- Browse by Author
Browsing by Author "Sui, Yan"
Now showing 1 - 4 of 4
Results Per Page
Sort Options
Item Design and evaluation of a secure, privacy-preserving and cancelable biometric authentication : Bio-Capsule(2014-09-04) Sui, Yan; Zou, Xukai, 1963-; Bertino, Elisa; Li, Ninghui; Du, Yingzi, 1975-; Li, Feng; Prabhakar, Sunil; Gorman, William J.A large portion of system breaches are caused by authentication failure either during the system login process or even in the post-authentication session, which is further related to the limitations associated with existing authentication approaches. Current authentication methods, whether proxy based or biometrics based, are hardly user-centric; and they either put burdens on users or endanger users' (biometric) security and privacy. In this research, we propose a biometrics based user-centric authentication approach. The main idea is to introduce a reference subject (RS) (for each system), securely fuse the user's biometrics with the RS, generate a BioCapsule (BC) (from the fused biometrics), and employ BCs for authentication. Such an approach is user-friendly, identity-bearing yet privacy-preserving, resilient, and revocable once a BC is compromised. It also supports "one-click sign on" across multiple systems by fusing the user's biometrics with a distinct RS on each system. Moreover, active and non-intrusive authentication can be automatically performed during the user's post-authentication on-line session. In this research, we also formally prove that the proposed secure fusion based BC approach is secure against various attacks and compare the new approach with existing biometrics based approaches. Extensive experiments show that the performance (i.e., authentication accuracy) of the new BC approach is comparable to existing typical biometric authentication approaches, and the new BC approach also possesses other desirable features such as diversity and revocability.Item The Internet Based Electronic Voting Enabling Open and Fair Election(Office of the Vice Chancellor for Research, 2014-04-11) Zou, Xukai; Li, Huian; Sui, Yan; Peng, Wei; Li, FengVoting is the pillar of modern democracies. However, examination of current voting systems (including E-voting techniques) shows a gap between casting secret ballots and tallying and verifying individual votes. This gap is caused by either disconnection between the vote-casting process and the vote-tallying process, or opaque transition (e.g. due to encryption) from vote- casting to vote-tallying and thus, damages voter assurance, i.e. failing to answer the question: “Will your vote count?” We proposed a groundbreaking E-voting protocol that fills this gap and provides a fully transparent election. In this new voting system, this transition is seamless, viewable, and verifiable. As a result, the above question can be answered assuredly: “Yes, my vote counts!” The new E-voting protocol is fundamentally different from all existing voting/E-voting protocols in terms of both concepts and the underlying mechanisms. It consists of three innovative Technical Designs: TD1: universal verifiable voting vector; TD2: forward and backward mutual lock voting; and TD3: in-process verification and enforcement. The new technique is the first fully transparent E-voting protocol which fills the aforementioned gap. The trust is split equally among all tallying authorities who are of conflict-of-interest and will technologically restrain from each other. As a result, the new technique enables open and fair elections, even for minor or weak political parties. It is able to mitigate errors and risk and detect fraud and attacks including collusion, with convincingly high probability 1 − 2−(m−log(m))n (n: #voters and m ≥ 2:#candidates). It removes many existing requirements such as trusted central tallying authorities, tailored hardware or software, and complex cryptographic primitives. In summary, the new e- voting technique delivers voter assurance and can transform the present voting booth based voting and election practice. Besides voting and elections, the new technique can also be adapted to other applications such as student class evaluation, rating and reputation systems.Item Revocable, Interoperable and User-Centric (Active) Authentication Across Cyberspace(Office of the Vice Chancellor for Research, 2014-04-11) Sui, Yan; Zou, Xukai; Du, Eliza Y.; Li, FengThis work addresses fundamental and challenging user authentication and universal identity issues and solves the problems of system usability, authentication data security, user privacy, irrevocability, interoperability, cross-matching attacks, and post-login authentication breaches associated with existing authentication systems. It developed a solid user-centric biometrics based authentication model, called Bio-Capsule (BC), and implemented an (active) authentication system. BC is the template derived from the (secure) fusion of a user’s biometrics and that of a Reference Subject (RS). RS is simply a physical object such as a doll or an artificial one, such as an image. It is users’ BCs, rather than original biometric templates, that are utilized for user authentication and identification. The implemented (active) authentication system will facilitate and safely protect individuals’ diffused cyber activities, which is particularly important nowadays, when people are immersed in cyberspace. User authentication is the first guard of any trustworthy computing system. Along with people’s immersion in the penetrated cyber space integrated with information, networked systems, applications and mobility, universal identity security& management and active authentication become of paramount importance for cyber security and user privacy. Each of three typical existing authentication methods, what you KNOW (Password/PIN), HAVE (SmartCard), and ARE (Fingerprint/Face/Iris) and their combinations, suffer from their own inherent problems. For example, biometrics is becoming a promising authentication/identification method because it binds an individual with his identity, is resistant to losses, and does not need to memorize/carry. However, biometrics introduces its own challenges. One serious problem with biometrics is that biometric templates are hard to be replaced once compromised. In addition, biometrics may disclose user’s sensitive information (such as race, gender, even health condition), thus creating user privacy concerns. In the recent years, there has been intensive research addressing biometric template security and replaceability, such as cancelable biometrics and Biometric Cryptosystems. Unfortunately, these approaches do not fully exploit biometric advantages (e.g., requiring a PIN), reduce authentication accuracy, and/or suffer from possible attacks. The proposed approach is the first elegant solution to effectively address irreplaceability, privacy-preserving, and interoperability of both login and after-login authentication. Our methodology preserves biometrics’ robustness and accuracy, without sacrificing system acceptability for the same user, and distinguishability between different users. Biometric features cannot be recovered from the user’s Biometric Capsule or Reference Subject, even when both are stolen. The proposed model can be applied at the signal, feature, or template levels, and facilitates integration with new biometric identification methods to further enhance authentication performance. Moreover, the proposed active, non-intrusive authentication is not only scalable, but also particularly suitable to emerging portable, mobile computing devices. In summary, the proposed approach is (i) usercentric, i.e., highly user friendly without additional burden on users, (ii) provably secure and resistant to attacks including cross-matching attacks, (iii) identity-bearing and privacy-preserving, (iv) replaceable, once Biometric Capsule is compromised, (v) scalable and highly adaptable, (vi) interoperable and single signing on across systems, and (vii) cost-effective and easy to use.Item Transparent, Auditable, and Stepwise Verifiable Online E-Voting Enabling an Open and Fair Election(MDPI, 2017-08-17) Zou, Xukai; Li, Huian; Li, Feng; Peng, Wei; Sui, Yan; Computer and Information Science, School of ScienceMany e-voting techniques have been proposed but not widely used in reality. One of the problems associated with most existing e-voting techniques is the lack of transparency, leading to a failure to deliver voter assurance. In this work, we p verifiable, viewable, and mutual restraining e-voting protocol that exploits the existing multi-party political dynamics such as in the US. The new e-voting protocol consists of three original technical contributions—universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement—that, along with a public real time bulletin board, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent/viewable to anyone, which allow any voter to visually verify that his vote is indeed counted and also allow any third party to audit the tally, thus, enabling open and fair election. Depending on the voting environment, our interactive protocol is suitable for small groups where interaction is encouraged, while the non-interactive protocol allows large groups to vote without interaction.