Project description:A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes.

Project description:Three-party authentication key exchange is a protocol that allows two users to set up a session key for encrypted communication by the help of a trusted remote server. Providing user anonymity and mutual authentication in the authentication key exchange is important security requirements to protect users' privacy and enhance its security performance. Recently Li proposed a chaotic maps-based authentication key exchange protocol which attempts to provide mutual authentication and user anonymity, but we found that there were some faults in the key exchange phase and password change phase of his scheme. We prove that Li's scheme does not provide user anonymity and that the user's privacy information is disclosed, and propose enhanced three-party authentication key exchange protocol that provides user anonymity and we analyse its security properties and verify its validity based on BAN logic and AVISPA tool.

Project description:While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Project description:Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (?90?km).

Project description:The approach of instantiating authenticated group key exchange (GAKE) protocol from the multikey encapsulation mechanism (mKEM) has an important advantage of achieving classical requirement of GAKE security in one communication round. In spite of the limitations of this approach, for example, lack of forward secrecy, it is very useful in group environments when maximum communication efficiency is desirable. To enrich this mKEM-based GAKE construction, we suggest an efficient solution to convert this static GAKE framework into a partially dynamic scheme. Furthermore, to address the associated lack of forward-secrecy, we propose two variants of this generic construction which can also provide a means of forward secrecy at the cost of extra communication round. In addition, concerning associated implementation cost of deploying this generic GAKE construction in elliptic curve cryptosystem, we compare the possible instantiations of this model from existing mKEM algorithms in terms of the number of elliptic curve scalar multiplications.

Project description:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Project description:Text-based passwords are a fundamental and popular means of authentication. Password authentication can be simply implemented because it does not require any equipment, unlike biometric authentication, and it relies only on the users' memory. This reliance on memory is a weakness of passwords, and people therefore usually use easy-to-remember passwords, such as "iloveyou1234". However, these sample passwords are not difficult to crack. The default passwords of IoT also are text-based passwords and are easy to crack. This weakness enables free password cracking tools such as Hashcat and JtR to execute millions of cracking attempts per second. Finally, this weakness creates a security hole in networks by giving hackers access to an IoT device easily. Research has been conducted to better exploit weak passwords to improve password-cracking performance. The Markov model and probabilistic context-free-grammar (PCFG) are representative research results, and PassGAN, which uses generative adversarial networks (GANs), was recently introduced. These advanced password cracking techniques contribute to the development of better password strength checkers. We studied some methods of improving the performance of PassGAN, and developed two approaches for better password cracking: the first was changing the convolutional neural network (CNN)-based improved Wasserstein GAN (IWGAN) cost function to an RNN-based cost function; the second was employing the dual-discriminator GAN structure. In the password cracking performance experiments, our models showed 10%-15% better performance than PassGAN. Through additional performance experiments with PCFG, we identified the cracking performance advantages of PassGAN and our models over PCFG. Finally, we prove that our models enhanced password strength estimation through a comparison with zxcvbn.

Project description:Biological systems are dynamic systems featuring two very common characteristics; Initial conditions and progression over time. Conceptualizing this on tumour models it can lead to important conclusions about disease progression, as well as the disease's "starting point". In the present study we tried to answer two questions: (a) which are the evolving properties of proliferating tumour cells that started from different initial conditions and (b) we have attempted to prove that cell proliferation follows chaotic orbits and it can be described by the use of Poincaré maps. As a model we have used the acute lymphoblastic leukemia cell line CCRF-CEM. Measurements of cell population were taken at certain time points every 24 h or 48 h. In addition to the population measurements flow cytometry studies have been conducted in order to examine the apoptotic and necrotic rate of the system and also the DNA content of the cells as they progress through. The cells exhibited a proliferation rate of nonlinear nature with aperiodic oscillatory behavior. In addition to that, the (positive) Lyapunov indices and the Poincaré representations in phase-space that we performed confirmed the presence of chaotic orbits. Several studies have dealt with the complex dynamic behaviour of animal populations, but few with cellular systems. This type of approach could prove useful towards the understanding of leukemia dynamics, with particular interest in the understanding of leukemia onset and progression.

Project description:Efficient authentication and key agreement protocols between two entities are required in many application areas. In particular, for client-server type of architectures, the client is mostly represented by a constrained device and thus highly efficient protocols are needed. We propose in this paper two protocols enabling the construction of a mutual authenticated key ensuring anonymity and unlinkability of the client and resisting the most well known attacks. The main difference between the two proposed protocols is in the storage requirements on the server side. The innovation of our protocols relies on the fact that, thanks to the usage of the sponge construction, available in the newly proposed SHA3 standard with underlying Keccak design, the computation cost can be reduced to only one hash operation on the client side in case of the protocol with storage and two hash operations for the protocol without storage and thus leads to a very efficient solution.

Project description:Binding hot spots, protein sites with high-binding affinity, can be identified using X-ray crystallography or NMR by screening libraries of small organic molecules that tend to cluster at such regions. FTMAP, a direct computational analog of the experimental screening approaches, globally samples the surface of a target protein using small organic molecules as probes, finds favorable positions, clusters the conformations and ranks the clusters on the basis of the average energy. The regions that bind several probe clusters predict the binding hot spots, in good agreement with experimental results. Small molecules discovered by fragment-based approaches to drug design also bind at the hot spot regions. To identify such molecules and their most likely bound positions, we extend the functionality of FTMAP (http://ftmap.bu.edu/param) to accept any small molecule as an additional probe. In its updated form, FTMAP identifies the hot spots based on a standard set of probes, and for each additional probe shows representative structures of nearby low energy clusters. This approach helps to predict bound poses of the user-selected molecules, detects if a compound is not likely to bind in the hot spot region, and provides input for the design of larger ligands.