The effectiveness of graphical authentication

This research tested the effectiveness of a graphical approach to passwords. A field-experiment, in which graphical passwords were used by 185 subjects, helped to evaluate the approach. It was found that although graphical passwords were successfully used to authenticate useres, more work is required to ensure they are more usable.

Energy-efficient medium access control in wireless sensor networks

Medium access control for wireless sensor networks has been an active
research area in the past decade. This chapter discusses a set of important medium access control (MAC) attributes and possible design trade-offs in protocol design, with an emphasis on energy efficiency. Then we categorize existing MAC protocols into five groups, outline the representative protocols, and compare their advantages and disadvantages in the context of wireless sensor network. Finally, thoughts for practitioners are presented and open research issues are also discussed.

Context-based e-health system access control mechanism

E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

An illumination invariant face recognition system for access control using video

Illumination and pose invariance are the most challenging aspects of face recognition. In this paper we describe a fully automatic face recognition system that uses video information to achieve illumination and pose robustness. In the proposed method, highly nonlinear manifolds of face motion are approximated using three Gaussian pose clusters. Pose robustness is achieved by comparing the corresponding pose clusters and probabilistically combining the results to derive a measure of similarity between two manifolds. Illumination is normalized on a per-pose basis. Region-based gamma intensity correction is used to correct for coarse illumination changes, while further refinement is achieved by combining a learnt linear manifold of illumination variation with constraints on face pattern distribution, derived from video. Comparative experimental evaluation is presented and the proposed method is shown to greatly outperform state-of-the-art algorithms. Consistent recognition rates of 94-100% are achieved across dramatic changes in illumination.

FEACS: a flexible and efficient access control scheme for cloud computing

In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Anonymous credential-based access control scheme for clouds

In the cloud, data is usually stored in ciphertext for security. Attribute-based encryption (ABE) is a popular solution for allowing legal data users to access encrypted data, but it has high overhead and is vulnerable to data leakage. The authors propose an anonymous authorization credential and Lagrange interpolation polynomial-based access control scheme in which an access privilege and one secret share are applied for reconstructing the user's decryption key. Because the credential is anonymously bounded with its owner, only the legal authorized user can access and decrypt the encrypted data without leaking any private information.

Spatial coordinated medium sharing: Optimal access control management in drive-thru internet

Driven by the ever-growing expectation of ubiquitous connectivity and the widespread adoption of IEEE 802.11 networks, it is not only highly demanded but also entirely possible for in-motion vehicles to establish convenient Internet access to roadside WiFi access points (APs) than ever before, which is referred to as Drive-Thru Internet. The performance of Drive-Thru Internet, however, would suffer from the high vehicle mobility, severe channel contentions, and instinct issues of the IEEE 802.11 MAC as it was originally designed for static scenarios. As an effort to address these problems, in this paper, we develop a unified analytical framework to evaluate the performance of Drive-Thru Internet, which can accommodate various vehicular traffic flow states, and to be compatible with IEEE 802.11a/b/g networks with a distributed coordination function (DCF). We first develop the mathematical analysis to evaluate the mean saturated throughput of vehicles and the transmitted data volume of a vehicle per drive-thru. We show that the throughput performance of Drive-Thru Internet can be enhanced by selecting an optimal transmission region within an AP's coverage for the coordinated medium sharing of all vehicles. We then develop a spatial access control management approach accordingly, which ensures the airtime fairness for medium sharing and boosts the throughput performance of Drive-Thru Internet in a practical, efficient, and distributed manner. Simulation results show that our optimal access control management approach can efficiently work in IEEE 802.11b and 802.11g networks. The maximal transmitted data volume per drive-thru can be enhanced by 113.1% and 59.5% for IEEE 802.11b and IEEE 802.11g networks with a DCF, respectively, compared with the normal IEEE 802.11 medium access with a DCF.

Achieving simple, secure and efficient hierarchical access control in cloud computing

Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

Editorial : advances in network and system security

Current parallel and distributed networks/systems are facing serious threats from network terrorism and crime, which cause huge financial loss and potential life hazard. As attacking tools are becoming more widely available, more easy-to-use, more sophisticated, and more powerful, more efforts have been made in building more effective, more intelligent, and more adaptive defense systems which are of distributed and networked nature. This special issue focuses on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems.

Exploiting side information in locality preserving projection

Even if the class label information is unknown, side information represents some equivalence constraints between pairs of patterns, indicating whether pairs originate from the same class. Exploiting side information, we develop algorithms to preserve both the intra-class and inter-class local structures. This new type of locality preserving projection (LPP), called LPP with side information (LPPSI), preserves the data's local structure in the sense that the close, similar training patterns will be kept close, whilst the close but dissimilar ones are separated. Our algorithms balance these conflicting requirements, and we further improve this technique using kernel methods. Experiments conducted on popular face databases demonstrate that the proposed algorithm significantly outperforms LPP. Further, we show that the performance of our algorithm with partial side information (that is, using only small amount of pair-wise similarity/dissimilarity information during training) is comparable with that when using full side information. We conclude that exploiting side information by preserving both similar and dissimilar local structures of the data significantly improves performance.

Analysis of networked RFID system reliability

The ability to uniquely identify individual objects is essential in many applications such as manufacturing, distribution logistics, access control, anti-counterfeiting and healthcare. Radio Frequency Identification (RFID) technology provides one solution for automatic identification of entities using radio waves. Although there is considerable potential in deploying RFID technology, reliability is a key challenge that requires careful attention for RFID to deliver its inherent benefits. In this paper, we highlight the reliability challenges in RFID technology and we analyze the reliability aspects of RFID technology and their major causes. We will also discuss techniques to improve the reliability of RFID systems.