Tianjie Cao,Xianping Mao,Dongdai Lin

DOI: https://doi.org/10.1007/11689522_29

2006-01-01

Abstract:Modadugu, Boneh and Kim proposed two RSA key generation protocols (MBK Protocols) to generate the RSA keys efficiently on a low-power handheld device with the help of the untrusted servers, and the servers do not get any useful information about the keys they helped generation. The security of MBK Protocols is based on the assumption that the two servers are unable to share information with each other. To resists a ”collusion attack” ,namely the attack which the two servers collude to share information in MBK Protocols, Chen et al. proposed two improved protocols and claimed that their protocols are secure against such collusion attack. This paper shows that Chen et al.'s standard RSA key generation protocol cannot resist collusion attack and then cannot be used in practice.

Tianjie Cao,Xianping Mao

DOI: https://doi.org/10.1109/icct.2006.341971

2006-01-01

Abstract:To generate the RSA keys efficiently on a low-power handheld device, Modadugu et al. proposed two RSA key generationprotocols. These protocols work with the help of the untrusted servers. Recently, Chen et al. proposed two improved protocols and claimed that their protocols are secure against the collusion attack. The one is a standard RSA key generation protocol and the other is an unbalanced version. This letter point out a weakness in Chen et al.'s unbalanced RSA key generation protocol. If the servers collude with each other they can derive the user's secret prime with high probability that enable the decryption of any ciphertext.

Huai Wu,Chunxiang Xu,Jiang Deng,Jianbing Ni

2013-01-01

Journal of Computational Information Systems

Abstract:The technique of server-aided verification helps to speed up the verification of a digital signature. This is highly desirable for many low computation applications such as RFID, wireless network. Recently, Wu et al. proposed two server-aided verification signature schemes based on Waters signature. Unfortunately, we demonstrate that the two schemes are vulnerable to collusion attacks by giving concrete security analysis. Copyright © 2013 Binary Information Press.

Liang Cai,Xiaohu Yang,Chun Chen

DOI: https://doi.org/10.1109/AINA.2005.150

2005-01-01

Abstract:More and more mobile applications require the ability to issue digital signatures. Traditionally, digital signatures are based on asymmetric cryptographic techniques which make them computationally expensive. Currently, all mobile devices tend to have limited computational capabilities and equally limited power. This makes them ill-suited for complex cryptographic computations. We designed a Server-aided PKI Service (SaPKI) to offload work from clients in mobile networks such as GSM and CDMA. Mobile clients can utilized the powerful (both CPU speed and power supply) SaPKI server to generate RSA keys and digital signatures. The paper details the implementation of SaPKI Service. A secure "cell phone-banking" application has been implemented on SaPKI architecture in CDMA-1X mobile network. After thorough performance analysis, we concluded that SaPKI can significantly improve the performance of mobile client's cryptographic operation.

Hongbo Liu,Jie Yang,Yan Wang,Yingying (Jennifer) Chen,Can Emre Koksal

DOI: https://doi.org/10.1109/tmc.2014.2310747

IF: 6.075

2014-01-01

IEEE Transactions on Mobile Computing

Abstract:Secret key generation among wireless devices using physical layer information of radio channel has been an attractive alternative for ensuring security in mobile environments. Received signal strength (RSS) based secret key extraction gains much attention due to its easy accessibility in wireless infrastructure. However, the problem of using RSS to generate keys among multiple devices to ensure secure group communication in practice remains open. In this work, we propose a framework for collaborative key generation among multiple wireless devices leveraging RSS. To deal with mobile devices not within each other's communication range, we employ relay nodes to achieve reliable key extraction. To enable secure group communication, two protocols are developed to perform collaborative group key generation via star and chain topologies respectively. We further provide the theoretic analysis on the achievable secrecy rate for both star and chain topologies in the presence of an eavesdropper. Our prototype development using MICAz motes and extensive experiments using fading trend based key extraction demonstrate the feasibility of using RSS for group key generation in both indoor and outdoor environments, and concurrently achieving a lower bit mismatch rate compared to existing studies.

Fagen Li,Jiye Wang,Yuyang Zhou,Chunhua Jin,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11276-018-1839-4

IF: 2.701

2018-01-01

Wireless Networks

Abstract:In a mobile client–server environment, a low-power mobile device wants to access a strong server to get some kind of services. User authentication and key establishment are two basic security requirements for this environment. Without the user authentication, an unauthorized user can access the server and gets the services. Without the key establishment, the communication between the user and the server will be disclosed. Recently, some user authentication and key establishment protocols were designed. However, all of them are homogeneous since the client and the server belong to the same cryptosystem. That is, both the client and the server belong to public key infrastructure or identity-based cryptosystem or self-certified cryptosystem. Such design does not comply with the characteristic of mobile client–server application. In this paper, we design a heterogeneous user authentication and key establishment protocol using a signcryption scheme. In this protocol, the client uses identity-based cryptosystem and the server uses the public key infrastructure. As compared with existing works, our protocol has the lowest cost in computation and communication.

Xiong Li,Saru Kumari,Muhammad Khurram Khan,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1109/isbast.2014.7013106

2014-01-01

Abstract:User authentication is an important security issue for network based services. Multi-server authentication scheme resolves the repeated registration problem of single-server authentication scenario where the user has to register at different servers to access different types of network services. Recently, Pippal et al. proposed a smart card authentication scheme for multi-server architecture. They claimed that their scheme has some advantages and can resist kinds of attacks. In this paper, we analyze the weaknesses of Pippal et al.'s scheme, and point out that their scheme cannot provide correct authentication, cannot resist impersonation attack, stolen smart card attack, and insider attack. Besides, their scheme is non-extensible when a new server added into the system.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Xiaoming Duan,Nikolaos M. Freris,Peng Cheng

DOI: https://doi.org/10.1109/allerton.2016.7852364

2016-01-01

Abstract:Recently, the Secure Average Time Synchronization (SATS) protocol has been proposed and analyzed; this distributed clock synchronization protocol is capable of successfully tackling several attacks such as denial-of-service (DoS), message-delay, message duplication/repetition, and even a generic message manipulation. However, the collusion attack, in which neighboring malicious nodes may cooperate so as to strike stealthier attacks that are more difficult to handle, remains by and large an open problem. In the setup of SATS, we derive the fundamental asymptotic bounds in the number of malicious agents-as function of the benign ones-that can be efficiently handled without tampering accurate network-wide synchronization. Going a step further, we develop a risk model for collusions and use it to obtain even tighter bounds. In specific, we establish that SATS can handle 'many' malicious nodes with high probability: an order of almost square-root of the benign ones for the case of no risk, and almost linear when the risk of collusion is accounted. Last but not least, we analyze and experimentally assess an interesting phenomenon: the presence of attackers may lead to a convergence speedup of SATS, since malicious nodes can be effectively constrained from the network, thus affecting the algebraic connectivity of the graph corresponding to the network topology. Numerical simulations verify the theoretical results, i.e., collusions are avoided when the number of malicious nodes is bounded by the asymptotic bounds and the algebraic connectivity increases due to incorporating 'well behaved' malicious nodes.

Ding Wang,Chun-guang Ma,De-li Gu,Zhen-shan Cui

DOI: https://doi.org/10.1007/978-3-642-34601-9_35

2012-01-01

Abstract:In NSS'10, Shao and Chin pointed out that Hsiang and Shih's dynamic ID-based remote user authentication scheme for multi-server environment has several security flaws and further proposed an improved version which is claimed to be efficient and secure. In this study, however, we will demonstrate that Shao-Chin's scheme still cannot achieve the claimed security goals, and we report its following flaws: (1) It cannot withstand offline password guessing attack under their non-tamper resistance assumption of the smart card; (2) It fails to provide user anonymity; (3) It is prone to user impersonation attack. More recently, Li et al. found that Sood et al.'s dynamic ID-based authentication protocol for multi-server architecture is still vulnerable to several kinds of attacks and presented a new scheme that attempts to overcome the identified weaknesses. Notwithstanding their ambitions, Li et al.'s scheme is still found vulnerable to various known attacks by researchers. In this study, we perform a further cryptanalysis and uncover its two other vulnerabilities: (1) It cannot achieve user anonymity, which is the essential goal of a dynamic ID-based scheme; (2) It is susceptible to offline password guessing attack. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Bi-di YING,Hui-fang CHEN,Wen-dao ZHAO,Pei-liang QIU

DOI: https://doi.org/10.3969/j.issn.1004-1699.2007.07.032

2007-01-01

Abstract:Key establishment and management in wireless sensor networks are one of the important targets of security technology researches because traditional key cryptosystems are unsuitable for resource constrained sensor nodes. A novel scheme named Low-power Key Pre-distribution Scheme (LKP) was proposed. This scheme generated a combination of inherited key chain, stored the head key of the key chain and the first key of overlay of keys into each node, searched for better network connectivity between nodes according to the overlap of keys, and then analyzed the security of the LKP scheme. At last the performances of the LKP scheme such as energy consumption and capture probability were simulated. The results show that LKP scheme is better than q-composite random key pre-distribution scheme and multi-path key reinforcement scheme on security and energy.

Hongbo Liu,Jie Yang,Yan Wang,Yingying Chen

DOI: https://doi.org/10.1109/infcom.2012.6195843

2012-01-01

Abstract:Securing communication in mobile wireless networks is challenging because the traditional cryptographic-based methods are not always applicable in dynamic mobile wireless environments. Using physical layer information of radio channel to generate keys secretly among wireless devices has been proposed as an alternative in wireless mobile networks. And the Received Signal Strength (RSS) based secret key extraction gains much attention due to the RSS readings are readily available in wireless infrastructure. However, the problem of using RSS to generate keys among multiple devices to ensure secure group communication remains open. In this work, we propose a framework for collaborative key generation among a group of wireless devices leveraging RSS. The proposed framework consists of a secret key extraction scheme exploiting the trend exhibited in RSS resulted from shadow fading, which is robust to outsider adversary performing stalking attacks. To deal with mobile devices not within each other's communication range, we employ relay nodes to achieve reliable key extraction. To enable secure group communication, two protocols, namely star-based and chain-based, are developed in our framework by exploiting RSS from multiple devices to perform group key generation collaboratively. Our experiments in both outdoor and indoor environments confirm the feasibility of using RSS for group key generation among multiple wireless devices under various mobile scenarios. The results also demonstrate that our collaborative key extraction scheme can achieve a lower bit mismatch rate compared to existing works when maintaining the comparable bit generation rate.

Tianjie Cao,Tao He,Qihan Luo

DOI: https://doi.org/10.1109/ISCSCT.2008.75

2008-01-01

Abstract:WiMAX security has two goals, one is to provide privacy across the wireless network and the other is to provide access control to the network. The security sub-layer of IEEE 802.16 employs an authenticated client/server key management protocol in which ...

Majid Mumtaz,Luo Ping

DOI: https://doi.org/10.1016/j.ins.2020.05.075

IF: 8.1

2020-01-01

Information Sciences

Abstract:Standard RSA cryptosystem becomes vulnerable, when private key d < N-0.292 is used inside CryptoChips of constrained devices, thus an alternate scheme is the Common Prime RSA (CP-RSA) variant, which provides cryptographic (decryption/signing) operations. In this paper, we perform a cryptanalytic attack on CP-RSA using lattice basis reduction method that is used to exploit possible vulnerabilities of RSA small private key attacks. In addition, we performed detail experiments on CP-RSA weak or overestimated bounds and compare results to the past studies. Our implemented cryptanalytic attack implicates more precise and direct method to exploit the CP-RSA existing theoretical and experimental bounds. Also, our results prove that CP-RSA is an effective approach that provides resistance against standard RSA small private key attacks. (C) 2020 Elsevier Inc. All rights reserved.

Yi Luo,Kuo-Chi Chang,Jian Li,Weimin Zheng

DOI: https://doi.org/10.1007/978-3-030-69717-4_82

2021-01-01

Abstract:Multi-server environments-based telecare medicine information systems (TMIS) using the smart card are widely used. Recently, Barman et al. proposed an authentication protocol in e-Healthcare for a multi-server environment.This paper demonstrates that their protocol is not secure against known session specific temporary information attack, leakage of the session key, and man-in-the-middle attack.

En Zhang,Xintao Duan,Siuming Yiu,Junbin Fang,Zoe L. Jiang,Tsz HonYuen,Jie Peng

DOI: https://doi.org/10.3970/cmc.2018.03733

2018-01-01

Abstract:In the setting of (t, n) threshold secret sharing, at least t parties can reconstruct the secret, and fewer than t parties learn nothing about the secret. However, to achieve fairness, the existing secret sharing schemes either assume a trusted party exists or require running multi-round, which is not practical in a real application. In addition, the cost of verification grows dramatically with the number of participants and the communication complexity is O(t), if there is not a trusted combiner in the reconstruction phase. In this work, we propose a fair server-aided multi-secret sharing scheme for weak computational devices. The malicious behavior of clients or server providers in the scheme can be verified, and the server provider learns nothing about the secret shadows and the secrets. Unlike other secret sharing schemes, our scheme does not require interaction among users and can work in asynchronous mode, which is suitable for mobile networks or cloud computing environments since weak computational mobile devices are not always online. Moreover, in the scheme, the secret shadow is reusable, and expensive computation such as reconstruction computation and homomorphic verification computation can be outsourced to the server provider, and the users only require a small amount of computation.

冯静,许勇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.02.049

2010-01-01

Abstract:Identity authentication and key exchange technology is the important means to ensure wireless communication security. Aiming at the demand of contactless smart card,this paper proposes a new mutual authentication key exchange protocol based on low power computing devices. The protocol is secure against replay attacks,man-in-the-middle attacks and interleaving attacks,and the security of the protocol is proved in the random oracle model. Result shows that the designed protocol is of good feasibility and needs smaller computing power.

Kaiping Xue,Peilin Hong,Hancheng Lu,Bin Zhu,Le Li

DOI: https://doi.org/10.1109/iwasid.2008.4688379

2008-01-01

Abstract:The key issue for WSN (wireless sensor network) is designing viable security mechanisms for the protection of confidentiality, integrity and authentication to prevent malicious attacks, but with nodespsila limited capabilities. Recently, Cheng proposed an efficient key distribution mechanism for large scale wireless sensor network based on hierarchical topology. In this paper, we show that Chengpsilas scheme is vulnerable to the node capture attack. Then a security modification of the original scheme will be proposed, which can withstand the node capture attack.

Dong Xie,Jinghua Yang,Bin Wu,Weixin Bian,Fulong Chen,Taochun Wang

DOI: https://doi.org/10.1109/tifs.2024.3362589

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:In a mobile edge computing environment, the computing tasks of resource-constrained IoT devices are often offloaded to mobile edge computing servers for processing. In order to ensure the security of the task offloading process, both parties need to perform mutual authentication and negotiate a session key first. The security defenses in the existing authentication schemes are often only aimed at external attackers, while ignoring the possible malicious behaviors of semi-trusted servers. Furthermore, they cannot effectively take into account the device-side lightweight and security, as well as the load problem of a single registry. In this paper, we propose a new anonymous authentication key agreement scheme that fully considers the resource constraints of terminal devices and the security risks of semi-trusted servers. In the scheme, we use the method of generating pairing information during registration to avoid the server-side directly contacting the user's private information, and support trusted third parties not to participate in the authentication process. In addition, by setting up authentication servers to outsource computing tasks, the device-side can avoid blindly selecting a computing server for task offloading, achieve accurate task assignment and efficient execution of authentication. We use Real-Or-Random model and BAN logic to demonstrate the security of the proposed scheme, and use the ProVerif tool to verify its authenticated reachability and confidentiality. Compared with other schemes with the same structure, this scheme is superior to similar schemes, and has higher security on the basis of ensuring the least amount of computation on the device-side.

computer science, theory & methods,engineering, electrical & electronic

Daojing He,Chun Chen,Maode Ma,Jiajun Bu

DOI: https://doi.org/10.1002/sec.284

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:To allow many users to hold a secure teleconference in mobile networks, a secure conference scheme with dynamic participation is necessary. However, designing a secure and efficient conference scheme is a difficult task because wireless networks are susceptible to attacks and wireless devices have limited resources. Recently, a lightweight and secure conference scheme has been suggested. Later, it has been found that this solution has security weaknesses and a modified version to overcome them has been presented. Compared with other conference schemes, these two schemes have many advantages. In this short paper, security study of these conference schemes in mobile networks has been performed with the following findings: (1) both the original scheme and the modified version are still vulnerable to our proposed impersonation attack; (2) they lack a mechanism to confirm the delivery of relevant messages, leading to protocol disruption. Therefore, these two schemes cannot be deployed for the real world applications without further development. Then, some efficient countermeasures are given for enhancing the security of both schemes. Further, the security properties of the improved protocol are formally validated by a model checking tool called AVISPA. Finally, several basic principles are suggested for the design of a secure conference scheme. Copyright (C) 2011 John Wiley & Sons, Ltd.