Provably Secure Single Sign-on Scheme in Distributed Systems and Networks
|
|
- Daniela Walton
- 8 years ago
- Views:
Transcription
1 0 IEEE th Internatonal Conference on Trust, Securty and Prvacy n Computng and Communcatons Provably Secure Sngle Sgn-on Scheme n Dstrbuted Systems and Networks Jangshan Yu, Guln Wang, and Y Mu Center for Computer and Informaton Securty Research School of Computer Scence and Software Engneerng Unversty of Wollongong, Australa Emal: {y898,guln,ymu}@uow.edu.au Abstract Dstrbuted systems and networks have been adopted by telecommuncatons, remote educatons, busnesses, armes and governments. A wdely appled technque for dstrbuted systems and networks s the sngle sgn-on (SSO) whch enables a user to use a untary secure credental (or token) to access multple computers and systems where he/she has access permssons. However, most exstng SSO schemes have not been formally proved to satsfy credental prvacy and soundness of credental based authentcaton. To overcome ths drawback, we formalse the securty model of sngle sgn-on scheme wth authentcated key exchange. Specally, we pont out the dfference between soundness and credental prvacy, and defne them together n one defnton. Also, we propose a provably secure sngle sgn-on authentcaton scheme, whch satsfes soundness, preserves credental prvacy, meets user anonymty, and supports sesson key exchange. The proposed scheme s very effcent so that t suts for moble devces n dstrbuted systems and networks. Index Terms Sngle sgn-on, Dstrbuted systems and networks, Soundness, Authentcaton, Informaton securty. I. INTRODUCTION Wth the wde spreadng of dstrbuted computer networks, varous network servces have ganed mportance and popularty n recent few years [][]. Consequently, user authentcaton [3] has been wdely used n dstrbuted computer networks to dentfy a legal user who requres accessng network servces. To prevent bogus servers, mutual authentcaton should be consdered, and also, a sesson key establshment s normally requred. In addton, user prvacy may be desred n dstrbuted computng envronments snce the nformaton exchanged mght be abused by some organzatons for marketng purposes [4]. However, desgnng effcent and secure mutual authentcaton protocols s challengng n computer networks. Moreover, wth the ncreasng usage of network servces, a user may need to mantan more and more ID/password pars for accessng dfferent dstrbuted servce provders, whch mpose a burden on users and servce provders as well as the communcaton overhead of computer networks. Sngle sgn-on (SSO) mechansm [5] provdes a good remedy to ths problem, as t allows a user wth a sngle credental to access multple servce provders. Intutvely, there are three basc securty requrements for SSO schemes, namely completeness, soundness and credental prvacy [6], [6]. However, to the best of our knowledge soundness has not been formally studed yet and how to preserve both soundness and credental prvacy s stll a challenge [6]. In 000, Lee and Chang [7] frst proposed an SSO scheme wth user anonymty. Later, Wu and Hsu [8] ponted out that Lee-Chang scheme suffers from masqueradng attack and dentty dsclosure attack. Meanwhle, Yang et al. [9] showed that Wu-Hsu scheme can not preserve credental prvacy ether snce a malcous servce provder can recover users credentals, and then proposed an mprovement to overcome ths lmtaton. In 006, however, Mangpud and Katt [0] ponted out that Yang et al. s scheme s nsecure aganst DoS (Denable of Servce) attack and presented a new scheme. In 009, Hsu and Chuang [] demonstrated that both Yang et al. and Mangpud-Katt schemes have not provded user anonymty snce ther schemes are vulnerable to dentty dsclosure attacks. To prevent such attacks, Hsu and Chuang proposed an RSA-based user dentfcaton scheme. Recently, Chang and Lee [] ponted out that Hsu-Chuang scheme s vulnerable to mpersonaton attacks and the scheme requres addtonal tme-synchronzed mechansms whch has unstable latency n dstrbuted networks. Then, they proposed a user anonymty preservng mprovement wth hgh effcency. The scheme uses random nonce to replace addtonal tmesynchronzed mechansm, does not need PKI (Publc key nfrastructure) for users, and suts for moble devce users. However, the securty analyss [6] shows that Chang-Lee scheme fals to provde proper user authentcaton and to preserve credental prvacy snce the knowledge proof of user authentcaton guarantees nether soundness nor credental prvacy. As promoted n [6], t s worthy to overcome the flaws n Chang-Lee scheme to obtan an effcent and provably secure scheme for moble devce users n dstrbuted systems and networks. Moreover, the soundness of credental based authentcaton should be formalsed and the credental prvacy should be preserved. Motvated to solve these ssues, n ths paper we frst specfy a formal model for SSO wth a unfed defnton to formally specfy soundness and credental prvacy (Secton II). Then, after revewng Chang-Lee SSO scheme n Secton III and Schnorr sgnature [3] n Secton IV, we mprove Chang-Lee scheme by explotng Schnorr sgnature n Secton V due to ts smplcty and unforgeablty [4], [5], whle keep Chang-Lee s sesson key establshment part / $ IEEE DOI 0.09/TrustCom.0.8 7
2 unchanged. The securty of the proposed protocol s dscussed n Secton VI. Fnally, secton VII concludes ths paper. II. FORMAL MODEL In ths secton we present a formal model to defne authentcated key exchange sngle sgn-on (AKESSO) scheme and ts securty requrements. Specally, we lst the components (e.g. syntax) of AKESSO, defne correctness, descrbe an adversary model, and formally specfy three securty propertes, ncludng secure credental based user authentcaton, secure credental based servce provder authentcaton, and sesson key securty. Defnton. An authentcated key exchange sngle sgnon (AKESSO) scheme comprses a trusted credental provder TCP, a group of servce provders P and a group of users U. It conssts of eght algorthms and one protocol: ntalzaton algorthm Int( ), dentty generaton algorthm IdGen( ), credental generaton algorthm CGen( ), credental verfcaton algorthm CV er( ), user proof generaton algorthm UPGen( ), user proof verfcaton algorthm UPVer( ), servce provder proof generaton algorthm SPPGen( ), and servce provder proof verfcaton algorthm SPPV er( ), and key exchange protocol. ) Int(λ): Takng securty parameter λ 0 (or λ ) as nput, outputs the publc/prvate key par (PK,SK) for TCP (or (PK,SK ) for P P ). ) IdGen(RI ): Takng regstraton nformaton RI as nput, outputs an unque dentty ID for a user U U. 3) CGen(ID,SK): Takng an dentty ID and TCP s prvate key SK as nput, outputs a credental C for user U. 4) CV er(c,id,pk): Takng credental C, an dentty ID, and TCP s publc key PK as nput, outputs or 0 for acceptng or reectng credental C respectvely. 5) UPGen(C,ID,PK,M): Takng a credental C,an dentty ID, TCP s publc key PK and a temporal message M generated n a sesson as nput, outputs a user proof up showng user U s knowledge of credental C. 6) UPVer(up,ID,PK,M): Takng a user proof up,an dentty ID, TCP s publc key PK, and a temporal message M generated n a sesson as nput, outputs or 0 for acceptng or reectng up as a vald credental proof w.r.t. dentty ID respectvely. 7) SPPGen(SK,M ): Takng servce provder P s prvate key SK and a temporal message M generated n a sesson as nput, outputs a servce provder proof spp showng P s knowledge of SK. 8) SPPV er(spp,pk,m ): Takng a servce provder proof spp, P s publc key PK, and a temporal message M generated n a sesson as nput, outputs or 0 for acceptng or reectng spp as a vald servce provder proof w.r.t. publc key PK respectvely. 9) : Ths s a key exchange protocol run by a user U wth prvate nput C and a servce provder P wth prvate nput SK. After the completon of each protocol nstance, U wll output a sesson key K f he/she accepts P. Smlarly, after the completon of each protocol nstance P wll output a sesson key K f t accepts U. (Ideally, K and K are expected to be the same value.) Remark. The above defnton focuses on publc key based AKESSO wth non-nteractve proofs. It could be extended to support nteractve proofs, where sp and ssp are generated by nteractve protocols run by user U and servce provder P. However, defnng symmetrc key based AKESSO wll be another story, whch s out the scope of ths paper. Remark. Compared to Han et al. s formal model gven n [6], we requre key exchange n AKESSO, and each user does not need to hold a publc/prvate key par. However, n Han et al. s defnton TCP (called IdP n ther paper) s less trusted as t wll not be able to mpersonate any user: Each user wll run a zero knowledge protocol to show that he/she knows the prvate key correspondng to the publc key embedded n hs/her credental. Before formally defnng securty propertes, we naturally requre an AKESSO should be correct. Namely, a credental C generated by the trusted credental provder TCP wll be vald, a user proof up ssued properly by user u who holds a vald credental C wll be accepted by a servce provder P accordng to UPVer algorthm, a servce provder proof spp ssued properly by P wll be accepted by user U accordng to SPPV er algorthm, and U and P wll accept each other and output the same sesson key f they honestly run the key exchange protocol. Formally, we defne correctness as below. Defnton. (Correctness) An AKESSO scheme s called correct f t satsfes all the followng condtons: ) For any RI and any key par (PK,SK), fid IdGen(RI ) and C CGen(ID,SK), then CV er(c,id,pk)=. ) For any ID, any key par (PK,SK) and any M, f C CGen(ID,SK) and up UPGen(C,ID,PK,M), then UPVer(up,ID, PK,M)=. 3) For any key par (PK,SK ) and any M, f spp SPPGen(SK,M ), then SPPV er(spp,pk,m )=. 4) For any user U wth vald credental C and servce provder P wth prvate key SK, f both of them run the key exchange protocol honestly, then they wll accept each other and output the same sesson key,.e., K = K. Informally, an AKESSO scheme s secure f all the desred functonaltes gven n the above defnton can be carred out only by the proper enttes,.e., not by attackers who 7
3 are allowed to access all possble resources n a rgorously specfed adversary model. In fact, we shall defne securty of SSO authentcaton whch corresponds to tems ) to 3), and sesson key prvacy whch corresponds to tem 4). To further defne these securty propertes, we specfy the adversary model as follows: Let TCP be the trusted authorty oracle wth ts key par (SK,PK), U,P be the user oracle smulatng a set of all regstered users, nteractng wth the servce provder oracle n sesson, and P,U be the servce provder oracle smulatng a set of all regstered servce provders, nteractng wth the user oracle n the sesson. A probablstc polynomal tme (PPT) adversary A can ask the followng oracle queres. ) O : Regster(,U) Upon recevng ths query, the TCP wll run IdGen(RI A ) and CGen(ID A,SK) algorthms, and output a new user dentty ID A wth correspondng credental C A to A who can verfy the credental by runnng CV er( ). ) O : Regster(,P) Upon recevng ths query, the system wll run Int(λ ) and output P A s prvate/publc key par (SK A,PK A ) together wth dentty SID A to A. 3) O 3 : Execute(U,P ) Upon recevng ths query, U,P and P,U wll execute protocol as U and P n, respectvely. The exchanged messages between them wll be recorded and sent to A. Here, we requre that both U s credental and P s prvate key are not been corrupted by A va O and O oracles. 4) O 4 : Send(U,m,f) Ths query sends the message m as message flow f {0,,,n} to the user oracle U,P whch smulates a user U, and then, the oracle computes message honestly n, and sends responses back to A, where n s the total number of messages transmtted n protocol. If a user s the protocol ntator by default, A can also start a new sesson by askng Send(U,, 0), where denotes an empty set. 5) O 5 : Send(P,m,f) Ths query sends the message m as message flow f {0,,,n} to the user oracle P,U whch smulates a servce provder P, and then, the oracle computes message honestly n, and sends responses back to A. If a servce provder s the protocol ntator by default, A can also start a new sesson by askng Send(P,, 0). 6) O 6 : Reveal(,) Ths query models the leakage of sesson key n sesson. Ths query only can be asked when a sesson key has been shared between a servce provder and a user n sesson. Remark 3. O 3 smulates the real envronment for a passve attacker A who can eavesdrop all messages exchanged between U and P when executng protocol.ifa knows U s credental C and P s prvate key SK, oracle O 3 s not necessary as A can run protocol by tself on behalf of them. If A knows one of these two secrets but not both, A can run protocol wth U (P ) whose secret s not released va executng oracle O 4 (O 5 ). Remark 4. O 4 smulates the real envronment for an actve attacker A who may obtan a servce provder P s prvate key SK, send message m as message flow f {0,,,n} to a target user U and then get the correspondng response. To answer ths oracle, U wll generate hs/her response accordng to the specfcaton of protocol and sends t to A. Notes that f U dd not receve all necessary prevous messages that match ths message wth message flow f, ths oracle request wll be reected, snce t s meanngless n the vew pont of U. Actually, O 4 also provdes adversary A oracle access on algorthm UPGen( ) snce U,P wll run UPGen( ) somehow n executng. In our constructon, UPGen( ) s Schnorr sgnature generaton algorthm. In ths case, on the one hand, oracle O 4 may be not stronger than the sgnng oracle n Game-UFCMA revewed n secton IV, snce the temporal message M, one nput of algorthm UPGen( ), may be ontly decded by U and A (playng the role of one P ), rather than ust by A. So, t may be hard for A to get U s user proof for any arbtrary message M. On the other hand, adversary A may be not weaker than the forger n Game- UFCMA snce besdes O 4 we also offer other oracle queres, whch may ncrease A s ablty. We omt a smlar remark whch apples to O 5. To formally defne the soundness and credental prvacy, we frst dscuss the dfference between soundness and credental prvacy snce the maorty of exstng schemes only consder the credental prvacy. The credental prvacy requres unforgeablty and rrecoverableness. The former guarantees that any PPT adversary A has only a neglgble probablty for successfully forgng a vald credental C t of a target user U t n the credental generaton phase, whle the latter requres that n user authentcaton phase, any A can only recover C t wth a neglgble probablty. Soundness s also crtcal n the user authentcaton phase as t ensures that any A wthout a vald credental can only generate a user proof up that passes through user authentcaton wth a neglgble probablty. The exstng studes [6], [] only focus on f a vald credental can be forged or recovered by attackers, but do not consder f a vald credental s defntely necessary for generatng a vald user proof. We shall defne these three propertes as a sngle defnton (but one for users and one for servce provders). Let A O denotes an adversary A who has access to all oracle queres n O = {O =,,, 6} n adversary model; let the credental holder U wth dentty ID and credental C, and the servce provder P wth dentty SID and key par (SK,PK ) are two polynomal-tme Turng machnes. Let U and P nteract wth each other, and place A between U and P. ɛ denotes a neglgble functon. We defne secure credental based user authentcaton as follows: Defnton 3. (Secure credental based user authentcaton (SCUA)) An AKESSO scheme acheves secure credental based user authentcaton, f any PPT adversary A has a neglgble advantage Adv SCUA (A O ) for creatng a vald user proof wthout holdng the correspondng credental. Formally, 73
4 for any PPT A, Adv SCUA (A O) = Pr[(IDt,up t,m) A O UPVer(up t,id t,pk,m)=] ɛ wth the followng restrctons: A has not obtaned the credental C t correspondng to ID t va O - Regster(,U) oracle; and A has not obtaned any vald user proof up t for message M by askng any oracle n O, n partcular O 3 and O 4. Smlarly, the defnton of secure servce provder authentcaton s gven as below: Defnton 4. (Secure servce provder authentcaton (SSPA)) An AKESSO scheme acheves secure servce provder authentcaton, f any PPT adversary A has a neglgble advantage Adv SSPA (A O ) for forgng a vald servce provder proof wthout holdng the correspondng servce provder s prvate key. Formally, for any PPT A, Adv SSPA (A O ) = Pr[(PK t,m,spp t ) A O SPPV er(pk t,m,spp t )=] ɛ wth the followng restrctons: A has not obtaned the prvate key SK t correspondng to SID t va O - Regster(,P) oracle; A has not obtaned any vald servce provder proof spp t for message M by askng any oracle n O, n partcular O 3 and O 5. Here, we revew the freshness and test query Test(,) for defnng sesson key securty [7]. An adversary can get sesson keys by askng O 6. We say the sesson key s fresh f and only f the O 6 query has not been asked w.r.t. ths sesson. In other words, the fresh sesson key must be unknown to the adversary. For smplcty, we call the test query as O 7, whch s a game defned as follows: O 7 Test(,): In protocol,f U,P and P,U accept and share the same fresh sesson key n sesson, upon recevng ths query, by tossng a con b the correct sesson key s returned f b = 0, otherwse, a random sesson key s returend. A only can ask ths query one tme and A needs to output one bt b as the result of guessng b. A s advantage n attackng the sesson key securty (SKS) of protocol s defned as Adv SKS (A O )= Pr[b = b], where O = O {O 7 }. Sesson key securty [7] models adversary A s nablty to dstngush the real sesson key and a random strng, as formally defned below. Defnton 5. (Sesson Key Securty) We say an AKESSO satsfes sesson key securty f for any PPT adversary A, Adv SKS (A O ) ɛ, where O = O {O 7 }. Fnally, we can gve the defnton of secure authentcated key exchange sngle sgn-on scheme. Defnton 6. (Secure Authentcated Key Exchange Sngle Sgn-On Scheme): An AKESSO scheme s called secure f t s correct and satsfes SCUA, SSPA, and sesson key securty. III. REVIEW OF CHANG-LEE S SCHEME In 0, Chang and Lee [] proposed an mproved effcent remote user dentfcaton scheme for moble devce users, the scheme employs sngle sgn-on technque, supports sesson key establshment, and preserves user anonymty. However, the scheme nether provdes credental prvacy nor soundness due to [6]. In ths secton, We brefly revews the Chang-Lee scheme and ts drawbacks. A. Revew of the Scheme Chang-Lee s SSO scheme conssts of three phases: system ntalzaton, regstraton, and user dentfcaton. The detals are as follows. ) System Intalzaton Phase: The trusted authorty TCP determnes the RSA key par (e, d) and a generator g, and publshes publc parameters. ) Regstraton Phase: In ths phase, the trusted authorty sgns an RSA sgnature S =(ID h(id )) d mod N to user U as the credental. For each servce provder P, he needs to mantan hs own RSA publc parameters (ID,e,N ) and prvate parameter d smlar as TCP. 3) User Identfcaton Phase: In ths phase, the sesson key s K = h(id k ), where k s the plan Dffe- Hellman sesson key. For dentfyng servce provders, an RSA sgnature scheme has been used; for user authentcaton, the user need to provde a proof z = S h(k k n) mod N of credental S, where k s user s sesson key materal and n s a random nonce selected by the user. For the purpose of anonymty, the random nonce n 3 and user dentty whch used for proof checkng has been encrypted va symmetrc key encrypton scheme wth sesson key K (treated as encrypton key). The user can pass authentcaton f z e mod N dose hold, and the user beleves that they are share the same sesson key f the hashed n 3 has been receved. mod N = SID h(k k n) B. Revew of Attacks Two hgh rsky attacks are dentfed n [6] on Chang- Lee scheme. The former allows a malcous P to recover user credental; the latter enables an adversary passng user authentcaton wthout a vald credental. They are brefly revewed below. ) Credental Recoverng Attack: A user U can pass authentcaton f he provdes the vald proof z of knowledge C. To smplfy the dscusson, we use h to denote h(k k n ). So proof z = S h. It s easy to see that for dfferent proofs n dfferent sesson, the same credental S has been encrypted multple tmes wth dfferent h but the same modulo N. Thus, f a malcous P has been accessed twce wth the same user U, then P s able to recover U s credental S by usng extended Eucldean algorthm. Let us suppose that (z,z ) and (h,h ), the proofs and hash values n two dfferent sessons, satsfy gcd(h,h ) =. Then we can fnd two ntegers a and b such that a h + b h = (n Z) due to the extended Eucldean algorthm. Fnally, the P can recover user credental by computng z a z b 74
5 h a+h mod N = S b mod N = S. The success rate of ths attack s about 60% [6]. ) Impersonaton Attack wthout Credentals: A small RSA publc key e has been assumed n ths attack, where the small requres the bnary length of e s much less than the output length of hash functon h. The ratonalty of ths assumpton s gven n [6]. In the conversaton, f the h s dvsble by e, then the adversary computes an nteger b such that h = e b, and calculates proof z by z = SID b, where SID = ID h(id ). The verfcaton holds as SID h mod N = SID b e mod N = z e mod N. Thus, the adversary can pass user authentcaton wthout a vald credental. The success rate of the attack s about /e [6]. IV. REVIEW OF SCHNORR SIGNATURE As one of the smplest, shortest, and frequently used sgnature schemes, Schnorr sgnature scheme [8], [3] s provably secure n a random oracle model under the assumpton that dscrete logarthm problem s ntractable [9], [0], [], [5]. We now revew Schnorr sgnature scheme as follows. Intalsaton: The scheme s defned n a cyclc group G of order q wth a generator g Z p, were p and q are prmes such that q p, q 60, and p 04. A secure hash functon h( ) s also selected. Sgnature Generaton: To sgn a message m wth prvate key x Z q, a sgner pcks a randomness r Z q, and outputs the sgnature (a, e, s) by computng a = g r mod p, e = h(a, m), and s = r + x e mod q. Sgnature Verfcaton: Gven a sgnature (a, e, s) for message m w.r.t. publc key y = g x mod p, the verfer accepts ths sgnature ff e h(a, m) and g s ay e mod p. Let us denote Int(λ), SGen( ) and SV er( ) the ntalsaton algorthm, sgnng algorthm and verfcaton algorthm, respectvely. Formally, a sgnature scheme s called exstentally unforgeable f for any PPT forgery algorthm A, tcan only wn the followng game, called Game-UFCMA, wth a neglgble probablty [][3]. Setup: (pk, sk) Int(λ). Gven a securty parameter λ, a publc/prvate key par s generated by the ntalsaton algorthm and adversary A s gven the publc key pk. Query: σ SGen(sk, m ). A runs up to q tmes to ask the sgnature sgnng oracle n an adaptve manner. Each tme, the sgnng oracle wll reply a sgnature σ for each message m chosen by A, where q. Forge: A outputs a new message and sgnature par (m,σ ). A wns f ) SV er(pk, m,σ )=,.e., σ s a vald sgnature for message m under the publc key pk. ) m m, for any {,,q}. V. PROPOSED SCHEME Ths secton presents a secure sngle sgn-on scheme wth user anonymty for remote user authentcaton n dstrbuted systems and networks. We use Schnorr sgnature [8][3] to overcome the drawbacks n Chang-Lee scheme as ther user TCP P U SID ID C x y E k (M) D k (C) h( ) TABLE I NOTATIONS USED IN THE SCHEME The trusted credental provder A servce provder A user The unque dentty of P The unque dentty of U The credental of U The long term prvate key of TCP The publc key of TCP Symmetrc encrypton of message M usng key k Symmetrc decrypton of cphertext C usng key k A secure hash functon proof cannot provde soundness and credental prvacy whle Schnorr sgnature can. As a proveably unforgeable sgnature scheme [], Schnorr sgnature allows a sgner to authentcate hm/herself by sgnng a message wthout releasng any other useful nformaton about hs/her prvate sgnng key. In the proposed scheme, the TCP frst ssues the credental for each user by sgnng the user s dentty ID accordng to Schnorr sgnature. Then, by treatng hs/her credental as another publc/prvate key par the user can authentcate hm/herself by sgnng a Schnorr sgnature on a temporal message generated n the protocol. In contrast, each servce provder mantans ts own publc/prvate key par n any secure sgnature scheme so that t can authentcate tself to users by smply ssung a normal sgnature. Fnally, as does n Chang-Lee scheme [], the sesson key s establshed by runnng a varant of Dffe- Hellman key exchange protocol, and the user anonymty s guaranteed by symmetrc key encrypton. The notatons used n the scheme are summarsed n Table I. System Setup Phase: In ths phase, TCP ntalzes hs/her publc and prvate parameters as Schnorr sgnature scheme. Frstly, TCP pcks large prmes p and q such that q p, chooses a generator g of large safe prme order q n cyclc group G. Then, TCP sets ts prvate key SK = x, where x Z q s a random number, and publshes ts publc key PK = y, where y = g x mod p. Regstraton Phase: In ths phase, user asks TCP for regstraton, then TCP ssues a unque dentty ID va IdGen(RI ) and sgns a Schnorr sgnature (a, e, C) for user s dentty as credental generaton algorthm CGen(ID,SK). C s kept secret by user, whle (a, e) wll be made publc. The detals are gven below. User Regstraton: When a user U asks for regstraton, TCP selects a unque dentty ID and generates a credental C =(a, e, C) for U by selectng a randomness r Z q and computng a = g r mod p, e = h(a, ID ), and C = r + xe mod q. Then, TCP sends dentty ID and credental C whch s Schnorr sgnature for ID to user U, where C should be kept as a secret. Servce Provder Regstraton: Each P mantans a publc/prvate key par (PK,SK ) of any secure sgnature scheme. Here, algorthms SPPGen( ) and SPPV er( ) are dentcal to the sgnature generaton and verfcaton algorthms respectvely. 75
6 u h( k SID SPPVer ( PK, u, v) k k mod e h( k, K ) E r r k g mod K h( SID z r C e K V ' n ) p p k ) ( ID n n e a)? U V ' h ( n ) V 3 3? Fg.. M (Req, n ) M ( k, v, n ) M3 (, z, k) M4 ( V) k g r mod u h( k SID n ) p v SPPGen ( SK, u) k k mod p ( ID n n e a) D e? h( a ID ) e h( k, K ) g? r K h( SID k ) z e e e k a ( y ) 3 V h( n ) Partcpant Identfcaton Phase 3 P K ( ) Authentcaton Phase: In ths phase, to authentcate hm/herself user U sgns a Schnorr sgnature the newly establshed sesson key K usng credental C the sgnng key, whle U s sesson key materal k s used as the commtment. Note that the correspondng verfcaton key of C s g C, whch can be recovered by computng g C = a y e mod p. For servce provder authentcaton, any provably secure sgnature scheme can be used to authentcate a servce provder n proposed scheme. The sesson key s establshed by usng modfed Dffe-Hellman key exchange scheme whch has been formally proved n [], and the user anonymty and unlnkablty are preserved by usng symmetrc key encrypton to encrypt a, e, and user s dentty ID. The detals of ths phase are llustrated n Fgure and further explaned below. ) User U chooses a random nonce n and sends M = (Req, n ) to P, where Req s a servce request. ) Upon recevng (Req, n ), P pcks random number r Z q, computes ts sesson key materal k = g r mod p, u = h(k SID n ) and sgns u to get a sgnature v = SPPGen(SK,u), and sends M = (k,v,n ) to the user. 3) User U frst computes u = h(k SID n ) and verfes the sgnature v by checkng f SPPV er(pk,u,v) =. If the output s 0, U termnates the protocol. Otherwse, U accepts the servce provder P s authentcaton, and then selects a random number r Z q to compute k = g r mod p, k = k r mod p, and the sesson key K = h(sid k ). After that, U sgns K usng hs/her credental secret C by calculatng e = h(k,k ), z = r + Ce mod q and ω = E K (ID n 3 n e a), where n 3 s a nonce chosen by U. Fnally, U sends M 3 = (ω, z, k ) to servce provder P. 4) To verfy z, P frst calculates k = k r mod p, derves sesson key K = h(sid k ) and decrypt ω wth K to recover ID n 3 n e a. Then, P checks f e = h(a ID ). If ths does not hold, P aborts the protocol. Otherwse, the servce provder computes e = h(k,k ) and verfes z by checkng f g z = k a e (y e ) e mod p. If ths holds, P accepts U s authentcaton, beleves that they have shared the same sesson key K, and sends V = h(n 3 ) as M 4 to U. 5) User U computes V = h(n 3 ) and checks f V = V.If ths holds, U beleves that he/she has shared the same sesson key K wth P. VI. SECURITY ANALYSIS The proposed scheme employs Schnorr sgnature scheme [8][3] to generate credentals for users, uses modfed Dffe- Hellman key exchange scheme to establsh the sesson key, sgns a Schnorr sgnature on the hashed sesson key for user authentcaton, uses any secure sgnature scheme for server authentcaton, and takes symmetrc key encrypton to ensure user anonymty. The secure authentcated key exchange sngle sgn-on (AKESSO) scheme requres secure credental based user authentcaton (SCUA), secure servce provder authentcaton (SSPA), and secure sesson key. To prove the securty of proposed AKESSO, we wll ust prove SCUA and SSPA because () the proposed scheme only mproves parts of key generaton, user authentcaton and servce provder authentcaton n Chang-Lee scheme [], whle the parts of user anonymty and sesson key establshment have not been modfed; and the user anonymty and sesson key securty have been proved n [] and dscussed n [6] wthout revealng any problems. Now, we start to formally analyse the securty of the proposed AKESSO scheme. Theorem. (Correctness) The proposed constructon s a correct AKESSO scheme accordng to Defnton. Proof: Ths can be straghtforwardly verfed accordng to Defnton gven n Secton II. Informally, the proposed AKESSO scheme guarantees SSPA as each servce provder employs a secure sgnature scheme. To prove SCUA, we need to show that Defnton 3 holds for the proposed AKESSO scheme by assumng the unforgeablty of Schnorr sgnature scheme. Theorem. (Secure Credental based User Authentcaton) In proposed AKESSO scheme, f there s an PPT adversary A who has a non-neglgble advantage Adv SCUA (A O ) as specfed n Defnton 3, then Schnorr sgnature scheme s exstentally forgeable under UFCMA attacks as defned n Secton IV. Proof: As adversary A, wth access to all oracles n O = {O,, O 6 }, has a non-neglgble advantage 76
7 Adv SCUA (A O ), accordng to Defnton 3 ths mples that at least one of the followng two cases s true: Case (): Wth a non-neglgble probablty ɛ, A O s able to derve a credental C t correspondng to an unregstered target dentty ID t. Case (): Wth a non-neglgble probablty ɛ, A O s able to forge a vald user proof for a new message M w.r.t. a regstered target dentty ID. Now, we wll prove that f ether Case () or Case () s true, we can construct an algorthm B that s able to break the unforgeablty of Schnorr sgnature, where B runs A O as a sub-program for fulfllng ts purpose. Case (). Suppose that B s gven a target Schnorr sgnature scheme wth parameter (p, q, h( )) and publc key y = g x mod p, where the prvate key x s not known to B. B s strategy for wnng Game-UFCMA wth non-neglgble probablty s to set up an AKESSO scheme for A and to smulate oracles n O such that A cannot dstngush the dfference between ths smulated envronment and a real AKESSO scheme. Therefore, A wll be able to successfully derve a credental C t for an unregstered dentty ID t wth probablty ɛ. After that, B can adapt ths credental nto a forged Schnorr sgnature for a new message and thus break the unforgeablty of Schnorr sgnature scheme. Now we descrbe how B sets up such a smulated AKESSO scheme for A. Frst, B sets y as the publc key of TCP and gves y to B. Then, each oracle n O ( =,, 6) can be smulated as follows. To smulate O query B can ask ts own sgnng oracle to get a Schnorr sgnature C for each dentty ID and then reply (ID,C ) to A. To smulate O query B can smply run Int(λ ) to get a publc/prvate key par (SK,PK ) for an dentty SID, and then forwards (SID,SK,PK ) to A. AsB knows all users credentals and all servce provders s prvate keys, t can smulate oracles O 3, O 4, O 5 and O 6 by trvally executng the whole protocol, runnng one move on behalf of a user, runnng one move on behalf of a servce provder, and revealng a sesson, respectvely. Note that as ID t s an unregstered dentty n ths case, the correspondng user U t wll not be nvolved n any oracle O ( =,, 6). It s not dffcult to see that the above smulated system s ndstngushable from a real system n the vew pont of A. Hence, A wll be able to output a credental C t for target dentty ID t wth non-neglgble probablty ɛ, where ID t s not asked n O queres. Therefore, B wll smply forward C t as a forged Schnorr sgnature for message ID t. Snce ID t s not asked n O queres, A does not ask ID t n ts sgnng oracle,.e., ID t s a new message for B. So, B s forged message-sgnature par (ID t,c t ) s vald accordng to the defnton of Game-UFCMA (refer to Secton IV). Moreover, B s success rate s exactly the same as A s,.e., ɛ, whch s non-neglgble. Consequently, ths means that B successfully breaks the unforgeablty of Schnorr sgnature scheme. Case (). Ths can be proved smlarly as Case () but B wll embed ts target Schnorr sgnature scheme n the user proof generaton algorthm for a regstered target user U t wth dentty ID t. Detals are gven as follows. Suppose that B s gven a target Schnorr sgnature scheme wth parameter (p, q, h( )) and publc key y = g x mod p, where the prvate key x s not known to B. Frst, B sets y = g x mod p as the publc key of TCP by selectng a random number x as TCP s prvate key. For any dentty ID except target dentty ID t, to answer an O query B can drectly ssue a credental C for ID by generatng a Schnorr sgnature for ID as B knows TCP s prvate key x. In contrast, B wll take (a,e,x ) as the credental C t for target dentty ID t, where e {0,,,q } s a random number, a Z p s set as a = y y e mod p, and h(a,id t ) s set as e. So, we have g x = a y h(e,id t) mod p. Note that B does not know the value of x and t wll be not requred to reveal C t to A because ID t s the target dentty. In addton, here we can artfcally fx the hash value for such a specal nput (a,id t ) because Schnorr sgnature s secure n random oracle where hash functon can be vewed as an random functon []. All other oracles n O can be smulated as n Case (), except A asks O 3 and O 4 queres n whch U t wth dentty ID t s nvolved. In such scenaros, B can smulate U t to output a vald user proof up t w.r.t. credental C t by executng the whole protocol or runnng one move wth necessary help from ts own sgnng oracle w.r.t. publc key y. Agan, t s not dffcult to see that the above smulated system s ndstngushable from a real system n the vew pont of A. Hence, wth probablty ɛ A wll be able to output a vald user proof up t for a message M w.r.t. target dentty ID t, where M s not asked n O 3 and O 4 queres. Therefore, B can smply forward up t as a forged Schnorr sgnature for message M. Snce M s not asked n O 3 and O 4 queres, A does not ask M n ts sgnng oracle,.e., M s a new message for B. So, B s forged message-sgnature par (up t,m) s vald accordng to the defnton of Game-UFCMA (refer to Secton IV). Moreover, B s success rate s exactly the same as A s,.e., ɛ, whch s non-neglgble. Consequently, ths means that B successfully breaks the unforgeablty of Schnorr sgnature scheme. Remark 5. In Case (), A O could drectly forge C t, recover C t after executng protocol wth user U t or eavesdroppng the transcrpts between U t and some servce provders, or derve C t n any other possble way, though A O s not allowed to obtan C t by trvally askng O oracle w.r.t. ID t. Hence, ths means that f our AKESSO fals to satsfy the unforgeablty or unrecoverableness of credental, then Schnorr sgnature s forgeable. Smlarly, n Case () A O could drectly forge a user proof up t wthout credental C t, observe and adapts exstng user proofs generated by U t nto a user proof up t for a message M, or compute up t n any other way, though A O s not allowed to obtan any user proof for the same message M by trvally askng O 3 and O 4 oracles w.r.t. ID t. Hence, ths mples that f our AKESSO fals to satsfy soundness of credental based authentcaton [6], then Schnorr sgnature s forgeable. 77
8 As Schnorr sgnature scheme s proved to be secure under the dscrete logarthm assumpton [], Theorem assures that the proposed AKESSO scheme acheves secure credental based user authentcaton under the dscrete logarthm assumpton. Theorem 3. (Secure Servce Provder Authentcaton) In proposed AKESSO, f there s an PPT adversary A who has a non-neglgble advantage Adv SSPA (A O ) as specfed n Defnton 4, then sgnature sgnature scheme employed by servce provders s exstentally forgeable under UFCMA attacks as defned n Secton IV. Proof: Snce a servce provder proof s drectly generated as a normal sgnature by the correspondng servce provder, Theorem 3 can be formally proved as we dd for Case () n Theorem. Note that here we do not need to dscuss Case () as n Theorem, because each servce provder s requred to regster ts publc/prvate key par. Due to space lmt, the full proof s omtted. Theorem 4. Accordng to Defnton 6, the proposed AKESSO scheme s secure under the assumpton that all dgtal sgnatures employed n the scheme are exstentally unforgeable aganst UFCMA attacks as specfed n Secton IV. Proof: By Theorem, Theorem, Theorem 3 and sesson key securty proved n [], Theorem 4 holds accordng to Defnton 6. VII. CONCLUSIONS Most exstng sngle sgn-on schemes suffer from varous securty ssues and are vulnerable to dfferent attacks. In ths paper, we frst formalzed authentcated key exchange sngle sgn-on scheme. Specally, we formally defned secure authentcaton for both users and servce provders as such a treatment has not been studed yet [6]. Moreover, a Schnorr mechansm based SSO scheme has been proposed to overcome the drawbacks of Chang-Lee scheme [] but keep the same advantages. In ths new scheme, to preserve credental generaton prvacy, the TCP sgns a Schnorr sgnature [8][3] on user dentty; and to protect credental prvacy and soundness, the user explots hs/her credental as a sgnng key to sgn a Schnorr sgnature on the hashed sesson key. In fact, Schnorr sgnature mechansm [8][3] s more effcent than RSA mechansm whch has been employed by Chang-Lee scheme. Thus, the proposed scheme reduces the computaton cost, enhances the confdentalty, and preserves soundness and credental prvacy. [4] F. Bao, R. H. Deng, Prvacy Protecton for Transactons of Dgtal Goods, Proceedngs of the Thrd Internatonal Conference on Informaton and Communcatons Securty (ICICS 0), Sprnger-Verlag, London, UK, pp [5] The Open Group, Securty Forum on Sngle Sgn-on, opengroup.org/securty/l-sso.htm. [6] G. Wang, J. Yu, and Q. Xe, Securty Analyss of A Sngle Sgn- On Mechansm for Dstrbuted Computer Networks, IACR Cryptology eprnt Archve, Report 0/07, [7] W. B. Lee and C. C. Chang, User Identfcaton and Key Dstrbuton Mantanng Anonymty for Dstrbuted Computer Networks, Computer Systems Scence and Engneerng, vol. 5, no. 4, pp. 3-6, 000. [8] T.-S. Wu and C.-L. Hsu, Effcent User Identfcaton Scheme wth Key Dstrbuton Preservng Anonymty for Dstrbuted Computer Networks, Computers and Securty, vol. 3, no., pp. 0-5, 004. [9] Y. Yang, S.Wang, F. Bao, J.Wang, and R. H. Deng, New Effcent User Identfcaton and Key Dstrbuton Scheme Provdng Enhanced Securty, Computers and Securty, vol. 3, no. 8, pp , 004. [0] K. V. Mangpud and R. S. Katt, A Secure Identfcaton and Key Agreement Protocol wth User Anonymty (ska), Computers and Securty, vol. 5, no. 6, pp , 006. [] C.-L. Hsu and Y.-H. Chuang, A Novel User Identfcaton Scheme wth Key Dstrbuton Preservng User Anonymty for Dstrbuted Computer Networks, Inf. Sc., vol. 79, no. 4, pp. 4-49, 009. [] C.-C. Chang and C.-Y. Lee, A Secure Sngle Sgn-on Mechansm for Dstrbuted Computer Networks, IEEE Transactons on Industral Electroncs, vol. 59, no., pp , 0. [3] C.P. Schnorr, Effcent Sgnature Generaton by Smart Cards, J. Cryptology, vol. 4, no. 3, pp. 6-74, 99. [4] S. Goldwasser, S. Mcal, and C. Rackoff, The Knowledge Complexty of Interactve Proof-Systems, SIAM J. Computng, vol. 8, no., pp , Feb [5] W. Mao, Modern Cryptography: Theory and Practce, Prentce Hall PTR, 004. [6] J. Han, Y. Mu, W. Suslo, and J. Yan, A Generc Constructon of Dynamc Sngle Sgn-on wth Strong Securty, n Proc. of SecureComm 0, pp. 8-98, LNICS 50, Sprnger, 00. [7] M. Bellare and P. Rogaway, Entty Authentcaton and Key Dstrbuton, CRYPTO, pp. 3-49, 993. [8] C.P. Schnorr, Effcent Identfcaton and Sgnatures for Smart Cards, CRYPTO,pp. 39-5, 989. [9] M. Bellare and A. Palaco, GQ and Schnorr Identfcaton Schemes: Proofs of Securty aganst Impersonaton under Actve and Concurrent Attacks, CRYPTO, pp. 6-77, 00. [0] D. Pontcheval, J. Stern, Securty Proofs for Sgnature Schemes, EUROCRYPT, pp , 996. [] D. Pontcheval, J. Stern, Securty Arguments for Dgtal Sgnatures and Blnd Sgnatures, J.Cryptology, vol.3, no.3, pp , 000. [] S. Goldwasser, S. Mcal, and L. Ronald, A Paradoxcal Soluton to the Sgnature Problem (Extended Abstract), FOCS, pp , 984. [3] S. Goldwasser, S. Mcal, and R. L. Rvest, A Dgtal Sgnature Scheme Secure Aganst Adaptve Chosen-Message Attacks, SIAM J. Comput., vol. 7, no., pp , 988. REFERENCES [] A. C. Weaver and M. W. Condtry, Dstrbutng Internet Servces to The Networks Edge, IEEE Trans. Ind. Electron., vol. 50, no. 3, pp , Jun [] L. Baroll and F. Xhafa, JXTA-OVERLAY: A PP Platform for Dstrbuted, Collaboratve and Ubqutous Computng, IEEE Trans. Ind. Electron., vol. 58, no. 6, pp. 63-7, Oct. 00. [3] L. Lamport, Password Authentcaton wth Insecure Communcaton, Commun. ACM, vol. 4, no., pp , Nov
A Secure Password-Authenticated Key Agreement Using Smart Cards
A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,
More informationAN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS
Internatonal Journal of Network Securty & Its Applcatons (IJNSA), Vol.5, No.3, May 2013 AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Len Harn 1 and Changlu Ln 2 1 Department of Computer Scence
More informationA Novel Multi-factor Authenticated Key Exchange Scheme With Privacy Preserving
A Novel Mult-factor Authentcated Key Exchange Scheme Wth Prvacy Preservng Dexn Yang Guangzhou Cty Polytechnc Guangzhou, Chna, 510405 yangdexn@21cn.com Bo Yang South Chna Agrcultural Unversty Guangzhou,
More informationProactive Secret Sharing Or: How to Cope With Perpetual Leakage
Proactve Secret Sharng Or: How to Cope Wth Perpetual Leakage Paper by Amr Herzberg Stanslaw Jareck Hugo Krawczyk Mot Yung Presentaton by Davd Zage What s Secret Sharng Basc Idea ((2, 2)-threshold scheme):
More informationA SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010
Internatonal Journal of Innovatve Computng, Informaton and Control ICIC Internatonal c 2011 ISSN 1349-4198 Volume 7, Number 8, August 2011 pp. 4821 4831 A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION
More informationSupporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol
Supportng Recovery Prvacy and Securty n RFID Systems Usng a Robust Authentcaton Protocol Md. Endadul Hoque MSCS Dept. Marquette Unversty Mlwaukee Wsconsn USA. mhoque@mscs.mu.edu Farzana Rahman MSCS Dept.
More informationRUHR-UNIVERSITÄT BOCHUM
RUHR-UNIVERSITÄT BOCHUM Horst Görtz Insttute for IT Securty Techncal Report TR-HGI-2006-002 Survey on Securty Requrements and Models for Group Key Exchange Mark Manuls Char for Network and Data Securty
More informationPKIS: practical keyword index search on cloud datacenter
Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 http://jwcn.euraspjournals.com/content/20//64 RESEARCH Open Access PKIS: practcal keyword ndex search on cloud datacenter Hyun-A
More informationAn Alternative Way to Measure Private Equity Performance
An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate
More informationCompact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing
Compact CCA2-secure Herarchcal Identty-Based Broadcast Encrypton for Fuzzy-entty Data Sharng Weran Lu 1, Janwe Lu 1, Qanhong Wu 1, Bo Qn 2, Davd Naccache 3, and Houda Ferrad 4 1 School of Electronc and
More informationLuby s Alg. for Maximal Independent Sets using Pairwise Independence
Lecture Notes for Randomzed Algorthms Luby s Alg. for Maxmal Independent Sets usng Parwse Independence Last Updated by Erc Vgoda on February, 006 8. Maxmal Independent Sets For a graph G = (V, E), an ndependent
More informationScalable and Secure Architecture for Digital Content Distribution
Valer Bocan Scalable and Secure Archtecture for Dgtal Content Dstrbuton Mha Fagadar-Cosma Department of Computer Scence and Engneerng Informaton Technology Department Poltehnca Unversty of Tmsoara Alcatel
More informationAn Interest-Oriented Network Evolution Mechanism for Online Communities
An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne
More informationComplete Fairness in Secure Two-Party Computation
Complete Farness n Secure Two-Party Computaton S. Dov Gordon Carmt Hazay Jonathan Katz Yehuda Lndell Abstract In the settng of secure two-party computaton, two mutually dstrustng partes wsh to compute
More informationA Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers
INFORMATICA, 2000, Vol. 11, No. 2, 137 144 137 2000 Insttute of Mathematcs and Informatcs, Vlnus A Secure Nonrepudable Threshold Proxy Sgnature Scheme wth Known Sgners Mn-Shang HWANG, Iuon-Chang LIN, Erc
More informationRecurrence. 1 Definitions and main statements
Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.
More informationTracker: Security and Privacy for RFID-based Supply Chains
Tracker: Securty and Prvacy for RFID-based Supply Chans Erk-Olver Blass Kaoutar Elkhyaou Refk Molva EURECOM Sopha Antpols, France {blass elkhyao molva}@eurecom.fr Abstract The counterfetng of pharmaceutcs
More informationYi Mu and Vijay Varadharajan. School of Computing and IT, University of Western Sydney, Nepean, PO Box 10, Kingswood, N.S.W.
Anonymous Internet Credt Cards Y Mu and Vjay Varadharajan School of Computng and IT, Unversty of Western Sydney, Nepean, PO Box 10, Kngswood, N.S.W. 2747, Australa Emal: fymu,vjayg@ct.nepean.uws.edu.au
More informationSecure and Efficient Proof of Storage with Deduplication
Secure and Effcent Proof of Storage wth Deduplcaton Qng Zheng Department of Computer Scence Unversty of Texas at San Antono qzheng@cs.utsa.edu Shouhua Xu Department of Computer Scence Unversty of Texas
More informationA Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing
A Replcaton-Based and Fault Tolerant Allocaton Algorthm for Cloud Computng Tork Altameem Dept of Computer Scence, RCC, Kng Saud Unversty, PO Box: 28095 11437 Ryadh-Saud Araba Abstract The very large nfrastructure
More informationDesign, Development, and Use of Secure Electronic Voting Systems
Desgn, Development, and Use of Secure Electronc Votng Systems Dmtros Zsss Unversty of Aegean, Greece Dmtros Lekkas Unversty of Aegean, Greece A volume n the Advances n Electronc Government, Dgtal Dvde,
More informationThe Development of Web Log Mining Based on Improve-K-Means Clustering Analysis
The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.
More informationAd-Hoc Games and Packet Forwardng Networks
On Desgnng Incentve-Compatble Routng and Forwardng Protocols n Wreless Ad-Hoc Networks An Integrated Approach Usng Game Theoretcal and Cryptographc Technques Sheng Zhong L (Erran) L Yanbn Grace Lu Yang
More informationCanon NTSC Help Desk Documentation
Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent
More informationA new anonymity-based protocol preserving privacy based cloud environment
Abstract A new anonymty-based protocol preservng prvacy based cloud envronment Jan Wang 1*, Le Wang 2 1 College of Computer and Informaton Engneerng, Henan Unversty of Economcs and Law, Chna 2 SIAS Internatonal
More informationA Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security
Internatonal Journal of Network Securty, Vol.7, No., PP.3 34, Sept. 8 3 A ryptographc Key Assgnment Scheme for Access ontrol n Poset Ordered Herarches wth Enhanced Securty Debass Gr and P. D. Srvastava
More informationIdentity-Based Encryption Gone Wild
An extended abstract of ths paper appeared n Mchele Bugles, Bart Preneel, Vladmro Sassone, and Ingo Wegener, edtors, 33rd Internatonal Colloquum on Automata, Languages and Programmng ICALP 2006, volume
More informationTrivial lump sum R5.0
Optons form Once you have flled n ths form, please return t wth your orgnal brth certfcate to: Premer PO Box 2067 Croydon CR90 9ND. Fll n ths form usng BLOCK CAPITALS and black nk. Mark all answers wth
More informationAn Optimally Robust Hybrid Mix Network (Extended Abstract)
An Optmally Robust Hybrd Mx Network (Extended Abstract) Markus Jakobsson and Ar Juels RSA Laboratores Bedford, MA, USA {mjakobsson,ajuels}@rsasecurty.com Abstract We present a mx network that acheves effcent
More informationEfficient Dynamic Integrity Verification for Big Data Supporting Users Revocability
nformaton Artcle Effcent Dynamc Integrty Verfcaton for Bg Data Supportng Users Revocablty Xnpeng Zhang 1,2, *, Chunxang Xu 1, Xaojun Zhang 1, Tazong Gu 2, Zh Geng 2 and Guopng Lu 2 1 School of Computer
More informationSecure Network Coding Over the Integers
Secure Network Codng Over the Integers Rosaro Gennaro Jonathan Katz Hugo Krawczyk Tal Rabn Abstract Network codng has receved sgnfcant attenton n the networkng communty for ts potental to ncrease throughput
More informationFrom Selective to Full Security: Semi-Generic Transformations in the Standard Model
An extended abstract of ths work appears n the proceedngs of PKC 2012 From Selectve to Full Securty: Sem-Generc Transformatons n the Standard Model Mchel Abdalla 1 Daro Fore 2 Vadm Lyubashevsky 1 1 Département
More informationWatermark-based Provable Data Possession for Multimedia File in Cloud Storage
Vol.48 (CIA 014), pp.103-107 http://dx.do.org/10.1457/astl.014.48.18 Watermar-based Provable Data Possesson for Multmeda Fle n Cloud Storage Yongjun Ren 1,, Jang Xu 1,, Jn Wang 1,, Lmng Fang 3, Jeong-U
More informationA Certified Email Protocol using Key Chains
A Certfed Emal Protocol usng Key Chans J. Cederqust SQIG-IT and IST, TULsbon, Portugal M. Torab Dasht CWI, Amsterdam, The Netherlands S. Mauw Unversty of Luxembourg, Luxembourg Abstract Ths paper ntroduces
More informationModule 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..
More informationJ. Parallel Distrib. Comput.
J. Parallel Dstrb. Comput. 71 (2011) 62 76 Contents lsts avalable at ScenceDrect J. Parallel Dstrb. Comput. journal homepage: www.elsever.com/locate/jpdc Optmzng server placement n dstrbuted systems n
More informationWhat is Candidate Sampling
What s Canddate Samplng Say we have a multclass or mult label problem where each tranng example ( x, T ) conssts of a context x a small (mult)set of target classes T out of a large unverse L of possble
More informationFast Variants of RSA
Fast Varants of RSA Dan Boneh dabo@cs.stanford.edu Hovav Shacham hovav@cs.stanford.edu Abstract We survey three varants of RSA desgned to speed up RSA decrypton. These varants are backwards compatble n
More informationSEVERAL trends are opening up the era of Cloud
1 Towards Secure and Dependable Storage Servces n Cloud Computng Cong Wang, Student Member, IEEE, Qan Wang, Student Member, IEEE, Ku Ren, Member, IEEE, Nng Cao, Student Member, IEEE, and Wenjng Lou, Senor
More information8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by
6 CHAPTER 8 COMPLEX VECTOR SPACES 5. Fnd the kernel of the lnear transformaton gven n Exercse 5. In Exercses 55 and 56, fnd the mage of v, for the ndcated composton, where and are gven by the followng
More informationA Performance Analysis of View Maintenance Techniques for Data Warehouses
A Performance Analyss of Vew Mantenance Technques for Data Warehouses Xng Wang Dell Computer Corporaton Round Roc, Texas Le Gruenwald The nversty of Olahoma School of Computer Scence orman, OK 739 Guangtao
More informationOptimal Distributed Password Verification
Optmal Dstrbuted Password Verfcaton Jan Camensch IBM Research Zurch jca@zurch.bm.com Anja Lehmann IBM Research Zurch anj@zurch.bm.com Gregory Neven IBM Research Zurch nev@zurch.bm.com ABSTRACT We present
More informationEnsuring Data Storage Security in Cloud Computing
Ensurng Data Storage Securty n Cloud Computng Cong Wang, Qan Wang, and Ku Ren Department of ECE Illnos Insttute of Technology Emal: {cwang, qwang, kren}@ece.t.edu Wenjng Lou Department of ECE Worcester
More informationYixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*
198 Int J Securty Networks Vol 1 Nos 3/4 2006 A self-encrypton authentcaton protocol for teleconference servces Yxn Jang huang Ln Departent of oputer Scence Technology Tsnghua Unversty Beng hna E-al: yxang@csnet1cstsnghuaeducn
More informationData Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 24, 819-840 (2008) Data Broadcast on a Mult-System Heterogeneous Overlayed Wreless Network * Department of Computer Scence Natonal Chao Tung Unversty Hsnchu,
More information1 Example 1: Axis-aligned rectangles
COS 511: Theoretcal Machne Learnng Lecturer: Rob Schapre Lecture # 6 Scrbe: Aaron Schld February 21, 2013 Last class, we dscussed an analogue for Occam s Razor for nfnte hypothess spaces that, n conjuncton
More informationSEVERAL trends are opening up the era of Cloud
IEEE Transactons on Cloud Computng Date of Publcaton: Aprl-June 2012 Volume: 5, Issue: 2 1 Towards Secure and Dependable Storage Servces n Cloud Computng Cong Wang, Student Member, IEEE, Qan Wang, Student
More informationExtending Probabilistic Dynamic Epistemic Logic
Extendng Probablstc Dynamc Epstemc Logc Joshua Sack May 29, 2008 Probablty Space Defnton A probablty space s a tuple (S, A, µ), where 1 S s a set called the sample space. 2 A P(S) s a σ-algebra: a set
More informationEnsuring Data Storage Security in Cloud Computing
1 Ensurng Data Storage Securty n Cloud Computng Cong Wang,Qan Wang, Ku Ren, and Wenjng Lou Dept of ECE, Illnos Insttute of Technology, Emal: {cwang, qwang, kren}@ecetedu Dept of ECE, Worcester Polytechnc
More informationPerformance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application
Internatonal Journal of mart Grd and lean Energy Performance Analyss of Energy onsumpton of martphone Runnng Moble Hotspot Applcaton Yun on hung a chool of Electronc Engneerng, oongsl Unversty, 511 angdo-dong,
More information3C-Auth: A New Scheme for Enhancing Security
Internatonal Journal of Network Securty, Vol.18, No.1, PP.143-150, Jan. 2016 143 3C-Auth: A New Scheme for Enhancng Securty Narasmhan Harn and Tattamangalam R. Padmanabhan (Correspondng author: Narasmhan
More informationRelay Secrecy in Wireless Networks with Eavesdropper
Relay Secrecy n Wreless Networks wth Eavesdropper Parvathnathan Venktasubramanam, Tng He and Lang Tong School of Electrcal and Computer Engneerng Cornell Unversty, Ithaca, NY 14853 Emal : {pv45, th255,
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS B. VASAVI Abstract: Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationFault tolerance in cloud technologies presented as a service
Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance
More information"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *
Iranan Journal of Scence & Technology, Transacton B, Engneerng, ol. 30, No. B6, 789-794 rnted n The Islamc Republc of Iran, 006 Shraz Unversty "Research Note" ALICATION OF CHARGE SIMULATION METHOD TO ELECTRIC
More informationCertificate Revocation using Fine Grained Certificate Space Partitioning
Certfcate Revocaton usng Fne Graned Certfcate Space Parttonng Vpul Goyal Department of Computer Scence Unversty of Calforna, Los Angeles vpul@cs.ucla.edu Abstract A new certfcate revocaton system s presented.
More informationA Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture
A Desgn Method of Hgh-avalablty and Low-optcal-loss Optcal Aggregaton Network Archtecture Takehro Sato, Kuntaka Ashzawa, Kazumasa Tokuhash, Dasuke Ish, Satoru Okamoto and Naoak Yamanaka Dept. of Informaton
More informationPractical PIR for Electronic Commerce
Practcal PIR for Electronc Commerce Ryan Henry Cherton School of Computer Scence Unversty of Waterloo Waterloo ON Canada N2L 3G1 rhenry@cs.uwaterloo.ca Fem Olumofn Cherton School of Computer Scence Unversty
More informationbenefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).
REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or
More informationConferencing protocols and Petri net analysis
Conferencng protocols and Petr net analyss E. ANTONIDAKIS Department of Electroncs, Technologcal Educatonal Insttute of Crete, GREECE ena@chana.tecrete.gr Abstract: Durng a computer conference, users desre
More informationThresPassport A Distributed Single Sign-On Service
ThresPassport A Dstrbuted ngle gn-on ervce Teru Chen 1, Bn B. Zhu 2, hpeng L 2, Xueq Cheng 1 1 Inst. of Computng Technology, Chnese Academy of cences, Bejng 100080, Chna chenteru@software.ct.ac.cn, cqx@ct.ac.cn
More informationA DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS
Bamasak & Zhang: A Dstrbuted Reputaton Management Scheme for Moble Agent-Based Applcatons A DISTRIBUTED REPUTATION MANAGEMENT SCHEME FOR MOBILE AGENT- BASED APPLICATIONS Omama Bamasak School of Computer
More informationPower-of-Two Policies for Single- Warehouse Multi-Retailer Inventory Systems with Order Frequency Discounts
Power-of-wo Polces for Sngle- Warehouse Mult-Retaler Inventory Systems wth Order Frequency Dscounts José A. Ventura Pennsylvana State Unversty (USA) Yale. Herer echnon Israel Insttute of echnology (Israel)
More informationProject Networks With Mixed-Time Constraints
Project Networs Wth Mxed-Tme Constrants L Caccetta and B Wattananon Western Australan Centre of Excellence n Industral Optmsaton (WACEIO) Curtn Unversty of Technology GPO Box U1987 Perth Western Australa
More informationPAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign
PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng
More informationAsynchronous Neighbor Discovery on Duty-cycled Mobile Devices: Integer and Non-Integer Schedules
Asynchronous Neghbor Dscovery on Duty-cycled Moble Devces: Integer and Non-Integer Schedules Sxa Chen Central Connectcut State Unversty schen@ccsu.edu Yanyuan Qn Unversty of Connectcut yanyuan.qn@uconn.edu
More informationIT09 - Identity Management Policy
IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these
More informationSupport Vector Machines
Support Vector Machnes Max Wellng Department of Computer Scence Unversty of Toronto 10 Kng s College Road Toronto, M5S 3G5 Canada wellng@cs.toronto.edu Abstract Ths s a note to explan support vector machnes.
More informationAn RFID Distance Bounding Protocol
An RFID Dstance Boundng Protocol Gerhard P. Hancke and Markus G. Kuhn May 22, 2006 An RFID Dstance Boundng Protocol p. 1 Dstance boundng Verfer d Prover Places an upper bound on physcal dstance Does not
More informationInter-domain Alliance Authentication Protocol Based on Blind Signature
Internatonal Journal of Securty Its Alcatons Vol9 No2 (205) 97-206 htt://ddoorg/04257/sa205929 Inter-doman Allance Authentcaton Protocol Based on Blnd Sgnature Zhang Je Zhang Q-kun Gan Yong Yn Yfeng Tan
More informationHow To Understand The Results Of The German Meris Cloud And Water Vapour Product
Ttel: Project: Doc. No.: MERIS level 3 cloud and water vapour products MAPP MAPP-ATBD-ClWVL3 Issue: 1 Revson: 0 Date: 9.12.1998 Functon Name Organsaton Sgnature Date Author: Bennartz FUB Preusker FUB Schüller
More informationLIFETIME INCOME OPTIONS
LIFETIME INCOME OPTIONS May 2011 by: Marca S. Wagner, Esq. The Wagner Law Group A Professonal Corporaton 99 Summer Street, 13 th Floor Boston, MA 02110 Tel: (617) 357-5200 Fax: (617) 357-5250 www.ersa-lawyers.com
More information2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,
1 2011 IEEE. Personal use of ths materal s permtted. Permsson from IEEE must be obtaned for all other uses, n any current or future meda, ncludng reprntng/republshng ths materal for advertsng or promotonal
More informationTHE DISTRIBUTION OF LOAN PORTFOLIO VALUE * Oldrich Alfons Vasicek
HE DISRIBUION OF LOAN PORFOLIO VALUE * Oldrch Alfons Vascek he amount of captal necessary to support a portfolo of debt securtes depends on the probablty dstrbuton of the portfolo loss. Consder a portfolo
More informationFORMAL ANALYSIS FOR REAL-TIME SCHEDULING
FORMAL ANALYSIS FOR REAL-TIME SCHEDULING Bruno Dutertre and Vctora Stavrdou, SRI Internatonal, Menlo Park, CA Introducton In modern avoncs archtectures, applcaton software ncreasngly reles on servces provded
More informationsscada: securing SCADA infrastructure communications
Int. J. Communcaton Networks and Dstrbuted Systems, Vol. 6, No. 1, 2011 59 sscada: securng SCADA nfrastructure communcatons Yongge Wang Department of SIS, UNC Charlotte, 9201 Unversty Cty Blvd, Charlotte,
More informationPractical and Secure Solutions for Integer Comparison
In Publc Key Cryptography PKC 07, Vol. 4450 of Lecture Notes n Computer Scence, Sprnger-Verlag, 2007. pp. 330-342. Practcal and Secure Solutons for Integer Comparson Juan Garay 1, erry Schoenmakers 2,
More informationRESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.
ICSV4 Carns Australa 9- July, 007 RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract
More informationFuzzy Keyword Search over Encrypted Data in Cloud Computing
Fuzzy Keyword Search over Encrypted Data n Cloud Computng Jn L,QanWang, Cong Wang,NngCao,KuRen, and Wenjng Lou Department of ECE, Illnos Insttute of Technology Department of ECE, Worcester Polytechnc Insttute
More informationThe OC Curve of Attribute Acceptance Plans
The OC Curve of Attrbute Acceptance Plans The Operatng Characterstc (OC) curve descrbes the probablty of acceptng a lot as a functon of the lot s qualty. Fgure 1 shows a typcal OC Curve. 10 8 6 4 1 3 4
More informationAvailability-Based Path Selection and Network Vulnerability Assessment
Avalablty-Based Path Selecton and Network Vulnerablty Assessment Song Yang, Stojan Trajanovsk and Fernando A. Kupers Delft Unversty of Technology, The Netherlands {S.Yang, S.Trajanovsk, F.A.Kupers}@tudelft.nl
More informationOptmal Revocatons n Ephemeral Networks
Optmal Revocatons n Ephemeral Networks: A Game-Theoretc Framework Igor Blogrevc, Mohammad Hossen Manshae, Maxm Raya and Jean-Perre Hubaux Laboratory for computer Communcatons and Applcatons (LCA1), EPFL,
More informationA DATA MINING APPLICATION IN A STUDENT DATABASE
JOURNAL OF AERONAUTICS AND SPACE TECHNOLOGIES JULY 005 VOLUME NUMBER (53-57) A DATA MINING APPLICATION IN A STUDENT DATABASE Şenol Zafer ERDOĞAN Maltepe Ünversty Faculty of Engneerng Büyükbakkalköy-Istanbul
More informationDEFINING %COMPLETE IN MICROSOFT PROJECT
CelersSystems DEFINING %COMPLETE IN MICROSOFT PROJECT PREPARED BY James E Aksel, PMP, PMI-SP, MVP For Addtonal Informaton about Earned Value Management Systems and reportng, please contact: CelersSystems,
More informationM3S MULTIMEDIA MOBILITY MANAGEMENT AND LOAD BALANCING IN WIRELESS BROADCAST NETWORKS
M3S MULTIMEDIA MOBILITY MANAGEMENT AND LOAD BALANCING IN WIRELESS BROADCAST NETWORKS Bogdan Cubotaru, Gabrel-Mro Muntean Performance Engneerng Laboratory, RINCE School of Electronc Engneerng Dubln Cty
More informationA GENERIC HANDOVER DECISION MANAGEMENT FRAMEWORK FOR NEXT GENERATION NETWORKS
A GENERIC HANDOVER DECISION MANAGEMENT FRAMEWORK FOR NEXT GENERATION NETWORKS Shanthy Menezes 1 and S. Venkatesan 2 1 Department of Computer Scence, Unversty of Texas at Dallas, Rchardson, TX, USA 1 shanthy.menezes@student.utdallas.edu
More informationA role based access in a hierarchical sensor network architecture to provide multilevel security
1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty
More informationPricing Model of Cloud Computing Service with Partial Multihoming
Prcng Model of Cloud Computng Servce wth Partal Multhomng Zhang Ru 1 Tang Bng-yong 1 1.Glorous Sun School of Busness and Managment Donghua Unversty Shangha 251 Chna E-mal:ru528369@mal.dhu.edu.cn Abstract
More informationOpen Access A Load Balancing Strategy with Bandwidth Constraint in Cloud Computing. Jing Deng 1,*, Ping Guo 2, Qi Li 3, Haizhu Chen 1
Send Orders for Reprnts to reprnts@benthamscence.ae The Open Cybernetcs & Systemcs Journal, 2014, 8, 115-121 115 Open Access A Load Balancng Strategy wth Bandwdth Constrant n Cloud Computng Jng Deng 1,*,
More informationChosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes
Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge and
More informationManaging Resource and Servent Reputation in P2P Networks
Managng Resource and Servent Reputaton n P2P Networks Makoto Iguch NTT Informaton Sharng Platform Laboratores guch@sl.ntt.co.jp Masayuk Terada NTT DoCoMo Multmeda Laboratores te@mml.yrp.nttdocomo.co.jp
More informationSecure Cloud Storage Service with An Efficient DOKS Protocol
Secure Cloud Storage Servce wth An Effcent DOKS Protocol ZhengTao Jang Councaton Unversty of Chna z.t.ang@163.co Abstract Storage servces based on publc clouds provde custoers wth elastc storage and on-deand
More informationMinimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures
Mnmal Codng Network Wth Combnatoral Structure For Instantaneous Recovery From Edge Falures Ashly Joseph 1, Mr.M.Sadsh Sendl 2, Dr.S.Karthk 3 1 Fnal Year ME CSE Student Department of Computer Scence Engneerng
More informationTowards a Global Online Reputation
Hu L Unversty of Ottawa 55 Laurer Ave E Ottawa, ON KN 6N5 Canada + (63) 562 5800, 8834 Hl03@uottawa.ca Towards a Global Onlne Reputaton Morad Benyoucef Unversty of Ottawa 55 Laurer Ave E Ottawa, ON KN
More informationStatistical Approach for Offline Handwritten Signature Verification
Journal of Computer Scence 4 (3): 181-185, 2008 ISSN 1549-3636 2008 Scence Publcatons Statstcal Approach for Offlne Handwrtten Sgnature Verfcaton 2 Debnath Bhattacharyya, 1 Samr Kumar Bandyopadhyay, 2
More informationWhen Network Effect Meets Congestion Effect: Leveraging Social Services for Wireless Services
When Network Effect Meets Congeston Effect: Leveragng Socal Servces for Wreless Servces aowen Gong School of Electrcal, Computer and Energy Engeerng Arzona State Unversty Tempe, AZ 8587, USA xgong9@asuedu
More informationVembu StoreGrid Windows Client Installation Guide
Ser v cepr ov dered t on Cl enti nst al l at ongu de W ndows Vembu StoreGrd Wndows Clent Installaton Gude Download the Wndows nstaller, VembuStoreGrd_4_2_0_SP_Clent_Only.exe To nstall StoreGrd clent on
More informationModel-Based Vulnerability Testing of Payment Protocol Implementations
odel-based Vulnerablty Testng of ayment rotocol Implementatons Ghaz aatoug INRIA Nancy Grand Est 615, rue du Jardn Botanque 54602 Vllers les Nancy edex, France ghaz.maatoug@nra.fr Frédérc Dadeau FETO-ST
More informationDynamic Pricing for Smart Grid with Reinforcement Learning
Dynamc Prcng for Smart Grd wth Renforcement Learnng Byung-Gook Km, Yu Zhang, Mhaela van der Schaar, and Jang-Won Lee Samsung Electroncs, Suwon, Korea Department of Electrcal Engneerng, UCLA, Los Angeles,
More informationv a 1 b 1 i, a 2 b 2 i,..., a n b n i.
SECTION 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS 455 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS All the vector spaces we have studed thus far n the text are real vector spaces snce the scalars are
More information