Authentication based on keystroke dynamics using stochastic diffusion algorithm

Authentication plays an important role in dealing with security. Securing sensitive data and computer systems by allowing easy access for authenticated users and withstanding the attacks of imposters is one of the major challenges in the field of computer security. Nowadays, passwords have become the trend to control access to computer systems. Biometrics are used to measure and analyze an individual's unique behavioral or physiological patterns for authentication purposes. Keystroke dynamics have emerged as an important method in analyzing the typing rhythm in biometric techniques, as they provide an ease of use and increased trustworthiness associated with biometrics for creating username and password schemes. In this experiment, we measure the Hausdorff timing values, mean, standard deviation, and median of keystroke features, such as latency, duration, digraph, and their combinations, and compare their performance. The stochastic diffusion search is used for feature subset selection.     

Efficient password authenticated key agreement using bilinear pairings

For providing a secure distributed computer environment, efficient and flexible user authentication and key agreement is very important. In addition to user authentication and key agreement, identity privacy is very useful for users. In this paper, we propose an efficient and flexible password authenticated key agreement scheme using bilinear pairings. The main merits include: (1) there is no need for any password or verification table in the server; (2) users can choose or change his own password freely; (3) both the server and a user can authenticate each other; (4) it can protect the user’s privacy; (5) the user and the server can generate a session key; (6) it does not have a serious synchronization-clock problem; (7) even if the secret information stored in a smart card is compromised, it can prevent the offline dictionary attack.     

Certificateless signature: a new security model and an improved generic construction

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault’s Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification. A preliminary version of the extended abstract of partial results appeared in ACISP 2006 [9].     

Chaotic map based key agreement with/out clock synchronization

In order to address Bergamo et al.’s attack, Xiao et al. proposed a key agreement protocol using chaotic maps. Han then presented three attacks on Xiao et al.’s protocol. To enhance the security of key agreement based on chaotic maps, Chang et al. proposed a new key agreement using passphrase, which works in clock synchronization environment. However, their protocol still has some issues: one is its passphrase is not easy to remember and much longer than password; the second one is it cannot resist guessing attack if the constructed passphrase is easy to remember and also has already existed in some rational dictionaries; the third one is it cannot work without clock synchronization. In this paper, we will present two different key agreement protocols, which can resist guessing attack. The first one works in clock synchronization environment. The second one can work without clock synchronization. They both use authenticated password for secure communications. The protocols are secure against replaying attacks and a shared session key can be established.     

一种灵活的基于身份的签名方案

在基于身份的密钥提取过程中,使密钥生成器在私钥中嵌入随机数,从而使得密钥提取具有较好的灵活性,使得用户对一个身份可具备多个私钥,这无疑会增加密钥使用的安全性;基于这种新的密钥提取思路,给出一个基于身份的签名体制,新的密钥提取方式使得它具有更好的安全性和灵活性;新的基于身份的签名体制中具有最少对运算,因此,与类似的方案相比,其具备较好的计算效率;新签名体制的安全性依赖于k-合谋攻击问题(k-CAAP)的困难性,其在适应性选择消息和ID攻击下具备强不可伪造性,并且其安全性证明具有紧规约性.     

Security improvement on an anonymous key agreement protocol based on chaotic maps

In 2009, Tseng et al. proposed a password sharing and chaotic map based key agreement protocol (Tseng et al.’s protocol). They claimed that the protocol provided mutual authentication between a server and a user, and allowed the user to anonymously interact with the server to establish a shared session key. However, in 2011, Niu et al. have proved that Tseng et al.’s protocol cannot guarantee user anonymity and protocol security when there is an internal adversary who is a legitimate user. Also it cannot provide perfect forward secrecy. Then Niu et al. introduced a trust third party (TTP) into their protocol designing (Niu et al.’s protocol). But according to our research, Niu et al.’s protocol is found to have several unsatisfactory drawbacks. Based on reconsidering Tseng et al.’s protocol without introducing TTP, we give some improvements to meet the original security and performance requirements. Meanwhile our proposed protocol overcomes the security flaws of Tseng et al.’s protocol.     

Efficient preprocessing for VLSI optimization problems

Advances in technology for the manufacturing of integrated circuits have resulted in extremely large, and time consuming, problems on how to lay out components for optimal circuit performance. These problems can be written as mixed integer programs which are easily relaxed to linear programs with a very high number of variables and constraints. The relaxed programs can often be solved by applying state-of-the-art linear programming software, however these solutions come at the expense of long solution time. In this paper we show that, by considering the structure inherent in VLSI problems, one can specialize classical preprocessing algorithms to take into account the standard form of the constraint matrix for VLSI problems, thereby achieving improved preprocessing results with relatively little effort. We provide analysis showing our preprocessing techniques are accurate and provide some numerical testing demonstrating the increased efficiency. The numerical tests also demonstrate that using our preprocessing in conjunction with internal preprocessing methods that come with many linear program solvers, can improve the overall performance of the linear program solver and its preprocessor.     

Visual latency-based interactive visualization for digital forensics

In this paper, we present an interactive visualization and clustering algorithm for real-time multi-attribute digital forensic data such as network anomalous events. In the model, glyphs are defined with multiple network attributes and clustered with the recursive optimization algorithm for dimensional reduction. The user's visual latency time is incorporated into the recursive process so that it updates the display and the optimization model according to the human factor and maximizes the capacity of real-time computation. The interactive search interface is developed to enable the display of similar data points according to their similarity of attributes. Finally, typical network anomalous events are analyzed and visualized such as password guessing, etc. This technology is expected to have an impact on real-time visual data mining for network security, sensor networks and many other multivariable real-time monitoring systems. Our usability study shows a decent accuracy of context-independent glyph identification (89.37%) with a high precision for anomaly detection (94.36%). The results indicate that, without any context, users tend to classify unknown patterns as possibly harmful. On the other hand, in the dynamic clustering (context-dependent) experiment, clusters of very extremely unusual glyphs normally contain fewer packets. In this case, the packet identification accuracy is remarkably high (99.42%).     

Weakness and improvement on Wang–Li–Tie’s user-friendly remote authentication scheme

In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu’s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie’s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user’s smart card even without the user’s corresponding password, he can easily use it to impersonate the user to pass the server’s authentication. We further propose an improved scheme to overcome this abuse of the smart card.     

Routing trains through a railway station based on a node packing model

In this paper, we describe the problem of routing trains through a railway station. This routing problem is a subproblem of the automatic generation of timetables for the Dutch railway system. The problem of routing trains through a railway station is the problem of assigning each of the involved trains to a route through the railway station, given the detailed layout of the railway network within the station and given the arrival and departure times of the trains. When solving this routing problem, several aspects such as capacity, safety, and customer service have to be taken into account. In this paper, we describe this routing problem in terms of a weighted node packing problem. Furthermore, we describe an algorithm for solving this routing problem to optimality. The algorithm is based on preprocessing, valid inequalities, and a branch-and-cut approach. The preprocessing techniques aim at identifying superfluous nodes which can be removed from the problem instance. The characteristics of the preprocessing techniques with respect to propagation are investigated. We also present the results of a computational study in which the model, the preprocessing techniques and the algorithm are tested based on data related to the railway stations Arnhem, Hoorn and Utrecht CS in the Netherlands.     

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.     

The (related-key) impossible boomerang attack and its application to the AES block cipher

The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security of a block cipher. In this paper, building on the notions of impossible differential cryptanalysis and the boomerang attack, we propose a new cryptanalytic technique, which we call the impossible boomerang attack, and then describe an extension of this attack which applies in a related-key attack scenario. Finally, we apply the impossible boomerang attack to break 6-round AES with 128 key bits and 7-round AES with 192/256 key bits, and using two related keys we apply the related-key impossible boomerang attack to break 8-round AES with 192 key bits and 9-round AES with 256 key bits. In the two-key related-key attack scenario, our results, which were the first to achieve this amount of attacked rounds, match the best currently known results for AES with 192/256 key bits in terms of the numbers of attacked rounds. The (related-key) impossible boomerang attack is a general cryptanalytic technique, and can potentially be used to cryptanalyse other block ciphers.     

A chaotic block cipher algorithm for image cryptosystems

Recently, many scholars have proposed chaotic cryptosystems in order to promote communication security. However, there are a number of major problems detected in some of those schemes such as weakness against differential attack, slow performance speed, and unacceptable data expansion. In this paper, we introduce a new chaotic block cipher scheme for image cryptosystems that encrypts block of bits rather than block of pixels. It encrypts 256-bits of plainimage to 256-bits of cipherimage within eight 32-bit registers. The scheme employs the cryptographic primitive operations and a non-linear transformation function within encryption operation, and adopts round keys for encryption using a chaotic system. The new scheme is able to encrypt large size of images with superior performance speed than other schemes. The security analysis of the new scheme confirms a high security level and fairly uniform distribution.     

Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes

Encryption schemes based on the rank metric lead to small public key sizes of order of few thousands bytes which represents a very attractive feature compared to Hamming metric-based encryption schemes where public key sizes are of order of hundreds of thousands bytes even with additional structures like the cyclicity. The main tool for building public key encryption schemes in rank metric is the McEliece encryption setting used with the family of Gabidulin codes. Since the original scheme proposed in 1991 by Gabidulin, Paramonov and Tretjakov, many systems have been proposed based on different masking techniques for Gabidulin codes. Nevertheless, over the years most of these systems were attacked essentially by the use of an attack proposed by Overbeck. In 2005 Faure and Loidreau designed a rank-metric encryption scheme which was not in the McEliece setting. The scheme is very efficient, with small public keys of size a few kiloBytes and with security closely related to the linearized polynomial reconstruction problem which corresponds to the decoding problem of Gabidulin codes. The structure of the scheme differs considerably from the classical McEliece setting and until our work, the scheme had never been attacked. We show in this article that for a range of parameters, this scheme is also vulnerable to a polynomial-time attack that recovers the private key by applying Overbeck’s attack on an appropriate public code. As an example we break in a few seconds parameters with 80-bit security claim. Our work also shows that some parameters are not affected by our attack but at the cost of a lost of efficiency for the underlying schemes.     

多级混沌映射变参数伪随机序列产生方法研究

针对单混沌系统因计算机有限精度效应产生的混沌退化问题,提出了一种多级混沌映射变参数伪随机序列产生方法,基于该方法构建的混沌系统较单混沌系统具有伪随机序列周期大,密钥数量多,密钥空间大等优势,所产生的密码具有更高的安全性能.仿真结果表明,该方法在低复杂度条件下可以生成大量具有良好自相关和互相关特性的混沌序列,在安全领域具有良好的应用前景.     

Efficiency and security problems of anonymous key agreement protocol based on chaotic maps

In 2011, Niu-Wang proposed an anonymous key agreement protocol based on chaotic maps in [Niu Y, Wang X. An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Simulat 2011;16(4):1986-92]. Niu-Wang’s protocol not only achieves session key agreement between a server and a user, but also allows the user to anonymously interact with the server. Nevertheless, this paper points out that Niu-Wang’s protocol has the following efficiency and security problems: (1) The protocol has computational efficiency problem when a trusted third party decrypts the user sending message. (2) The protocol is vulnerable to Denial of Service (DoS) attack based on illegal message modification by an attacker.     

网络信息系统中信息安全防御资源分配策略分析——基于约束理论视角

安全经济性是企业信息安全防御决策的重要依据,在网络信息系统中企业需要权衡如何在众多不同信息资源节点间实施防御资源的合理分配。本文首先构建了无安全资源约束下的安全防御决策模型,研究企业在信息安全防御中如何来优化分配其防御资源,得出不同信息节点存在防御阀值以及各节点的相对经济防御水平值;在此模型基础上增加了安全防御资源约束条件,分析不同信息资源节点的防御价值、损失预期、攻击概率等因素对决策的影响,得出企业在不同节点上的防御优先级以及防御过程中投入资源量等相关结论。     

Environmental statistical process control using an augmented neural network classification approach

Shifts in the values of monitored environmental parameters can help to indicate changes in an underlying system. For example, increased concentrations of copper in water discharged from a manufacturing facility might indicate a problem in the wastewater treatment process. The ability to identify such shifts can lead to early detection of problems and appropriate remedial action, thus reducing the risk of long-term consequences. Statistical process control (SPC) techniques have traditionally been used to identify when process parameters have shifted away from their nominal values. In situations where there are correlations among the observed outputs of the process, however, as in many environmental processes, the underlying assumptions of SPC are violated and alternative approaches such as neural networks become necessary. A neural network approach that incorporates a geometric data preprocessing algorithm and identifies the need for increased sampling of observations was applied to facilitate early detection of shifts in autocorrelated environmental process parameters. Utilization of the preprocessing algorithm and the increased sampling technique enabled the neural network to accurately identify the process state of control. The algorithm was able to identify shifts in the highly correlated process parameters with accuracies ranging from 96.4% to 99.8%.     

C0复杂度的数学基础

对于许多同时具有强烈非线性和非平稳性的连续生物医学信号来说，计算其复杂度往往要求：1）在数据长度比较短的情况下也可以得出比较鲁棒的估计值；2）无需对原始信号作像二值化这样的过分的粗粒化，我们以前所提出的C0复杂度就是这样的一种度量，但是这种度量缺乏严格的数学基础，因而影响到它的应用，提出了一种改进形式，并严格证明了它的重要性质。从而表明这个量在一定条件下可以作为时间序列随机程度的指标，因而在随机性复杂度的意义下也可作为复杂性的一个定量指标，由于这个量有计算速度快的优点，因此特别适合于一些需要大量计算复杂度的场合，例如计算长时间过程中滑动窗口中复杂度的动态变化。     

Efficient visibility queries in simple polygons

We present a method of decomposing a simple polygon that allows the preprocessing of the polygon to efficiently answer visibility queries of various forms in an output sensitive manner. Using O(n³logn) preprocessing time and O(n³) space, we can, given a query point q inside or outside an n vertex polygon, recover the visibility polygon of q in O(logn+k) time, where k is the size of the visibility polygon, and recover the number of vertices visible from q in O(logn) time.

The key notion behind the decomposition is the succinct representation of visibility regions, and tight bounds on the number of such regions. These techniques are extended to handle other types of queries, such as visibility of fixed points other than the polygon vertices, and for visibility from a line segment rather than a point. Some of these results have been obtained independently by Guibas, Motwani and Raghavan [18] .