Xiao Tan

Bio: Xiao Tan is an academic researcher from Hangzhou Normal University. The author has contributed to research in topics: Authentication protocol & Authentication. The author has an hindex of 4, co-authored 6 publications receiving 301 citations. Previous affiliations of Xiao Tan include City University of Hong Kong.

L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing

Abstract: With the advent of cloud computing, individuals and organizations have become interested in moving their databases from local to remote cloud servers However, data owners and cloud service providers are not in the same trusted domain in practice For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective database utilization a very challenging task To address this challenge, in this paper, we propose L-EncDB, a novel lightweight encryption mechanism for database, which (i) keeps the database structure and (ii) supports efficient SQL-based queries To achieve this goal, a new format-preserving encryption (FPE) scheme is constructed in this paper, which can be used to encrypt all types of character strings stored in database Extensive analysis demonstrates that the proposed L-EncDB scheme is highly efficient and provably secure under existing security model

Provably Secure Dynamic ID-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model

Abstract: Authenticated key exchange (AKE) protocol allows a user and a server to authenticate each other and generate a session key for the subsequent communications. With the rapid development of low-power and highly-efficient networks, such as pervasive and mobile computing network in recent years, many efficient AKE protocols have been proposed to achieve user privacy and authentication in the communications. Besides secure session key establishment, those AKE protocols offer some other useful functionalities, such as two-factor user authentication and mutual authentication. However, most of them have one or more weaknesses, such as vulnerability against lost-smart-card attack, offline dictionary attack, de-synchronization attack, or the lack of forward secrecy, and user anonymity or untraceability. Furthermore, an AKE scheme under the public key infrastructure may not be suitable for light-weight computational devices, and the security model of AKE does not capture user anonymity and resist lost-smart-card attack. In this paper, we propose a novel dynamic ID-based anonymous two-factor AKE protocol, which addresses all the above issues. Our protocol also supports smart card revocation and password update without centralized storage. Further, we extend the security model of AKE to support user anonymity and resist lost-smart-card attack, and the proposed scheme is provably secure in extended security model. The low-computational and bandwidth cost indicates that our protocol can be deployed for pervasive computing applications and mobile communications in practice.

OPoR: Enabling Proof of Retrievability in Cloud Computing with Resource-Constrained Devices

Abstract: Cloud computing moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. In this work, we study the problem of ensuring the integrity of data storage in cloud computing. To reduce the computational cost at user side during the integrity verification of their data, the notion of public verifiability has been proposed. However, the challenge is that the computational burden is too huge for the users with resource-constrained devices to compute the public authentication tags of file blocks. To tackle the challenge, we propose OPoR, a new cloud storage scheme involving a cloud storage server and a cloud audit server, where the latter is assumed to be semi-honest. In particular, we consider the task of allowing the cloud audit server, on behalf of the cloud users, to pre-process the data before uploading to the cloud storage server and later verifying the data integrity. OPoR outsources and offloads the heavy computation of the tag generation to the cloud audit server and eliminates the involvement of user in the auditing and in the pre-processing phases. Furthermore, we strengthen the proof of retrievability (PoR) model to support dynamic data operations, as well as ensure security against reset attacks launched by the cloud storage server in the upload phase.

A secure and privacy-preserving authentication protocol for wireless sensor networks in smart city

Abstract: Smart city can improve the efficiency of managing assets and resources, optimize urban services and improve the quality of citizens’ life. Wireless sensor networks (WSNs) can solve many problems in smart city, such as smart transportation, smart healthcare and smart energy. However, security and privacy are the biggest challenges for WSN. Recently, Banerjee et al. proposed a security-enhanced authentication and key agreement scheme for WSN, but their scheme cannot resist offline password guessing attack, impersonation attack, and does not achieve session key secrecy, identity unlinkability, and perfect forward secrecy. In order to fix these flaws, a secure and privacy-preserving authentication protocol for WSN in smart city is proposed. We prove the security of the proposed protocol by using applied pi calculus-based formal verification tool ProVerif and show that it has high computational efficiency by comparison with some related schemes.

Chaotic Maps-Based Strong Anonymous Authentication Scheme for Roaming Services in Global Mobility Networks

Abstract: Traditional smart card and password based two-factor authentication schemes for roaming services in global mobility networks are based on public key or symmetric key cryptographic primitives With the advancement of chaos-based cryptography, it has become an interesting topic to investigate if it can be used as an alternative tool for building mobile roaming authentication schemes that achieve higher efficiency and security In this paper, we answer this question affirmatively by proposing a chaotic maps-based authentication scheme for roaming The scheme supports authentication, security and strong anonymity using the applied pi calculus-based formal verification tool ProVerif Besides, it applies the efficient Chebyshev polynomial computation for better performance

PORs: Proofs of Retrievability for Large Files

Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0

Abstract: To be prepared for the ‘Industry 4.0’-era, we propose a hierarchical framework comprising four tangible layers, which is designed to vertically integrate inter-organizational value networks, engineering value chain, manufacturing factories, etc. The conceptual framework allows us to efficiently implement a flexible and reconfigurable smart factory. However, we need to consider security inherent in existing (stand-alone) devices and networks as well as those that may arise in such integrations. Especially the existing solutions are insufficient to address these fundamental security concerns. Thus, we present a blockchain-based system for secure mutual authentication, BSeIn, to enforce fine-grained access control polices. The proposed system (with integrated attribute signature, multi-receivers encryption and message authentication code) is designed to provide privacy and security guarantees such as anonymous authentication, auditability, and confidentiality. BSeIn also scales well due to the utilization of smart contract. We then evaluate the security and performance of BSeIn. For example, findings from the performance evaluation demonstrate that Initialization/Request Issuance/Chain Transaction/State Delivery/Permission Update phase only cost 12.123/4.810/6.978/0.013/2.559s, respectively.

Security in Internet of Things: issues, challenges, taxonomy, and architecture

Abstract: Internet technology is very pervasive today. The number of devices connected to the Internet, those with a digital identity, is increasing day by day. With the developments in the technology, Internet of Things (IoT) become important part of human life. However, it is not well defined and secure. Now, various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment, however, there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore, aim of this paper is to discuss the history, background, statistics of IoT and security based analysis of IoT architecture. In addition, we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature, which provides better understanding of the problem, current solution space, and future research directions to defend IoT against different attacks.

Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices

Abstract: Device authentication is an essential security feature for Internet of Things (IoT). Many IoT devices are deployed in the open and public places, which makes them vulnerable to physical and cloning attacks. Therefore, any authentication protocol designed for IoT devices should be robust even in cases when an IoT device is captured by an adversary. Moreover, many of the IoT devices have limited storage and computational capabilities. Hence, it is desirable that the security solutions for IoT devices should be computationally efficient. To address all these requirements, in this paper, we present a lightweight and privacy-preserving two-factor authentication scheme for IoT devices, where physically uncloneable functions have been considered as one of the authentication factors. Security and performance analysis show that our proposed scheme is not only robust against several attacks, but also very efficient in terms of computational efficiently.

Security, privacy & efficiency of sustainable Cloud Computing for Big Data & IoT

Abstract: With the significant advances in communication technologies and in many other sectors, also are growing up security and privacy issues. In our research, is introduced a base technology called Cloud Computing (CC) to operate with the Big Data (BD). CC is a technology which refers to the processing power of data in the fog, providing more “green” computational and sustainable computing. Since it is a recently investigated technology, it has many gaps in security and privacy. So, in this paper, we proposed a new system for Cloud Computing integrated with Internet of Things as a base scenario for Big Data. Moreover, we tried to establish an architecture relaying on the security of the network in order to improve the security issues. A solution proposed is installing a security “wall” between the Cloud Server and the Internet, with the aim to eliminate the privacy and security issues. As a result, we consider that CC deals more efficient with the privacy issue of bits transferred through time. Through our proposed system, the interaction and cooperation between things and objects communicate through the wireless networks in order to fulfil the objective set to them as a combined entity. Regarding the major goal of our research, which is the security, a sort survey of IoT and CC presented, with a focus on the security issues of both technologies. In addition to this, we try present the security challenges of the integration of IoT and Cloud Computing with the aim to provide an architecture relaying on the security of the network in order to improve their security issues. Finally, we realize that through our study Cloud Computing could offer a more “green” and efficient fog environment for sustainable computing scenarios.