Fenghua Li

Reversible Data Hiding in Encrypted Images by Reserving Room Before Encryption

Recently, more and more attention is paid to reversible data hiding (RDH) in encrypted images, since it maintains the excellent property that the original cover can be losslessly recovered after embedded data is extracted while protecting the image contents confidentiality. All previous methods embed data by reversibly vacating room from the encrypted images, which may be subject to some errors on data extraction and/or image restoration. In this paper, we propose a novel method by reserving room before encryption with a traditional RDH algorithm, and thus it is easy for the data hider to reversibly embed data in the encrypted image. The proposed method can achieve real reversibility, that is, data extraction and image recovery are free of any error. Experiments show that this novel method can embed more than 10 times as large payloads for the same image quality as the previous methods, such as for PSNR=40 dB.

Certificateless public auditing for data integrity in the cloud

Due to the existence of security threats in the cloud, many mechanisms have been proposed to allow a user to audit data integrity with the public key of the data owner before utilizing cloud data. The correctness of choosing the right public key in previous mechanisms depends on the security of Public Key Infrastructure (PKI) and certificates. Although traditional PKI has been widely used in the construction of public key cryptography, it still faces many security risks, especially in the aspect of managing certificates. In this paper, we design a certificateless public auditing mechanism to eliminate the security risks introduced by PKI in previous solutions. Specifically, with our mechanism, a public verifier does not need to manage certificates to choose the right public key for the auditing. Instead, the auditing can be operated with the assistance of the data owners identity, such as her name or email address, which can ensure the right public key is used. Meanwhile, this public verifier is still able to audit data integrity without retrieving the entire data from the cloud as previous solutions. To the best of our knowledge, it is the first certificateless public auditing mechanism for verifying data integrity in the cloud. Our theoretical analyses prove that our mechanism is correct and secure, and our experimental results show that our mechanism is able to audit the integrity of data in the cloud efficiently.

Estimation of chlorophyll-a concentration and trophic states for inland lakes in Northeast China from Landsat TM data and field spectral measurements

Landsat TM data and field spectral measurements were used to evaluate chlorophyll‐a (Chl‐a) concentration levels and trophic states for three inland lakes in Northeast China. Chl‐a levels were estimated applying regression analysis in the study. The results obtained from the field reflectance spectra indicate that the ratio between the reflectance peak at 700 nm and the reflectance minimum at 670 nm provides a relatively stable correlation with Chl‐a concentration. Their determination of coefficients R 2 is 0.69 for three lakes in the area. From Landsat TM data, the results show that the most successful Chl‐a was estimated from TM3/TM2 with R 2 = 0.63 for the two lakes on 26 July 2004, from TM4/TM3 with R 2 = 0.89 for the two lakes on 14 October 2004, and from the average of TM2, TM3 and TM4 with R 2 = 0.72 for the three lakes tested on 13 July 2005. These results are applicable to estimate Chl‐a from satellite‐based observations in the area. We also evaluate the trophic states of the three lakes in the region by employing Shus modified trophic state index (TSIM) for the Chinese lakes eutrophication assessment. Our study presents the TSIM from different TM data with R 2 more than 0.73. The study shows that satellite observations are effectively applied to estimate Chl‐a levels and trophic states for inland lakes in the area.

A full lifecycle privacy protection scheme for sensitive data in cloud computing

With the rapid development of versatile cloud services, it becomes increasingly susceptible to expose users’ sensitive data into the cloud computing environment. In this paper, we propose a full lifecycle privacy protection scheme for sensitive data (FullPP), which is based on identity-based timed-release encryption (ID-TRE) algorithm and distributed hash table (DHT) network. In the FullPP scheme, we first encrypt the sensitive data into a ciphertext, which is broken up into extracted ciphertext and encapsulated ciphertext by using an extracting algorithm. Then, we leverage the ID-TRE algorithm to encrypt the decryption key and combine the key’s ciphertext with the extracted ciphertext to generate ciphertext shares. Finally, we distribute the ciphertext shares into the DHT network and store the encapsulated ciphertext into cloud servers. To recover the plaintext of the sensitive data, sufficient ciphertext shares, ID-TRE private key and the encapsulated ciphertext should be obtained during the lifecycle of the sensitive data. As a result, FullPP is able to provide full lifecycle privacy protection for users’ sensitive data by making it unreadable before a predefined time and automatically destructed after expiration. Security analysis indicates that the FullPP scheme is able to resist against both traditional attacks on the cloud servers and Sybil attacks on the DHT network. Experiment result shows that the FullPP scheme proposed by us is more effective and efficient than other existing schemes.

Fast Estimation of Optimal Marked-Signal Distribution for Reversible Data Hiding

Recently, code construction approaching the rate-distortion bound of reversible data hiding has been proposed by Lin , in which the coding/decoding process needs the optimal probability distribution of marked-signals as parameters. Therefore, the efficiency and accuracy of estimating the optimal marked-signal distribution will greatly influence the speeds of encoding and decoding. In this paper, we propose a fast algorithm to solve the optimal marked-signal distribution. Furthermore, we modify the method to achieve the optimal distribution directly according to a given distortion constraint or an expected embedding rate, which makes it more practical for applications.

Pattern Synthesis of Concentric Ring Array Antennas by Differential Evolution Algorithm

In this paper, we propose a computational global optimization method based on differential evolution (DE) algorithm for synthesizing large multiple concentric rings arrays to generate a pencil beam with minimum peak side lobe level (PSLL) and constrained first null beam width (FNBW). The synthesis is performed with a differential evolution technique to optimize the ring spacing, the number of the elements in each ring as well as the amplitude distribution. Simulated results of the designed synthesis illustrate the efficiency and reliability of our proposed method.

Efficient public verification on the integrity of multi-owner data in the cloud

Cloud computing enables users to easily store their data and simply share data with others. Due to the security threats in an untrusted cloud, users are recommended to compute verification metadata, such as signatures, on their data to protect the integrity. Many mechanisms have been proposed to allow a public verifier to efficiently audit cloud data integrity without receiving the entire data from the cloud. However, to the best of our knowledge, none of them has considered about the efficiency of public verification on multi-owner data, where each block in data is signed by multiple owners. In this paper, we propose a novel public verification mechanism to audit the integrity of multi-owner data in an untrusted cloud by taking the advantage of multisig-nature s. With our mechanism, the verification time and storage overhead of signatures on multi-owner data in the cloud are independent with the number of owners. In addition, we demonstrate the security of our scheme with rigorous proofs. Compared to the straightforward extension of previous mechanisms, our mechanism shows a better performance in experiments.

Achieving secure friend discovery in social strength-aware PMSNs

With Proximity-based Mobile Social Networks (PMSNs), mobile users can discover and make new social interactions easily with physical-proximate others through WiFi/Bluetooth interfaces embedded in the smartphones. Unfortunately, users enjoy these conveniences at the cost of revealing their personal data. Furthermore, an important factor called social strength, which impacts the discovering result a lot, is always ignored. To address these problems, we propose S-match, which aims to achieve secure friend discovery in social strength-aware PMSNs. Specifically, S-match exploits a two-dimensional similarity vector with considering both priority-aware similarity coefficient and social strength-aware similarity coefficient. We construct a similarity evaluation model based on entropy method to measure profile similarity, as well as a novel priority-aware similarity coefficient by improving Jaccard similarity function. Finally, the combination of the homomorphic property and the priority-aware similarity coefficient guarantee the avoidance on the insider attacks. The security and performance are thoroughly analyzed and evaluated via detailed simulations.

FDR-ABE: Attribute-Based Encryption with Flexible and Direct Revocation

In attribute-based encryption (ABE) systems, the revocation issue is essential and difficult, since users may change their attributes frequently in practice and each attribute is conceivably shared by multiple users. To our knowledge, all the existing ABE schemes fail to support flexible and direct revocation due to the burdensome update of attribute secret keys and cipher texts. Aiming at tackling the challenge above, in this paper, we formalize the notion of cipher text policy ABE with flexible and direct revocation (FDR-CP-ABE), and give out a concrete construction, which supports direct attribute and user revocation and is applicable to the data sharing architecture. The proposed FDR-CP-ABE scheme outperforms the previous revocation-related methods in that it has constant-size cipher texts and only partial cipher texts need to be updated whenever revocation events occur. Furthermore, we show that our FDR-CP-ABE scheme is provably secure in the standard model and it cannot be achieved by trivial combinations of the techniques of CP-ABE and BE.

Action-Based Access Control for Web Services

Web services over the Internet are widely used nowadays. The problem of secure access to Web-based systems is of great importance naturally. Compared with the existing models, the Action-Based Access Control (ABAC) model is the most suitable to control the access on Web services. In this paper, the ABAC model is introduced. Then, the security architecture of ABAC for Web services is proposed. In the architecture, the Action server manages the action information, the Domain server determines the security rank of request resources, and the Resource server storing the resources with different security ranks responses the request from the user. The cookie is extended with security properties.