基于脆弱水印的图像认证算法研究

很多基于分块的图像认证算法为了提高安全性,采用大分块或者分块相关技术,因而牺牲了定位精度.通过对各种攻击的分析,提出了一种基于脆弱水印的图像认证方案.使用SHA512算法和基于背包问题的单向函数来产生水印,使用滑动窗口技术和层次结构来嵌入水印,使强加密算法在小分块上得以应用.该方案不但能够抵抗矢量量化等目前已知的各种攻击,而且能够将篡改定位到2×2大小的像素块上.理论分析和实验数据表明,该方案在保证系统安全性的同时,有效地提高了篡改定位的精度.     

Digital fragile watermarking scheme for authentication of JPEG images

It is a common practice in transform-domain fragile watermarking schemes for authentication purposes to watermark some selected transform coefficients so as to minimise embedding distortion. The author points out that leaving most of the coefficients unmarked results in a wide-open security gap for attacks to be mounted on them. A fragile watermarking scheme is proposed to implicitly watermark all the coefficients by registering the zero-valued coefficients with a key-generated binary sequence to create the watermark and involving the unwatermarkable coefficients during the embedding process of the embeddable ones. Non-deterministic dependence is established by involving some of the unwatermarkable coefficients selected according to the watermark from a nine-neighbourhood system in order to thwart different attacks, such as cover-up, vector quantisation and transplantation. No hashing is needed in establishing the non-deterministic dependence.     

Analysis and improvement on identity-based cloud data integrity verification scheme

Many individuals or businesses outsource their data to remote cloud.Cloud storage provides users the advantages of economic convenience,but data owners no longer physically control over the stored data,which introduces new security challenges,such as no security guarantees of integrity and privacy.The security of two identity-based cloud data integrity verification schemes by Zhang et al and Xu et al respectively are analysed.It shows that Zhang et al.’s scheme is subjected to secret key recovery attack for the cloud servers can recover user’s private key only utilizing stored data.And Xu et al.’s scheme cannot satisfy security requirements of soundness.Based on Xu et al.'s scheme,a modified identity-based cloud data integrity verification scheme is proposed.A comprehensive analysis shows the new scheme can provide the security requirements of soundness and privacy,and has the same communication overhead and computational cost as Xu et al.’s scheme.     

用于流媒体版权保护的视频水印技术

针对越来越重要的流媒体安全,结合河南电视台对数字多媒体的版权保护,介绍了能够抵抗多种处理和失真的稳健水印,可用于流媒体的完整性验证的脆弱和半脆弱水印,可用于流媒体的版权告示作用的可见水印.     

Multiscale fragile watermarking based on the Gaussian mixture model.

In this paper, a new multiscale fragile watermarking scheme based on the Gaussian mixture model (GMM) is presented. First, a GMM is developed to describe the statistical characteristics of images in the wavelet domain and an expectation-maximization algorithm is employed to identify GMM model parameters. With wavelet multiscale subspaces being divided into watermarking blocks, the GMM model parameters of different watermarking blocks are adjusted to form certain relationships, which are employed for the presented new fragile watermarking scheme for authentication. An optimal watermark embedding method is developed to achieve minimum watermarking distortion. A secret embedding key is designed to securely embed the fragile watermarks so that the new method is robust to counterfeiting, even when the malicious attackers are fully aware of the watermark embedding algorithm. It is shown that the presented new method can securely embed a message bit stream, such as personal signatures or copyright logos, into a host image as fragile watermarks. Compared with conventional fragile watermark techniques, this new statistical model based method modifies only a small amount of image data such that the distortion on the host image is imperceptible. Meanwhile, with the embedded message bits spreading over the entire image area through the statistical model, the new method can detect and localize image tampering. Besides, the new multiscale implementation of fragile watermarks based on the presented method can help distinguish some normal image operations such as JPEG compression from malicious image attacks and, thus, can be used for semi-fragile watermarking.     

层次身份基认证密钥协商方案的安全性分析和改进

该文分析了曹晨磊等人(2014)提出的层次身份基认证密钥协商方案的安全性,指出该方案无法抵抗基本假冒攻击。文中具体描述了对该方案实施基本假冒攻击的过程,分析了原安全性证明的疏漏和方案无法抵抗该攻击的原因。然后,在BONEH等人(2005)层次身份基加密方案基础上提出了一种改进方案。最后,在BJM模型中,给出了所提方案的安全性证明。复杂度分析表明所提方案在效率上同原方案基本相当。     

Weaknesses and improvements of a remote user authentication scheme using smart cards

In 2005, Liu et al.proposed an improvement to Chien et al.'s remote user authentication scheme, using smart cards, to prevent parallel session attack.This article, however, will demonstrate that Liu et al.'s scheme is vulnerable to masquerading server attack and has the system's secret key forward secrecy problem.Therefore, an improved scheme with better security strength, by using counters instead of timestamps, is proposed.The proposed scheme does not only achieve their scheme's advantages, but also enhances its security by withstanding the weaknesses just mentioned.     

能区分图像或水印篡改的脆弱水印方案

针对现有脆弱型水印方案不能区分是图像内容还是水印被篡改的问题,提出一种能区分图像或水印篡改的脆弱水印方案.该方案用原始图像高7位的小波低频系数非均匀量化后生成的低频压缩图像作为水印,并用混沌系统对水印进行置乱加密,将安全性得到增强的水印直接嵌入到图像的LSB位;认证时通过差值图像定位图像内容被篡改的位置并指出图像中的水印是否被篡改.理论分析和仿真实验表明:该算法不但能精确定位图像内容被篡改的位置,而且能区分是图像内容被篡改、水印被篡改还是两者同时被篡改.     

一种能区分水印或内容篡改的脆弱水印算法

针对目前脆弱水印算法大多无法区分水印被篡改还是内容被篡改的问题,本文基于多重水印技术提出了一种能区分水印或内容篡改的脆弱水印算法.该算法由子块的主要DCT系数生成恢复水印,将其嵌入到偏移子块的次低位;待恢复水印嵌入后,将恢复水印作为子块内容的一部分生成认证水印,将其嵌入到子块的最低位.理论分析和实验结果表明:本文算法在抵抗量化攻击的同时,不仅能准确定位图像内容被篡改的位置,而且能区分是水印被篡改还是图像内容被篡改,并且在一定条件下可以对内容被篡改的区域进行恢复.     

标准模型下基于身份的混淆乐观公平交换方案

为防止签名验证者利用部分签名取得不公平的优势,Huang等人提出混淆乐观公平交换（Ambiguous Optimistic Fair Exchange,AOFE）方案及其一般构造方法,但是其构造方法没有考虑真实的用户环境.在基于IBC（Identity-Based Cryptography）的用户环境下,文章提出基于身份的混淆乐观公平交换（ID-AOFE）方案构造方法、方案实例、及其选择身份安全模型.提出的ID-AOFE构造方法对Huang等人的AOFE方案进行了简化,采用具有信息提取功能的证据不可区分证明算法替换原方案模型中的基于标签加解密和零知识证明算法.ID-AOFE安全模型以Huang等人的AOFE安全模型为基础,融合了选择身份安全模型,并对ID-AOFE方案的安全性进行了归纳和重新定义.在选择身份安全模型下,提出的ID-AOFE方案实例的公平性被规约到经典密码原语的安全性.此外,文章探讨了ID-AOFE方案的消息交互模型,就争端解决的方案和过程进行了重点分析.     

Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’

Authentication schemes assure that authorised user can fraudulently obtain his/her required services from home domains. Recently, Li et al. (International Journal of Network Management, 2013; 23(5):311–324) proposed a remote user authentication scheme. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Li et al.'s scheme is insecure against user impersonation attack. We show that an active adversary can easily masquerade as a legitimate user without knowing the user's secret information. As a remedy, we also proposed an improved authentication scheme to overcome the security weaknesses of Li et al.'s scheme. To show the security of our scheme, we prove its security the random oracle model. The implementation results show that our improved scheme offers a reduction of 58% in computational cost and a communication cost reduction of 48% with respect to Li et al.'s scheme. Copyright © 2014 John Wiley & Sons, Ltd.     

取证水印在IPTV中的应用

IPTV业务的迅速发展,对于以防止盗版为目的IPTV安全方案提出了更高的要求。基于取证水印的IPTV安全方案是对普通数字版权管理方案的补充,它是在视频流通过数字电视机顶盒时将具有特殊身份标识的水印嵌入视频,从而能够追踪盗版责任人,保证IPTV内容安全。介绍了取证水印的基本原理,分析了现有的各种基于取证水印的IPTV安全方案并给出比较。     

SECURITY ANALYSIS AND IMPROVEMENT OF A NEW THRESHOLD MULTI-PROXY MULTI-SIGNATURE SCHEME

Kang, et al. [Journal of Electronics(China), 23(2006)4] proposed a threshold multi-proxy multi-signature scheme, and claimed the scheme satisfies the security requirements of threshold multi-proxy multi-signature. However, in this paper, two forgery attacks are proposed to show that their schemes have serious security flaws. To overcome theses flaws, an improvement on Kang, et al.'sscheme is proposed.     

基于逆问题扰动的脆弱数字水印认证

为改进基于脆弱数字水印的多媒体数据认证的性能,利用逆问题的扰动现象提出了一种新的脆弱水印体制.在新的方法中,数据完整性或签名的验证并不依赖于水印的提取,而通过反向求解植入方程完成.由于扰动现象的存在,在数据被篡改的情况下,反向求得的数据值将产生猛烈的增长,并且,扰动值反映了篡改的程度,扰动区域正好描述了篡改的轮廓.在这一机制下,脆弱水印还可以引入自适应植入算法,在被保护数据的每一码字上植入水印.与常用的基于分块的算法相比,所提出的算法在提高篡改敏感性和可定位性的同时,还兼顾了感知透明性.     

Fragile watermarking using finite field trigonometrical transforms

Fragile digital watermarking has been applied for authentication and alteration detection in images. Utilizing the cosine and Hartley transforms over finite fields, a new transform domain fragile watermarking scheme is introduced. A watermark is embedded into a host image via a blockwise application of two-dimensional finite field cosine or Hartley transforms. Additionally, the considered finite field transforms are adjusted to be number theoretic transforms, appropriate for error-free calculation. The employed technique can provide invisible fragile watermarking for authentication systems with tamper location capability. It is shown that the choice of the finite field characteristic is pivotal to obtain perceptually invisible watermarked images. It is also shown that the generated watermarked images can be used as publicly available signature data for authentication purposes.     

Security analysis and improvement of new threshold multi-Proxy multi-Signature scheme

Kang, et al. [Journal of Electronics（China）, 23（2006）4] proposed a threshold multi-proxy multi-signature scheme, and claimed the scheme satisfies the security requirements of threshold multi-proxy multi-signature. However, in this paper, two forgery attacks are proposed to show that their schemes have serious security flaws. To overcome theses flaws, an improvement on Kang, et al.＇s scheme is proposed.     

无证书聚合签名方案的安全性分析和改进

该文分析了He等人(2014)提出的无证书签名方案和Ming等人(2014)提出的无证书聚合签名方案的安全性,指出Ming方案存在密钥生成中心(KGC)被动攻击,He方案存在KGC被动攻击和KGC主动攻击。该文描述了KGC对两个方案的攻击过程,分析了两个方案存在KGC攻击的原因,最后对Ming方案提出了两类改进。改进方案不仅克服了原方案的安全性问题,同时也保持了原方案聚合签名长度固定的优势。     

An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client–server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client–server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.’s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.’s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client–server environment. Performance analysis shows that our protocol has better performance than Wu et al.’s protocol and Yoon et al.’s protocol. Then our protocol is more suited for mobile client–server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.