Hierarchical ID-based authenticated key exchange (HID-AKE) is a cryptographic protocol to establish a common session key between parties with authentication based on their IDs with the hierarchical delegation of key generation functionality. All existing HID-AKE schemes are selective ID secure, and the only known standard model scheme relies on a non-standard assumption such as the q-type assumption. In this paper, we propose a generic construction of HID-AKE that is adaptive ID secure in the HID-eCK model (maximal-exposure-resilient security model) without random oracles. One of the concrete instantiations of our generic construction achieves the first adaptive ID secure HID-AKE scheme under the (standard) k-lin assumption in the standard model. Furthermore, it has the advantage that the computational complexity of pairing and exponentiation operations and the communication complexity do not depend on the depth of the hierarchy. Also, the other concrete instantiation achieves the first HID-AKE scheme based on lattices (i.e., post-quantum).

In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.

Two new authenticated key agreement protocols in the certificateless setting are presented in this paper. Both are proved secure in the extended Canetti-Krawczyk model, under the BDH assumption. The first one is more efficient than the Lippold et al.'s (LBG) protocol, and is proved secure in the same security model. The second protocol is proved secure under the Swanson et al.'s security model, a weaker model. As far as we know, our second proposed protocol is the first one proved secure in the Swanson et al.'s security model. If no pre-computations are done, the first protocol is about 26% faster than LBG, and the second protocol is about 49% faster than LBG, and about 31% faster than the first one. If pre-computations of some operations are done, our two protocols remain faster.

Broadcasting and communications networks can be used together to offer hybrid broadcasting services that incorporate a variety of personalized information from communications networks in TV programs. To enable these services, many different applications have to be run on a user terminal, and it is necessary to establish an environment where any service provider can create applications and distribute them to users. The danger is that malicious service providers might distribute applications which may cause user terminals to take undesirable actions. To prevent such applications from being distributed, we propose an application authentication protocol for hybrid broadcasting and communications services. Concretely, we modify a key-insulated signature scheme and apply it to this protocol. In the protocol, a broadcaster distributes a distinct signing key to each service provider that the broadcaster trusts. As a result, users can verify that an application is reliable. If a signed application causes an undesirable action, a broadcaster can revoke the privileges and permissions of the service provider. In addition, the broadcaster can update the signing key. That is, our protocol is secure against leakage of the signing key by the broadcaster and service providers. Moreover, a user terminal uses only one verification key for verifying a signature, so the memory needed for storing the verification key in the user terminal is very small. With our protocol, users can securely receive hybrid services from broadcasting and communications networks.

A proxy signature scheme allows an entity to delegate his signing capabilities to another. Many schemes have been provided for use in numerous applications such as distributed computing, grid computing, and mobile communications. In 2003, Boldyreva et al. introduced the first formal security model of proxy signatures and also proposed a generic construction secure in their model. However, an adversary can arbitrarily alter the warrants of the proxy signatures because the warrants are not explicitly considered in their model. To solve this problem, Huang et al. provided an enhanced security model of proxy signatures in 2005. Some proxy signatures secure in this security model have been proposed but there is no generic construction yet. In this paper, we redefine and improve the Huang et al.'s security model in terms of multi-user and then provide a new generic construction of proxy signatures secure against our enhanced security model based on ID-based signatures. Moreover, we can make a lattice-based proxy signature scheme in the standard model from our result.

Presently, many identity-based proxy signature (IBPS) schemes have been proposed, but most of them require high computational costs and the proposed security model for IBPS is not enough complete. To overcome this weakness, Gu et al. recently proposed a framework and a detailed security model for IBPS. They also proposed an efficient IBPS scheme and proved the unforgeability of their scheme in the standard model. However, in this letter, we demonstrate that Gu et al.'s scheme fails to satisfy the property of unforgeability because it can not resist the following attacks: after getting a private key, an adversary behaving as a malicious signer can forge a private key on any identity without the help of the private key generator (PKG); after getting a delegation, an adversary behaving as a malicious proxy signer can forge a proxy signing key on any delegation without the agreement of the original signer; after getting a signature, an adversary behaving as a malicious user can forge a signature on any identity without the private key or forge a proxy signature on any warrant without the proxy signing key.

ID-based authenticated key exchange (ID-AKE) is a cryptographic tool to establish a common session key between parties with authentication based on their IDs. If IDs contain some hierarchical structure such as an e-mail address, hierarchical ID-AKE (HID-AKE) is especially suitable because of scalability. However, most of existing HID-AKE schemes do not satisfy advanced security properties such as forward secrecy, and the only known strongly secure HID-AKE scheme is inefficient. In this paper, we propose a new HID-AKE scheme which achieves both strong security and efficiency. We prove that our scheme is eCK-secure (which ensures maximal-exposure-resilience including forward secrecy) without random oracles, while existing schemes is proved in the random oracle model. Moreover, the number of messages and pairing operations are independent of the hierarchy depth; that is, really scalable and practical for a large-system.

Text Categorization (TC) is a task of classifying a set of documents into one or more predefined categories. Centroid-based method, a very popular TC method, aims to make classifiers simple and efficient by constructing one prototype vector for each class. It classifies a document into the class that owns the prototype vector nearest to the document. Many studies have been done on constructing prototype vectors. However, the basic philosophies of these methods are quite different from each other. It makes the comparison and selection of centroid-based TC methods very difficult. It also makes the further development of centroid-based TC methods more challenging. In this paper, based on the observation of its general procedure, the centroid-based text classification is treated as a kind of ranking task, and a unified framework for centroid-based TC methods is proposed. The goal of this unified framework is to classify a text via ranking all possible classes by document-class similarities. Prototype vectors are constructed based on various loss functions for ranking classes. Under this framework, three popular centroid-based methods: Rocchio, Hypothesis Margin Centroid and DragPushing are unified and their details are discussed. A novel centroid-based TC method called SLRCM that uses a smoothing ranking loss function is further proposed. Experiments conducted on several standard databases show that the proposed SLRCM method outperforms the compared centroid-based methods and reaches the same performance as the state-of-the-art TC methods.

Objective: The virtual slides are high-magnification whole digital images of histopathological tissue sections. The existing virtual slide system, which is optimized for scanning flat and smooth plane slides such as histopathological paraffin-embedded tissue sections, but is unsuitable for scanning irregular plane slides such as cytological smear slides. This study aims to develop a virtual slide system suitable for cytopathology slide scanning and to evaluate the effectiveness of multi-focus image fusion (MF) in cytopathological diagnosis. Study Design: We developed a multi-layer virtual slide scanning system with MF technology. Tumors for this study were collected from 21 patients diagnosed with primary breast cancer. After surgical extraction, smear slide for cytopathological diagnosis were manufactured by the conventional stamp method, fine needle aspiration method (FNA), and tissue washing method. The stamp slides were fixed in 95% ethanol. FNA and tissue washing samples were fixed in CytoRich RED Preservative Fluid, a liquid-based cytopathology (LBC). These slides were stained with Papanicolaou stain, and scanned by virtual slide system. To evaluate the suitability of MF technology in cytopathological diagnosis, we compared single focus (SF) virtual slide with MF virtual slide. Cytopathological evaluation was carried out by 5 pathologists and cytotechnologists. Results: The virtual slide system with MF provided better results than the conventional SF virtual slide system with regard to viewing inside cell clusters and image file size. Liquid-based cytology was more suitable than the stamp method for virtual slides with MF. Conclusion: The virtual slide system with MF is a useful technique for the digitization in cytopathology, and this technology could be applied to tele-cytology and e-learning by virtual slide system.

Recently, Shao et al. [M. Shao and Y. Chin, A privacy-preserving dynamic id-based remote user authentication scheme with access control for multi-server environment, IEICE Transactions on Information and Systems, vol.E95-D, no.1, pp.161–168, 2012] proposed a dynamic ID-based remote user authentication scheme with access control for multi-server environments. They claimed that their scheme could withstand various attacks and provide anonymity. However, in this letter, we will point out that Shao et al.'s scheme has practical pitfalls and is not feasible for real-life implementation. We identify that their scheme is vulnerable to two kinds of attacks and cannot provide anonymity.

The VoIP-based Internet Phonesystem is now seen as one of the killer applications in the high speed and broadband internet environment. Given the wide-spread use of the Internet Phone, it is necessary to provide security services for guaranteeing users' privacy. However, providing security service in Internet Phone has the possibility of incurring additional overheads such as call setup delay time. In this paper, we present a one-way key agreement model based on VoIP in order to reduce call setup time as well as protecting user privacy. The proposed approach decreases the delay time of the call setup in comparison with the previous models because our model enables the key generation in caller side without waiting the response from the receiver.

In this paper, the first extended Canetti-Krawzcyk (eCK) security model for hierarchical ID-based authenticated key exchange (AKE) that guarantee resistance to leakage of ephemeral secret keys is proposed. Moreover, an two-pass hierarchical ID-based AKE protocol secure in the proposed hierarchical ID-based eCK security model based on a hierarchical ID-based encryption is also proposed.

Recently, several ID-based key sharing schemes have been proposed, where an initiation phase generates users' secret key associated with identities under the hardness of integer factorization. In this letter, we show that, unfortunately any key sharing scheme with this initiation phase is intrinsically insecure in the sense that the collusion of some users enables them to derive master private keys and hence, generating any user's secret key.

The Chikazawa-Yamagishi scheme is an ID-based key distribution scheme which is based on the RSA cryptosystem. There are several variant schemes to improve the efficiency and the security of the Chikazawa-Yamagishi scheme. Unfortunately, all of the proposed schemes have some weaknesses. First, all the proposed schemes require time synchronization of the communicating parties. Second, none of the proposed schemes provide both forward secrecy and security against session state reveal attacks. In this paper, we suggest an ID-based key distribution scheme which does not require time synchronization and provides both forward secrecy and security against session state reveal attacks.

In the meantime, most secure ad hoc routing protocols based on cryptography just have assumed that pair-wise secret keys or public keys were distributed among nodes before running a routing protocol. In this paper, we raise a question about key management related to existing secure routing protocols, and then we propose an authenticated on-demand ad hoc routing protocol with key exchange by applying the ID-based keyed authenticator. In particular, we focus on providing an authentication mechanism to Dynamic Source Routing protocol combined with Diffie-Hellman key exchange protocol, and then we demonstrate simulated performance evaluations. The main contribution of our work is to provide a concurrent establishment of a route and a session key in a secure manner between source and destination nodes in ad hoc networks.

Security for wireless sensor networks (WSNs) has become an increasingly serious concern due to the requirement level of applications and hostile deployment areas. To enable secure services, cryptographic keys must be agreed upon by communicating nodes. Unfortunately, due to resource constraints, the key agreement problem in wireless sensor networks has become quite complicated. To tackle this problem, many public-key unrelated proposals which are considered more reasonable in cost than public key based approaches have been proposed so far including random based key pre-distribution schemes. One prominent branch of these proposals is threshold random key pre-distribution schemes. However these schemes still introduce either communication overhead or both communication and computational overheads to resource constrained sensor nodes. Considering this issue, we propose an efficient ID-based threshold random key pre-distribution scheme that not only retains all the highly desirable properties of the schemes including high probability of establishing pairwise keys, tolerance of node compromise but also significantly reduces communication and computational costs of each node. The proposed scheme is validated by a thorough analysis in terms of network resiliency and related overheads. In addition, we also propose a supplementary method to significantly improve the security of pairwise keys established indirectly.

Jeong et al. recently have proposed a strong ID-based key distribution scheme in order to achieve security against long-term key reveal and session state reveal attacks. In this letter, we show that, unfortunately, the ID-based key distribution scheme is vulnerable to an impersonation attack such that anyone can manipulate public transcripts generated by a user to impersonate the original user.

In 2004, Choi et al. proposed an ID-based authenticated group key agreement. Unfortunately, their protocol was found to be vulnerable to the insider attacks by Zhang, Chen and Shim. To prevent insider attacks, Shim presented a modification of Choi et al.'s protocol. In this letter, we first show that Shim's modification is still insecure against insider attacks. We then present a modification of Choi et al.'s protocol that resists insider attacks. The counter-measure uses an ID-based signature on transcripts in order to bind them in a session. This prevents any replay of transcripts. Especially, by applying ID-based batch verification, the proposed one still consists of two rounds and is computationally efficient.

Several ID-based key distribution schemes can be used to realize secure broadcasting systems. Unfortunately, none of the proposed schemes provide both security against long-term key reveal attacks and security against session state reveal attacks. In this letter, we suggest an ID-based key distribution scheme secure against long-term key reveal attacks and session state reveal attacks.

In this letter, we show that Jung's ID-based scheme, which is the improved version of the Chikazawa-Yamagishi scheme, satisfies only the weak forward secrecy. But the weak forward secrecy is not quite realistic, since it is not sufficient for modeling the real attacks. To address this problem, the strong forward secrecy has been pursued, which is modeling the more realistic attacks. We then suggest a modification of Jung's ID-based scheme to provide the strong forward secrecy.