Visible to the public Journal: IEEE Transactions on Information Forensics and Security, March 2015

SoS Newsletter- Advanced Book Block

SoS Logo

Journal: IEEE Transactions on Information Forensics and Security, March 2015


The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features.  It is published by the IEEE Signal Processing Society.


Veugen, T.; de Haan, R.; Cramer, R.; Muller, F., "A Framework for Secure Computations With Two Non-Colluding Servers and Multiple Clients, Applied to Recommendations," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.445, 457, March 2015. doi: 10.1109/TIFS.2014.2370255  Abstract: We provide a generic framework that, with the help of a preprocessing phase that is independent of the inputs of the users, allows an arbitrary number of users to securely outsource a computation to two non-colluding external servers. Our approach is shown to be provably secure in an adversarial model where one of the servers may arbitrarily deviate from the protocol specification, as well as employ an arbitrary number of dummy users. We use these techniques to implement a secure recommender system based on collaborative filtering that becomes more secure, and significantly more efficient than previously known implementations of such systems, when the preprocessing efforts are excluded. We suggest different alternatives for preprocessing, and discuss their merits and demerits.
Keywords: Authentication; Computational modeling; Cryptography; Protocols; Recommender systems; Servers; Secure multi-party computation; client-server systems; malicious model; preprocessing; recommender systems; secret sharing (ID#: 15-4776)


Ma, S.; Huang, Q.; Zhang, M.; Yang, B., "Efficient Public Key Encryption With Equality Test Supporting Flexible Authorization," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.458, 470, March 2015. doi: 10.1109/TIFS.2014.2378592  Abstract: We reformalize and recast the notion of public key encryption with equality test (PKEET), which was proposed in CT-RSA 2010 and supports to check whether two ciphertexts encrypted under different public keys contain the same message. PKEET has many interesting applications, for example, in constructing searchable encryption and partitioning encrypted data. However, the original PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others’. In this paper, we study the authorization mechanism for PKEET, and propose four types of authorization policies to enhance the privacy of users’ data. We give the definitions of the policies, propose a PKEET scheme supporting these four types of authorization at the same time, and prove its security based on the computational Diffie–Hellman assumption in the random oracle model. To the best of our knowledge, it is the only PKEET scheme supporting flexible authorization.
Keywords: Authorization; Electronic mail; Encryption; Monitoring; Public key; Searchable encryption; flexible authorization; public key encryption with equality test; searchable encryption (ID#: 15-4777)


Yao, G.; Bi, J.; Vasilakos, A.V., "Passive IP Traceback: Disclosing the Locations of IP Spoofers From Path Backscatter," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.471, 484, March 2015. doi: 10.1109/TIFS.2014.2381873 Abstract: It is long known attackers may use forged source IP address to conceal their real locations. To capture the spoofers, a number of IP traceback mechanisms have been proposed. However, due to the challenges of deployment, there has been not a widely adopted IP traceback solution, at least at the Internet level. As a result, the mist on the locations of spoofers has never been dissipated till now. This paper proposes passive IP traceback (PIT) that bypasses the deployment difficulties of IP traceback techniques. PIT investigates Internet Control Message Protocol error messages (named path backscatter) triggered by spoofing traffic, and tracks the spoofers based on public available information (e.g., topology). In this way, PIT can find the spoofers without any deployment requirement. This paper illustrates the causes, collection, and the statistical results on path backscatter, demonstrates the processes and effectiveness of PIT, and shows the captured locations of spoofers through applying PIT on the path backscatter data set. These results can help further reveal IP spoofing, which has been studied for long but never well understood. Though PIT cannot work in all the spoofing attacks, it may be the most useful mechanism to trace spoofers before an Internet-level traceback system has been deployed in real.
Keywords: Backscatter; Computer crime; IP networks; Internet; Logic gates; Telescopes; Topology; Computer network management; IP traceback; computer network security; denial of service (DoS) (ID#: 15-4778)


Barsoum, A.F.; Hasan, M.A., "Provable Multicopy Dynamic Data Possession in Cloud Computing Systems," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.485, 497, March 2015. doi: 10.1109/TIFS.2014.2384391  
Abstract: Increasingly more and more organizations are opting for outsourcing data to remote cloud service providers (CSPs). Customers can rent the CSPs storage infrastructure to store and retrieve almost unlimited amount of data by paying fees metered in gigabyte/month. For an increased level of scalability, availability, and durability, some customers may want their data to be replicated on multiple servers across multiple data centers. The more copies the CSP is asked to store, the more fees the customers are charged. Therefore, customers need to have a strong guarantee that the CSP is storing all data copies that are agreed upon in the service contract, and all these copies are consistent with the most recent modifications issued by the customers. In this paper, we propose a map-based provable multicopy dynamic data possession (MB-PMDDP) scheme that has the following features: 1) it provides an evidence to the customers that the CSP is not cheating by storing fewer copies; 2) it supports outsourcing of dynamic data, i.e., it supports block-level operations, such as block modification, insertion, deletion, and append; and 3) it allows authorized users to seamlessly access the file copies stored by the CSP. We give a comparative analysis of the proposed MB-PMDDP scheme with a reference model obtained by extending existing provable possession of dynamic single-copy schemes. The theoretical analysis is validated through experimental results on a commercial cloud platform. In addition, we show the security against colluding servers, and discuss how to identify corrupted copies by slightly modifying the proposed scheme.
Keywords: Computational modeling; Cryptography; Indexes; Organizations; Outsourcing; Servers; Tin; Cloud computing; data replication; dynamic environment; outsourcing data storage (ID#: 15-4779)


Li, J.; Li, X.; Yang, B.; Sun, X., "Segmentation-Based Image Copy-Move Forgery Detection Scheme," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.507, 518, March 2015. doi: 10.1109/TIFS.2014.2381872  Abstract: In this paper, we propose a scheme to detect the copy-move forgery in an image, mainly by extracting the keypoints for comparison. The main difference to the traditional methods is that the proposed scheme first segments the test image into semantically independent patches prior to keypoint extraction. As a result, the copy-move regions can be detected by matching between these patches. The matching process consists of two stages. In the first stage, we find the suspicious pairs of patches that may contain copy-move forgery regions, and we roughly estimate an affine transform matrix. In the second stage, an Expectation-Maximization-based algorithm is designed to refine the estimated matrix and to confirm the existence of copy-move forgery. Experimental results prove the good performance of the proposed scheme via comparing it with the state-of-the-art schemes on the public databases.
Keywords: Accuracy; Educational institutions; Estimation; Forgery; Image segmentation; Robustness; Transforms; Copy-move forgery detection; image forensics; segmentation (ID#: 15-4780)


Veugen, T., "Linear Round Bit-Decomposition of Secret-Shared Values," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.498, 506, March 2015. doi: 10.1109/TIFS.2014.2373811 Abstract: In the field of signal processing in the encrypted domain, linear operations are usually easy to perform, whereas multiplications, and bitwise operations like comparison, are more costly in terms of computation and communication. These bitwise operations frequently require a decomposition of the secret value into bits. To minimize the communication complexity, previous studies have focused on solutions that require a constant number of communication rounds, often at the cost of a large number of multiplications. We develop a bit-decomposition protocol within a linear secret sharing system, where sharings of the bits are computed from an integer that is secret-shared among multiple parties. We consider new solutions that require fewer multiplications, but where the number of communication rounds is linear in the input size. Although our basic solution requires m communication rounds to extract the m least significant bits, we present a way of reducing it by an arbitrary factor, using additional precomputations. Given that the best constant round solutions need at least 23 communication rounds, our solution is preferable for integers up to 165 bits, leading to fewer rounds and a smaller number of secure multiplications. In one variant, it is even possible to compute all I bits through only one opening and one additional communication round containing l multiplications, when a precomputation phase of 2 + log2 I rounds and 2I-l-1 secure multiplications has been performed.
Keywords: Complexity theory; Cryptography; Equations; Logic gates; Materials; Protocols; Linear secret sharing; bit-decomposition; linear secret sharing; secure multi-party computations (ID#: 15-4781)


Taha, M.; Schaumont, P., "Key Updating for Leakage Resiliency With Application to AES Modes of Operation," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.519, 528, March 2015. doi: 10.1109/TIFS.2014.2383359  Abstract: Side-channel analysis (SCA) exploits the information leaked through unintentional outputs (e.g., power consumption) to reveal the secret key of cryptographic modules. The real threat of SCA lies in the ability to mount attacks over small parts of the key and to aggregate information over different encryptions. The threat of SCA can be thwarted by changing the secret key at every run. Indeed, many contributions in the domain of leakage resilient cryptography tried to achieve this goal. However, the proposed solutions were computationally intensive and were not designed to solve the problem of the current cryptographic schemes. In this paper, we propose a generic framework of lightweight key updating that can protect the current cryptographic standards and evaluate the minimum requirements for heuristic SCA-security. Then, we propose a complete solution to protect the implementation of any standard mode of Advanced Encryption Standard. Our solution maintains the same level of SCA-security (and sometimes better) as the state of the art, at a negligible area overhead while doubling the throughput of the best previous work.
Keywords: Ciphers; Hardware; Radiation detectors; Random variables; Standards; HWS-SIDE; Hardware Security (Side Channels); Hardware security (side channels) (ID#: 15-4782)


Karachontzitis, S.; Timotheou, S.; Krikidis, I.; Berberidis, K., "Security-Aware Max–Min Resource Allocation in Multiuser OFDMA Downlink," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.529, 542, March 2015. doi: 10.1109/TIFS.2014.2384392  Abstract: In this paper, we study the problem of resource allocation for a multiuser orthogonal frequency-division multiple access (OFDMA) downlink with eavesdropping. The considered setup consists of a base station, several users, and a single eavesdropper that intends to wiretap the transmitted message within each OFDMA subchannel. By taking into consideration the existence of the eavesdropper, the base station aims to assign subchannels and allocate the available power in order to optimize the max–min fairness criterion over the users’ secrecy rate. The considered problem is a mixed integer nonlinear program. For a fixed subchannel assignment, the optimal power allocation is obtained by developing an algorithm of polynomial computational complexity. In the general case, the problem is investigated from two different perspectives due to its combinatorial nature. In the first, the number of users is equal or higher than the number of subchannels, whereas in the second, the number of users is less than the number of subchannels. In the first case, we provide the optimal solution in polynomial time by transforming the original problem into an assignment one for which there are polynomial time algorithms. In the second case, the secrecy rate formula is linearly approximated and the problem is transformed to a mixed integer linear program, which is solved by a branch-and-bound algorithm. Moreover, optimality is discussed for two particular cases where the available power tends to infinity and zero, respectively. Based on the resulting insights, three heuristic schemes of polynomial complexity are proposed, offering a better balance between performance and complexity. Simulation results demonstrate that each one of these schemes achieves its highest performance at a different power regime of the system.
Keywords: Downlink; OFDM; Physical layer; Polynomials; Power demand; Resource management; Security; Resource allocation; integer programming; linear approximation; linear sum assignment problem; mixed linear; mixed linear integer programming; physical layer security (ID#: 15-4783)


Lian, B.; Chen, G.; Ma, M.; Li, J., "Periodic K -Times Anonymous Authentication With Efficient Revocation of Violator’s Credential," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.543,557, March 2015. doi: 10.1109/TIFS.2014.2386658  Abstract: In a periodic K-times anonymous authentication system, user can anonymously show credential at most K times in one time period. In the next time period, user can automatically get another K-times authentication permission. If a user tries to show credential beyond K times in one time period, anyone can identify the dishonest user (the violator). But identifying violators is not enough for some systems, where it is also desirable to revoke violators’ credentials for preventing them from abusing the anonymous property again. However, the problem of revoking credential without trusted third party has not been solved efficiently and practically. To solve it, we present an efficient scheme with efficient revocation of violator’s credential. In fact, our method also solves an interesting problem—leaking information in a statistic zero-knowledge way, so our solution to the revocation problem outperforms all prior solutions. For achieving it, we use the special zero-knowledge proof with special information leak for revoking the violator’s credential, but it can still be proven to be perfect statistic zero knowledge for guaranteeing the honest user’s anonymity. Comparing with existing schemes, our scheme is efficient, and moreover, our method of revoking violator’s credential is more practical with the least additional costs.
Keywords: Authentication; Cloning; Educational institutions; Games; Protocols; Public key; K-times anonymous authentication; K-times; anonymous authentication; provably secure; revocation of credential; truly anonymous; zero-knowledge (ID#: 15-4784)


Li, B.; Ng, T.; Li, X.; Tan, S.; Huang, J., "Revealing the Trace of High-Quality JPEG Compression Through Quantization Noise Analysis," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.558, 573, March 2015. doi: 10.1109/TIFS.2015.2389148  Abstract: To identify whether an image has been JPEG compressed is an important issue in forensic practice. The state-of-the-art methods fail to identify high-quality compressed images, which are common on the Internet. In this paper, we provide a novel quantization noise-based solution to reveal the traces of JPEG compression. Based on the analysis of noises in multiple-cycle JPEG compression, we define a quantity called forward quantization noise. We analytically derive that a decompressed JPEG image has a lower variance of forward quantization noise than its uncompressed counterpart. With the conclusion, we develop a simple yet very effective detection algorithm to identify decompressed JPEG images. We show that our method outperforms the state-of-the-art methods by a large margin especially for high-quality compressed images through extensive experiments on various sources of images. We also demonstrate that the proposed method is robust to small image size and chroma subsampling. The proposed algorithm can be applied in some practical applications, such as Internet image classification and forgery detection.
Keywords: Discrete cosine transforms; Forensics; Image coding; Noise; Quantization (signal);Transform coding; Upper bound; Discrete cosine transform (DCT);Dynamic dead-time controller; compression identification; forgery detection; forward quantization noise; high-frequency boost converters; high-voltage synchronous gate driver; quasi-square-wave zero-voltage switching; zero-voltage switching technique (ID#: 15-4785)


Chen, G.; Gong, Y.; Xiao, P.; Chambers, J.A., "Physical Layer Network Security in the Full-Duplex Relay System," Information Forensics and Security, IEEE Transactions on, vol.10, no.3, pp.574, 583, March 2015. doi: 10.1109/TIFS.2015.2390136  Abstract: This paper investigates the secrecy performance of full-duplex relay (FDR) networks. The resulting analysis shows that FDR networks have better secrecy performance than half duplex relay networks, if the self-interference can be well suppressed. We also propose a full duplex jamming relay network, in which the relay node transmits jamming signals while receiving the data from the source. While the full duplex jamming scheme has the same data rate as the half duplex scheme, the secrecy performance can be significantly improved, making it an attractive scheme when the network secrecy is a primary concern. A mathematic model is developed to analyze secrecy outage probabilities for the half duplex, the full duplex and full duplex jamming schemes, and the simulation results are also presented to verify the analysis.
Keywords: Approximation methods; Data communication; Jamming; Physical layer; Relay networks (telecommunications); Security; Physical layer secrecy; cooperative relay networks; full duplex relay; secrecy outage probability (ID#: 15-4786)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.