Caixue Zhou

Reversible data hiding with contrast enhancement and tamper localization for medical images

Digital transmission of medical images often involves hiding crucial information in some parts of the images which should be later extracted to authenticate ownership and identity. In this paper, a new reversible data hiding (RDH) algorithm for medical images is proposed. The primary objective of the algorithm is to achieve contrast enhancement of the region of interest (ROI) without introducing distortion, and achieve tamper localization against attacks on the ROI. First, the background and ROI of the medical image are segmented using Otsus automatic optimal thresholding method. To reduce the visual distortion, an improved scheme for preprocessing is applied to reduce the number of disordered pixels. By expanding the peak-pairs of the ROI histogram, data embedding along with distortion-less contrast enhancement of the ROI is achieved. The feature-bit matrix generated from the ROI is embedded into the least significant bits (LSBs) of the background pixels. At the receiving end, the tampered contents from the ROI of the detected image can be located using a difference matrix between the feature-bit matrix generated from the ROI and that extracted from the background. In the absence of tampering, the original ROI can be completely restored after the embedded data is extracted. Experimental results demonstrate that in comparison with some state-of-the-art RDH algorithms, the proposed algorithm achieves better performance in terms of contrast enhancement of ROI, preserving visual quality of the background and tamper localization.

Certificateless Signcryption in the Standard Model

Signcryption can realize encryption and signature simultaneously with lower computational costs and communicational overheads than those of the traditional sign-then-encrypt approach. Certificateless cryptosystem solves the key escrow problem in the identity-based cryptosystem and simplifies the public key management in the traditional public key cryptosystem. There have been some certificateless signcryption schemes proposed in the standard model up to now, but all of them are just proposed in a weaker Type I security model, which is weaker than the original security model of Barbosa and Farshim, who proposed the first certificateless signcryption scheme. In this paper, we propose a certificateless signcryption scheme in the standard model by using bilinear pairings, which is Type I secure in the original security model of Barbosa and Farshim and can resist the malicious-but-passive key generation center Type II attack. The proposed scheme is proved confidential assuming the modified decisional bilinear Diffie–Hellman (M-DBDH) problem is hard, and unforgeable assuming the square computational Diffie–Hellman (Squ-CDH) problem is hard. At last, we evaluate its efficiency which shows it is of high efficiency.

Certificateless Key-Insulated Generalized Signcryption Scheme without Bilinear Pairings

Generalized signcryption (GSC) can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH) assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL) assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices.

Identity Based Generalized Proxy Signcryption Scheme

Generalized signcryption can work as an encryption scheme, a signature scheme or a signcryption scheme with only one keypair and one algorithm. We extend it to the proxy system setting by considering sharing the same keypair and algorithm between the proxy signature and proxy signcryption, and we call it generalized proxy signcryption (GPSC). We give the formal definition and security model of GPSC in the identity-based setting by considering the whole abilities of an attacker, and propose a concrete scheme in the standard model. Our scheme is publicly verifiable, with strong security by considering insider attack, and with short system public parameters. Our scheme can be proved semantically secure against adaptively chosen ciphertext, chosen id and chosen warrant attack (short for IND-IB-GPSC-CCA) under the Decisional Bilinear Diffie-Hellman (DBDH) assumption, and existentially unforgeable against adaptively chosen message, chosen id and chosen warrant attack (short for EUF-IB-GPSC-CMA) under the (Computational Diffie-Hellman) CDH assumption. The performance evaluation shows it is of high efficiency. Moreover, we give a general construction of identity-based GPSC scheme from an identity-based combined signature and encryption scheme. DOI: http://dx.doi.org/10.5755/j01.itc.45.1.8758

Efficient Key Management for IOT Owner in the Cloud

IOT (internet of things) owner may not want their sensitive data to be public in the cloud. However, the client operated by IOT owner may be too lightweight to provide the encryption/decryption service. To remove the issue, we propose a novel solution to minimize the access control cost for IOT owner. First, we present a security model for IOT with minimal cost of IOT owner client without encryption, in which we transfer the encryption/decryption from the client to the cloud. Second, we propose an access control model to minimize the key management cost for IOT owner. Third, we provide an authorization update method to minimize the cost dynamically. In our method, the sensitive data from IOT owner is only available to the authorized user. Each IOT owner needs only to manage a single password, by which the IOT owner can always manage his/her sensitive data and authorization no matter the authorization policy how to change. Experimental results show that our approach significantly outperforms most of existing methods with efficient key management for IOT owner.

An efficient subscription index for publication matching in the cloud

Publish/subscribe has been successfully used in a variety of information dissemination applications. However, in a cloud computing environment, the enormous amount of information results in a very high requirement for the computing performance of a publish/subscribe method. In this paper, we propose an efficient index called Enindex for publish/subscribe matching. First, we group all the subscriptions submitted by subscribers, based on the key attributes (i.e., the most frequent attributes occurring in the subscriptions). Second, we group all the predicates contained in the subscriptions, according to three basic operators: ź (greater),=(equal), and ź (less), so as to remove the repeated predicates, and thus reduce the memory overhead. Finally, we propose an effective index structure to combine the grouped subscriptions together with the grouped predicates. Enindex not only has a small memory overhead, but also can support efficient publish/subscribe matching and online subscription updating. We conduct extensive experiments on synthetic datasets, and the experimental results demonstrate the superiority of the Enindex over state-of-the-art methods in terms of memory overhead and computing efficiency.

Certificate-Based Generalized Ring Signcryption Scheme

Generalized ring signcryption (GRSC) can realize ring signature and ring signcryption functions with only one key pair and one algorithm. It is very useful for a system with a large number of users, or whose function may be changed, or with limited storage space. We give a formal definition and security model of GRSC in the certificate-based cryptosystem setting and propose a concrete scheme by using bilinear pairings. The confidentiality of our scheme can be proved under the GBDH and CDH assumptions and the unforgeability of our scheme can be proved under GDH′ and CDH assumptions in the random oracle model, and what is more, our scheme has unconditional anonymity. Compared with other certificateless ring signcryption schemes that use bilinear pairings, it is a highly efficient one.

Reversible Authentication of Wireless Sensor Network Based on Prediction-Error Histogram and CRC

In this paper, a reversible authentication scheme for wireless sensor network (WSN) is proposed. Firstly, the WSN data stream is divided into some authentication groups, and each authentication group is composed of a generator group and a carrier group. Then the cyclical redundancy check (CRC) code of generator group is produced as the authentication information. In the carrier group, using the prediction-error-based histogram shifting algorithm, the authentication information is reversibly embedded into the fluctuation region of prediction-error histogram (PEH), not the smooth region. Experimental results and analysis demonstrate that compared with previous schemes, the proposed scheme achieves better performances on computation complex, false tampering alarm and attraction to attackers.

Reversible authentication scheme based on prediction-error expansion with compound symbolic chaos

In this paper, a reversible authentication scheme based on prediction-error expansion (PEE) is proposed. Firstly, the compound symbolic chaos sequence as well as image block pixel bits and position-bits are input into a hash function to produce hash-bits. Then exclusive-or operation, between the label-bits taken from the chaos sequence and hash-bits, is performed to generate the check bits, which are embedded into the image as short watermarking using PEE method. For each block, the observations are achieved by compressed sensing (CS), which are registered in the intellectual property rights (IPR) database as long watermarking. At receiver side, image integrity authentication and tamper localization are determined by the generated label-bits. The blocks without being tampered can be recovered reversibly to original state, and the tampered blocks can be restored using CS reconstruction algorithm with the extracted long watermarking. Experimental results demonstrate the proposed scheme outperforms some state-of-the-art similar schemes.

Reversible Watermarking Using Prediction-Error Expansion and Extreme Learning Machine

Currently, the research for reversible watermarking focuses on the decreasing of image distortion. Aiming at this issue, this paper presents an improvement method to lower the embedding distortion based on the prediction-error expansion (PE) technique. Firstly, the extreme learning machine (ELM) with good generalization ability is utilized to enhance the prediction accuracy for image pixel value during the watermarking embedding, and the lower prediction error results in the reduction of image distortion. Moreover, an optimization operation for strengthening the performance of ELM is taken to further lessen the embedding distortion. With two popular predictors, that is, median edge detector (MED) predictor and gradient-adjusted predictor (GAP), the experimental results for the classical images and Kodak image set indicate that the proposed scheme achieves improvement for the lowering of image distortion compared with the classical PE scheme proposed by Thodi et al. and outperforms the improvement method presented by Coltuc and other existing approaches.