A Cloud-Based Crime Reporting System with Identity Protection
Abstract
:1. Introduction
2. Methodology
2.1. Notations
- Ux—user x is categorized as: informer Ui, investigator Ut, superior Us
- Ui—informer
- Ut—investigator
- Us—superior
- ServerPLA—reporting server
- ServerCA—certificate authority server
- TFGateway—cooperating payment server
- IDx—the reporting system account of Ux
- PWx—the reporting system password of Ux
- PWHASH—the hash value of a password
- SNevent—the serial number of a case
- ACCi—the bank account of Ui
- Cash—the reward amount
- SN—the serial number of an IC (Integrated Circuit) card
- IDNO—the ID number of an IC card (last four digits)
- PUKUx—the public key of Ux
- PRKUx—the private key of Ux
- Msgevent—attached data for reporting (e.g., photos and related documents)
- Msgsuc—success response from reporting server
- Msgunsuc—unsuccessful response from reporting server
- MsgCA—the result of verification from the CA (Certificate Authority) server
- Msgver—the audit result of reporting case form Ut or Us
- MsgBANKsuc—notification of remit
- Sigx—the signature of x
- VPUKUx(Sigx)—use the public key PUKUx to verify signature Sigx
- SPRKUx(M)—use the private key PRKUx to sign message M
- EKEY(M)—encrypt message M by symmetric key KEY
- DKEY(C)—decrypt ciphertext C by symmetric key KEY
- EPUKSERVERPLA(M)—encrypt message M by public key PUKSERVERPLA
- DPRKSERVERPLA(C)—decrypt ciphertext C by server’s private key PRKSERVERPLA
- H(. )—one way hash function
- X→Y—send a message from X to Y
- A ≟ B—determine if A is equal to B
- —insecure channel
- —secure channel
2.2. System Structure
- (1)
- Informer logs in to the system to make a report, or to process other related operations.
- (2)
- The reporting server assigns an investigator to conduct an investigation, and the investigator receives the report of a crime, and determines whether the preliminary evidence is sufficient to open a case.
- (3)
- The investigator transmits the result of the audited case to the reporting server.
- (4)
- The reporting server transmits the reports audited by the investigator to a superior. In addition, if the investigator does not receive or audit reports within a specified period, the system will automatically notify the superior of the reports. If the upward notification confirms the reports are sufficient to open cases, with a reward to be issued, the reports will be sent to the upper superiors for confirmation. When all the superiors confirm that the details of the report are sufficient for the reward, the financial system will automatically remit the reward to the informer’s account. On the other hand, if the investigator determines that a report is abusing the system, then the superior will re-confirm whether the case is rejected or must be re-investigated to avoid a wrong judgment.
- (5)
- Each superior sends the results of the case to the reporting server.
- (6)
- When the reporting server receives a superior’s determination that the case needs re-investigating, the case will be reassigned to a new superior.
- (7)
- When the reporting server receives the confirmation and agrees to issue the reward, the server will notify the financial institution.
- (8)
- The cooperating payment server of the financial institution will automatically remit the reward to the informer’s account.
- (9)
- When the cooperating payment server has remitted the reward, it will notify the reporting server.
- (10)
- The reporting server notifies the informer that the remittance has been completed.
2.2.1. Registration Phase
2.2.2. Login Verification Phase
2.2.3. Reporting Phase
2.2.4. The Superior Verification Phase
2.2.5. Reward Issuing Phase
2.2.6. The Judgment of and Punishment for Abusing the System
3. System Implementation
3.1. Hardware and Software Environment
- IC Reader, personal identity IC card
- Apache
- PHP (Personal Home Page)
- Mysql
- Microsoft Windows Server
3.2. Implementation
3.2.1. Registration Phase
3.2.2. Login Phase
3.2.3. Reporting Phase
3.2.4. Contracting the Events
- (1)
- 【Abuse】button: If the reported case is not within the scope of contracting, or the reported content is not real, this choice will be used to report it to the system.
- (2)
- 【Reward】button: If the reported case is verified as real and must be rewarded, clicking the button will authorize the reward being issued.
- (3)
- 【Closed】button: If the reported case is verified as real and without reward, then clicking this button closes the case.
3.2.5. Upper Superior
- 【Reward】: When the reward has been confirmed for issue, the superior clicks the 【Reward】button, as shown in Figure 25.
- 【Abuse】: When the superior clicks the 【Abuse】 button in Figure 26, this means the case is an abusive reporting case.
- 【Retrial】: When a case is in doubt, it must be re-investigated. Such cases are called “retrial cases” and will be randomly assigned to a new investigator. The upper superior can designate a case in which there is cause for doubt as a retrial case by pressing the 【Retrial】 button, shown in Figure 26. The system will automatically reassign the retrial case to another investigator.
4. Discussion
4.1. The Identity of the Informer
4.2. Anonymous Reporting
4.3. The Integrity of the Data
4.4. Non-Repudiation
- The reporting server will verify the informer’s signature Sigi; therefore, the informer cannot deny the signature.
- The reporting server will verify the investigator’s signature Sigt; therefore, the investigator cannot deny the signature.
- The superior receives the Sigt of a reward case form an investigator, and the superior will verify the Sigt; therefore, the investigator cannot deny the signature.
- The reporting server receives the Sigs, which means the superior agrees to issue the reward; therefore, the superior cannot deny that they confirmed the reward.
- The cooperating payment server will receive the SigSERVERPLA issued by the reporting server; therefore, the reporting server cannot deny that it confirmed the reward.
4.5. Preventing the Case Being Erased
4.6. Secure Reward Issuing
4.7. Untraceability
4.8. Confidentiality
- (1)
- The reporting server uses the SSL security protocol to ensure secure data transmission. In the registration phase, a one-way hash function is used to convert PWx into PWHASH, which prevent user passwords being leaked:PWHASH = H(PWx)
- (2)
- The system encrypts the IDi of the Ui with the symmetric key of ServerPLA to protect the identity of the informer in the event of a database security breach:C5 = EKEY(IDi)
- (3)
- In the auditing and reward phases, the server uses the asymmetric key of ServerPLA to encrypt ACCi, and MsgBANKsuc to protect sensitive informer information:C7 = EKEY(ACCi, MsgBANKsuc)
4.9. Comparison
5. Conclusions
Author Contributions
Acknowledgments
Conflicts of Interest
References
- Ku, C.H.; Iriberri, A.; Leroy, G. Crime Information Extraction from Police and Witness Narrative Reports. In Proceedings of the 2008 IEEE International Conference on Technologies for Homeland Security, Westin Hotel, Waltham, MA, USA, 12–13 May 2008; pp. 12–13. [Google Scholar]
- Iriberri, A.; Leroy, G. Natural Language Processing and e-Government: Extracting Reusable Crime Report Information. In Proceedings of the IEEE International Conference on Information Reuse and Integration, Las Vegas, NV, USA, 13–15 August 2007; pp. 221–226. [Google Scholar]
- Simon, I.S. The Fear of Reprisal and the Failure of Victims to Report a Personal Crime. J. Quant. Criminol. 1988, 4, 289–302. [Google Scholar]
- Iriberri, A.; Leroy, G.; Garrett, N. Reporting On-Campus Crime Online: User Intention to Use. In Proceedings of the 39th Hawaii International Conference on System Sciences, Kauia, HI, USA, 4–7 January 2006; pp. 1–10. [Google Scholar]
- USA.gov-Home. Available online: https://www.usa.gov/ (accessed on 15 May 2018).
- Sakpere, B.A.; Kayem, A.V.D.M.; Ndlovu, T. A Usable and Secure Crime Reporting System for Technology Resource Constrained Context. In Proceedings of the 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Gwangiu, Korea, 24–27 March 2015; pp. 424–429. [Google Scholar]
- Eugene, F.F. Anonymous Reporting System. U.S. Patent 9135598 B2, 15 September 2015. Available online: https://www.google.com/patents/US9135598 (accessed on 15 February 2019).
- Sánchez-García, J.; García-Campos, J.M.; Reina, D.G.; Toral, S.L.; & Barrero, F. On-site DriverID: A Secure Authentication Scheme Based on Spanish eID Cards for Vehicular Ad Hoc Networks. Future Gener. Comput. Syst. 2016, 64, 50–60. [Google Scholar] [CrossRef]
- Zwattendorfer, B.; Slamanig, D. The Austrian eID Ecosystem in the Public Cloud: How to Obtain Privacy While Preserving Practicality. J. Inf. Secur. Appl. 2016, 27–28, 35–53. [Google Scholar] [CrossRef]
- Cernian, A.; Olteanu, A.; Mateescu, G.; Vladescu, M.; Stamatescu, G.; Ropot, A.; Plesca, C.; Togan, M.; Sgarciu, V.; Carstoiu, D.; et al. The Design and Implementation of An Experimental Model for Secure Management of Personal Data Based on Electronic Identity Card and PKI Infrastructure. IFAC Proc. Vol. 2016, 45, 1697–1701. [Google Scholar] [CrossRef]
- Bajpai, D.; Vardhan, M.; Gupta, S.; Kumar, R.; Kushwaha, D.S. Security Service Level Agreements Based Authentication and Authorization Model for Accessing Cloud Services. Adv. Comput. Inf. Technol. 2012, 176, 719–728. [Google Scholar] [CrossRef]
- Hwang, J.J.; Chuang, H.K.; Hsu, Y.C.; Wu, C.H. A Business Model for Cloud Computing Based on A Separate Encryption and Decryption Service. In Proceedings of the 2011 International Conference on Information Science and Applications, Jeju Island, Korea, 26–29 April 2011; pp. 26–29. [Google Scholar]
- Wang, H.; He, W.; Wang, F.K. Enterprise Cloud Service Architectures. Inf. Technol. Manag. 2012, 13, 445–454. [Google Scholar] [CrossRef]
- Tsai, Y.L. Cloud Computing Security. Commun. CCISA 2012, 18, 62–68. [Google Scholar]
- Karuppiah, M.; Saravanan, R. A Secure Remote User Mutual Authentication Scheme Using Smart Cards. J. Inf. Secur. Appl. 2014, 19, 282–294. [Google Scholar] [CrossRef]
- Maliki, T.E.; Seigneur, J.M. Chapter 4–Online Identity and User Management Services. In Managing Information Security, 2nd ed.; Syngress: Rockland, MA, USA, 2014; pp. 75–118. [Google Scholar]
- Zhu, B.; Setia, S.; Jajodia, S.; Wang, L. Providing Witness Anonymity Under Peer-to-Peer Settings. IEEE Trans. Inf. Forens. Secur. 2010, 5, 324–336. [Google Scholar] [CrossRef]
- Vigil, M.; Buchmann, J.; Cabarcas, D.; Weinert, C.; Wiesmaier, A. Integrity, Authenticity, Non-repudiation, and Proof of Existence for Long-term Archiving: A Survey. Comput. Secur. 2015, 50, 16–32. [Google Scholar] [CrossRef]
- Sergio, M.; Esther, L.M.; Africa, L.R.; Joaquin, C.; Alexis, M.P.; Manuel, C. Analysis of New Technology Trends in Education: 2010–2015. IEEE Access 2018, 6, 36840–36848. [Google Scholar] [CrossRef]
- Tan, H.; Chung, I. A Secure and Efficient Group Key Management Protocol with Cooperative Sensor Association in WBANs. Sensors 2018, 18, 3930. [Google Scholar] [CrossRef] [PubMed]
- Tan, H.; Choi, D.; Kim, P.; Pan, S.; Chung, I. Secure Certificateless Authentication and Road Message Dissemination Protocol in VANETs. Wirel. Commun. Mob. Comput. 2018, 7978027. [Google Scholar] [CrossRef]
Evidence | Evidence Issuer | Evidence Holder | Verification Equation |
---|---|---|---|
(C3, Sigi) | Ui | ServerPLA | (IDi, Msgevent) = DPRKSERVERPLA(C3) (IDi, Msgevent) ≟ VPUKUi(Sigi) |
(IDt, SNevent, Msgevent, Msgver, Cash, Sigt) | Ut | ServerPLA | (IDt, SNevent, Msgevent, Msgver, Cash) ≟ VPUKUt(Sigt) |
(IDt, SNevent, Msgevent, Msgver, Cash, Sigt) | Ut | Us | (IDt, SNevent, Msgevent, Msgver, Cash) ≟ VPUKUt(Sigt) |
(IDs, IDt, SNevent, Msgevent, Msgver, Cash, Sigs) | Us | ServerPLA | (IDs, IDt, SNevent, Msgevent, Msgver, Cash) ≟ VPUKUs(Sigs) |
(IDSERVERPLA, IDi, ACCi, Cash, SigSERVERPLA) | ServerPLA | TFGateway | (IDSERVERPLA, IDi, ACCi, Cash) ≟ VPUKSERVERPLA(SigSERVERPLA) |
Ku et al. [1] | Iriberri and Leroy [2] | Sakpere et al. [6] | Eugene [7] | The Proposed Scheme | |
---|---|---|---|---|---|
Authenticity | N/A | N/A | N/A | N/A | YES |
Anonymous reporting | YES | YES | YES | YES | YES |
Data integrity | N/A | N/A | YES | YES | YES |
Non-repudiation | N/A | N/A | NO | N/A | YES |
Smother a reported case prevention | NO | NO | N/A | NO | YES |
Untraceable | NO | NO | NO | NO | YES |
Reward mechanism | NO | NO | N/A | NO | YES |
Confidentiality | N/A | N/A | N/A | N/A | YES |
Preclude false reports | NO | NO | NO | NO | YES |
Theoretical analysis | NO | NO | NO | NO | YES |
Implementation | YES | NO | YES | YES | YES |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Shih, T.-F.; Chen, C.-L.; Syu, B.-Y.; Deng, Y.-Y. A Cloud-Based Crime Reporting System with Identity Protection. Symmetry 2019, 11, 255. https://doi.org/10.3390/sym11020255
Shih T-F, Chen C-L, Syu B-Y, Deng Y-Y. A Cloud-Based Crime Reporting System with Identity Protection. Symmetry. 2019; 11(2):255. https://doi.org/10.3390/sym11020255
Chicago/Turabian StyleShih, Tzay-Farn, Chin-Ling Chen, Bo-Yan Syu, and Yong-Yuan Deng. 2019. "A Cloud-Based Crime Reporting System with Identity Protection" Symmetry 11, no. 2: 255. https://doi.org/10.3390/sym11020255
APA StyleShih, T. -F., Chen, C. -L., Syu, B. -Y., & Deng, Y. -Y. (2019). A Cloud-Based Crime Reporting System with Identity Protection. Symmetry, 11(2), 255. https://doi.org/10.3390/sym11020255