Certificate-based signature : security model and efficient construction

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the “Key Replacement Attack” in the certificate-based system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.

Cryptanalysis and improvement of an efficient certificateless signature scheme

In traditional digital signature schemes, certificates signed by a trusted party are required to ensure the authenticity of the public key. In Asiacrypt 2003, the concept of certificateless signature scheme was introduced. The advantage of certificate-less public key cryptography successfully eliminates the necessity of certificates in the traditional public key cryptography and simultaneously solves the inherent key escrow problem suffered in identity-based cryptography. Recently, Yap et al. proposed an efficient certificateless signature scheme and claimed that their scheme is existentially unforgeable in the random oracle model. In this paper, we show that the certificateless signature scheme proposed by Yap et al. is insecure against public key replacement attacks. Furthermore, we propose an improved certificateless signature scheme, which is existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model and provide the security proof of the proposed scheme.

A strong provably secure IBE scheme without bilinear map

Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. According to the Menezes-Okamoto-Vanstone (MOV) reduction theory, the IBE scheme based on bilinear map loses the high efficiency of elliptic curve because of the requirement of large security parameters. Therefore, it is important to build a provably secure IBE scheme without bilinear map. To this end, this paper proposes an improved IBE scheme that is different from the previous schemes because this new scheme does not use symmetric encryption algorithm. Furthermore, it can be proven to be secure against adaptively chosen identity and chosen plaintext attacks in the standard model. Elaborated security and performance analysis demonstrate that this new scheme outperforms the previous ones in terms of the time complexity for encryption and decryption.

Firms as adaptive organizations : the case of Australian trading banks

The conventional accounting notion of ‘going concern’ — that a firm will continue its business operations in the same manner indefinitely — has underpinned accounting practice for over one hundred years. This idea has provided a rationale for spreading costs over accounting periods and for deferring costs as assets in balance sheets. An alternative idea that is widely regarded as reliable in the literatures of economics and deliberate action is that firms continually adapt to changes in market and economic conditions. That is economic behaviour. The implications of that view of a firm for accounting have been systematically explored by Chambers (1966). While not examining those particular implications, many other accounting theorists have been critical of the conventional accounting idea of 'going concern' and of its impact on accounting practice. The two notions of ‘going concern’ - as static or adaptive enterprises - are examined by referring to the business operations of the four major Australian trading banks over the period 1983-1991. Banks were selected because they are commonly thought to be particularly ‘conservative’ organizations. The period 1983—1991 was chosen because it covers the era of deregulation of the Australian financial system. The evidence adduced by this study indicates that the Australian trading banks have continually adapted their organizational structures and business operations in the light of changes in technology, markets for financial services, government policies and domestic and global economic conditions. Illustrations of adaptive behaviour by banks ate drawn from their normal operating procedures such as the provision of products and services, loan services, acquisitions, sale of property, non-core banking operations and international banking. It is argued on analytical grounds that the cost basis of accounting does not yield financial statements that provide factual and up-to-date information about the financial capacity of firms to pay their debts and to continue trading generally; that is, to be going concerns. At any time, those financial capacities are determined by the amount of money commanded by a firm, including the money's worth of its assets, and by its level of debt. It is concluded on empirical grounds that the Australian trading banks, at least, are adaptive entities.

A microscopic competition model and its dynamics analysis on network attacks

Modeling network traffic has been a critical task in the development of Internet. Attacks and defense are prevalent in the current Internet. Traditional network models such as Poisson-related models do not consider the competition behaviors between the attack and defense parties. In this paper, we present a microscopic competition model to analyze the dynamics among the nodes, benign or malicious, connected to a router, which compete for the bandwidth. The dynamics analysis demonstrates that the model can well describe the competition behavior among normal users and attackers. Based on this model, an anomaly attack detection method is presented. The method is based on the adaptive resonance theory, which is used to learn the model by normal traffic data. The evaluation shows that it can effectively detect the network attacks.

Adaptive patch size determination for patch-based image completion

Patch-based image completion proceeds by iteratively filling the target (unknown) region by the best matching patches in the source image. In most existing such algorithms, the size of the patches is either fixed and specified by a default number or simply chosen to be inversely proportional to the spatial frequency. However, it is noted that the patch size affects how well the filled patch captures the local characteristics of the source image and thus the final completion accuracy. Thus in this paper we propose a new method to compute appropriate patch sizes for image completion to improve its performance. In particular, we formulate the patch size determination as an optimization problem that minimizes an objective function involving image gradients and distinct and homogenous features. Experimental results show that our method can provide a significant enhancement to patch-based image completion algorithms.

Developing an empirical algorithm for protecting text-based CAPTCHAs against segmentation attacks

In this paper, we aim to provide an effective and efficient method to generate text-based Captchas which are resilient against segmentation attack. Different to the popular industry practice of using very simple color schemes, we advocate to use multiple colors in our Captchas. We adopt the idea of brush and canvas when coloring our Captchas. Furthermore, we choose to use simple accumulating functions to achieve diffusion on painted colors and DES encryption to achieve a good level of confusion on the brush pattern. To facilitate ordinary users and developers, we propose an empirical algorithm with support of Taguchi method to guarantee the quality of the chosen color schemes. Our proposed methodology has at least three advantages — 1) the settings of color schemes can be fully customized by the user or developer; 2) the quality of selected colors have desirable statistical features that are ensured by Taguchi method; 3) the algorithm can be fully automated into computer programs. Moreover, our included examples and experiments prove the practicality and validity of our algorithm.

Robustness enhancement of quantization based audio watermarking method using adaptive safe-band

This paper presents a novel adaptive safe-band for quantization based audio watermarking methods, aiming to improve robustness. Considerable number of audio watermarking methods have been developed using quantization based techniques. These techniques are generally vulnerable to signal processing attacks. For these conventional quantization based techniques, robustness can be marginally improved by choosing larger step sizes at the cost of significant perceptual quality degradation. We first introduce fixed size safe-band between two quantization steps to improve robustness. This safe-band will act as a buffer to withstand certain types of attacks. Then we further improve the robustness by adaptively changing the size of the safe-band based on the audio signal feature used for watermarking. Compared with conventional quantization based method and the fixed size safe-band based method, the proposed adaptive safe-band based quantization method is more robust to attacks. The effectiveness of the proposed technique is demonstrated by simulation results. © 2014 IEEE.

An adaptive elliptical anomaly detection model for wireless sensor networks

Wireless Sensor Networks (WSNs) provide a low cost option for monitoring different environments such as farms, forests and water and electricity networks. However, the restricted energy resources of the network impede the collection of raw monitoring data from all the nodes to a single location for analysis. This has stimulated research into efficient anomaly detection techniques to extract information about unusual events such as malicious attacks or faulty sensors at each node. Many previous anomaly detection methods have relied on centralized processing of measurement data, which is highly communication intensive. In this paper, we present an efficient algorithm to detect anomalies in a decentralized manner. In particular, we propose a novel adaptive model for anomaly detection, as well as a robust method for modeling normal behavior. Our evaluation results on both real-life and simulated data sets demonstrate the accuracy of our approach compared to existing methods.