Y Lei,DR Chen,ZD Jiang

DOI: https://doi.org/10.1109/aina.2004.1283860

2004-01-01

Abstract:With the explosion of the mobile communication market, more and more handheld devices act as clients in the Internet. People use these devices to purchase books, play games, receive emails, etc. For protecting privacies, such applications should integrate digital signature schemes. Since handheld devices have poor computational capabilities and limited battery life, traditional computation intensive digital signature protocols that are based on asymmetric cryptographic algorithms are not suitable for mobile devices. In this paper we propose a Server Based Signature (SBS) scheme for mobile devices. Besides achieving the same security level of the traditional digital signature protocols, the SBS scheme also: 1) reduces the computation complexity on the mobile devices; 2) reduces the communication consumption between signer and verifier Application results show that our scheme is very useful for mobile communication systems.

Liang Cai,Xiaohu Yang,Chun Chen

DOI: https://doi.org/10.1007/978-3-540-31957-3_92

2005-01-01

Abstract:In recent years there is an explosion in the number of applications for mobile devices. Many of these applications require the ability to issue digital signatures on behalf of their users. Traditionally, digital signatures are based on asymmetric cryptographic techniques which make them computationally expensive. Currently, all mobile devices tend to have limited computational capabilities and equally limited power. Instead of every mobile device performing computationally intensive cryptographic operations, a Server-aided Signature Service (SASS) was designed to offload PKI computation from clients in mobile networks such as GSM and CDMA. The paper details the design of SASS. After thorough performance analysis, we conclude that SASS can significantly improve the signing performance of the mobile clients.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Mohammed Ramadan,Guohong Du,Fagen Li,Chunxiang Xu

DOI: https://doi.org/10.3390/sym8090085

2016-01-01

Symmetry

Abstract:Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA), evolved packet system-authentication and key agreement (EPS-AKA), and long term evolution-authentication and key agreement (LTE-AKA) algorithms for 3rd generation partnership project (3GPP) systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC) which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI) is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

LI Dong-feng,WEI Ming-Xin,LI Wei-ping

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.09.049

2011-01-01

Abstract:As considerable quantities of complex cryptographic computation should be done on client side in the traditional public key cryptosystems,it's difficult for the PKI technology to be used in the special case with weak computation capability. In addition,the communication between digital certificate and authentication is required,thus to obtain the CRLs as certificate chain and verify the validity of online certificate,this would greatly reduce the application and development of public key cryptographic technology. In the proposed proxy-based application model,the computation and communication are completed via the proxy service,and the client just needs to send standard application request and accept the corresponding response,thus effectively simplifying the application of public key cryptography.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

LUO Qi-han,CAO Tian-jie,HE Tao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2009.05.093

2009-01-01

Abstract:Based on Cao et al.'s improved server-aided standard RSA key generation protocol,implemented it based on Windows Mobile Smartphone which was in the.NET Compact Framework.This paper specified the scheme of implementation,data transporting of communications and selecting and optimization of key algorithms.Many factors were also considered intensively,such as the reusage,maintainability,execution efficiency and the reliability of protocol running.In addition,also adopted the multithreading coping mechanism to assist several clients computing.

Fagen Li,Jiye Wang,Yuyang Zhou,Chunhua Jin,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11276-018-1839-4

IF: 2.701

2018-01-01

Wireless Networks

Abstract:In a mobile client–server environment, a low-power mobile device wants to access a strong server to get some kind of services. User authentication and key establishment are two basic security requirements for this environment. Without the user authentication, an unauthorized user can access the server and gets the services. Without the key establishment, the communication between the user and the server will be disclosed. Recently, some user authentication and key establishment protocols were designed. However, all of them are homogeneous since the client and the server belong to the same cryptosystem. That is, both the client and the server belong to public key infrastructure or identity-based cryptosystem or self-certified cryptosystem. Such design does not comply with the characteristic of mobile client–server application. In this paper, we design a heterogeneous user authentication and key establishment protocol using a signcryption scheme. In this protocol, the client uses identity-based cryptosystem and the server uses the public key infrastructure. As compared with existing works, our protocol has the lowest cost in computation and communication.

Kai Xi,Tohari Ahmad,Fengling Han,Jiankun Hu

DOI: https://doi.org/10.1002/sec.225

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:With fast evolution of mobile devices and mobile network, the need of protecting user sensitive information locally and performing secure user authentication remotely become evermore increasing. Bio-cryptography is emerging as a powerful solution which can combine the advantages of conventional cryptography and biometric security. In this paper, we present an efficient bio-cryptographic security protocol designed for client/server authentication in current mobile computing environment, with a reasonable assumption that server is secure. In this protocol, fingerprint biometric is used in user verification, protected by a computationally efficient Public Key Infrastructure (PKI) scheme, Elliptic Curve Cryptography (ECC). The genuine fingerprint information is hidden in the feature vault which is the mixture of genuine and chaff features. Fingerprint features are not only used for biometric verification but also for cryptographic key generation. Our security analysis shows that the proposed protocol can provide a secure and trustworthy authentication of remote mobile users over insecure network. Experimental results on public domain database show an acceptable verification performance. We also tested the computational costs and efficiency of our protocol on the CLDC emulator using Java ME (previous J2ME) programming technology. The simulation results prove that the proposed protocol suits current mobile environment. Copyright (C) 2010 John Wiley & Sons, Ltd.

Lingling Xu,Jin Li,Shaohua Tang,Joonsang Baek

DOI: https://doi.org/10.1155/2015/626415

2015-01-01

Mobile Information Systems

Abstract:With the development of wireless technology, much data communication and processing has been conducted in mobile devices with wireless connection. As we know that the mobile devices will always be resource-poor relative to static ones though they will improve in absolute ability, therefore, they cannot process some expensive computational tasks due to the constrained computational resources. According to this problem, server-aided computing has been studied in which the power-constrained mobile devices can outsource some expensive computation to a server with powerful resources in order to reduce their computational load. However, in existing server-aided verification signature schemes, the server can learn some information about the message-signature pair to be verified, which is undesirable especially when the message includes some secret information. In this paper, we mainly study the server-aided verification signatures with privacy in which the message-signature pair to be verified can be protected from the server. Two definitions of privacy for server-aided verification signatures are presented under collusion attacks between the server and the signer. Then based on existing signatures, two concrete server-aided verification signature schemes with privacy are proposed which are both proved secure.

M. Toorani,A. A. Beheshti

DOI: https://doi.org/10.1109/ICCS.2008.4737164

2012-03-17

Abstract:The non-repudiation as an essential requirement of many applications can be provided by the asymmetric key model. With the evolution of new applications such as mobile commerce, it is essential to provide secure and efficient solutions for the mobile environments. The traditional public key cryptography involves huge computational costs and is not so suitable for the resource-constrained platforms. The elliptic curve-based approaches as the newer solutions require certain considerations that are not taken into account in the traditional public key infrastructures. The main contribution of this paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the constrained platforms such as mobile phones. It takes advantages of elliptic curve cryptography and signcryption to decrease the computational costs and communication overheads, and adapting to the constraints. All the computational costs of required validations can be eliminated from end-entities by introduction of a validation authority to the introduced infrastructure and delegating validations to such a component. LPKI is so suitable for mobile environments and for applications such as mobile commerce where the security is the great concern.

Cryptography and Security

Yu ZHENG,Da-ke HE,Qi-xiang MEI

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.08.011

2005-01-01

Abstract:BackgroundIn 3G mobile communication systems it is likely that public-key based authentication protocols will be employed for their intrinsic advantages over symmetric key protocols. In this paper, an efficient self-certified public-key based authentication scheme including PKBP (Public-Key Broadcast Protocol) and SPAKA (Self-certified Public-key based Authentication and Key Agreement Protocol) is presented for 3G systems. With the help of PKBP, Mobile Equipment (ME) can identify the genuine Base Station (BS) from the malicious ones without verifying the VLR’s (Visit Location Register) public-key certificate before authentication. While in SPAKA, without delivering its public-key certificate to VLR, ME can enforce mutual authentication with VLR. What’s more, in the scheme the conversation launched by ME can be monitored in a controllable and legitimate way by government at required occasions. Thus …

Alzubair Hassan,Nabeil Eltayieb,Rashad Elhabob,Fagen Li

DOI: https://doi.org/10.1007/978-3-319-59463-7_59

2018-01-01

Abstract:Based on mobile devices limitations, several user authentications and key exchange schemes have been proposed for mobile devices using identity-based public key cryptography (ID-PKC). However, these schemes suffer from key escrow problem. Moreover, they are not secure against impersonation attacks, and they can't achieve perfect forward secrecy. In this paper, a new user authentication and key exchange protocol for the mobile client-server environment is proposed. Certificateless public key cryptography (CL-PKC) and bilinear pairing are adopted in the proposed scheme. Our protocol solves the key escrow problem of identity-based public key cryptography. Also, it is secure against both adversaries type I and type II. Furthermore, the proposed protocol achieves perfect forward secrecy. We prove the security of our protocol in the random oracle model under the Computational Diffie-Hellman (CDH) problem. Hence, the proposed scheme is more suitable for the mobile devices environments.

HONG Huan-jian,TENG Ran-ran,ZHENG Jian-hua,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.048

2006-01-01

Abstract:In any security applications based PKI,the validation of the digital certificates is important to the system's security.This paper briefly describes the actual implementation of the On-line Certificate Status Protocol(OCSP) on Internet and explains why the crypto-mobile-phone cannot check the certificate status on-line as on Internet.It introduces a new certificate revocation status-broadcasting scheme that efficiently resolves the problem of checking certificate revocation status in wireless environment and improves the security level of crypto-mobile-phone.

ZHOU Qiang,LI Jianbin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.01.050

2007-01-01

Abstract:On-line tax returns systems are inevitably subject to security exposures and risks of the global Internet.This paper presents a security design for tax returns system that supports mobile end user devices.The proposed approach is designed to address new security requirements due to the electronic signature law which aims to provide a legal basis for electronic transactions.The design makes use of and combines the advantages of PKI mechanism and simple password authentication.It is a lightweight security approach that can operate efficiently on resource-scarce mobile devices.

Hengchuan Tan,Maode Ma,Houda Labiod,Aymen Boudguiga,Jun Zhang,Peter Han Joo Chong

DOI: https://doi.org/10.1109/TVT.2016.2621354

2017-12-28

Abstract:Public key infrastructure (PKI) is the most widely used security mechanism for securing communications over the network. However, there are known performance issues, making it unsuitable for use in vehicular networks. In this paper, we propose a secure and authenticated key management protocol (SA-KMP) to overcome the shortcomings of the PKI. The SA-KMP scheme distributes repository containing the bindings of the en-tity's identity and its corresponding public key to each vehicle and road side unit. By doing so, certificate exchanges and certificate revocation lists are eliminated. Furthermore, the SA-KMP scheme uses symmetric keys derived based on a 3-D-matrix-based key agreement scheme to reduce the high computational costs of using asymmetric cryptography. We demonstrate the efficiency of the SA-KMP through performance evaluations in terms of transmission and storage overhead, network latency, and key generation time. Analytical results show that the SA-KMP is more scalable and outperforms the certificate-based PKI. Simulation results indicate that the key generation time of the SA-KMP scheme is less than that of the existing Elliptic Curve Diffie--Hellman and Diffie--Hellman protocols. In addition, we use Proverif to prove that the SA-KMP scheme is secure against an active attacker under the Dolev and Yao model and further show that the SA-KMP scheme is secure against denial of service, collusion attacks, and a wide range of other malicious attacks.

Cryptography and Security

Tianjie Cao,Xianping Mao,Qihan Luo,Zhipeng Niu

DOI: https://doi.org/10.1109/CCCM.2008.341

2008-01-01

Abstract:In ITST2006, Chen et al. presented two server-aided public key generation protocols for low-power devices and claimed that their protocols secure against collusion attack. In this paper, we point that if the servers collude with each other, those servers could obtain low-power devices' secret information, and they can get the plaintext from any ciphertext. We also present an improved server-aided standard RSA key generation protocol against the collusion attack.

Fuyou Miao,Shoubao Yang,Yan Xiong,Bei Hua,Xingfu Wang

IF: 1.019

2005-01-01

Chinese Journal of Electronics

Abstract:In mobile code environment, signing private keys are liable to be exposed; visited hosts are susceptible to be attacked by all kinds of vicious mobile codes, therefore a signer often sends remote nodes mobile codes containing an encrypted signature function to complete a signature. The paper first presents a unidirectional split-key scheme for private key protection based on RSA, which is more simple and secure than secret sharing; and then proposes a split-key based signature protocol with encrypted function, which is traceable, undeniable and malignance resistant. Security analysis shows that the protocol can effectively protect the signing private key and complete secure signatures in mobile code environment.