Information computing and applications: First International Conference, ICICA 2010, Tangshan, China, October 15-18, 2010 : proceedings

Keynotes.- Computer Science: Where Is the Next Frontier?.- Video Forgery.- Data Analysis, Data Processing, Advanced Computation Models.- Intelligent Data Granulation on Load: Improving Infobright's Knowledge Grid.- Data Analysis Methods for Library Marketing.- HMM Approach for Classifying Protein Structures.- Investigation of Average Mutual Information for Species Separation Using GSOM.- Speech Recognition System and Formant Based Analysis of Spoken Arabic Vowels.- A Study on Mental Tasks Discriminative Power.- A Straight Line-Based Distance Measure to Compute Photographic Compositional Dissimilarity.- Data Gathering for Gesture Recognition Systems Based on Mono Color-, Stereo Color- and Thermal Cameras.- Object Surface Reconstruction from One Camera System.- The Study of Development Strategy for Bank Distribution Network through the Analysis of Inter-regional Financial Transaction Network.- Global Synchronization Properties for Different Classes of Underlying Interconnection Graphs for Kuramoto Coupled Oscillators.- Predicting the Performance of a GRID Environment: An Initial Effort to Increase Scheduling Efficiency.- Towards an Integrated Vision across Inter-cooperative Grid Virtual Organizations.- Effective GIS Mobile Query System.- Modeling and Simulation of Tandem Tollbooth Operations with Max-Algebra Approach.- Security, Software Engineering, Communication and Networking.- Intrusion Detection Based on Back-Propagation Neural Network and Feature Selection Mechanism.- Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis.- Fragmentation Point Detection of JPEG Images at DHT Using Validator.- Secure and Energy Efficient Key Management Scheme Using Authentication in Cluster Based Routing Protocol.- Automatic Detection of Infinite Recursion in AspectJ Programs.- A Hierarchical Test Model and Automated Test Framework for RTC.- A Bi-objective Model Inspired Greedy Algorithm for Test Suite Minimization.- Analysing Object Type Hierarchies to Identify Crosscutting Concerns.- A Bayesian Inference Tool for NHPP-Based Software Reliability Assessment.- AGILE Rate Control for IEEE 802.11 Networks.- Low Density Parity Check Code for the Single Carrier Frequency Division Multiple Access.- Dual Optimization of Dynamic Sensor Function Allocation and Effective Sensed Data Aggregation in Wireless Sensor Networks.- Depth-Spatio-Temporal Joint Region-of-Interest Extraction and Tracking for 3D Video.- Dynamic Routing Algorithm for Reliability and Energy Efficiency in Wireless Sensor Networks.- QoS Multicast Routing Algorithms Based on Tabu Search with Hybrid Candidate List.- A Lifetime Enhancing Node Deployment Strategy in WSN.- Data Analysis, Data Processing, Advanced Computation Models.- Experimental Investigation of Three Machine Learning Algorithms for ITS Dataset.

Future generation information technology : first International Conference, FGIT 2009, Jeju Island, Korea, December 10-12, 2009 : proceedings

Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.

Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems

Recently, Wen et al have developed three-factor authentication protocol for multi-server environment, claiming it to be resistant to several kinds of attacks In this paper, we review Wen et al’s protocol and find that it does not fortify against many security vulnerabilities: (1) inaccurate password change phase, (2) failure to achieve forward secrecy, (3) improper authentication, (4) known session-specific temporary information vulnerability and (5) lack of smart card revocation and biometric update phase To get rid of these security weaknesses, we present a safe and reliable three-factor authentication scheme usable in multi-server environment The Burrows–Abadi–Needham logic shows that our scheme is accurate, and the formal and informal security verifications show that it can defend against various spiteful threats Further, we simulate our scheme using the broadly known Automated Validation of Internet Security Protocols and Applications tool, which ensures that it is safe from the active and passive attacks and also prevent the replay and man-in-the-middle attacks The performance evaluation shows that the presented protocol gives strong security as well as better complexity in the terms of communication cost, computation cost and estimated time

Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment

Today, an internet environment has become a single society in which all of the services required for daily living are implemented online. To reliably use such an internet environment for our daily living, safe user identification and authentication are required. Of course, there are many ways to perform authentication online. However, thus far, in many e-services include cloud services, passwords are mainly used for user authentications. Although there are many safer authentication methods than a password, which has the risk of personal information leakage and is a relatively poor authentication method, passwords are frequently used due to their high user convenience and ease of implementation. In this article, to resolve the weaknesses of the current password environment, we suggest a new user authentication method that can offer both safety and convenience combined with the recent mobile internet environment. For this purpose, in this article, a smart phone is used as the storage space for the user password. A user can conveniently use passwords in the wireless e-service as well as the wired e-service.

Enhanced password-based user authentication using smart phone

In 2012, Sun et al. proposed an authenticated group key transfer protocol based on secret sharing instead of encryption algorithm. They claimed that their protocol provides mutual authentication to ensure that only the authorized group members can recover the right session key and all participants only need to store one secret share for all sessions. However, our analysis shows that Sun et al.’s protocol is vulnerable to outsider and insider attacks and does not provide mutual authentication. In this paper, we show a detailed analysis of flaws in Sun et al.’s protocol.

Cryptanalysis of an Authenticated Group Key Transfer Protocol Based on Secret Sharing

Wireless communication is essential for the infrastructure of a healthcare system. This bidirectional communication is used for data collection and to control message delivery. Wireless communication is applied in industries as well as in our daily lives, e.g., smart cities; however, highly reliable communication may be more difficult in environments with low power consumption, many interferences, or IoT wireless network issues due to resource limitations. In order to solve these problems, we investigated the existing three-party password-authenticated key exchange (3PAKE) and developed an enhanced protocol. Currently, Lu et al. presented a 3PAKE protocol to improve the security flaws found in Farash and Attari’s protocol. This work revisits the protocol proposed by Lu et al. and demonstrates that, in addition to other security weaknesses, the protocol does not provide user anonymity which is an important issue for healthcare environment, and is not secure against insider attacks that may cause impersonation attacks. We propose a secure biometric-based efficient password-authenticated key exchange (SBAKE) protocol in order to remove the incidences of these threats, and present an analysis regarding the security and efficiency of the SBAKE protocol for practical deployment.

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

A remote user authentication scheme is a method to confirm the identity of a remote individual login to the server over an untrusted, public network. In 2012, Wen-Li proposed a dynamic ID-based user authentication scheme with key agreement and claimed that their scheme resisted impersonation attack and avoided leakage of partial information However, we find out that Wen-Li’s scheme could leak some key information to an adversary and is exposed to man in the middle attack launched by any adversary. In this paper we conduct detailed analysis of flaws in Wen-Li’s scheme.

Security Weakness of a Dynamic ID-Based User Authentication Scheme with Key Agreement

In 2010, Martinez-Pelaez et al. proposed an remote user authentication scheme with session key agreement for multi-server environment. They claimed that their scheme is efficient and secure against known attacks. However, this work shows that Martinez-Pelaez et al.’s scheme is exposed to various attacks. In this paper, we describe that Martinez-Pelaez et al.’s scheme is vulnerable to masquerade attack, server spoofig attack, stolen smart card attack, and is not easily repairable.

Mijin Kim

Papers

Enhanced password-based user authentication using smart phone

Cryptanalysis of an Authenticated Group Key Transfer Protocol Based on Secret Sharing

Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication

Security Weakness of a Dynamic ID-Based User Authentication Scheme with Key Agreement

Weaknesses of a Dynamic ID-Based Remote User Authentication Scheme with Session Key Agreement for Multi-server Environment