricket videos and obtained good results.

Secure object tracking protocol for the internet of things

In this paper, we propose a secure object tracking protocol to ensure the visibility and traceability of an object along the travel path to support the Internet of Things (IoT). The proposed protocol is based on radio frequency identification system for global unique identification of IoT objects. For ensuring secure object tracking, lightweight cryptographic primitives and physically unclonable function are used by the proposed protocol in tags. We evaluated the proposed protocol both quantitatively and qualitatively. In our experiment, we modeled the protocol using security protocol description language (SPDL) and simulated SPDL model using automated claim verification tool Scyther. The results show that the proposed protocol is more secure and requires less computation compared to existing similar protocols.

Enabling efficient and secure outsourcing of large matrix multiplications

With the growing popularity of cloud computing, outsourced computing has attracted much research effort recently. A computationally weak client is capable of delegating its heavy computing tasks, such as large matrix multiplications, to the cloud server. Critical requirements for such tasks include the need to guarantee the unforgeability of computing results and the preservation of the privacy of clients. On one hand, the result computed by the cloud server needs to be verified since the cloud server cannot be fully honest. On the other hand, as the data involved in computing may contain some sensitive information of the client, the data should not be identified by the cloud server. In this paper, we address these above issues by developing an Efficient and Secure Outsourcing scheme for Large Matrix Multiplication, named ESO- LMM. Security analysis demonstrates that ESO-LMM achieves the security requirements in terms of unforgeability of proof and privacy protection of outsourced data. Furthermore, performance evaluation indicates that ESO-LMM is much more efficient compared with the existing works in terms of computation, communication and storage overhead.

SCLPV: secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors

Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace but also physical space. This has resulted in generating numerous data at a user's local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective, and flexible way to manage data, whereas users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many schemes have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these schemes bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these schemes, an auditor needs to manage users certificates to choose the correct public keys for verification. In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that the SCLPV is efficient and practical. Compared with the only existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. In comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server of the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

Secure and energy-efficient data aggregation with malicious aggregator identification in wireless sensor networks

Data aggregation in wireless sensor networks is employed to reduce the communication overhead and prolong the network lifetime. However, an adversary may compromise some sensor nodes, and use them to forge false values as the aggregation result. Previous secure data aggregation schemes have tackled this problem from different angles. The goal of those algorithms is to ensure that the Base Station (BS) does not accept any forged aggregation results. But none of them have tried to detect the nodes that inject into the network bogus aggregation results. Moreover, most of them usually have a communication overhead that is (at best) logarithmic per node. In this paper, we propose a secure and energy-efficient data aggregation scheme that can detect the malicious nodes with a constant per node communication overhead. In our solution, all aggregation results are signed with the private keys of the aggregators so that they cannot be altered by others. Nodes on each link additionally use their pairwise shared key for secure communications. Each node receives the aggregation results from its parent (sent by the parent of its parent) and its siblings (via its parent node), and verifies the aggregation result of the parent node. Theoretical analysis on energy consumption and communication overhead accords with our comparison based simulation study over random data aggregation trees.

A secure and efficient data sharing framework with delegated capabilities in hybrid cloud

Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Efficient and secure attribute-based signature for monotone predicates

Attribute-based signature (ABS) is a novel cryptographic primitive, which can make the signing party sign a message with fine-grained control over identifying information. ABS only reveals the fact that the verified message must be signed by a user with a set of attributes satisfying a predicate. Thus, ABS can hide any identifying information and make fine-grained control on signing. Presently, many attribute-based signature schemes have been proposed, but most of them are not very efficient. Maji et al. recently presented a complete definition and construction about ABS for monotone predicates and showed three instantiations under their framework for ABS. Although the most practical one of their instantiations is efficient, the instantiation is constructed in the generic group model and has been proved to be insecure. Then, Okamoto et al. proposed an attribute-based signature scheme in the standard model, which can support generalized non-monotone predicates over access structure. However, their scheme is not efficient in practice. In this paper, we present a framework for ABS and show a detailed security model for ABS. Under our framework, we present an attribute-based signature scheme for monotone predicates in the standard model, where we choose the Waters’ signature scheme as the prototype of our attribute-based signature scheme. Compared with the Maji’s scheme in the generic group model, the proposed scheme is constructed in the standard model. Furthermore, compared with the Okamoto’s scheme, the proposed scheme is more efficient by decreasing the computation cost.

Personalized search over encrypted data with efficient and secure updates in mobile clouds

Mobile cloud computing has been involved as a key enabling technology to overcome the physical limitations of mobile devices towards scalable and flexible mobile services. In the mobile cloud environment, searchable encryption, which enables directly search over encrypted data, is a key technique to maintain both the privacy and usability of outsourced data in cloud. On addressing the issue, many research efforts resolve to using the searchable symmetric encryption (SSE) and searchable public-key encryption (SPE). In this paper, we improve the existing works by developing a more practical searchable encryption technique, which can support dynamic updating operations in the mobile cloud applications. Specifically, we make our efforts on taking the advantages of both SSE and SPE techniques, and propose PSU, a Personalized Search scheme over encrypted data with efficient and secure Updates in mobile cloud. By giving thorough security analysis, we demonstrate that PSU can achieve a high security level. Using extensive experiments in a realworld mobile environment, we show that PUS is more efficient compared with the existing proposals.

Achieving simple, secure and efficient hierarchical access control in cloud computing

Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

SEMD: secure and efficient message dissemination with policy enforcement in VANET

Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.