Internet环境下“分布式智能决策支持系统生成器”Browser/Multi-Server结构的研究

针对当前的Internet环境，文章提出了一种新的分布式智能决策支持系统生成器的结构，并着重阐述了IDSSG的这种结构如何在Internet环境下实现。

DNATyper^(TM)21与Verifiler^(TM)Plus试剂盒对常规案件检材检验的比较

本文通过比较DNATyper^(TM)21与Verifi ler^(TM)Plus两种STR检测试剂盒对各类案件检材的检验能力,探讨DNATyper^(TM)21试剂盒在常规案件检验中应用的可靠性。取0.03125、0.0625、0.125、0.25、0.5、1.0 ng/μL基因组标准品对两种试剂盒进行灵敏度测试;应用DNATyper^(TM)21与Verifi ler^(TM)Plus试剂盒分别对1056例常规案件检材DNA进行检验;对同一样本等位基因进行一致性比较。结果表明,两种试剂盒均可以成功检测出模板浓度在0.0625 ng/μL以上的标准DNA。在检验的1056例样本中,DNATyper^(TM)21试剂盒共检出881例,检出率为83.4%;Verifi ler^(TM)Plus试剂盒检出892例,检出率为84.5%。统计学结果表明两种试剂盒检出率无统计学差异,且同一样本相同基因座得到的等位基因分型一致。综上,DNATyper^(TM)21试剂盒对各类常规检材具有良好的检验能力,可应用于日常案件检验。

A Secure Three-Factor Authenticated Key Agreement Scheme for Multi-Server Environment

Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years.However,traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service.Moreover,it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party.In order to overcome these difficulties,we designed a secure three-factor multi-server authenticated key agreement protocol based on elliptic curve cryptography,which needs the user to register only once at the registration center in order to access all semi-trusted servers.The proposed scheme can not only against various known attacks but also provides high computational efficiency.Besides,we have proved our scheme fulfills mutual authentication by using the authentication test method.

An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation

During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.

Cryptanalysis of Two Dynamic Identity Based Authentication Schemes for Multi-Server Architecture

Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.＇s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user＇s anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.＇s scheme shows that Lee et al＇s protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.＇s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.＇s improved protocol is susceptible to collusion attack.

Efficient Hierarchical Multi-Server Authentication Protocol for Mobile Cloud Computing

With the development of communication technologies,various mobile devices and different types of mobile services became available.The emergence of these services has brought great convenience to our lives.The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services.However,most of the protocols did not consider the case of hierarchical authentication.In the existing protocol,when a mobile user once registered at the registration center,he/she can successfully authenticate with all mobile service providers that are registered at the registration center,but real application scenarios are not like this.For some specific scenarios,some mobile service providers want to provide service only for particular users.For this reason,we propose a new hierarchical multi-server authentication protocol for mobile cloud computing.The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers.The proposed protocol reduces computing and communication costs by up to 42.6%and 54.2%compared to two superior protocols.The proposed protocol can also resist the attacks known so far.

Weaknesses of a Dynamic ID Based Remote User Authentication Protocol for Multi-Server Environment

Currently, smart card based remote user authentication schemes have been widely adopted due to their low cost and convenient portability. With the purpose of using various different internet services with single registration and to protect the users from being tracked, various dynamic ID based multi-server authentication protocols have been proposed. Recently, Li et al. proposed an efficient and secure dynamic ID based authentication protocol using smart cards. They claimed that their protocol provides strong security. In this paper, we have demonstrated that Li et al.’s protocol is vulnerable to replay attack, denial of service attack, smart card lost attack, eavesdropping attack and server spoofing attacks.

A verifiable essential secret image sharing scheme based on HLRs(VESIS-(t,s,k,n))

In traditional secret image sharing schemes,a secret image is shared among shareholders who have the same position.But if the shareholders have two different positions,essential and non‐essential,it is necessary to use essential secret image sharing schemes.In this article,a verifiable essential secret image sharing scheme based on HLRs is proposed.Shareholder's share consists of two parts.The first part is produced by the shareholders,which prevents the fraud of dealers.The second part is a shadow image that is produced by using HLRs and the first part of share.The verification of the first part of the shares is done for the first time by using multilinear and bilinear maps.Also,for verifying shadow images,Bloom Filters are used for the first time.The proposed scheme is more efficient than similar schemes,and for the first part of the shares,has formal security.

Improved key exchange protocol for three-party based on verifier authentication

To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.

An Identity-Based Strong Designated Verifier Proxy Signature Scheme

In a strong designated verifier proxy signature scheme, a proxy signer can generate proxy signature on behalf of an original signer, but only the designated verifier can verify the validity of the proxy signature. In this paper, we first define the security requirements for strong designated verifier proxy signature schemes. And then we construct an identity-based strong designated verifier proxy signature scheme. We argue that the proposed scheme satisfies all of the security requirements.

Efficient Identity Based Signcryption Scheme with Public Verifiability and Forward Security

In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.

Threshold Subliminal Channel Based on Designated Verifier Signature

The subliminal channel is used to send a secret message to an authorized receiver; the message cannot he discovered by any unauthorized receivers. Designated verifier signature （DVS） provide authentication of a message, we design a DVS scheme with message recovery mechanism and use it as a subliminal channel. In order to share a message among n users securely and allows t or more users can reconstruct the secret in dynamic groups, we combine both subliminal channel and （t, n） threshold cryptography. Then we proposed a threshold subliminal channel which can convey a subliminal message to a group of users based on message-recovery designated verifier signatures. Reconstructing the subliminal message relies on the cooperation of t or more users in the group and they can verify the validity of the subliminal message. Security and performance analysis show that the proposed scheme is secure and efficient.

Verifiable Secret Redistribution for Proactive Secret Sharing Schemes

A new scheme to verifiably redistribute a secret from the old to new shareholders without reconstruction of the secret is presented in this paper. The scheme allows redistribution between different access structures and between different threshold schemes. A point worth mentioning is that this verifiable secret redistribution (VSR) scheme can identify dishonest old shareholders during redistribution without any assumption. A certain technique is adopted to verify the correctness of the old shares of the secret. As a result, the scheme is very efficient. It can be applied to proactive secret sharing (PSS) schemes to construct more flexible and practical proactive secret sharing schemes.

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.

Verifiable Diversity Ranking Search Over Encrypted Outsourced Data

Data outsourcing has become an important application of cloud computing.Driven by the growing security demands of data outsourcing applications,sensitive data have to be encrypted before outsourcing.Therefore,how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue.Searchable encryption scheme is proposed to allow users to search over encrypted data.However,most searchable encryption schemes do not consider search result diversification,resulting in information redundancy.In this paper,a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing,which also supports search results verification.The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information.Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.

Verifiably Encrypted Signatures Without Random Oracles

Verifiably encrypted signatures are employed when a signer wants to sign a message for a verifier but does not want the verifier to possess his signature on the message until some certain requirements of his are satisfied. This paper presented new verifiably encrypted signatures from bilinear pairings. The proposed signatures share the properties of simplicity and efficiency with existing verifiably encrypted signature schemes. To support the proposed scheme, it also exhibited security proofs that do not use random oracle assumption. For existential unforgeability, there exist tight security reductions from the proposed verifiably encrypted signature scheme to a strong but reasonable computational assumption.

Numerical Simulation for Remediation Planning for 1,4-Dioxane-Contaminated Groundwater at Kuwana Illegal Dumping Site in Japan Based on the Concept of Verified Follow Up

At Kuwana illegal dumping site in Japan, where hazardous waste was illegally dumped, groundwater was severely contaminated by Volatile Organic Compounds (VOCs). Groundwater was already remedied by conducting Pump-and-Treat (P&T) after containment of all the waste by vertical slurry walls from 2002 to 2007. However, 1,4-dioxane was detected in both waste and groundwater outside of slurry walls after it was newly added into Japan environmental standards in late 2009, which suggested that the walls did not contain 1,4-dioxane completely. Our previous study developed a model to predict the 1,4-dioxane distribution in groundwater after the previous remediation at the site. In this study, numerical simulation was applied for remediation planning at the site based on the concept of Verified Follow Up (VF-UP) that had been proposed as a new approach to complete remediation effectively with consideration of future risks. The amount of waste to be removed and pumping plans were discussed by numerical simulation to achieve the remedial objective in which 1,4-dioxane in groundwater outside of walls is remedied within 10 years and 1,4-dioxane spreading throughout the walls is prevented in the case where a portion of waste is remained. Firstly, the amount of waste to be removed considering pumping plans for P&T was determined by scenario analysis. As a result, at least two-third of waste should be removed by combining with P&T. However, if the waste is remained, future risks of 1,4-dioxane spreading through the slurry walls may occur. Our simulation suggested that groundwater within the remaining waste must be pumped up at least 20 m3/d for containment of 1,4-dioxane within the remaining waste. In conclusion, our numerical simulation determined the amount of waste to be removed and the pumping plans for P&T to achieve the remedial objective effectively considering future risks based on the concept of VF-UP.

VPFL:A verifiable privacy-preserving federated learning scheme for edge computing systems

Federated learning for edge computing is a promising solution in the data booming era,which leverages the computation ability of each edge device to train local models and only shares the model gradients to the central server.However,the frequently transmitted local gradients could also leak the participants’private data.To protect the privacy of local training data,lots of cryptographic-based Privacy-Preserving Federated Learning(PPFL)schemes have been proposed.However,due to the constrained resource nature of mobile devices and complex cryptographic operations,traditional PPFL schemes fail to provide efficient data confidentiality and lightweight integrity verification simultaneously.To tackle this problem,we propose a Verifiable Privacypreserving Federated Learning scheme(VPFL)for edge computing systems to prevent local gradients from leaking over the transmission stage.Firstly,we combine the Distributed Selective Stochastic Gradient Descent(DSSGD)method with Paillier homomorphic cryptosystem to achieve the distributed encryption functionality,so as to reduce the computation cost of the complex cryptosystem.Secondly,we further present an online/offline signature method to realize the lightweight gradients integrity verification,where the offline part can be securely outsourced to the edge server.Comprehensive security analysis demonstrates the proposed VPFL can achieve data confidentiality,authentication,and integrity.At last,we evaluate both communication overhead and computation cost of the proposed VPFL scheme,the experimental results have shown VPFL has low computation costs and communication overheads while maintaining high training accuracy.

CExp： secure and verifiable outsourcing of composite modular exponentiation with single untrusted server

Outsnurcing computing allows users with resource-constrained devices tn outsnurce their complex computation wnrkloads to cloud servers that may not be honest. In this paper, we propose a new algorithm for securing the outsourcing of composite modnlar exponentiation, which is one of the most complex computing tasks in discrete- log based cryptographic protocols. Unlike algorithms based on two untrusted servers, we outsnurce modular expnnentiation operation to only a single server, which eliminates the potential for a cnllusinn attack when using two servers. Moreover, our proposed algorithm can hide the base and exponent of the outsourced data, which prevents the exposure of sensitive information to clnud servers. In addition, compared with the state-of-the-art algorithms, our scheme has remarkably better checkability, The user could detect any misbehavior with a probability of one if the server returns a fault result.

CONVERSION OF SURGICALLY VERIFIED UNRESECTABLE TO RESECTABLE HEPATOCELLULAR CARCINOMA(A REPORT OF 26 PATIENTS WITH SUBSEQUENT RESECTION)

During the period 1978-1987, 255 patients with pathologically proven hepatocellular carcinoma (HCC) were determined by laparotomy to be un-resectable, 155 (60.8%) out of them had their tumor mainly confined in right or left lobe and considered to be potentially resectable if remarkable tumor shrinkage appears after treatment. Second look operation was performed in 26 (16.8%) out of the 155 patients after marked reduction of tumor size, resection was done in all of these 26 patients. Triple or quadruple combination treatment with hepatic artery ligation (HAL), hepatic artery infusion (HAI) with chemotherapy, radiotherapy using linear accelerator, and radioimmunotherapy using 131-I antihu-man HCC ferritin antibody yielded the highest conversion rate (29.8%, 14/47) as compared to double combination treatment with HAL+HAI, or cryosur-gery+HAL (16.9%, 12/71) and single treatment with HAL or HAI or HAE (embolization) (0%, 0/37). The median tumor size of these 26 patients was reduced from 9.5 cm to 5.0 cm after combination treatment. The median interval between the first laparotomy and the subsequent resection was 5.0 (2-16) months. The survival rates calculated by life table method were: 1-year 86.5%, 2-year 74.3% and 3-year 74.3%. Nine cases have survival more than 3 years. Thus, multimodality combination treatment with subsequent resection might prolong survival significantly for some patients with unresectable HCC particularly confined in right lobe of a cirrhotic liver.