Huaqun Wang

A Provably-Secure Cross-Domain Handshake Scheme with Symptoms-Matching for Mobile Healthcare Social Network

With rapid developments of sensor, wireless and mobile communication technologies, Mobile Healthcare Social Networks (MHSNs) have emerged as a popular means of communication in healthcare services. Within MHSNs, patients can use their mobile devices to securely share their experiences, broaden their understanding of the illness or symptoms, form a supportive network, and transmit information (e.g., state of health and new symptoms) between users and other stake holders (e.g., medical center). Despite the benefits afforded by MHSNs, there are underlying security and privacy issues (e.g., due to the transmission of messages via a wireless channel). The handshake scheme is an important cryptographic mechanism, which can provide secure communication in MHSNs (e.g., anonymity and mutual authentication between users, such as patients). In this paper, we present a new framework for the handshake scheme in MHSNs, which is based on hierarchical identity-based cryptography. We then construct an efficient Cross-Domain HandShake (CDHS) scheme that allows symptoms-matching within MHSNs. For example, using the proposed CDHS scheme, two patients registered with different healthcare centers can achieve mutual authentication and generate a session key for future secure communications. We then prove the security of the scheme, and a comparative summary demonstrates that the proposed CDHS scheme requires fewer computation and lower communication costs. We also implement the proposed CDHS scheme and three related schemes in a proof of concept Android app to demonstrate utility of the scheme. Findings from the evaluations demonstrate that the proposed CDHS scheme achieves a reduction of 18.14 and 5.41 percent in computation cost and communication cost, in comparison to three other related handshake schemes.

Efficient certificateless anonymous multi-receiver encryption scheme for mobile devices

With the popularity of mobile devices, how to enhance the security and privacy in wireless communications has gained comprehensive attention. Many cryptographic schemes have been introduced for practical applications. In the multi-receiver encryption (MRE) scheme, a sender is allowed to generate the same ciphertext for a designed group of receivers. Any receiver can get the plaintext by decrypting the ciphertext; however, the real identity of receiver cannot be known by other receivers. Due to the above advantage, the MRE scheme can be used to protect the receiver’s privacy. Recently, the certificateless anonymous multi-receiver encryption (CLAMRE) scheme using the bilinear paring was introduced to solve the certificate management problem existing in MRE schemes based on the public key infrastructure and the private key escrow problem existing in MRE schemes based on identity-based cryptography. However, previous CLAMRE scheme using the bilinear paring is not suitable for mobile devices because the number of bilinear paring operations and Hash-to-Point (HTP) operations executed by the sender increases linearly as the increase of the receivers’ number. In this paper, an efficient CLAMRE scheme based on elliptic curve cryptography for mobile devices is proposed to improve performance. Because no bilinear paring or HTP operation is involved in the process of encryption, the proposed CLAMRE scheme has much less computation cost than the latest CLAMRE scheme. Security analysis shows the proposed CLAMRE scheme is provably secure in the random oracle model.

Identity-Based Proxy-Oriented Data Uploading and Remote Data Integrity Checking in Public Cloud

More and more clients would like to store their data to public cloud servers (PCSs) along with the rapid development of cloud computing. New security problems have to be solved in order to help more clients process their data in public cloud. When the client is restricted to access PCS, he will delegate its proxy to process his data and upload them. On the other hand, remote data integrity checking is also an important security problem in public cloud storage. It makes the clients check whether their outsourced data are kept intact without downloading the whole data. From the security problems, we propose a novel proxy-oriented data uploading and remote data integrity checking model in identity-based public key cryptography: identity-based proxy-oriented data uploading and remote data integrity checking in public cloud (ID-PUIC). We give the formal definition, system model, and security model. Then, a concrete ID-PUIC protocol is designed using the bilinear pairings. The proposed ID-PUIC protocol is provably secure based on the hardness of computational Diffie-Hellman problem. Our ID-PUIC protocol is also efficient and flexible. Based on the original clients authorization, the proposed ID-PUIC protocol can realize private remote data integrity checking, delegated remote data integrity checking, and public remote data integrity checking.

Anonymous and secure aggregation scheme in fog-based public cloud computing

By using fog computing, cloud computing can be extended to the edge of the network. Generally, in the public cloud, fog computing comprises three components: terminal device, fog node and public cloud server (PCS). In this paper, we propose the concept of anonymous and secure aggregation scheme (ASAS) in fog-based public cloud computing. In the ASAS model, a fog node aggregates the data from terminal nodes and forwards the aggregated data to the public cloud server. By using the ASAS scheme, the fog node can help terminal devices upload their data to PCS. By using the data aggregation technique, our ASAS scheme can save bandwidth between the fog node and PCS. At the same time, our ASAS scheme not only protects the identities of terminal devices by using pseudonyms but it also guarantees data secrecy via a homomorphic encryption technique. In this paper, we design the first concrete ASAS scheme. We also examine the security and the performance of our proposal, which we show to be provably secure and efficient. We propose the anonymous and secure aggregation model in fog-based public cloud computing.We construct the first anonymous and secure aggregation scheme in fog-based public cloud computing.We show that our proposed concrete scheme is provably secure.Detailed performance analysis and experimental results are given.

Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage

Public auditing protocol is very significant for implementing secure cloud storage since it can be used to check the integrity of the data stored in the cloud without downloading them. Recently, Zhang and Dong presented an identity-based public auditing (IBPA) protocol using the bilinear pairing and claimed that their protocol is provably secure in the random oracle model. Through proposing two concrete attacks, we demonstrate that the adversary against Zhang-Dongs protocol can break the data integrity without being found by the auditor. The analysis shows that their protocol is not secure for the cloud storage.

Incentive and Unconditionally Anonymous Identity-Based Public Provable Data Possession

When the data is stored in public clouds, provable data possession (for short, PDP) is of crucial importance in cloud storage. PDP can make the users verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, anonymity is very important in order to protect the user identity privacy. In order to encourage users to disclose bad event, the government or organization or individual may pay for the user who provides the precious data. Thus, incentive and unconditionally anonymous identity-based public PDP (for short, IAID-PDP) is a very important security concept. From the above requirements, for the first time, we propose the concept of IAID-PDP. We formalize its system model and security model. Based on the bilinear pairings, a concrete IAID-PDP protocol is presented. Based on the standard hard problems, the proposed IAID-PDP protocol is provably secure. IAID-PDP protocol eliminates the complex certificate management since it is designed in the identity-based public key cryptography. Through the performance analysis and security analysis, our IAID-PDP protocol satisfies the following properties: certification elimination, incentive, unconditional anonymity and remote data integrity checking.

Two-Factor Data Access Control With Efficient Revocation for Multi-Authority Cloud Storage Systems

Attribute-based encryption, especially for ciphertext-policy attribute-based encryption, can fulfill the functionality of fine-grained access control in cloud storage systems. Since users’ attributes may be issued by multiple attribute authorities, multi-authority ciphertext-policy attribute-based encryption is an emerging cryptographic primitive for enforcing attribute-based access control on outsourced data. However, most of the existing multi-authority attribute-based systems are either insecure in attribute-level revocation or lack of efficiency in communication overhead and computation cost. In this paper, we propose an attribute-based access control scheme with two-factor protection for multi-authority cloud storage systems. In our proposed scheme, any user can recover the outsourced data if and only if this user holds sufficient attribute secret keys with respect to the access policy and authorization key in regard to the outsourced data. In addition, the proposed scheme enjoys the properties of constant-size ciphertext and small computation cost. Besides supporting the attribute-level revocation, our proposed scheme allows data owner to carry out the user-level revocation. The security analysis, performance comparisons, and experimental results indicate that our proposed scheme is not only secure but also practical.

Lightweight Data Aggregation Scheme against Internal Attackers in Smart Grid Using Elliptic Curve Cryptography

Recent advances of Internet and microelectronics technologies have led to the concept of smart grid which has been a widespread concern for industry, governments, and academia. The openness of communications in the smart grid environment makes the system vulnerable to different types of attacks. The implementation of secure communication and the protection of consumers’ privacy have become challenging issues. The data aggregation scheme is an important technique for preserving consumers’ privacy because it can stop the leakage of a specific consumer’s data. To satisfy the security requirements of practical applications, a lot of data aggregation schemes were presented over the last several years. However, most of them suffer from security weaknesses or have poor performances. To reduce computation cost and achieve better security, we construct a lightweight data aggregation scheme against internal attackers in the smart grid environment using Elliptic Curve Cryptography (ECC). Security analysis of our proposed approach shows that it is provably secure and can provide confidentiality, authentication, and integrity. Performance analysis of the proposed scheme demonstrates that both computation and communication costs of the proposed scheme are much lower than the three previous schemes. As a result of these aforementioned benefits, the proposed lightweight data aggregation scheme is more practical for deployment in the smart grid environment.

VOD-ADAC: Anonymous Distributed Fine-Grained Access Control Protocol with Verifiable Outsourced Decryption in Public Cloud

Remote data access control is of crucial importance in public cloud. Based on its own inclinations, the data owner predefines the access policy. When the user satisfies the data owners access policy, it has the right to access the data owners remote data. In order to improve flexibility and efficiency of remote data access control, attribute-based encryption (for short, ABE) is used to realize the remote data fine-grained access control. For the low-capacity terminals, verifiable outsourced decryption is a very attractive technique. In the real application scenarios, the users attributes are usually managed by many authorities. When some authorized users access some sensitive remote data, they hope to preserve their identity privacy. From the two points, we propose an anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud (for short, VOD-ADAC). VOD-ADAC is a novel concept which is proposed for the first time in the paper. By adopting the pseudonym technique, the users high anonymity can be achieved by frequently changing the independent pseudonyms at some highly social spots. This paper formalizes the system model and security model of VOD-ADAC protocol. Then, by using hybrid encryption technique of distributed ABE and symmetric encryption, a concrete VOD-ADAC protocol is designed from the bilinear pairings. Through security analysis and performance analysis, our proposed VOD-ADAC protocol is provably secure and efficient.

Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment

Abstract Significant advances in wireless communication technologies have led to the emergence and proliferation of a wide range of mobile devices and mobile services. However, the use of various cloud servers has made the traditional single-server architecture, where we have one server and many users, inefficient in terms of its performance. To address this drawback, multi-server architectures have been proposed. Password or smart card-based authentication schemes suffer from poor security in the multi-server environment and as a result biometrics have become a preferred choice for secure and robust authentication because of its close link with the physical characteristics of an individual. Recently Kumari and Li et al. proposed a biometrics-based authentication scheme for multi-server environment. However, we found that their scheme fails to meet user anonymity requirement and is vulnerable to several attacks. Therefore, first of our work, we describe the various possible attacks on the previous scheme. Then, to enhance user anonymity, we propose a new biometrics-based authentication scheme with key distribution for the mobile multi-server environment. Our proposed scheme is based on smart card and elliptic curve cryptosystem. Informal and formal security analyses demonstrate that our scheme can satisfy the security and functional requirements in the mobile multi-server environment. Moreover, performance results (such as computation and communication cost) obtained with our proposed scheme demonstrate significant improvements in the level of security.