Lih-Chyau Wuu

Robust smart-card-based remote user password authenticationscheme

Smart-card-based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu etal. proposed a smart-card-based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood etal. and Song discovered that the smart-card-based password authentication scheme of Xu etal. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood etal. does not achieve mutual authentication and the secret key in the login phase of Songs scheme is permanent and thus vulnerable to stolen-smart-card and off-line guessing attacks. In this paper, we will propose an improved and efficient smart-card-based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen-smart-card attack. Copyright

Building intrusion pattern miner for Snort network intrusion detection system

In this paper, we enhance the functionalities of Snort network-based intrusion detection system to automatically generate patterns of misuse from attack data, and the ability of detecting sequential intrusion behaviors. To that, we implement an intrusion pattern discovery module which applies data mining technique to extract single intrusion patterns and sequential intrusion patterns from a collection of attack packets, and then converts the patterns to Snort detection rules for on-line intrusion detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. Intrusion behavior detection engine will create an alert when a series of incoming packets match the signatures representing sequential intrusion scenarios.

A longest prefix first search tree for IP lookup

The IP lookup mechanism is a key issue, in the design of IP routers. IP lookup is an important action in a router, which finds the next hop of each incoming packet with a longest-prefix-match address in the routing table. This work places the routing table on a longest prefix first search tree, which is constructed as a heap-like structure by the prefix length. A router using this scheme has fewer memory accesses when executing IP lookup than a router designed according to the Trie [E. Fredkin, Trie Memory, Communication of the ACM 3 (1960) 490-500], Patricia [K. Sklower, A tree-based routing table for Berkeley Unix, in: Proceedings of the USENIX Conference, 1991, pp. 93-99] or Prefix tree [M. Berger, IP lookup with low memory requirement and fast update, in: Proceedings of IEEE High Performance Switching and Routing, 2003, pp. 287-291]. Some nodes of the proposed tree can include two entries of the routing table to decrease the number of tree nodes. For instance, a routing table with 163,695 entries can be held in the proposed tree with 156,191 nodes. Furthermore, an improved scheme is presented to partition a tree into several smaller trees. The simulation reveals that the scheme not only lowers the tree height effectively but also scales well to IPv6 addresses.

A Data Hiding Scheme with High Embedding Capacity Based on General Improving Exploiting Modification Direction Method

Data hiding is one of the most important strategies on the field of data security; the main purpose of data hiding is to disguise the secret information and put them behind a cover image to make them unnoticeable and to assure the secrecy as a stego-image. Besides safety, the quantity of data that can be hidden in a single cover image is also very important to the data encryption. In this paper, we propose two kinds of weight-changing evaluation of high capacity EMD data hiding strategies that formulas can be open to the public; one of them is using table-checking to change the weighting evaluation of high capacity EMD data hiding strategy, the other is using generalize of high capacity EMD data hiding; both strategies can improve the safety problem when opening the formula to the public.

The high embedding steganographic method based on general multi-EMD

The hidden secret message capacity, stego-image quality and security are three important conditions for data hiding technology. According to these requirements, an effective security protection with high hiding capacity steganographic method based on general multi-EMD is proposed in this paper. The major contribution of this method is not to need more complicated embedded steps when the secret data is embedded and additional information when the secret data is recovered, respectively. From our simulation results, the proposed scheme not only maintains the original data hiding requirements but also achieves higher capacity than Kuo-Wang scheme.

High Embedding Reversible Data Hiding Scheme for JPEG

Both Data hiding and data compression are very important technologies in the field of image processing. It seems that there is no relationship between data hiding and data compression because most of the data hiding mechanisms focus on information security and the data compression mechanisms emphasize the compression ratio. In fact, they are closely related. Until now, there are many literatures to discuss the secret data how to be embedded into the media image. Unfortunately, the stego-image’s size will be increased when the media image is hidden a lot of secret data. In order to overcome this disadvantage, a reversible data hiding scheme based on EMD data hiding and JPEG compression technology will be proposed in this paper. According to the experimental results, we can prove that our proposed scheme still keeps high embedding capacity, security and good compression ratio.

The Cryptanalysis of LFSR/FCSR Based Alternating Step Generator

The alternating step generator (ASG) was proposed by Gunther in 1988 and consists of three LFSRs. After several serious attacks to ASG were proposed in recent years, the security of ASG has been carefully reexamined. A new structure of LFSR/FCSR based ASG and a new combination function are proposed in this research. Here, the structures of LFSR/FCSR based ASG are found to have lower probability of finding the corresponding pairs of two base sequences from an output sequence. In other words, it can resist edit distance correlation attacks efficiently. From the overall evaluation in this research, the structures of LFSR/FCSR based ASG are regarded to be more secure than ASG

Building intrusion pattern miner for snort network intrusion detection system

We propose a framework for Snort network-based intrusion detection system to make it have the ability of not only catching new attack patterns automatically, but also detecting sequential attack behaviors. To do that, we first build an intrusion pattern discovery module to find single intrusion patterns and sequential intrusion patterns from a collection of attack packets in offline training phase. The module applies data mining technique to extract descriptive attack signatures from large stores of packets, and then it converts the signatures to Snort detection rules for online detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. When a series of incoming packets match the signatures representing sequential intrusion scenarios, intrusion behavior detection engine make an alert.

Zero-Collision RFID Tags Identification Based on CDMA

One of the killer applications for Radio frequency identification (RFID) system is the automatic identification of physical objects. To do that, each object must be labeled with a RFID tag containing identifying data. However, collisions occur when several tags send their data simultaneously. This paper proposes a secure scheme for zero-collision RFID tags identification based on Code Division Multiple Access (CDMA) and hash-chain mechanics. The scheme not only allows several tags send their identifying data simultaneously without collision, but also provides the following secure properties for RFID reader and tags: mutual authentication, tag anonymity, robustness and forward secrecy.

Adaptive reversible data hiding based on histogram

Due to the development of internet rapidly, the secure transmission of information has become more and more importance. Until now, there are many scholars study in the topic of data hiding. Specially, the reversible data hiding scheme catch the researchers attention. No matter how the researchers use the different technology to embed the secret information, they always try to increase the hide space within the permission quality of the cover image. However, the hiding positions are subject to the highest point by using the NSAS-scheme or HKC-scheme. To overcome this shortcoming, a reversible data hiding based on adaptive hiding location will be proposed in this paper. According to the experimental results, we can prove that our proposed scheme still not only keeps high embedding capacity and stego-image quality but also maintain the better security