S. No. | IEEE TITLE | ABSTRACT | IEEE YEAR |
1 | Fast Detection of Transformed Data Leaks | The leak of sensitive data on computer systems poses a serious threat to organizational security. Statistics show that the lack of proper encryption on files and communications due to human errors is one of the leading causes of data loss. Organizations need tools to identify the exposure of sensitive data by screening the content in storage and transmission, i.e., to detect sensitive information being stored or transmitted in the clear. However, detecting the exposure of sensitive information is challenging due to data transformation in the content. Transformations (such as insertion and deletion) result in highly unpredictable leak patterns. In this paper, we utilize sequence alignment techniques for detecting complex data-leak patterns. Our algorithm is designed for detecting long and inexact sensitive data patterns. This detection is paired with a comparable sampling algorithm, which allows one to compare the similarity of two separately sampled sequences. Our system achieves good detection accuracy in recognizing transformed leaks. We implement a parallelized version of our algorithms in graphics processing unit that achieves high analysis throughput. We demonstrate the high multithreading scalability of our data leak detection method required by a sizable organization. | 2016 |
2 | Optimal Coding and Allocation for Perfect Secrecy in Multiple Clouds | For a user to store data in the cloud, using services provided by multiple cloud storage providers (CSPs) is a promising approach to increase the level of data availability and confidentiality, as it is unlikely that different CSPs are out of service at the same time or collude with each other to extract information of a user. This paper investigates the problem of storing data reliably and securely in multiple CSPs constrained by given budgets with minimum cost. Previous works, with variations in problem formulations, typically tackle the problem by decoupling it into sub-problems and solve them separately. While such a decoupling approach is simple, the resultant solution is suboptimal. This paper is the first one which considers the problem as a whole and derives a jointly optimal coding and storage allocation scheme, which achieves perfect secrecy with minimum cost. The analytical result reveals that the optimal coding scheme is the nested maximum-distance-separable code and the optimal amount of data to be stored in the CSPs exhibits a certain structure. The exact parameters of the code and the exact storage amount to each CSP can be determined numerically by simple 2-D search. | 2016 |
3 | A Security-Enhanced Alignment-Free Fuzzy Vault-Based Fingerprint Cryptosystem Using Pair-Polar Minutiae Structures | Alignment-free fingerprint cryptosystems perform matching using relative information between minutiae, e.g., local minutiae structures, is promising, because it can avoid the recognition errors and information leakage caused by template alignment/registration. However, as most local minutiae structures only contain relative information of a few minutiae in a local region, they are less discriminative than the global minutiae pattern. Besides, the similarity measures for trivially/coarsely quantized features in the existing work cannot provide a robust way to deal with nonlinear distortions, a common form of intraclass variation. As a result, the recognition accuracy of current alignment-free fingerprint cryptosystems is unsatisfying. In this paper, we propose an alignment-free fuzzy vault-based fingerprint cryptosystem using highly discriminative pair-polar (P-P) minutiae structures. The fine quantization used in our system can largely retain information about a fingerprint template and enables the direct use of a traditional, well-established minutiae matcher. In terms of template/key protection, the proposed system fuses cancelable biometrics and biocryptography. Transforming the P-P minutiae structures before encoding destroys the correlations between them, and can provide privacy-enhancing features, such as revocability and protection against cross-matching by setting distinct transformation seeds for different applications. The comparison with other minutiaebased fingerprint cryptosystems shows that the proposed system performs favorably on selected publicly available databases and has strong security. | 2016 |
4 | Content-Adaptive Steganography by Minimizing Statistical Detectability | Most current steganographic schemes embed the secret payload by minimizing a heuristically defined distortion. Similarly, their security is evaluated empirically using classifiers equipped with rich image models. In this paper, we pursue an alternative approach based on a locally estimated multivariate Gaussian cover image model that is sufficiently simple to derive a closed-form expression for the power of the most powerful detector of content-adaptive least significant bit matching but, at the same time, complex enough to capture the non-stationary character of natural images. We show that when the cover model estimator is properly chosen, the state-of-the-art performance can be obtained. The closed-form expression for detectability within the chosen model is used to obtain new fundamental insight regarding the performance limits of empirical steganalysis detectors built as classifiers. In particular, we consider a novel detectability limited sender and estimate the secure payload of individual images. | 2016 |
5 | Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services | In this paper, we introduce a new fine-grained two-factor authentication (2FA) access control system for web-based cloud computing services. Specifically, in our proposed 2FA access control system, an attribute-based access control mechanism is implemented with the necessity of both a user secret key and a lightweight security device. As a user cannot access the system if they do not hold both, the mechanism can enhance the security of the system, especially in those scenarios where many users share the same computer for web-based cloud services. In addition, attribute-based control in the system also enables the cloud server to restrict the access to those users with the same set of attributes while preserving user privacy, i.e., the cloud server only knows that the user fulfills the required predicate, but has no idea on the exact identity of the user. Finally, we also carry out a simulation to demonstrate the practicability of our proposed 2FA system. | 2016 |
6 | On the Security of Permutation-Only Image Encryption Schemes | Permutation is a commonly used primitive in multimedia (image/video) encryption schemes, and many permutation-only algorithms have been proposed in recent years for the protection of multimedia data. In permutation-only image ciphers, the entries of the image matrix are scrambled using a permutation mapping matrix which is built by a pseudo-random number generator. The literature on the cryptanalysis of image ciphers indicates that the permutation-only image ciphers are insecure against ciphertext-only attacks and/or known/chosenplaintext attacks. However, the previous studies have not been able to ensure the correct retrieval of the complete plaintext elements. In this paper, we revisited the previous works on cryptanalysis of permutation-only image encryption schemes and made the cryptanalysis work on chosen-plaintext attacks complete and more efficient. We proved that in all permutationonly image ciphers, regardless of the cipher structure, the correct permutation mapping is recovered completely by a chosenplaintext attack. To the best of our knowledge, for the first time, this paper gives a chosen-plaintext attack that completely determines the correct plaintext elements using a deterministic method. When the plain-images are of size M × N and with L different color intensities, the number n of required chosen plain-images to break the permutation-only image encryption algorithm is n = logL(M N) . The complexity of the proposed attack is O (n · M N) which indicates its feasibility in a polynomial amount of computation time. To validate the performance of the proposed chosen-plaintext attack, numerous experiments were performed on two recently proposed permutation-only image/video ciphers. Both theoretical and experimental results showed that the proposed attack outperforms the state-of-theart cryptanalytic methods. | 2016 |
7 | Two-Level QR Code for Private Message Sharing and Document Authentication | The quick response (QR) code was designed for storage information and high-speed reading applications. In this paper, we present a new rich QR code that has two storage levels and can be used for document authentication. This new rich QR code, named two-level QR code, has public and private storage levels. The public level is the same as the standard QR code storage level; therefore, it is readable by any classical QR code application. The private level is constructed by replacing the black modules by specific textured patterns. It consists of information encoded using q-ary code with an error correction capacity. This allows us not only to increase the storage capacity of the QR code, but also to distinguish the original document from a copy. This authentication is due to the sensitivity of the used patterns to the print-and-scan (P&S) process. The pattern recognition method that we use to read the second-level information can be used both in a private message sharing and in an authentication scenario. It is based on maximizing the correlation values between P&S degraded patterns and reference patterns. The storage capacity can be significantly improved by increasing the code alphabet q or by increasing the textured pattern size. The experimental results show a perfect restoration of private information. It also highlights the possibility of using this new rich QR code for document authentication. | 2016 |