Xianping Wu

Dynamic Key Cryptography and Applications

In modern security models, cryptography plays a fundamental role in protecting data integrity and confidentiality in information systems. However, cryptography itself is subject to cryptanalysis attacks. To reduce the cryptanalysis attack risk, a dynamic key theory is presented and analyzed in this paper. Because these dynamic keys are one-time used symmetric cryptographic keys, they can significantly improve the security of cryptographic systems. The dynamic key theory generation scheme and key update mechanism are formally analyzed to demonstrate balance between security and performance. The theory can be applied to enhance the security and performance of cryptographic systems, especially those used in wireless networks communication. Two case studies using the proposed dynamic key theory are also described and analyzed to illustrate the power of the theory.

Dynamic Keys Based Sensitive Information System

Protecting sensitive information systems from security threats such as unauthorised access, information eavesdropping and information interfering, is significant. Most of the natural approaches employ strong authentication or cryptography systems to protect critical data. But those approaches do not stress on the potential amount of risks associated with sensitive information, especially the vulnerability from compromising of long term cryptographic keys and the lack of fine gained access control. Therefore, in this paper, a dynamic key theory based secure sensitive information system is proposed, which integrates dynamic keys with raw data to protect sensitive information; and the system also uses the keys to secure communication and enhance access control. A formal analysis is provided to verify the security of the proposed work. It shows that the proposed system guarantees critical information data security and access control flexibility. In addition, by using two sets of dynamic keys, fraud detection and prevention is achieved in the proposed system.

Wireless Internet payment system using smart cards

Advancements in the wireless technology have given rise to various payment methods and protocols. The recent, and probably latest KSL (S. Kungpisdan et al., 2003) protocol has been implemented for mobile credit card payments. This paper proposes a smart card based wireless Internet payment system which is derived from KSL (S. Kungpisdan et al., 2003) protocol. A client using a wireless smart card can perform transactions over a wireless LAN which is connected to the Internet via a wired network.

The Design and Implementation of a Smartphone Payment System based on Limited-used Key Generation Scheme

Wireless technologies in the form of mobile phones have become a pervasive part of our everyday live due to their convenience, light weight and lower transaction cost. However, performing payments using mobile phones have given a rise to security issues because of their limited resources and open air communication channel. Therefore, a secure mobile phone communication system has become a serious and crucial issue. This paper proposes a new security enhancement on smart phone using the limited-used key generation technique based on the KSL protocol. Our implementation adapts and compares two popular PKC systems (RSA and ECC) as a design solution for mobile phone payments security enhancement

Package-Role Based Authorization Control Model for Wireless Network Services

Authorization and authentication services are the major components protecting integrity and authenticity. Authorization control service provides a mechanism to verify user permission to access services. In wireless networks, not only users may change roles but also services can be added, removed or modified more frequently. Although Role-Based Access Control or RBAC can simplify the management of dynamic users, it does not consider dynamic permissions between roles and services. To allow dynamic permission assignment between roles and services, in this paper, we present an authorization control model extended from RBAC using packages. The authorization control is specially designed to achieve optimal cost for large scale and dynamic networks of users and services.

Security Architecture for Sensitive Information Systems

Protecting sensitive information is a growing concern around the globe. Securing critical data in all sectors, including the business, healthcare and military sectors, has become the first priority of sensitive information management. Failing to protect this asset results in high costs and, more importantly, can also result in lost customers and investor confidence and even threaten national security. Sensitive information systems consist of three major components: communication channel, user interface and sensitive information storage; the protection of these three components equates to the protection of sensitive information itself. Previous research in this area has been limited due to the employment of long-term shared keys and public keys. Currently, no complete security solution exists to help protect sensitive information in the three components. Issues such as dynamic sensitive information ownership, group authentication and authorization and privacy protection also create challenges for the protection of sensitive information systems. The research described in this thesis is based on dynamic key theory and group key theory to present a novel security architecture to enable sensitive information systems to overcome these challenges and meet the desired security goals for the three major components. The proposed security architecture consists of dynamic key management, user-oriented group key management, authentication and authorization management and sensitive information management, which guarantee the security of the three major components of sensitive information systems. Because of the lack of the assessment properties of information security models, a new sensitive information security model is also presented in this thesis to evaluate the effectiveness of security architecture. This model proves that the security architecture satisfies the security goals. It can also be used to assess other security architectures, and thus makes a valuable contribution to the field of sensitive information systems security. In summary, the proposed security architecture offers unique features necessary for the security of sensitive information systems. It also overcomes the limitations associated with existing security approaches and enables the complete protection of the three major components of sensitive information systems.

Probabilistic Encryption--A Comparative Analysis against RSA and ECC

This paper aims to provide a comparative analysis of the probabilistic versus the deterministic security models. We provide a benchmark by practically implementing and comparing three ciphers - Probabilistic Cipher (PC), RSA, and ECC. This paper provides the algorithms to implement these ciphers as well as highlights the operating time and performance of our implementation for varying key sizes of 128/1024, 160/2048, and 192/4096 bits. We target our implementation to justify if the probabilistic model can perform equivalently against the deterministic model so as to be considered to be used in more practical scenarios today.

A Novel Authentication Protocol for Sensitive Information Privacy Protection Using Dynamic Key Based Group Key Management

This paper presents a secure authentication and authorization protocol for protecting privacy in sensitive information systems. It allows involved individuals and group participants to achieve high security levels and tight authorization control. The need of long term shared secrets to authenticate individuals and group users is eradicated in the proposed protocol by dynamic keys. It overcomes the secrets compromising during authentication via open networks. Furthermore, it also offers an ability allowing information owners to have fine-gained control of their critical data. Finally, the paper gives a formal analysis to demonstrate how secure the proposed protocol together with discussions of security issues. It is argued that the proposed protocol achieves strong authentication and authorization, and solves the involved participants plausible deniability issues.

The design a implementation of a wireless payment system

Advancements in the wireless technology have given rise to various payment methods and protocols. Recently, KSL protocol has been introduced for secure wireless online payments. This paper proposes a KSL-based wireless Internet payment system where a client has the choice to either use a credit card or a smart card to perform transactions over a wireless local area network (WLAN) that is connected to the Internet via a wired network

An Authentication Model for Wireless Network Services

Authentication is an important component to protect information systems from unauthorised access of malicious sources. Because of resource limitations of mobile devices, it is a challenge to apply current authentication methods in wired networks for wireless networks. It lacks any considerations of security, efficiency, scalability and flexility in wireless networks. In this paper, an authentication model for individual and group users in wireless network is elaborated. It provides a flexible and scalable model to suit different problem requirements of wireless network services. A realisation of the authentication model using dynamic keys and group key management is proposed and analysed to demonstrate the security and efficiency in wireless networks.