journal of latex class files, vol. 14, no. 8, august 2015...

2168-6750 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TETC.2017.2779163, IEEETransactions on Emerging Topics in Computing

JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1

Content-centric Group User Authentication forSecure Social Networks

Jian Shen, Member, IEEE, Anxi Wang, Chen Wang, Jiguo Li, and Yan Zhang, Member, IEEE

Abstract—Content-centric computing systems, which can obtain users’ attributes by analyzing information from content, have beenwidely used in many fields. In social networks, the computing resources of users are restricted. Group authentication schemes arerequired to ensure the validity of the user and the accuracy of the shared data. In this paper, we propose a content-centric group userauthentication scheme to guarantee the security and accuracy of shared data. The proposed group user authentication scheme makesuse of the user’s content to generate the user’s feature vector. Furthermore, the group authentication scheme based on the identity ofeach user can guarantee the network security before data sharing. In addition, regular operations in the network are not affected ordamaged by incidents that occur during the authentication process. The security and performance analyses show that our scheme issecure against various attacks and has lower computational cost than the existing schemes.

Index Terms—Security and privacy, user authentication, content-centric, social networks.

F

1 INTRODUCTION

CURRENTLY, the contents of networks are usually man-aged by servers or websites. Ordinary users can ac-

cess data through end-to-end connections. Cloud-based net-works, which were developed from client-server networksand peer-to-peer networks, are a type of content-centricnetwork. In other words, users do not care where or howto obtain data but pay more attention to the meaning of thedata itself. With the development of science and technology,content-centric computing systems, including data-orientednetwork architecture (DONA) [1], publish/subscribe Inter-net routing paradigm (PSIRP) [2], network of information(NetInf) [3], and content-centric networking (CCN) [4],have been considered by many researchers. In this paper,we mainly discuss how to describe social networks withcontent-centric computing systems [5]. Social networks arethought to be a type of content-centric network that shareuser content; that is to say, the communication betweenusers in social networks is based on data rather than an IPaddress. A social network is characterized by the exchangeof interests and content objects.

In social networks, shared information is related to theidentity of users. When these shared data are stolen byattackers, the privacy of the data owners can be exposed.Therefore, methods to guarantee the legitimacy of usershave become a hot-spot in social networks [6]. In addition,users in social networks are usually organized into groupsto share data [7]. Only users in the same group can gainaccess to the shared data. In a social network group, itis very important for the group manager to authenticatethe legitimacy of the identities of users who want to join

• J. Shen, A. Wang, and C. Wang are with the School of Computerand Software, Nanjing University of Information Science & Technology,China. E-mail: {s shenjian, anxi wang, wangchennuist}@126.com

• J. Li is with the College of Computer and Information Engineering, HohaiUniversity, China. E-mail: [email protected]

• Y. Zhang (corresponding author) is with the Department of Informatics,University of Oslo, Norway. E-mail: [email protected]

Manuscript received XXXX; revised XXXX.

the group. Each user should be authenticated to guaranteethe security of group data sharing [8, 9]. It is obvious thata group user authentication scheme is suitable for socialnetworks to simultaneously share data and protect privacy.

The current user authentication schemes in social net-works can be divided into the following two types: one-to-one authentication and group authentication. The authenti-cation schemes mentioned in [10, 11] are one-to-one, wherethe certifier interacts with the verifier to verify the identityof the certifier [12]. For example, the RSA digital signature[13] can be used to authenticate the signer′s identity. Inthis approach, the verifier sends a random challenge to thesigner. The signer then digitally signs the random challengeand returns the challenged digital signature to the verifier.If the returned signature is lugged, the verifier is sure thatthe signer is a user who has the identity of the publickey digital certificate, which is used to verify the digitalsignature. If the scheme is applied to a social network, eachuser needs to be authenticated by the other users of thegroup, which can seriously increase the network communi-cation overhead. For group authentication schemes in socialnetworks [14, 15], a trusted manager that can participate inthe entire certification process is necessary. In this type ofauthentication scheme, the trusted manager takes respon-sibility for information distribution and user registration,which reduces the clients’ computing and storage costs.

In fact, a social network has undefined boundaries, anddata sharing is bound to a small group. In general, thereare many different groups in social networks. Each grouphas different sharing topics, such as tourism and food.Members of a group have similar hobbies [16]. Users ina group are more concerned about the information itselfthan the source of the information [17]. In addition, it isnecessary for network managers to remove malicious usersto ensure normal operation. However, traditional authenti-cation schemes do not take the combination of identifiersand interests into consideration. Therefore, in this paper,we present a content-centric group authentication scheme




for social network groups by employing feature vectors ofusers’ comments, which enables multiple users to freelyshare data with high security and efficiency. Note that thepseudo-identity of each user is added to compute the user’s“identity”. Moreover, the pseudo-identity is extracted fromthe user’s previous comments and user’s real ID.

1.1 Our ContributionsIn this paper, we propose an efficient group authenticationscheme with feature vector for user authentication in socialnetworks that preforms better than the state-of-the-art meth-ods. Group authentication is presented to achieve mutualtrust between users. Moreover, the network manager has nosecret information about the users. In addition, the regularoperations in networks are not affected or damaged byincidents that occur during the authentication process. Themain contributions of this paper are summarized as follows.

• Group user authentication scheme is proposed forsocial networks. In this paper, a group authentica-tion is achieved based on the user’s comments orshared data, which can be used to guarantee thesecurity of communication among group users. Thepresented scheme can tolerate some malicious users.The authentication progress is completed among alllegal users without failure. Moreover, in the authenti-cation phase, the regular operation of the network isnot affected or damaged by incidents that occur dur-ing the authentication process, which makes groupdata sharing in social networks more secure andreliable.

• Content-centric computing system is used in so-cial networks to provide users’ pseudo-identities.According to the data sharing model, group userscan form a group to efficiently share information.Note that the authentication phase is produced bythe group user’s feature vector and the user’s realidentity. A user’s feature vector is extracted fromthe user’s data by word frequency feature extraction.Attackers have no access to the identities of usersgenerated from communication; thus, they cannot ac-cess the original comments. Therefore, the proposedgroup authentication scheme supports secure groupdata sharing in social networks.

• The proposed group user authentication scheme issecure and efficient. According to the security anal-ysis, our scheme satisfies the security requirementsof social networks and can resist a large number ofattacks. In addition, the computational costs of usersin one group are lower than those in the existingschemes. Moreover, we analyze the time cost of theproposed scheme using PBC library, which has beenwidely used to analyze group user authenticationschemes.

1.2 Related workIn social groups, each user is only aware of its neighbors andhas no knowledge about the information of other users. Thegroup user authentication scheme has been widely used toprotect the privacy of users and the security of shared data[18].

In the key pre-distribution scheme [19], the group is fixedafter it is generated. If the number of members in the groupchanges, the group authentication is also changed. The au-thentication information increases linearly with increasingnumber of members in the group. This is a major challengeto a user’s storage and update capability. Even if the groupis accidentally attacked, the intra-group information cannotbe changed. In addition, only less than or equal to 3 userssupported in the key pre-distribution scheme [20] is notsuitable for the social group. In the broadcast scheme [21],each user sends a group key to a selected set of users. In thebroadcast scheme, which is based on a symmetric key, thesender has fixed authority to determine the set of receivers.In this case, the size of the user key has a minimum value. Inaddition, safety is only guaranteed among a limited numberof users [22, 23]. In the public key broadcast scheme, thekey size problem can be avoided, but the threshold numberof bad users is still set for safety. Note that the size ofthe ciphertext depends on the number of users, so it maybe large in a large group [24]. The key update scheme isapplicable to the case where the number of members inthe network changes during operation of the network [25].When a user leaves the network, the network administratorneeds to re-run the authentication phase. In this method,the two questions must be considered. The operation isperformed by the network manager and the key is updatedfrequently. At the same time, whenever the number of userschanges, the authentication operation is repeated, which isunrealistic for actual social networks.

In addition to encryption certification, group authenti-cation schemes have also been proposed based on differentmathematical tools. After secret sharing schemes were firstproposed by Shamir [26], the scheme was applied to groupauthentication. In 2010, Harn [27] proposed a basic t-securem-user n-group authentication scheme (t; m; n). The (t; m;n) scheme can greatly reduce the user’s computational cost.However, Harn’s scheme only tolerates less than t attackerswhich is decided by the polynomial function. After that,improved secret sharing schemes have been proposed in[28] and [29], which support less than n/4 − 1 attackersand less than n/3 attackers, respectively. In 2015, Miaoet al. [15] found that the shared data in Harn’s schemeis not bound to each other and introduced the notion ofa randomized component (RC) to bind share data with allusers and to protect the share data from being exposed tothe outside without computational assumptions. However,the new scheme can still only resist up to t − 1 colludedinside adversaries. Several researchers have designed newschemes [14, 30–32] to overcome the upper limit of t. How-ever, the upper limit still exists in secret sharing schemes.In [18], Jiang et al. proposed an ECC-based authenticationscheme which takes advantage of a temporal proof to avoidmalicious tracking. However, the user’s secret informationcan be calculated by the gateway node through the sharedold password. In [33], Shen et al. proposed a lightweightmulti-layer authentication scheme. However, the secret in-formation only stored in nodes will cause heavy securityproblems in the whole system. Note that Horng et al. [34]proposed a group communication scheme to allow entitiesto authenticate and securely communicate with each otherin the group. This scheme does not have the upper limit




of t. However, the invalid signature can severely affect theperformance and the computational cost of each entity is aburden.

In contrast to the above solutions, in this paper, we de-sign an efficient group authentication scheme by employinga trusted group manager (TGM) to collect the informationof the users. The proposed scheme can achieve mutual trustbetween the users and the TGM, and a trusted cloud server(TCS) is used to generate random numbers for the usersand the TGM. Moreover, the feature vector information isable to obtain the user’s secret information more quickly,and the user’s real identity can be protected.

1.3 OrganizationThe rest of the paper is sketched as follows. Section 2 intro-duces preliminary works for a better understanding of thetopic. Section 3 presents the system model of the proposedscheme and discusses how to generate the users’ pseudo-identities. In Section 4, we introduce the details of thegroup user authentication scheme. In Section 5, we providesecurity analysis and comparison. In Section 6, our schemeis simulated by using the pairing-based cryptography (PBC)library. Then, we compare the performance with the existingrelated scheme. Finally, we conclude the paper in Section 7.

2 PRELIMINARIES

2.1 Cryptographic Bilinear MapsWeil pairing [35] has been widely used in cryptographyand public key cryptography. Here, we give an example toconstruct this map. Let p be a prime such that p = 6q − 1for some prime q and E be a supersingular elliptic curvedefined by the Weierstrass equation y2 = x3 + 1 over Fp.The group of rational points E(Fp) = {(x, y) ∈ Fp × Fp :(x, y) ∈ E} forms a cyclic group of order p+1. Furthermore,because p + 1 = 6q for some prime q, the group of pointsof order q in E(Fp) forms a cyclic subgroup, denoted G1.Further discussion of the Weil pairing is presented in theliterature [36].

Definition 1. Let G be a generator of G1 and let G2 be thesubgroup of Fp2 containing all elements of order q. A modifiedWeil pairing is a map e : G1 ×G1 → G2 that has the followingproperties for points in E(Fp):

1. Bilinear: For any P,Q ∈ G1 and a, b ∈ Z

e(aP, bQ) = e(P,Q)ab .

2. Non-degenerate: If P is a generator of G1, then e(P,P) ∈F ∗p2 is a generator of G2. In other words, e(P,P) 6= 1.

3. Non-commutative: For any P,Q ∈ G1, P 6= Q,e(P,Q) 6= e(Q,P).

4. Computable: Given P,Q ∈ G1, there exists an efficientalgorithm to compute e(P,Q).

2.2 Security AssumptionSecurity is one of the most essential conditions that agood cryptographic algorithm or scheme should first meet.Studies on safety issues boil down to the security model.The attacker’s ability and the goal of security achieved canbe reflected by a correct and appropriate security model.

Fig. 1: The system model

In this paper, we use the security model defined in theliterature [37]. Note that the security of our scheme relieson the elliptic curve discrete logarithm problem (ECDLP).According to the proof in [38], the presented scheme canresist both passive attacks and active attacks. Many formalsecurity analyses of the key agreement scheme can be foundin the literature [39].

The ECDLP can be stated as follows. P and Q are twopoints on ECC. k is an integer on Fp such that Q = kP . Fora given P and Q, it is difficult to obtain k. If k is sufficientlylarge, k is the discrete logarithm of Q to P [40].

3 PROBLEM STATEMENT

3.1 System modelThe whole model contains three primary entities: TCS, TGMand users. The relationship among the three entities isshown in Fig. 1. The TCS is an entity that provides cloudservice [41]. In our model, the TCS is responsible for storinguser data. The users, which can be an individual person or amajor company, are entities that have similar hobbies in thesame social group. The devices used to communicate withthe TGM can include phones, computers, and tablets. Thefinal component is the TGM, which is the group manager forthe users. Generally, the TGM is equipped with professionalknowledge of identity authentication so that it can provideconvincing authentication results.

3.2 Feature vectorIn a mixed social network, the characteristics of the useridentities are very important. Similar to Facebook andGoogle+, it is difficult to directly extract the characteristicsof a user by considering the user’s privacy. First, the connec-tivity degree of users in the network is relatively low owingto a restriction on the user’s contacts circle. In addition, thereare a large number of visitors who have no characteristicsin the network. Second, the user’s properties are difficultto obtain. Even when acquired, the accuracy of the data isdifficult to guarantee. In terms of a content-centric comput-ing system, a user has the potential to be described by itsfeatures. The characteristics of user identities are releasedfrom the user’s article. In short, we translate the identitycharacteristics of users into text features of articles. Thestructure of the obtained feature vector is shown in Fig. 2.




Fig. 2: The flow chart for generating a user’s feature vectorin our scheme

3.2.1 TF-IDF

In this paper, we use term frequency-inverse documentfrequency (TF-IDF) [42, 43] to generate the text features ofcomments. TF-IDF is a common weighting technique in in-formation retrieval and data mining. If some words appearin a text many times, these words will appear frequently inthe same type of text. Therefore, if the feature space coordi-nate system takes the term frequency (TF) word frequencyas a measurement, it can reflect the characteristics of thesame type of texts. TF-IDF also considers the differencebetween different types of words. The algorithm believesthat if the word frequency in different texts is small, itsability to distinguish different categories is great. For thisreason, the inverse text frequency (IDF) concept is added tothe algorithm. The product of TF and IDF is considered asthe value measure of words in a feature space coordinatesystem.

Next, we introduce how to compute TF and IDF. TF iscalculated as tfi,j =

ni,j∑k

nk,j. In this equation, ni,j represents

the number of occurrences of word i in a text j.∑knk,j

represents the number of occurrences of all words in a textj. Eq. 1 shows how to compute the value of IDF. In Eq. 1, |N |is the total number of texts in the database. |{j : ti ∈ dj}| isthe number of texts that contain word i. Note that the valueof |{j : ti ∈ dj}| may be zero if the word i does not appearin the database. Therefore, we usually use 1+ |{j : ti ∈ dj}|to replace this part.

idfi = log|N |

|{j : ti ∈ dj}|

≈ log|N |

1 + |{j : ti ∈ dj}|

(1)

After the acquisition of TF and IDF, we use Eq. 2 to calculatethe weight of word i. A high frequency of word i in aparticular text j and a low frequency of the word in theentire collection of texts can produce a high TF-IDF. Asa result, TF-IDF tends to filter out common words and

Algorithm 1 The process of feature extraction

TGM ← User’s previous textGenerate: the group’s glossaryGroup← Another user Usermif (Userm is legal) then

Get shared dataCalculate TF, IDF, TF × IDFfor words ∈ Data do

Sorting words in descending order of TF × IDFSelect the top seven wordsreturn Userm’s phrase group phm

end forreturn group’s glossary glog

end ifUser ← two glossariesif (Word i in phm ∈ glog) then

Set fvi equals 1if (Word i in phm /∈ glog) then

Set fvi equals 0return

end ifreturn Feature Vector

end if

to retain important words. Note that Eq. 1 and Eq. 2 arementioned in [42].

wi,j = tfi,j × idfi

=ni,j∑knk,j× log

|N |1 + |{j : ti ∈ dj}|

(2)

3.2.2 Feature extraction

In social networks, each group has its own glossary; the sizeof this glossary may be very large. Furthermore, the glossaryused to represent the group is created by all users in thatgroup. The glossary can only be updated by a trusted thirdparty after the group is established, and the individual userhas no ability to update the glossary. The update operationsare only performed by social networks. The TF * IDF featureof the user’s shared information in the group is regularlyextracted, and the top-ranked words are selected as thenew glossary in order from high to low. After the updateoperation, the trusted third party sends the new glossarythrough a secure channel to each user. At the same time,the trusted third party updates all users’ features from thearticles shared within a period of time.

We now extract the feature vectors for every user in agroup. First, the group’s glossary contains the followingwords {cryptography, security, privacy,sharing, agreement, content, computing}.When a user wants to join this group, the trusted thirdparty calculates the weight of all meaningful wordsand sorts them from high to low. These words are frominformation previously shared in social networks. Theextraction algorithm is based on the value of TF * IDF.The highest ten words are selected as the user’s identity.After selecting these words, the third party sends thephrase group to the user, and the third party does notreceive any other information. After the user receives




his own features, the user compares his identity featurewith the glossary of the group. If the user’s identityfeature contains the group feature, the correspondingvector is set to 1. If the user’s identity feature does notcontain a certain group feature, the corresponding vectoris set to 0. This process produces a feature vector ofonly 0 and 1. For example, the extracted feature of oneuser is {traveling, security, privacy, food,university, computer, transportation}. Then,the user can get his feature vector as [0, 1, 1, 0, 0, 0, 1]. Inthis step, we consider words that have the same root as thesame word, e.g., computer and computing are equal inour model. After each user in this group has obtained itsfeature vector, we use an arbitrary value to represent theuser’s feature vector. We also use a matrix to represent theuser group. In this matrix, a column represents a user. Theform of the matrix is shown as:

0 1 1 0 1 0 01 0 1 1 0 1 11 0 0 0 1 0 10 1 1 0 0 1 10 1 0 0 1 0 10 1 0 1 1 0 01 0 0 1 0 1 0

4 GROUP USERS AUTHENTICATION SCHEME

In this Section, the group users authentication scheme insocial networks, which is available to attach multiple usersto one hobby group in the network, is introduced in detail.Note that the users in one group are controlled by the TGM,which takes the social service provider as a representative.In addition, the number of TGMs is greater than one. Underour assumptions, the identify numbers of users in a groupare delivered to the users after user registration is complete.We emphasize that the mutual communication betweenusers in the initialization phase is not used in our scheme,preventing a data collision problem in the network. Userscommunicate with the TGM according to their identifynumbers and the TGM′s identify number and gather all thesecret information to generate the proof. The authenticationprocess is completed when all the users in the group are ver-ified successfully, which means that these users are credibleso that the network is safe and well arranged. In addition,unusual situations are considered. For example, when someof the users are broken or damaged, the TGM can generatea proof containing other users′ secrets. Consequently, theTGM acquires the information that some specific users needto be repaired, but the group remains safe, which is practicalin real systems.

Next, we introduce the definition of this problem. Weassume that a set of large groups needs to be verified,where each group is attached to more than one user in itsdifferent regions. Note that the users combined within thesame group are considered as one user group. The groupis arranged to be successfully authenticated after all theusers are fully verified, which guarantees that the wholegroup is considered to be safe. The proposed group userauthentication scheme should meet most of the securityrequirements without affecting its efficiency or increasing

TABLE 1: Notation used in the group users authenticationscheme

Notation Interpretation

CS Cloud ServerTGM The trusted group managerGi The user groupuseri The i-th user of group GiNG i The number of users in GirTGMi

The pseudo-random number gener-ated by the server

IDTGMiThe identifier of TGMi

GIDGiThe group identifier of group Gi

H An anti-collision hash functionH1 A hash function (map to nonzero

point)ruseri The pseudo-random number of

useri

P The generator of E(Fp)

fvuseri The feature vector of useriIDuseri The pseudo-identity of useriSGi

The group secret of group GirIDuser1

, ..., rIDuseriThe pseudo-random number gener-ated by the server

Suseri The secret of user useriProfGIDGi

The generated proof of group Gi

the cost. Moreover, the TGM should be provided with thefeedback of all the users in the group.

4.1 Design of the schemeWe divide the group authentication scheme into four phasesfor a better description. In the initialization phase, users areinitiated with the TGM’s identify along with the identifynumbers as soon as they are attached to the social group.The total number of users in the network is N . The TGMacquires NT GMi users identities and combines them withthe random numbers received from the server in the useracquisition phase. The proof of group G is generated in thegroup authentication phase, which links the entire group. Inthe verification phase, the proof is delivered to the server. Itis necessary to emphasize that the communication betweenthe server and the TGM is performed via a secure channel,while that between the TGM and the users is not safe andis vulnerable to various attacks. The notation used in ourproposed scheme is provided in Table 1.

4.1.1 Initial PhaseUser initialization is conducted in this phase. As we de-scribe above, one group is assumed to be combined withseveral users to ensure that the group is credible. Thegroup information, as well as the pseudo-identity IDuseri =H(IDi||fvuseri), is input in the memory of the users. Thepseudo-random numbers rIDi

of the users are stored in theserver database. Note that the user referred to here can be areusable user, which means that the user can be attached toanother group as necessary.

4.1.2 User Acquisition PhaseIn this phase, the users that respond to the TGM areregistered after verification. According to our design, it is




Useri in group GiTGMi of GiCloud Server

Generates rTGMi

ComputesMTGMi = (CIDTGMi ⊕ IDTGMi ) + ( STGMi ˅ rTGMi )

( IDTGMi, CIDTGMi, rTGMi )

Checks MTGMiGenerates ruseriComputesNuseri= [MTGMi - (CIDTGMi ⊕ IDTGMi )] ˅ ruseriQuseri= IDuseri ⊕ (SGi ˅ ruseri )Ruseri= ruseri* P

( IDTGMi , MTGMi , rTGMi )

( Nuseri , Quseri , Ruseri)

Generates ruser1, …, ruseri

Checks NuseriDerives IDuseri from Quseri

( IDTGMi , CIDTGMi , IDuser1, …, IDuseri )

(IDTGMi , CIDTGMi , ruser1, …, ruseri

)

Fig. 3: User acquisition phase

not necessary for the social group to collect all n users.The network allows authentication towards more than oneuser. We assume there are NGj users in one group that aresuccessfully registered. In extreme situations, only one userthat passes the authentication of the network can prove thatthe group is not invalid. However, whether the group iscredible remains unknown.

The detailed steps of this phase are as follows:

• The server generates a pseudo-random num-ber rTGMi

for TGM . Then, the server choosesthe group to be authenticated and delivers(IDTGMi

, GIDGi, rTGMi

) to TGM through a securechannel.

• TGM computes MGi= (GIDGi

⊕IDTGMi)+(SGi

∨rTGMi

) and sends (IDTGMi,MGi

, rTGMi) to all the

users in the group.• The user useri of group Gi checks the validity

of the received MGiand obtains its own pseudo-

random number ruseri from the TCS. Then, usericomputes Nuseri = [MGi

− (GIDGi⊕ IDTGMi

)] ∨ruseri , Quseri = IDuseri ⊕ (SGi

∨ ruseri) andRuseri = ruseri ∗ P . Next, the user useri responds(Nuseri , Quseri , Ruseri) to TGM .

• After receiving the information from the user, theTGM checks the validity of the acquired Nuseri andcomputes IDuseri from Quseri . When all the usershave been collected or the timer has expired, theTGM sends (IDTGMi

, GIDGi, IDuser1 , ..., IDuseri)

to the server in a secure way.• The server compares the received information and

the information stored in memory. If this com-parison succeeds, the server replies to the TGMwith (IDTGMi

, GIDGi, Ruser1 , ..., Ruseri), where

Ruser1 , ..., Ruseri denote the pseudo-random num-bers calculated for each user separately. The TGM

stores all this information in its database for the nextauthentication phase.

The characterization of the user acquisition phase is de-scribed briefly in Fig. 4.

4.1.3 Group Authentication PhaseThis phase is the most important part of the authenticationphase and focuses on gathering the secrets of each userand combining this information according to the user′ssequence number IDuseri . Instead of using the user′s realsequence number IDuseri , we compute a temporary identi-fier TempIduseri , which is the product of a random num-ber ruseri and IDuseri . The TempIduseri of user useri isexchanged between the user and the TGM during the com-munication, which shows sufficient resistance to the tracingproblems of smart users. In addition, the random numberruseri is randomly selected by the user and is upgraded afterevery authentication progress. In the group authenticationphase, the TGM does not terminate the process when therequested user fails to respond. In other words, the TGMskips to the next normal user after the timer expires. Thisapproach prevents intervention in the whole system byabnormal users or user groups, which makes the authen-tication process more efficient.

The main steps of the group authentication phase are asfollows:

• TGM computes r′

user1 = e(Ruser1 , H1(IDuser1))and TempIduser1 = (GIDGi

⊕ IDuser1) ∨(r′

user1 ⊕ IDTGMi). Then, the TGM delivers

(Quser1 , T empIduser1 , One, ruser1) to the first userin group Gi.

• The first user user1 in Gi checks the validityof TempIduser1 received from TGM and com-putes ProfGIDGi

= TempIduser1 ∨ (ruser1 ⊕




Useri in Group Gi

TGMi

Computesr’

user 1 = e(Ruseri, H1(IDuser1) )TempIduser1 = (GIDGi

⊕ IDuser1 ) ˅ (r’user1 ⊕ IDTGMi )

Checks TempIduser1ComputesProfGIDGi

= TempIduser1 ˅ ( ruser1 ⊕ Suser1 )𝐶user#= (IDuser1 ⊕ r’

user 1 ˅ N user 1 )

( Quser1, TempIduser1, One, ruser1 )

(TempIduser1, Cuser1 , ProfGIDGi)

Checks TempIduseriComputesProfGIDGi

= TempIduseri ˅ ( ruseri ⊕ Suseri )Cuseri = (IDuseri⊕ r’

useri ˅ Nuseri )

Checks Cuseri-1Computesr’

useri = ruseri ⊕ IDuseriTempIduseri = (GIDGi ⊕ IDuseri) ˅ (r’useri ⊕ IDTGMi )

( Quseri , TempIduseri , ProfGIDGi , ruseri )

(TempIduseri, Cuseri , ProfGIDGi)

User1 in Group Gi

Fig. 4: Group authentication phase

Suser1) and Cuser1 = (IDuser1 ⊕ r′

user1 ∨ Nuser1).After the computation is finished, user1 replies(TempIduser1 , Cuser1 , P rofGIDGi

) to TGM .• TGM checks the validity of Cuser1 and sends

(Quser2 , T empIduser2 , P rofGIDGi, ruser2) to the

next user of the group.• The user user2 in Gi checks the validity of

TempIduser2 received from TGM and computesProfGIDGi

= [TempIduser2 ∨ (ruser2 ⊕ Suser2 ] ⊕ProfGIDGi

) and Cuser2 = (IDuser2 ⊕ r′

user2 ∨Nuser2). Note that the ProfGIDGi

received fromTGM is generated by the previous user user1.Then, (TempIduser2 , Cuser2 , P rofGIDGi

) is repliedto TGM .

The above four steps continue to operate in this wayuntil TGM has acquired the private secret information ofall users in group Gi. A brief representation of this phase isshown in Fig. 3.

4.1.4 Verification PhaseIn the verification phase, the generated proof ProfGIDGi

and the sequence numbers of all the users in group Gi aresent to the server by TGM through a secure channel. Aftergetting all information about users in this social group, theTCS will check whether the value of r

′

useri and the value ofruseri are the same. As mentioned above, ruseri is generatedby the TCS and is stored in the TCS’s database. Then,the TCS can generate r

′

useri by Eq. 3. Finally, the TCS canauthenticate users in the group.

r′

useri = ProfGIDi∨ TempIduseri ⊕ Suseri (3)

When all the users in group Gi pass the authenticationphase, the state of this group can be confirmed. We canguarantee the state of the group even if only a portion of the

users are successfully authenticated. In this way, the groupis not totally credible, but the network can works well. In ad-dition, the server knows the identities of the untrustworthyusers based on the authentication information received fromTGM , which is convenient for the operation of networkmaintenance without checking all users in a social group.

The verification phase is briefly described in Fig. 5.

TGMi of GiCloud Server

Checks ProfGIDGi

( IDTGMi, CIDTGMi , ProfGIDGi, IDuser1, …, IDuseri)

Fig. 5: Verification phase

5 SECURITY ANALYSIS

In this Section, we analyze the security properties of ourscheme to prove that our scheme is reliable. The security ofour scheme is based on the ECDLP [44, 45].

5.1 Security against passive attacksIn the following lemma, we prove that the matrices Ai, i =1, 2, ..., v, generated from the user’s comments, have a uni-form distribution on Zt×r

q , which is impossible to computefrom another matrix.

Theorem 1. Let Ak and Ai be the chosen matrix, which isgenerated in Section 3, and x ∈ {0, 1}r be a random vector.In this lemma, Akx cannot be calculated from Aix in polynomialtime, where 1 ≤ k 6= i ≤ v.

Proof. Algorithm A takes Aix as the function’s input andoutputs Akx, where Ai and Ak are calculated in Section3. x is a random vector from Zt×r

q and is randomly chosen




from {0, 1}r . In addition,A can obtain the result with a non-negligible probability. By applying algorithmA, we proposean algorithm B that takes Mx and M ∈ Zt×r

q as input.Firstly, B selects a random matrix Ak from Zt×r

q . Accordingto lemma 2 in [46], Ak has full row rank with overwhelmingprobability. Next, B calculates a matrix E ∈ Zt×(r−t)

q . E’scolumns form a basis for the null space of matrix Ak (i.e.,AkE = 0t×(r−t)). Then, B computes Ai = M [A∗k E]−1.Note that Ai is uniformly distributed on Zt×r

q . A∗k ∈ Zt×rq

is the pseudo-inverse matrix of Ak, which can be calculatedas AT

k (AkATk )−1 because Ak has full row rank. The matrix

[A∗k E] is a reversible matrix because A∗k and E have fullcolumn rank. No column in matrix A∗k is a multiple of acolumn in E. Furthermore, AkA

∗k = It, where It has no zero

columns. Let y = [A∗k E]x. On input Mx = Aiy, the algo-rithm A outputs k = Aky = Ak[A

∗k E]x = [It AkE]x =

x1 +AkEx2 = x1, where x =[x1t×1

x2(r−t)×1

]T. Therefore,

on input Mx, the algorithm B can only get the first part ofx, which cannot be used to obtain all the information aboutthe matrix.

5.2 Security against active attacks

In addition, the scheme is resistant to various attacks [47].Social networks have great potential in daily communica-tion because they are convenient for data sharing. Notethat the computational resources consumed by the users inthe group authentication scheme are very small, which isconsistent with the requirements of low cost and low powerqualities of mobile users. Furthermore, each communicationis added to the protection of the transfer of information tomeet the strong privacy protection of users. Moreover, thescheme can be used to track attackers. The TGM controlsand monitors the entire network changes in the group au-thentication scheme, thereby improving security and practi-cality in social networks.

5.2.1 Resistance to replay attackIn our scheme, replay attack [18] is prevented by usingpseudo-identities. As we describe above, in the initial phase,the feature vector of useri is generated by the TGM, anduseri randomly selects ruseri to compute Ruseri . In ourmodel, the users take full control of the group authenticationscheme. As for data sharing among users in a social group,the pseudo-identity is calculated by the TGM and itself fromthe phrase group. The content of each share is not the same,so the pseudo-identities at different times are not equal.In addition, the user itself generates the random numberruseri in the initial phase in every session. The reuse of theprevious messages cannot pass the information of both theTGM and the other users, so the replay attack is prevented.

5.2.2 Resistance to eavesdroppingThe attackers may attempt to obtain shared data througheavesdropping [45] during the communication process,which is a common way for attackers to damage socialnetworks. In our scheme, the ID of the users, as well as thesecret keys, are under encryption. We apply IDi||fvuserito the communication between users so that it is not easyfor the attackers to acquire the privacy information of a

particular user through eavesdropping. Moreover, the TGMcontrols the generation of all pseudo-identities, and the dataexchanges between the TGM and normal users are assumedto be safe. As a result, the entire social networks in ourscheme are resistant to eavesdropping.

5.2.3 Resistance to physical attack

We assume that the attackers are able to destroy normalusers and to obtain all the secret information of the de-stroyed user. The attackers may even manage to clone oneuser and use it to cheat the TGM. However, in our scheme,one group is attached to a group of users. The group can beauthenticated with several malicious users in the network.To interrupt the authentication process, the attacker has todamage all the users in the social group, which is difficultand worthless. As the important facility of the entire socialnetwork, the TGM is assumed to be well protected byoutsourcing to a credible third party. As a result, physicalattacks towards the TGM are not considered in this paper.We attach significance to the security requirements of theusers rather than those of the TGM.

5.2.4 Resistance to tracing attack

Tracing attacks [48] towards users, especially users whohave low security levels, remain a big threat to both thegroup and the network. We classify tracing attacks into twotypes: tracing during the session and tracing between twosuccessful sessions. On the one hand, to prevent tracingattack during one session, the messages delivered betweenthe users and the TGM are all under encryption. The useof a pseudo-identity provides strong protection throughtracing during the session. In addition, the IDuseri of useriis changed along with data sharing. On the other hand,random number ruseri is used to change the Ruseri of useriafter every successful authentication session. As a result,tracing between two successful sessions is impossible.

5.2.5 Resistance to de-synchronization attack

In a de-synchronization attack [38], an adversary disturbsthe interactions between a user and the TGM by interceptingor blocking the packages. In our scheme, the real ID of thenode is not exposed in the authentication process. Instead,pseudo-identities are used. As a result, it is not necessaryfor users to update their secrets. In addition, the users arerelatively independent from each other. The compromisingof one user will not affect the entire group and the network.In this situation, if one or more users are blocked severaltimes, the users can also contact the TGM, i.e., the usersin the social group will not suffer from de-synchronizationattacks according to our design.

5.2.6 Assurance forward security

In our scheme, if the adversary obtains the secret informa-tion of the sensor node in the present round, the secureinformation of the previous rounds will not be leaked to theadversary [31]. The IDuseri in every round is generated andvalid only in the present round, which means that the secretinformation is not related to the previous round. Therefore,forward security is provided in the proposed scheme.




TABLE 2: Security comparison among our scheme and existing schemes

Jiang et al.’sscheme [18]

Shen et al.’sscheme [33]

Horng et al.’sscheme [34]

Our scheme

Replay Attack Y Y Y Y

Eavesdropping Y Y N Y

Physical Attack Y N Y Y

Tracing attack Y N Y Y

De-Synchronization Attack Y N Y Y

Forward Security N Y Y Y

5.3 Security comparisonIn this subsection, we compare security properties of theproposed scheme with [18], [33] and [34]. The comparisonresult is given in Table 2. In [18], the old password is sharedbetween the gateway node and the user, thus the forwardsecurity cannot be guaranteed. In [33], the secret informationis stored in local nodes, therefore the physical attack andthe tracing attack as well as the de-synchronization attackcannot be resisted. In [34], signatures can be forged byadversaries, so the eavesdropping cannot be withstood.From Table 2, it is easy to find that our scheme can satisfyall security properties.

6 PERFORMANCE EVALUATION

In this section, we compare the proposed scheme withHorng’s scheme [34] in the view of their computational cost.Note that all the point multiplication and exponentiation forthe authentication cost are operated at the user side in [18]and [33], while the authentication cost are only operated atthe server side in Horng’s scheme and our scheme. Hence,in the performance evaluation, we only compare our schemewith Horng’s scheme to show our advantages.

According to the design of the group user authentica-tion scheme, each user should receive 2 messages fromthe TGM. After receiving the 2 messages, the user per-forms necessary operations including point multiply onthe elliptical curve and modified Weil pairing computation.The computational cost in one group user authenticationscheme is mainly a result of pairing computation, pointmultiplications and exponentiation operations. The commu-nication cost mainly comes from the information exchangebetween users in the group user authentication phase. Forthe convenience of evaluating the computational cost, welet TH1, TH2, TXOR, TAO, TCO, TPC , TPM , TEO be the timeof implementing a hash to point function, a hash function, aXOR operation, an addition operation, a concatenation oper-ation, a modified Weil pairing, an elliptic curve point multi-plication and an exponential operation. To describe the com-putational cost of different schemes, we refer to the simplemethod in [49]. For example, in the user acquisition phaseof the group authentication scheme, useri will initially cal-culate Nuserj , Quserj and Ruserj . The computational cost ofmodified Weil pairing and elliptic curve point multiplicationfor each user is TPC and TPM , respectively. In the followingprocesses, useri will receive 2 messages from the TGM. Wecan easily see that the number of received messages by useriis 2. In the group authentication phase, useri will compute

(TempIduser1 , Cuser1 , P rofGIDGi). The total computation

cost of each user in the user acquisition phase is then2TXOR +3TAO +1TPM . In the group authentication phase,the method of calculating the computation cost of the threeoperations is the same as in the first round. We can obtainthe total computation cost as 1TH1+1TPC+2TXOR+2TAO .Finally, the computational cost in group authenticationscheme is TH1+TPC +TPM +4TXOR+5TAO for each user.The comparisons between our scheme and Horng’s schemeare shown in TABLE 3.

The PBC Library1 project was funded by Stanford Uni-versity. This project was designed to develop a tool forresearchers to verify the accuracy of schemes by targetingthe design of the schemes. To verify the performance ofour scheme, we provide an experimental evaluation of theproposed scheme. Our experiments are simulated using Cprogramming language with the PBC library and the GUNmultiple precision arithmetic (GMP) library2 on a Ubuntuoperating system with Intel Core Xeon E5-2650M processorsrunning at 2.60 GHz and 8 G memory, Ubuntu 14.04 X64.From our simulation, the time required to perform the hashfunction, hash to point function operation, a pairing compu-tation, point multiplication, exponentiation and addition isapproximately 8.065 ms, 0.005 ms, 2.067 ms, 3.069 ms, 3.072ms and 0.016 ms. The total time cost of each user in ourscheme is computed by 8.065+2.667+3.069+5× 0.016 =13.881ms. However, the time cost of each user in Horng’sscheme is 38.699ms.

We first simulate each phase of the group user authenti-cation scheme. The computation cost of the TGM does notrequire resources from the group users. Therefore, we do nottake the computation cost of the TGM into consideration.The comparison of different phases in our scheme is shownin Fig. 6. The initial phase is the preparation stage, and mostoperations are performed by the TGM. Fig. 6 shows the timeconsumed in two phases of our group user authenticationscheme.

In addition, Fig. 6 is used to describe the computationalcost of different phases of our scheme including the useracquisition phase and the group authentication phase. Wesimulated the computational cost of each phase from thefirst simulation to the 50th simulation. Note that simulationresults in different simulation times have some deviations.Hence, in order to better present simulation results in Fig. 7,we use the average value based on 50 simulation times

1. https://crypto.stanford.edu/pbc/2. https://gmplib.org




TABLE 3: Comparison results

Protocol Properties computational cost (one user) computational cost (u users) round user authentication

Horng’s scheme [34] 2TH1 + 1TH2 + 2TPC + 6TPM +1TXOR + 1TAO + 1TCO

2uTH1+uTH2+2uTPC+6uTPM+uTXOR + uTAO + uTCO

3 yes

Our scheme TH1+TPC+TPM+4TXOR+5TAO uTH1+uTPC+uTPM +4uTXOR+5uTAO

2 yes

Fig. 6: Computational cost in different phases of ourscheme

Fig. 7: Computational cost in different numbers of users

to depict the computational cost for different schemes indifferent numbers of users. Note that the number of usershas an important impact on the performance of the groupuser authentication scheme. Fig. 7 shows the comparisonbetween our scheme and Horng’s scheme. It is obvious thatthe growth rate of the time cost in our scheme is lower thanthat in Horng’s scheme. Furthermore, the performance ofour scheme is more stable than that of Horng’s scheme.

7 CONCLUSION

In this paper, we propose a content-centric group userauthentication scheme to achieve data sharing and to protectusers’ privacy by solving the problem of generating pseudo-identities based on the word’s TF * IDF value. The proposedscheme is based on the design of a group manager and thepseudo-identity of users in one social group. In our scheme,the content-centric computing system is used to calculatethe user’s feature vector, which can be used as a part ofuser’s pseudo-identity, so as to protect the user’s real ID

during the group authentication. According to the securityanalysis, our scheme can resist multiple attacks. When theattacker wants to infiltrate the network, the TGM can detectit with the help of normal users. Meanwhile, the group userauthentication scheme is not interrupted by the attacker. Inaddition, the computational costs of our scheme are lowerthan those of the existing schemes. In the further work,we plan to improve the scheme by solving the followingproblems.

• Deleting the information of users who want to leavethe group.

• Keeping in sync between the TGM and the TCS.• Determining the trusted group manager from more

than one group managers.

REFERENCES

[1] T. Koponen, M. Chawla, B. G. Chun, A. Ermolinskiy,K. H. Kim, S. Shenker, and I. Stoica, “A data-oriented(and beyond) network architecture,” Acm SigcommComputer Communication Review, vol. 37, no. 4, pp. 181–192, 2007.

[2] S. Tarkoma, D. Trossen, and Mikko, “Black boxes:making ends meet in data driven networking,” in In-ternational Workshop on Mobility in the Evolving InternetArchitecture, 2008, pp. 67–72.

[3] K. Pentikousis, “Distributed information object resolu-tion,” in The Eighth International Conference on Networks,2009, pp. 360–366.

[4] V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass,N. H. Briggs, and R. L. Braynard, “Networking namedcontent,” in ACM Conference on Emerging NetworkingExperiments and Technology, 2009, pp. 1–12.

[5] R. Torgersrud, G. M. Gongaware, and M. J. Collins,“Secure social network,” 2016.

[6] H. Rong, T. Ma, M. Tang, and J. Cao, “A novel subgraphk+ -isomorphism method in social network based ongraph similarity detection,” Soft Computing, pp. 1–19,2017.

[7] Q. Xu, Z. Su, and K. Yang, “Optimal control theorybased epidemic information spreading scheme for mo-bile social users with energy constraint,” IEEE Access,vol. 2017, no. 5, pp. 14 107–14 118, 2017.

[8] X. Chen, J. Li, X. Huang, J. Ma, and W. Lou, “Newpublicly verifiable databases with efficient updates,”IEEE Transactions on Dependable and Secure Computing,vol. 12, no. 5, pp. 546–556, 2015.

[9] J. Shen, T. Zhou, X. Chen, J. Li, and W. Susilo, “Anony-mous and traceable group data sharing in cloud com-puting,” IEEE Transactions on Information Forensics andSecurity, 2017, doi: 10.1109/TIFS.2017.2774439.




[10] M. L. Das, “Two-factor user authentication in wirelesssensor networks,” IEEE Transactions on Wireless Commu-nications, vol. 8, no. 3, pp. 1086–1090, 2009.

[11] Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enablingpersonalized search over encrypted outsourced datawith efficiency improvement,” IEEE Transactions on Par-allel and Distributed Systems, vol. 27, no. 9, pp. 2546–2559, 2016.

[12] J. Shen, D. Liu, J. Shen, Q. Liu, and X. Sun, “Asecure cloud-assisted urban data sharing frameworkfor ubiquitous-cities,” Pervasive and Mobile Computing,2017, DOI: 10.1016/j.pmcj.2017.03.013.

[13] R. L. Rivest, A. Shamir, and L. Adleman, A method forobtaining digital signatures and public-key cryptosystems.ACM, 1983.

[14] L. Harn, “Group authentication,” IEEE Transactions onComputers, vol. 62, no. 9, pp. 1893–1898, 2013.

[15] F. Miao, X. Yan, X. Wang, and M. Badawy, “Random-ized component and its application to ( t , m , n )-group oriented secret sharing,” IEEE Transactions onInformation Forensics and Security, vol. 10, no. 5, pp. 889–899, 2015.

[16] D. He, N. Kumar, H. Wang, L. Wang, K.-K. R.Choo, and A. Vinel, “A provably-secure cross-domain handshake scheme with symptoms-matchingfor mobile healthcare social network,” IEEE Transac-tions on Dependable and Secure Computing, 2016, doi:10.1109/TDSC.2016.2596286.

[17] Y. Hui, Z. Su, and S. Guo, “Utility based data com-puting scheme to provide sensing service in internet ofthings,” IEEE Transactions on Emerging Topics in Comput-ing, 2017, doi: 10.1109/TETC.2017.2674023.

[18] Q. Jiang, J. Ma, F. Wei, Y. Tian, J. Shen, and Y. Yang,“An untraceable temporal-credential-based two-factorauthentication scheme using ecc for wireless sensornetworks,” Journal of Network and Computer Applications,vol. 76, pp. 37–48, 2016.

[19] R. Safavi-Naini and S. Jiang, “Non-interactive confer-ence key distribution and its applications,” in ACMSymposium on Information, Computer and Communica-tions Security, 2008, pp. 271–282.

[20] S. Jiang, “Group key agreement with local connectiv-ity,” IEEE Transactions on Dependable and Secure Comput-ing, vol. 13, no. 3, pp. 326–339, 2016.

[21] A. Georgescu, “Anonymous lattice-based broadcast en-cryption,” Lecture Notes in Computer Science, vol. 7804,pp. 353–362, 2017.

[22] Z. Zhou, D. Huang, and Z. Wang, “Efficient privacy-preserving ciphertext-policy attribute based encryptionand broadcast encryption,” IEEE Transactions on Com-puters, vol. 64, no. 1, pp. 126–138, 2014.

[23] D. Boneh and M. Naor, “Traitor tracing with constantsize ciphertext,” in ACM Conference on Computer andCommunications Security, 2008, pp. 501–510.

[24] X. Du, Y. Wang, J. Ge, and Y. Wang, “An id-basedbroadcast encryption scheme for key distribution,”IEEE Transactions on Broadcasting, vol. 51, no. 2, pp. 264–266, 2005.

[25] C. L. Wang, G. Horng, Y. S. Chen, and T. P. Hong, AnEfficient Key-Update Scheme for Wireless Sensor Networks.Springer Berlin Heidelberg, 2006.

[26] A. Shamir, How to share a secret. ACM, 1979.[27] L. Harn and C. Lin, “Strong ( n , t , n ) verifiable secret

sharing scheme,” Information Sciences, vol. 180, no. 16,pp. 3059–3064, 2010.

[28] J. Li, X. Chen, X. Huang, S. Tang, Y. Xiang, M. M. Has-san, and A. Alelaiwi, “Secure distributed deduplicationsystems with improved reliability,” IEEE Transactions onComputers, vol. 64, no. 12, pp. 3569–3579, 2015.

[29] H. Y. Lin, C. Y. Yang, and M. Y. Hsieh, Secure MapReduce Data Transmission Mechanism in Cloud ComputingUsing Threshold Secret Sharing Scheme. Springer BerlinHeidelberg, 2012.

[30] P. Feldman, “A practical scheme for non-interactiveverifiable secret sharing,” in Symposium on Foundationsof Computer Science, 1987, pp. 427–438.

[31] C. Tang, D. Pei, Z. Liu, and Y. He, “Non-interactive andinformation-theoretic secure publicly verifiable secretsharing,” Crypto, vol. 576, no. 12, pp. 129–140, 2008.

[32] Stinson, R. Douglas, and Wei, “Unconditionally secureproactive secret sharing scheme with combinatorialstructures,” in International Workshop on Selected Areasin Cryptography, 1999, pp. 200–214.

[33] J. Shen, S. Chang, J. Shen, Q. Liu, and X. Sun,“A lightweight multi-layer authentication protocol forwireless body area networks,” Future Generation Com-puter Systems, 2016, doi: 10.1016/j.future.2016.11.033.

[34] S. J. Horng, S. F. Tzeng, Y. Pan, P. Fan, X. Wang,T. Li, and M. K. Khan, “b-specs+: Batch verification forsecure pseudonymous authentication in vanet,” IEEETransactions on Information Forensics and Security, vol. 8,no. 11, pp. 1860–1875, 2013.

[35] B. Dan and M. Franklin, “Identity-based encryptionfrom the weil pairing,” Siam Journal on Computing,vol. 32, no. 3, pp. 213–229, 2003.

[36] J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun, andY. Xiang, “Block design-based key agreement forgroup data sharing in cloud computing,” IEEE Trans-actions on Dependable and Secure Computing, 2017, doi:10.1109/TDSC.2017.2725953.

[37] A. Castiglione, A. D. Santis, B. Masucci, F. Palmieri,A. Castiglione, J. Li, and X. Huang, “Hierarchical andshared access control,” IEEE Transactions on InformationForensics and Security, vol. 11, no. 4, pp. 850–865, 2016.

[38] Z. Xia, X. Wang, L. Zhang, Z. Qin, X. Sun, and K. Ren,“A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing,”IEEE Transactions on Information Forensics and Security,vol. 11, no. 11, pp. 2594–2608, 2017.

[39] S. Blakewilson, D. Johnson, and A. Menezes, “Keyagreement protocols and their security analysis,” inIMA International Conference on Cryptography and Cod-ing, 1997, pp. 30–45.

[40] Z. Fu, X. Wu, C. Guan, X. Sun, and K. Ren, “Towardefficient multi-keyword fuzzy search over encryptedoutsourced data with accuracy improvement,” IEEETransactions on Information Forensics and Security, vol. 11,no. 12, pp. 2706–2716, 2017.

[41] J. Shen, J. Shen, X. Chen, X. Huang, and W. Susilo,“An efficient public auditing protocol with noveldynamic structure for cloud data,” IEEE Transac-tions on Information Forensics and Security, 2017, doi:




10.1109/TIFS.2017.2705620.[42] I. A. El-Khair, TF*IDF. Springer US, 2009.[43] J. Li, X. Li, B. Yang, and X. Sun, “Segmentation-based

image copy-move forgery detection scheme,” IEEETransactions on Information Forensics and Security, vol. 10,no. 3, pp. 507–518, 2017.

[44] W. Stallings, “Cryptography and network security:Principles and practice,” 2010.

[45] B. Dan and M. Franklin, “Identity-based encryptionfrom the weil pairing,” in International Cryptology Con-ference, 2001, pp. 213–229.

[46] H. Pilaram and T. Eghlidos, “An efficient lattice basedmulti-stage secret sharing scheme,” IEEE Transactionson Dependable and Secure Computing, vol. 14, no. 1, pp.2–8, 2017.

[47] W. Stallings, “Cryptography and network security:Principles and practice,” International Annals of Crimi-nology, vol. 46, no. 4, pp. 121–136, 2008.

[48] J. Shen, S. Moh, and I. Chung, “Identity-based keyagreement protocol employing a symmetric balancedincomplete block design,” Journal of Communicationsand Networks, vol. 14, no. 6, pp. 682–691, 2012.

[49] D. He, J. Chen, and H. Jin, “An id-based client authen-tication with key agreement protocol for mobile client-server environment on ecc with provable security,”Information Fusion, vol. 13, no. 3, pp. 223–230, 2012.

Jian Shen received a B.E. degree from NanjingUniversity of Information Science and Technol-ogy, Nanjing, China in 2007 and M.E. and Ph.D.degrees in Computer Science from Chosun Uni-versity, Gwangju, South Korea in 2009 and 2012,respectively. Since late 2012, he has been aprofessor at Nanjing University of InformationScience and Technology, Nanjing, China. Hisresearch interests include computer networking,security systems, mobile computing and net-working, ad hoc networks and systems, and

ubiquitous sensor networks.

Anxi Wang received a B.E. degree in 2016 andis currently working toward an M.E. degree atNanjing University of Information Science andTechnology, Nanjing, China. He focuses on keyagreement protocols in networks and securitysystems. His research interests include ad hocnetworks and systems, network security, infor-mation security, and wireless sensor networks.

Chen Wang received a B.E. degree in 2016 andis currently working toward an M.E. degree atNanjing University of Information Science andTechnology, Nanjing, China. He focuses on di-rectional antennas in ad hoc networks. His re-search interests include ad hoc networks andsystems and wireless sensor networks.

Jiguo Li received a Ph.D. degree from HarbinInstitute of Technology in 2003. Since 2003, hehas been with Hohai University. He is currentlya Professor with the College of Computer andInformation Engineering. His major research in-terests include information security and cryptog-raphy, network security, wireless security, andtrusted computing. He has published more than70 academic papers and two books. He hasserved as a PC Member of several internationalconferences and as a Reviewer of international

journals and conferences.

Yan Zhang is Full Professor at the Departmentof Informatics, University of Oslo, Norway. He re-ceived a Ph.D. degree from the School of Electri-cal & Electronics Engineering, Nanyang Techno-logical University, Singapore. He is an AssociateTechnical Editor of IEEE Communications Mag-azine, an Editor of IEEE Transactions on GreenCommunications and Networking, an Editor ofIEEE Communications Surveys & Tutorials, anEditor of IEEE Internet of Things Journal, and anAssociate Editor of IEEE Access. He serves as

a chair of a number of conferences, including IEEE GLOBECOM 2017,IEEE VTC-Spring 2017, IEEE PIMRC 2016, IEEE CloudCom 2016,IEEE ICCC 2016, IEEE CCNC 2016, IEEE SmartGridComm 2015, andIEEE CloudCom 2015. He serves as a TPC member for numerousinternational conference, including IEEE INFOCOM, IEEE ICC, IEEEGLOBECOM, and IEEE WCNC. His current research interests include:next-generation wireless networks leading to 5G, green and securecyber-physical systems (e.g., smart grid, healthcare, and transport). Heis IEEE VTS (Vehicular Technology Society) Distinguished Lecturer. Heis also a senior member of IEEE, IEEE ComSoc, IEEE CS, IEEE PES,and IEEE VT society. He is a Fellow of IET.

journal of latex class files, vol. 14, no. 8, august 2015...

Documents