Nonnegative Matrix Factorization Applied to Nonlinear Speech and Image Cryptosystems

Nonnegative matrix factorization (NMF) is widely used in signal separation and image compression. Motivated by its successful applications, we propose a new cryptosystem based on NMF, where the nonlinear mixing (NLM) model with a strong noise is introduced for encryption and NMF is used for decryption. The security of the cryptosystem relies on following two facts: 1) the constructed multivariable nonlinear function is not invertible; 2) the process of NMF is unilateral, if the inverse matrix of the constructed linear mixing matrix is not nonnegative. Comparing with Lin's method (2006) that is a theoretical scheme using one-time padding in the cryptosystem, our cipher can be used repeatedly for the practical request, i.e., multitme padding is used in our cryptosystem. Also, there is no restriction on statistical characteristics of the ciphers and the plaintexts. Thus, more signals can be processed (successfully encrypted and decrypted), no matter they are correlative, sparse, or Gaussian. Furthermore, instead of the number of zero-crossing-based method that is often unstable in encryption and decryption, an improved method based on the kurtosis of the signals is introduced to solve permutation ambiguities in waveform reconstruction. Simulations are given to illustrate security and availability of our cryptosystem.

Offline grouping proof protocol for RFID systems

Several grouping proof protocols have been proposed over the years but they are either found to be vulnerable to certain attacks or do not comply with EPC Class-1 Gen-2 (C1G2) standard because they use hash functions or other complex encryption schemes. Also, synchronization of keys, forward security, proving simultaneity, creating dependence, detecting illegitimate tags, eliminating unwanted tag processing and denial-of-proof (DoP) attacks have not been fully addressed by many. Our protocol addresses these important gaps and is based on Quadratic Residues property where the tags are only required to use XOR, 128-bit Pseudo Random Number Generators (PRNG) and Modulo (MOD) operations which can be easily implemented on low-cost passive tags and hence achieves EPC C1G2 compliance.

RFID tags : grouping proof with forward security

Several grouping proof protocols have been proposed over the years but they are either found to be vulnerable to certain attacks or do not comply with EPC Class-1 Gen-2 (C1G2) standard because they use hash functions or other complex encryption schemes. Among other requirements, synchronization of keys, forward security, dependence, detecting illegitimate tags, eliminating unwanted tag processing and denial-of-proof (DoP) attacks have not been fully addressed by many. Our protocol addresses these important gaps and is based on simple XOR encryption and 128-bit Pseudo Random Number Generators (PRNG), operations that are easily implemented on low-cost passive tags and hence achieves EPC C1G2 compliance.

Secure ownership transfer in multi-tag/multi-owner passive RFID systems

In this paper we propose a secure ownership transfer protocol for a multi-tag and multi-owner RFID environment. Most of the existing work in this area do not comply with the EPC Global Class-1 Gen-2 (C1G2) standard since they use expensive hash operations or sophisticated encryption schemes that cannot be implemented on low-cost passive tags that are highly resource constrained. Our work aims to fill this gap by proposing a protocol based on simple XOR and 128-bit Pseudo Random Number Generators (PRNG), operations that can be easily implemented on low-cost passive RFID tags. The protocol thus achieves EPC C1G2 compliance while meeting the security requirements. Also, our protocol provides additional protection using a blind-factor to prevent tracking attacks.

Certificate-based signature : security model and efficient construction

In Eurocrypt 2003, Gentry introduced the notion of certificate-based encryption. The merit of certificate-based encryption lies in the following features: (1) providing more efficient public-key infrastructure (PKI) that requires less infrastructure, (2) solving the certificate revocation problem, and (3) eliminating third-party queries in the traditional PKI. In addition, it also solves the inherent key escrow problem in the identity-based cryptography. In this paper, we first introduce a new attack called the “Key Replacement Attack” in the certificate-based system and refine the security model of certificate-based signature. We show that the certificate-based signature scheme presented by Kang, Park and Hahn in CT-RSA 2004 is insecure against key replacement attacks. We then propose a new certificate-based signature scheme, which is shown to be existentially unforgeable against adaptive chosen message attacks under the computational Diffie-Hellman assumption in the random oracle model. Compared with the certificate-based signature scheme in CT-RSA 2004, our scheme enjoys shorter signature length and less operation cost, and hence, our scheme outperforms the existing schemes in the literature.

Certificate-based signatures: New definitions and a generic construction from certificateless signatures

Certificate-based encryption was introduced in Eurocrypt’03 to solve the certificate management problem in public key encryption. Recently, this idea has been extended to certificate-based signatures. To date, several new schemes and security models of certificate-based signatures have been proposed. In this paper, we first introduce a new security model of certificate-based signatures. Our model is not only more elaborated when compared with the existing ones, but also defines several new types of adversaries in certificate-based signatures. We then investigate the relationship between certificate-based signatures and certificateless signatures, by proposing a generic construction of certificate-based signatures from certificateless signatures. Our generic construction is secure (in the random oracle model) under the security model defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions.

A concrete certificateless signature scheme without pairings

Certificateless public key cryptography was introduced to avoid the inherent key escrow problem in identity-based cryptography, and eliminate the use of certificates in traditional PKI. Most cryptographic schemes in certificateless cryptography are built from bilinear mappings on elliptic curves which need costly operations. Despite the investigation of certificateless public key encryption without pairings, certificateless signature without pairings received much less attention than what it deserves. In this paper, we present a concrete pairing-free certificateless signature scheme for the first time. Our scheme is more computationally efficient than others built from pairings. The new scheme is provably secure in the random oracle model assuming the hardness of discrete logarithm problem.

Certificate-based signatures revisited

Certificate-based encryption was introduced in Eurocrypt '03 to solve the certificate management problem in public key encryption. Recently, this idea was extended to certificate-based signatures. Several new schemes and security models of certificate-based signature by comparing it with digital signatures in other popular public key systems. We introduce a new security model of certificate-based signature, which defines several new types of adversaries against certificate-based signature, which defines several new types of adversaries against certificate-based signatures, along with the security model of certificate-based signatures against them. The new model is clearer and more elaborated compared with other existing ones. We then investigate the relationship between certificate-based signatures and certificate-less signatures, and propose a generic construction of certificate-based signatures and certificate less signatures, and propose a generic construction of certificate-based signatures. We prove that the generic construction is secure (in the random oracle model) against all types of adversaries defined in this paper, assuming the underlying certificateless signatures satisfying certain security notions. Based on our generic construction, we are able to construct new certificate-based signatures schemes, which are more effiecient in comparison with other schemes with similar security levels

A robust grouping proof protocol for RFID EPC C1G2 tags

Several grouping proof protocols for RFID systems have been proposed over the years but they are either found to be vulnerable to certain attacks or do not comply with the EPC class-1 gen-2 (C1G2) standard because they use hash functions or other complex encryption schemes. Among other requirements, synchronization of keys, simultaneity, dependence, detecting illegitimate tags, eliminating unwanted tag processing, and denial-of-proof attacks have not been fully addressed by many. Our protocol addresses these important gaps by taking a holistic approach to grouping proofs and provides forward security, which is an open research issue. The protocol is based on simple (XOR) encryption and 128-bit pseudorandom number generators, operations that can be easily implemented on low-cost passive tags. Thus, our protocol enables large-scale implementations and achieves EPC C1G2 compliance while meeting the security requirements.

Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption

Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.

Robust multi-factor authentication for fragile communications

In large-scale systems, user authentication usually needs the assistance from a remote central authentication server via networks. The authentication service however could be slow or unavailable due to natural disasters or various cyber attacks on communication channels. This has raised serious concerns in systems which need robust authentication in emergency situations. The contribution of this paper is two-fold. In a slow connection situation, we present a secure generic multi-factor authentication protocol to speed up the whole authentication process. Compared with another generic protocol in the literature, the new proposal provides the same function with significant improvements in computation and communication. Another authentication mechanism, which we name stand-alone authentication, can authenticate users when the connection to the central server is down. We investigate several issues in stand-alone authentication and show how to add it on multi-factor authentication protocols in an efficient and generic way.

Secure outsourced attribute-based signatures

Attribute-based signature (ABS) enables users to sign messages over attributes without revealing any information other than the fact that they have attested to the messages. However, heavy computational cost is required during signing in existing work of ABS, which grows linearly with the size of the predicate formula. As a result, this presents a significant challenge for resource-constrained devices (such as mobile devices or RFID tags) to perform such heavy computations independently. Aiming at tackling the challenge above, we first propose and formalize a new paradigm called Outsourced ABS, i.e., OABS, in which the computational overhead at user side is greatly reduced through outsourcing intensive computations to an untrusted signing-cloud service provider (S-CSP). Furthermore, we apply this novel paradigm to existing ABS schemes to reduce the complexity. As a result, we present two concrete OABS schemes: i) in the first OABS scheme, the number of exponentiations involving in signing is reduced from O(d) to O(1) (nearly three), where d is the upper bound of threshold value defined in the predicate; ii) our second scheme is built on Herranz et al.'s construction with constant-size signatures. The number of exponentiations in signing is reduced from O(d2) to O(d) and the communication overhead is O(1). Security analysis demonstrates that both OABS schemes are secure in terms of the unforgeability and attribute-signer privacy definitions specified in the proposed security model. Finally, to allow for high efficiency and flexibility, we discuss extensions of OABS and show how to achieve accountability as well.