In 2000, a remote user authentication scheme using smart cards was proposed and the masquerade attacks were proved successful on this scheme. Recently, Kumar has suggested the idea of check digits to overcome the abov...In 2000, a remote user authentication scheme using smart cards was proposed and the masquerade attacks were proved successful on this scheme. Recently, Kumar has suggested the idea of check digits to overcome the above attacks with a new scheme that removes these threats well. In this paper it is pointed out that the weakness still exists in Kumar's scheme, and the intruder can login to the remote system through having some information. A new scheme which can overcome these attacks and appears more secure and efficient than Kumar's is presented.展开更多
With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric ...With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric based user authentication scheme in wireless sensor networks using smart cards in 2019.But we found that Banerjee et al's authentication scheme is vulnerable to impersonation attacks.In order to overcome the weaknesses of Banerjee et al's scheme,we propose a new authentication scheme.In our proposed scheme,we only use the exclusive-or operation and one-way Hash function for the efficiency,which can reduce the computation burden for the IoT devices.In the authentication and session key agreement phase,the secret registration parameter is not used for the authentication,and the session key is given for the all entities.In the Devol-Yao threat model,the security analysis demonstrates that our proposed authentication scheme can resist well-known attacks.展开更多
Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed.The new scheme can ...Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed.The new scheme can satisfy all the listed ideal security requirements and has the following merits:(1)it can resist all the attacks listed in introduction;(2)less storage memory requirement due to no verification table stored in server;(3)low computational cost due to hash functions based operations;(4)even if the smart card is lost,the new system is still secure;(5)As user identity is anonymous,this scheme is more practical.The new proposed scheme can be applied in source constraint networks.展开更多
Remote user authentication is essential in distributed network environment to protect unauthorized access of a networked system. However, most of those existing remote user authentication schemes have not provided the...Remote user authentication is essential in distributed network environment to protect unauthorized access of a networked system. However, most of those existing remote user authentication schemes have not provided the user identity anonymity, while user anonymity is particularly important in some practical applications. Therefore, based on self-encryption mechanism, a new remote user authentication scheme was proposed. The scheme not only has no need of maintaining a password table at the remote server, but also can protect the user’s anonymity.展开更多
In 2005, Liu et al. proposed an improvement to Chien et al.'s remote user authentication scheme, using smart cards, to prevent parallel session attack. This article, however, will demonstrate that Liu et al.'s schem...In 2005, Liu et al. proposed an improvement to Chien et al.'s remote user authentication scheme, using smart cards, to prevent parallel session attack. This article, however, will demonstrate that Liu et al.'s scheme is vulnerable to masquerading server attack and has the system's secret key forward secrecy problem. Therefore, an improved scheme with better security strength, by using counters instead of timestamps, is proposed. The proposed scheme does not only achieve their scheme's advantages, but also enhances its security by withstanding the weaknesses just mentioned.展开更多
Three user authentication schemes are proposed. The security of these new schemes is due to the used secure hash functions and the physically secure smart cards.
With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Re...With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.'s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.'s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.展开更多
The fund budget of multipurpose transit smart card systems is studied by stochastic programming to assign limited funds to different applications reasonably. Under the constraints of a gross fund, models of chance-con...The fund budget of multipurpose transit smart card systems is studied by stochastic programming to assign limited funds to different applications reasonably. Under the constraints of a gross fund, models of chance-constrained and dependentchance for the fund budget of multipurpose transit smart card systems are established with application scale and social demand as random variables, respectively aiming to maximize earnings and satisfy the service requirements the furthest; and the genetic algorithm based on stochastic simulation is adopted for model solution. The calculation results show that the fund budget differs greatly with different system objectives which can cause the systems to have distinct expansibilities, and the application scales of some applications may not satisfy user demands with limited funds. The analysis results indicate that the forecast of application scales and application future demands should be done first, and then the system objective is determined according to the system mission, which can help reduce the risks of fund budgets.展开更多
Design aspects of CMOS compatible on-chip antenna for applications of contact-less smart card are discussed.An on-chip antenna model is established and a design method is demonstrated.Experimental results show that sy...Design aspects of CMOS compatible on-chip antenna for applications of contact-less smart card are discussed.An on-chip antenna model is established and a design method is demonstrated.Experimental results show that system-on-chip integrating power reception together with other electronic functions of smart card applications is feasible.In a 6×10 -4T magnetic field of 22.5MHz,an on-chip power of 1.225mW for a 10kΩ load is obtained using a 4mm2 on-chip antenna.展开更多
Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerpr...Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerprint features match his stored template. To resist being tampered on public channel, the user's message and the signed message are encrypted by the signer's public key and the user's public key, respectively. In the other signature system, the keys are generated by combining the signer's fingerprint features, check bits, and a rememberable key, and there are no matching process and keys stored on the smart card. Additionally, there is generally more than one public key in this system, that is, there exist some pseudo public keys except a real one.展开更多
Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recent...Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.展开更多
Smart card-automated fare collection systems now routinely record large volumes of data comprising the origins and destinations of travelers.Processing and analyzing these data open new opportunities in urban modeling...Smart card-automated fare collection systems now routinely record large volumes of data comprising the origins and destinations of travelers.Processing and analyzing these data open new opportunities in urban modeling and travel behavior research.This study seeks to develop an accurate framework for the study of urban mobility from smart card data by developing a heuristic primary location model to identify the home and work locations.The model uses journey counts as an indicator of usage regularity,visit-frequency to identify activity locations for regular commuters,and stay-time for the classification of work and home locations and activities.London is taken as a case study,and the model results were validated against survey data from the London Travel Demand Survey and volunteer survey.Results demonstrate that the proposed model is able to detect meaningful home and work places with high precision.This study offers a new and cost-effective approach to travel behavior and demand research.展开更多
Predicting trip purpose from comprehensive and continuous smart card data is beneficial for transport and city planners in investigating travel behaviors and urban mobility.Here,we propose a framework,ActivityNET,usin...Predicting trip purpose from comprehensive and continuous smart card data is beneficial for transport and city planners in investigating travel behaviors and urban mobility.Here,we propose a framework,ActivityNET,using Machine Learning(ML)algorithms to predict passengers’trip purpose from Smart Card(SC)data and Points-of-Interest(POIs)data.The feasibility of the framework is demonstrated in two phases.Phase I focuses on extracting activities from individuals’daily travel patterns from smart card data and combining them with POIs using the proposed“activity-POIs consolidation algorithm”.Phase II feeds the extracted features into an Artificial Neural Network(ANN)with multiple scenarios and predicts trip purpose under primary activities(home and work)and secondary activities(entertainment,eating,shopping,child drop-offs/pick-ups and part-time work)with high accuracy.As a case study,the proposed ActivityNET framework is applied in Greater London and illustrates a robust competence to predict trip purpose.The promising outcomes demonstrate that the cost-effective framework offers high predictive accuracy and valuable insights into transport planning.展开更多
As an essential component of bus dwelling time, passenger boarding time has a significant impact on bus running reliability and service quality. In order to understand the passengers’ boarding process and mitigate pa...As an essential component of bus dwelling time, passenger boarding time has a significant impact on bus running reliability and service quality. In order to understand the passengers’ boarding process and mitigate passenger boarding time, a regression analysis framework is proposed to capture the difference and influential factors of boarding time for adult and elderly passengers based on smart card data from Changzhou. Boarding gap, the time difference between two consecutive smart card tapping records, is calculated to approximate passenger boarding time. Analysis of variance is applied to identify whether the difference in boarding time between adults and seniors is statistically significant. The multivariate regression modeling approach is implemented to analyze the influences of passenger types, marginal effects of each additional boarding passenger and bus floor types on the total boarding time at each stop. Results show that a constant difference exists in boarding time between adults and seniors even without considering the specific bus characteristics. The average passenger boarding time decreases when the number of passenger increases. The existence of two entrance steps delays the boarding process, especially for elderly passengers.展开更多
A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing a...A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing attack. In this paper, the author demonstrate that Yoon's scheme is vulnerable to the off-line password guessing attack by using a stolen smart card and the DoS attack by computational load at the re, note system. An improvement of Yoon's scheme to resist the above attacks is also proposed.展开更多
The smart card-based automated fare collection (AFC) system has become the main method for collecting urban bus and rail transit fares in many cities worldwide. Such smart card technologies provide new opportunities...The smart card-based automated fare collection (AFC) system has become the main method for collecting urban bus and rail transit fares in many cities worldwide. Such smart card technologies provide new opportunities for transportation data collection since the transaction data obtained through AFC system contains a significant amount of archived information which can be gathered and leveraged to help estimate public transit origin–destination matrices. Boarding location detection is an important step particularly when there is no automatic vehicle location (AVL) system or GPS information in the database in some cases. With the analysis of raw data without AVL information in this paper, an algorithm for trip direction detection is built and the directions for any bus in operation can be confirmed. The transaction interval between each adjacent record will also be analyzed to detect the boarding clusters for all trips in sequence. Boarding stops will then be distributed with the help of route information and operation schedules. Finally, the feasibility and practicality of the methodology are tested using the bus transit smart card data collected in Guangzhou, China.展开更多
With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the ele...With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.展开更多
User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are...User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.展开更多
This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in ...This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.展开更多
The widespread and growing interest in the Internet of Things(IoT)may be attributed to its usefulness in many different fields.Physical settings are probed for data,which is then transferred via linked networks.There ...The widespread and growing interest in the Internet of Things(IoT)may be attributed to its usefulness in many different fields.Physical settings are probed for data,which is then transferred via linked networks.There are several hurdles to overcome when putting IoT into practice,from managing server infrastructure to coordinating the use of tiny sensors.When it comes to deploying IoT,everyone agrees that security is the biggest issue.This is due to the fact that a large number of IoT devices exist in the physicalworld and thatmany of themhave constrained resources such as electricity,memory,processing power,and square footage.This research intends to analyse resource-constrained IoT devices,including RFID tags,sensors,and smart cards,and the issues involved with protecting them in such restricted circumstances.Using lightweight cryptography,the information sent between these gadgets may be secured.In order to provide a holistic picture,this research evaluates and contrasts well-known algorithms based on their implementation cost,hardware/software efficiency,and attack resistance features.We also emphasised how essential lightweight encryption is for striking a good cost-to-performance-to-security ratio.展开更多
基金the National Natural Science Foundation of China (10671051)the Natural Science Foundation of Zhejiang Province (103060)
文摘In 2000, a remote user authentication scheme using smart cards was proposed and the masquerade attacks were proved successful on this scheme. Recently, Kumar has suggested the idea of check digits to overcome the above attacks with a new scheme that removes these threats well. In this paper it is pointed out that the weakness still exists in Kumar's scheme, and the intruder can login to the remote system through having some information. A new scheme which can overcome these attacks and appears more secure and efficient than Kumar's is presented.
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)。
文摘With the development of the Internet of Things(IoT)technique,sensitive information collected by sensors may be leaked.In recent years,many authentication schemes have been proposed.Banerjee et al proposed a biometric based user authentication scheme in wireless sensor networks using smart cards in 2019.But we found that Banerjee et al's authentication scheme is vulnerable to impersonation attacks.In order to overcome the weaknesses of Banerjee et al's scheme,we propose a new authentication scheme.In our proposed scheme,we only use the exclusive-or operation and one-way Hash function for the efficiency,which can reduce the computation burden for the IoT devices.In the authentication and session key agreement phase,the secret registration parameter is not used for the authentication,and the session key is given for the all entities.In the Devol-Yao threat model,the security analysis demonstrates that our proposed authentication scheme can resist well-known attacks.
基金Supported by the National Natural Science Foundation of China(60373087,60473023).
文摘Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed.The new scheme can satisfy all the listed ideal security requirements and has the following merits:(1)it can resist all the attacks listed in introduction;(2)less storage memory requirement due to no verification table stored in server;(3)low computational cost due to hash functions based operations;(4)even if the smart card is lost,the new system is still secure;(5)As user identity is anonymous,this scheme is more practical.The new proposed scheme can be applied in source constraint networks.
文摘Remote user authentication is essential in distributed network environment to protect unauthorized access of a networked system. However, most of those existing remote user authentication schemes have not provided the user identity anonymity, while user anonymity is particularly important in some practical applications. Therefore, based on self-encryption mechanism, a new remote user authentication scheme was proposed. The scheme not only has no need of maintaining a password table at the remote server, but also can protect the user’s anonymity.
基金This work is supported by the National Natural Science Foundation of China (90604022);Natural Science Foundation of Beijing (4062025).
文摘In 2005, Liu et al. proposed an improvement to Chien et al.'s remote user authentication scheme, using smart cards, to prevent parallel session attack. This article, however, will demonstrate that Liu et al.'s scheme is vulnerable to masquerading server attack and has the system's secret key forward secrecy problem. Therefore, an improved scheme with better security strength, by using counters instead of timestamps, is proposed. The proposed scheme does not only achieve their scheme's advantages, but also enhances its security by withstanding the weaknesses just mentioned.
文摘Three user authentication schemes are proposed. The security of these new schemes is due to the used secure hash functions and the physically secure smart cards.
基金supported by the National Natural Science Foundation of China(61170241,61073042)
文摘With the broad implementations of the electronic business and government applications, robust system security and strong privacy protection have become essential requirements for remote user authentication schemes. Recently, Chen et al. pointed out that Wang et al.'s scheme is vulnerable to the user impersonation attack and parallel session attack, and proposed an enhanced version to overcome the identified security flaws. In this paper, however, we show that Chen et al.'s scheme still cannot achieve the claimed security goals and report its following problems: (1) It suffers from the offline password guessing attack, key compromise impersonation attack and known key attack; (2) It fails to provide forward secrecy; (3) It is not easily repairable. As our main contribution, a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects, while preserving the merits of different related schemes. The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship.
基金The Key Technology R& D Program of Jiangsu Scienceand Technology Department(No.BE2006010)the Key Technology R& DProgram of Nanjing Science and Technology Bureau(No.200601001)Sci-ence and Technology Research Projects of Nanjing Metro Headquarters(No.8550143007).
文摘The fund budget of multipurpose transit smart card systems is studied by stochastic programming to assign limited funds to different applications reasonably. Under the constraints of a gross fund, models of chance-constrained and dependentchance for the fund budget of multipurpose transit smart card systems are established with application scale and social demand as random variables, respectively aiming to maximize earnings and satisfy the service requirements the furthest; and the genetic algorithm based on stochastic simulation is adopted for model solution. The calculation results show that the fund budget differs greatly with different system objectives which can cause the systems to have distinct expansibilities, and the application scales of some applications may not satisfy user demands with limited funds. The analysis results indicate that the forecast of application scales and application future demands should be done first, and then the system objective is determined according to the system mission, which can help reduce the risks of fund budgets.
文摘Design aspects of CMOS compatible on-chip antenna for applications of contact-less smart card are discussed.An on-chip antenna model is established and a design method is demonstrated.Experimental results show that system-on-chip integrating power reception together with other electronic functions of smart card applications is feasible.In a 6×10 -4T magnetic field of 22.5MHz,an on-chip power of 1.225mW for a 10kΩ load is obtained using a 4mm2 on-chip antenna.
基金This project was supported by the National Science Foundation of China (60763009)China Postdoctoral Science Foundation (2005038041)Hainan Natural Science Foundation (80528).
文摘Two signature systems based on smart cards and fingerprint features are proposed. In one signature system, the cryptographic key is stored in the smart card and is only accessible when the signer's extracted fingerprint features match his stored template. To resist being tampered on public channel, the user's message and the signed message are encrypted by the signer's public key and the user's public key, respectively. In the other signature system, the keys are generated by combining the signer's fingerprint features, check bits, and a rememberable key, and there are no matching process and keys stored on the smart card. Additionally, there is generally more than one public key in this system, that is, there exist some pseudo public keys except a real one.
基金supported by the Basic Science ResearchProgram through the National Research Foundation of Korea funded by the Ministry of Education under Grant No.NRF-2010-0020210
文摘Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.
基金This work was funded by the Economic and Social Research Council(ESRC)in the United Kingdom[grant number 1477365].
文摘Smart card-automated fare collection systems now routinely record large volumes of data comprising the origins and destinations of travelers.Processing and analyzing these data open new opportunities in urban modeling and travel behavior research.This study seeks to develop an accurate framework for the study of urban mobility from smart card data by developing a heuristic primary location model to identify the home and work locations.The model uses journey counts as an indicator of usage regularity,visit-frequency to identify activity locations for regular commuters,and stay-time for the classification of work and home locations and activities.London is taken as a case study,and the model results were validated against survey data from the London Travel Demand Survey and volunteer survey.Results demonstrate that the proposed model is able to detect meaningful home and work places with high precision.This study offers a new and cost-effective approach to travel behavior and demand research.
基金This work is part of the Consumer Data Research Centre project(ES/L011840/1)funded by the UK Economic and Social Research Council(grant number 1477365).
文摘Predicting trip purpose from comprehensive and continuous smart card data is beneficial for transport and city planners in investigating travel behaviors and urban mobility.Here,we propose a framework,ActivityNET,using Machine Learning(ML)algorithms to predict passengers’trip purpose from Smart Card(SC)data and Points-of-Interest(POIs)data.The feasibility of the framework is demonstrated in two phases.Phase I focuses on extracting activities from individuals’daily travel patterns from smart card data and combining them with POIs using the proposed“activity-POIs consolidation algorithm”.Phase II feeds the extracted features into an Artificial Neural Network(ANN)with multiple scenarios and predicts trip purpose under primary activities(home and work)and secondary activities(entertainment,eating,shopping,child drop-offs/pick-ups and part-time work)with high accuracy.As a case study,the proposed ActivityNET framework is applied in Greater London and illustrates a robust competence to predict trip purpose.The promising outcomes demonstrate that the cost-effective framework offers high predictive accuracy and valuable insights into transport planning.
基金The National Natural Science Foundation of China(No.51338003,71801041)
文摘As an essential component of bus dwelling time, passenger boarding time has a significant impact on bus running reliability and service quality. In order to understand the passengers’ boarding process and mitigate passenger boarding time, a regression analysis framework is proposed to capture the difference and influential factors of boarding time for adult and elderly passengers based on smart card data from Changzhou. Boarding gap, the time difference between two consecutive smart card tapping records, is calculated to approximate passenger boarding time. Analysis of variance is applied to identify whether the difference in boarding time between adults and seniors is statistically significant. The multivariate regression modeling approach is implemented to analyze the influences of passenger types, marginal effects of each additional boarding passenger and bus floor types on the total boarding time at each stop. Results show that a constant difference exists in boarding time between adults and seniors even without considering the specific bus characteristics. The average passenger boarding time decreases when the number of passenger increases. The existence of two entrance steps delays the boarding process, especially for elderly passengers.
文摘A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing attack. In this paper, the author demonstrate that Yoon's scheme is vulnerable to the off-line password guessing attack by using a stolen smart card and the DoS attack by computational load at the re, note system. An improvement of Yoon's scheme to resist the above attacks is also proposed.
基金The United States Department of Transportation, University Transportation Center through the Center for Advanced Multimodal Mobility Solutions and Education (CAMMSE) at The University of North Carolina at Charlotte (Grant Number: 69A3551747133) for sponsoring this research project entitled ‘estimation of origin–destination matrix and identification of user activities using public transit smart card data’
文摘The smart card-based automated fare collection (AFC) system has become the main method for collecting urban bus and rail transit fares in many cities worldwide. Such smart card technologies provide new opportunities for transportation data collection since the transaction data obtained through AFC system contains a significant amount of archived information which can be gathered and leveraged to help estimate public transit origin–destination matrices. Boarding location detection is an important step particularly when there is no automatic vehicle location (AVL) system or GPS information in the database in some cases. With the analysis of raw data without AVL information in this paper, an algorithm for trip direction detection is built and the directions for any bus in operation can be confirmed. The transaction interval between each adjacent record will also be analyzed to detect the boarding clusters for all trips in sequence. Boarding stops will then be distributed with the help of route information and operation schedules. Finally, the feasibility and practicality of the methodology are tested using the bus transit smart card data collected in Guangzhou, China.
基金Supported by the Key Natural Science Foundation of Anhui Higher Education Institutions (KJ2017A857, KJ2019A0727)。
文摘With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.
基金the National Basic Research Development(973) Program of China(No.2013CB834205)the National Natural Science Foundation of China(Nos.61070153 and 61103209)+1 种基金the Natural Science Foundation of Zhejiang Province(Nos.LZ12F02005 and LY12F02006)the Education Department Foundation of Zhejiang Province(No.Y201222977)
文摘User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee's scheme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.
基金Supported by Natural Science Funds of Shanxi Province(No. 2010021016-3)
文摘This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.
基金supported by project TRANSACT funded under H2020-EU.2.1.1.-INDUSTRIAL LEADERSHIP-Leadership in Enabling and Industrial Technologies-Information and Communication Technologies(Grant Agreement ID:101007260).
文摘The widespread and growing interest in the Internet of Things(IoT)may be attributed to its usefulness in many different fields.Physical settings are probed for data,which is then transferred via linked networks.There are several hurdles to overcome when putting IoT into practice,from managing server infrastructure to coordinating the use of tiny sensors.When it comes to deploying IoT,everyone agrees that security is the biggest issue.This is due to the fact that a large number of IoT devices exist in the physicalworld and thatmany of themhave constrained resources such as electricity,memory,processing power,and square footage.This research intends to analyse resource-constrained IoT devices,including RFID tags,sensors,and smart cards,and the issues involved with protecting them in such restricted circumstances.Using lightweight cryptography,the information sent between these gadgets may be secured.In order to provide a holistic picture,this research evaluates and contrasts well-known algorithms based on their implementation cost,hardware/software efficiency,and attack resistance features.We also emphasised how essential lightweight encryption is for striking a good cost-to-performance-to-security ratio.
