Chunqiang Hu

Body Area Network Security: A Fuzzy Attribute-Based Signcryption Scheme

Body Area Networks (BANs) are expected to play a major role in the field of patient-health monitoring in the near future. While it is vital to support secure BAN access to address the obvious safety and privacy concerns, it is equally important to maintain the elasticity of such security measures. For example, elasticity is required to ensure that first-aid personnel have access to critical information stored in a BAN in emergent situations. The inherent tradeoff between security and elasticity calls for the design of novel security mechanisms for BANs. In this paper, we develop the Fuzzy Attribute-Based Signcryption (FABSC), a novel security mechanism that makes a proper tradeoff between security and elasticity. FABSC leverages fuzzy Attribute-based encryption to enable data encryption, access control, and digital signature for a patients medical information in a BAN. It combines digital signatures and encryption, and provides confidentiality, authenticity, unforgeability, and collusion resistance. We theoretically prove that FABSC is efficient and feasible. We also analyze its security level in practical BANs.

Outsourcing Large Matrix Inversion Computation to A Public Cloud

Cloud computing enables resource-constrained clients to economically outsource their huge computation workloads to a cloud server with massive computational power. This promising computing paradigm inevitably brings in new security concerns and challenges, such as input/output privacy and result verifiability. Since matrix inversion computation (MIC) is a quite common scientific and engineering computational task, we are motivated to design a protocol to enable secure, robust cheating resistant, and efficient outsourcing of MIC to a malicious cloud in this paper. The main idea to protect the privacy is employing some transformations on the original matrix to get a encrypted matrix which is sent to the cloud; and then transforming the result returned from the cloud to get the correct inversion of the original matrix. Next, a randomized Monte Carlo verification algorithm with one-sided error is employed to successfully handle result verification. In this paper, the superiority of this novel technique in designing inexpensive result verification algorithm for secure outsourcing is well demonstrated. We analytically show that the proposed protocol simultaneously fulfills the goals of correctness, security, robust cheating resistance, and high-efficiency. Extensive theoretical analysis and experimental evaluation also show its high-efficiency and immediate practicability.

OPFKA: Secure and efficient Ordered-Physiological-Feature-based key agreement for wireless Body Area Networks

Body Area Networks (BANs) are expected to play a major role in patient health monitoring in the near future. Providing an efficient key agreement with the prosperities of plug-n-play and transparency to support secure inter-sensor communications is critical especially during the stages of network initialization and reconfiguration. In this paper, we present a novel key agreement scheme termed Ordered-Physiological-Feature-based Key Agreement (OPFKA), which allows two sensors belonging to the same BAN to agree on a symmetric cryptographic key generated from the overlapping physiological signal features, thus avoiding the pre-distribution of keying materials among the sensors embedded in the same human body. The secret features computed from the same physiological signal at different parts of the body by different sensors exhibit some overlap but they are not completely identical. To overcome this challenge, we detail a computationally efficient protocol to securely transfer the secret features of one sensor to another such that two sensors can easily identify the overlapping ones. This protocol possesses many nice features such as the resistance against brute force attacks. Experimental results indicate that OPFKA is secure, efficient, and feasible. Compared with the state-of-the-art PSKA protocol, OPFKA achieves a higher level of security at a lower computational overhead.

Fog Computing for the Internet of Things: Security and Privacy Issues

The inherent characteristics of Internet of Things (IoT) devices, such as limited storage and computational power, require a new platform to efficiently process data. The concept of fog computing has been introduced as a technology to bridge the gap between remote data centers and IoT devices. Fog computing enables a wide range of benefits, including enhanced security, decreased bandwidth, and reduced latency. These benefits make the fog an appropriate paradigm for many IoT services in various applications such as connected vehicles and smart grids. Nevertheless, fog devices (located at the edge of the Internet) obviously face many security and privacy threats, much the same as those faced by traditional data centers. In this article, the authors discuss the security and privacy issues in IoT environments and propose a mechanism that employs fog to improve the distribution of certificate revocation information among IoT devices for security enhancement. They also present potential research directions aimed at using fog computing to enhance the security and privacy issues in IoT environments.

Verifiable multi-secret sharing based on LFSR sequences

In verifiable multi-secret sharing schemes (VMSSs), many secrets can be shared but only one share is kept by each user and this share is verifiable by others. In this paper, we propose two secure, efficient, and verifiable (t,n) multi-secret sharing schemes, namely Scheme-I and Scheme-II. Scheme-I is based on the Lagrange interpolating polynomial and the LFSR-based public key cryptosystem. The Lagrange interpolating polynomial is used to split and reconstruct the secrets and the LFSR-based public key cryptosystem is employed to verify the validity of the data. Scheme-II is designed according to the LFSR sequence and the LFSR-based public key cryptosystem. We compare our schemes with the state-of-the-art in terms of attack resistance, computation complexity, and so on, and conclude that our schemes have better performance and incur less computation overhead. Our schemes can effectively detect a variety of forgery or cheating actions to ensure that the recovery of the secrets is secure and creditable, and the length of the private key is only one third of that of others for the same security level.

Robust Collaborative Spectrum Sensing Schemes for Cognitive Radio Networks

Cognitive radio networking allows the unlicensed secondary users to opportunistically access the licensed spectrum as long as the performance of the licensed primary users does not degrade. This dynamic spectrum access strategy is enabled by cognitive radio coupled with spectrum sensing technologies. Due to the imperfection of wireless transmissions, collaborative spectrum sensing (CSS) has been proposed to significantly improve the probability of detecting the transmissions of primary users. Nevertheless, current CSS techniques are sensitive to malicious secondary users, leading to a high false alarm rate and low detection accuracy on the presence of the primary users. In this paper, we present several robust collaborative spectrum sensing schemes that can calculate a trust value for each secondary user to reflect its suspicious level and mitigate its harmful effect on cooperative sensing. Our approach explores the spatial and temporal correlations among the reported information of the secondary users to determine the trust values. Extensive simulation study has been performed and our results demonstrate that the proposed schemes can guarantee the accuracy of the cooperative sensing system with a low false alarm rate when a considerable number of secondary users report false information.

Secure and Efficient Data Communication Protocol for Wireless Body Area Networks

Wireless Body Area Networks (WBANs) are expected to play a major role in the field of patient-health monitoring in the near future, which gains tremendous attention amongst researchers in recent years. One of the challenges is to establish a secure communication architecture between sensors and users, whilst addressing the prevalent security and privacy concerns. In this paper, we propose a communication architecture for BANs, and design a scheme to secure the data communications between implanted/wearable sensors and the data sink/data consumers (doctors or nurse) by employing Ciphertext-Policy Attribute Based Encryption (CP_ABE) [1] and signature to store the data in ciphertext format at the data sink, hence ensuring data security. Our scheme achieves a role-based access control by employing an access control tree defined by the attributes of the data. We also design two protocols to securely retrieve the sensitive data from a BAN and instruct the sensors in a BAN. We analyze the proposed scheme, and argue that it provides message authenticity and collusion resistance, and is efficient and feasible. We also evaluate its performance in terms of energy consumption and communication/computation overhead.

Securing communications between external users and wireless body area networks

Wireless Body Area Networks (BANs) are expected to play a crucial role in patient-health monitoring in the near future. Establishing secure communications between BAN sensors and external users is key to addressing the prevalent security and privacy concerns. In this paper, we propose the primitive functions to implement a secret-sharing based Ciphertext-Policy Attribute-Based Encryption (CP_ABE) scheme, which encrypts the data based on an access structure specified by the data source. We also design two protocols to securely retrieve the sensitive patient data from a BAN and instruct the sensors in a BAN. Our analysis indicates that the proposed scheme is feasible, can provide message authenticity, and can counter possible major attacks such as collusion attacks and battery-draining attacks.

SECRET IMAGE SHARING BASED ON CHAOTIC MAP AND CHINESE REMAINDER THEOREM

Secret sharing is an efficient method for transmitting the image securely. This paper proposes an efficient secret sharing scheme for secret image. The protocol allows each participant to share a secret gray image with the rest of participants. In our scheme, a secret digital image is divided into n pieces, which are further distributed into n participants. The secret digital image can be reconstructed if and only if r or more legal participants cooperate together. These schemes have no pixel expansion. It is general in nature and can be applied on any image size. The proposed scheme is based on the chaotic map and the Chinese Remainder theorem. The security of the scheme is analyzed and the protocol is proven to be secure and be able to resist statistic and exhaustive attacks.

An Attribute-Based Signcryption Scheme to Secure Attribute-Defined Multicast Communications

We consider a special type of multicast communications existing in many emerging applications such as smart grids, social networks, and body area networks, in which the multicast destinations are specified by an access structure defined by the data source based on a set of attributes and carried by the multicast message. A challenging issue is to secure these multicast communications to address the prevalent security and privacy concerns, i.e., to provide access control, data encryption, and authentication to ensure message integrity and confidentiality. To achieve this objective, we present a signcryption scheme called CP_ABSC based on Ciphertext-Policy Attribute Based Encryption (CP_ABE) [2] in this paper. CP_ABSC provides algorithms for key management, signcryption, and designcryption. It can be used to signcrypt a message/data based on the access rights specified by the message/data itself. A multicast destination can designcrypt a ciphertext if and only if it possesses the attributes required by the access structure of the data. Thus CP_ABSC effectively defines a multicast group based on the access rights of the data. CP_ABSC provides collusion attack resistance, message authentication, forgery prevention, and confidentiality. It can be easily applied to secure push-based multicasts where the data is pushed from the source to multiple destinations and pull-based multicasts where the data is downloaded from a repository by multiple destinations. Compared to CP_ABE, CP_ABSC combines encryption with signature at a lower computational cost for signcryption and a slightly higher cost in designcryption for signature verification.