Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Daniele Raffo,Cédric Adjih,Thomas Clausen,Paul Mühlethaler,C�dric Adjih,Paul M�hlethaler

DOI: https://doi.org/10.1145/1029102.1029106

2004-01-01

Abstract:In this paper we investigate security issues related to the Optimized Link State Routing Protocol -- one example of a proactive routing protocol for MANETs. We inventory the possible attacks against the integrity of the OLSR network routing infrastructure, and present a technique for securing the network. In particular, assuming that a mechanism for routing message authentication (digital signatures) has been deployed, we concentrate on the problem where otherwise "trusted" nodes have been compromised by attackers, which could then inject false (however correctly signed) routing messages. Our main approach is based on authentication checks of information injected into the network, and reuse of this information by a node to prove its link state at a later time. We finally synthetize the overhead and the remaining vulnerabilities of the proposed solution.

Ganglin Zhang,Yongjian Liao,Yu Fan,Yikuan Liang

DOI: https://doi.org/10.1109/access.2020.2964040

IF: 3.9

2020-01-01

IEEE Access

Abstract:Many sensitive data are generated by resource-limitation devices in the Vehicular ad hoc network (VANET). When these data are divulged, people 's life and property will be threatened. To solve these problems, Wei et al. proposed a lightweight privacy-preserving protocol based on RSA assumption for VANET and they claimed that their protocol was secure and low overhead. In this paper, first of all, we show that the basic signature scheme to be used in Wei et al.'s protocol is not secure, i.e., the user's private key will be revealed from the pairs of message-signatures, which causes the protocol to be insecure. We also show that our security analysis is feasible and effective in practice from the theory and experiments. Then we construct a new identity-based signature scheme based RSA assumption and prove it is existentially unforgeable under the chosen message attack without random oracle. Finally, we update the Wei et al.'s protocol and do some experiments to evaluate the efficiency of our scheme in the updated protocol.

Hu Xiong,Jianbin Hu,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.compeleceng.2011.01.006

IF: 4.152

2011-01-01

Computers & Electrical Engineering

Abstract:In a multi-proxy signature scheme, an original signer could authorize a proxy group as his proxy agent. Then only the cooperation of all the signers in the proxy group can generate the proxy signatures on behalf of the original signer. Recently, Cao and Cao gave the first formal definition and security model of an identity-based multi-proxy signature scheme, then proposed an identity-based multi-proxy signature scheme from bilinear pairings and proved its security in their security model. Although they proved that their scheme is secure under this model, we disprove their claim and show that their scheme is not secure. We also present a simple fix to prevent this attack.

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

Chin-Yu Sun,Hsiao-Ling Wu,Hung-Min Sun,Tingting Hwang

DOI: https://doi.org/10.6688/jise.202111_37(6).0015

2021-01-01

Journal of information science and engineering

Abstract:"Self-certified digital signature with message recovery" allows a specific receiver to restore the meaningful message from a digital signature and simultaneously confirms the validity of a signature and a signer's public key. This method greatly improves message confidentiality, solves the certificate management problem, and reduces the communication costs. Due to those benefits, this signature scheme has been widely adopted for e commerce applications. However, in recent years, this method has attracted attackers' attention; hence, a series of schemes were proposed to counter different attack scenarios. In this paper, we will first present a new attack scenario that can break the security of all the "self -certified digital signature with message recovery" schemes. Then, we will propose a scheme to solve the security issues. Compared with this type of signature scheme, our scheme can satisfy the essential security requirement of a digital signature without sacrificing the cost-effectiveness of the original design. The security and performance analyses demonstrate that our proposed scheme is secure, efficient, and well suited for practical use in e-commerce.

LI Bing,YUAN Jian,WANG Jian,WANG Yue

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.01.016

2009-01-01

Abstract:A digital signature scheme based on multi-dimensional Hash chains was developed to reduce the computations needed to secure routing of wireless ad-hoc networks to improve their feasibility.A ad-hoc wireless routing security protocol based on this scheme is also provided.The algorithm uses the modular exponentiation in the RSA(Rivest,Shamir,Adleman)scheme to construct multi-dimensional Hash chains to generate the digital signatures.The computations are reduced by using smaller exponents.The computations are reduced about 20% compared with the traditional RSA scheme when using a 1 024-bit key.The security capacity of this scheme still relies on the RSA algorithm and the Hash function.This scheme and protocol can enhance the routing security of ad-hoc wireless networks.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Kang Li,Man Ho Au,Wang Hei Ho,Yi Lei Wang

DOI: https://doi.org/10.1007/978-3-030-31919-9_4

2019-01-01

Abstract:Vehicular ad hoc networks (VANETs) are fundamental components of building a safe and intelligent transportation system. However, due to its wireless nature, VANETs have serious security and privacy issues that need to be addressed. The conditional privacy-preserving authentication protocol is one important tool to satisfy the security and privacy requirements. Many such schemes employ the certificateless signature, which not only avoids the key management issue of the PKI-based scheme but also solves the key escrow problem of the ID-based signature scheme. However, many schemes have the drawback that the computational expensive bilinear pairing operation or map-to-point hash function are used. In order to enhance the efficiency, certificateless signature schemes for VANETs are usually constructed to support signature aggregation or online/offline computation. In this paper, we propose an efficient conditional privacy-preserving authentication scheme using an online/offline certificateless aggregate signature, which does not require bilinear pairing or map-to-point hash function, to address the security and privacy issues of VANETs. Our proposed scheme is proven to be secure with a rigorous security proof, and it satisfies all the security and privacy requirements with a better performance compared with other related schemes.

Wei Meng,Kaiping Xue,Jie Xu,Jianan Hong,Nenghai Yu

DOI: https://doi.org/10.1109/mass.2018.00045

2018-01-01

Abstract:With an advancement of mobile communication technology, the space information network (SIN) has been proposed to meet the increasing demands of mobile communication due to its advantage of providing great expanding access services. In SIN, authentication is significant for the security to prevent the network resource from unauthorized access. However, the features of highly exposed links and extremely high propagation delay make it difficult to design a secure and fast authentication scheme for SIN. Although some existing researches have tried to design authentication protocols for SIN, they haven't taken the intolerable authentication delay and the risk of satellite compromising into consideration. Faced with these problems, we design a proxy signature-based authentication scheme for SIN, in which, the interaction process of authentication can be only implemented between the mobile user and the satellite node, thus reducing the long authentication implementation delay. Furthermore, we utilize the proxy signature to mitigate the risk of satellites being attacked. The results of security and performance analysis show that the proposed scheme can provide the required security and largely reduce the authentication latency.

Duo Liu,Ping Luo,Yi-Qi Dai

DOI: https://doi.org/10.1007/s11390-007-9005-y

2007-01-01

Abstract:The concept of multisignature, in which multiple signers can cooperate to sign the same message and any verifier can verify the validity of the multi-signature, was first introduced by Itakura and Nakamura. Several multisignature schemes have been proposed since. Chen et al. proposed a new digital multi-signature scheme based on the elliptic curve cryptosystem recently. In this paper, we show that their scheme is insecure, for it is vulnerable to the so-called active attacks, such as the substitution of a “false” public key to a “true” one in a key directory or during transmission. And then the attacker can sign a legal signature which other users have signed and forge a signature himself which can be accepted by the verifier.

Andrew Chi-Chih Yao,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2012.2232653

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:When digital signature is applied on low-power devices, like smart cards, wireless sensors and RFID tags, some specific properties, e.g., better offline storage, more modular and flexible deployment, are desired. To meet these needs, a new variant of the Fiat-Shamir transformation for digital signatures, referred to as Γ -transformation, is introduced and formalized in this work. Following this new transformation approach, some new signature schemes (referred to as Γ-signatures) are presented and discussed. In particular, it is shown that the Γ-signatures for discrete logarithm problem (DLP) developed in this work combine, in essence, the advantages of both Schnorr's signature and the digital signature standard (DSS), while saving from the disadvantages of them both.

Yixin Jiang,Chuang Lin,Minghui Shi,Xuemin (Sherman) Shen,Xiaowen Chu

DOI: https://doi.org/10.1016/j.comcom.2007.04.012

IF: 5.047

2007-01-01

Computer Communications

Abstract:In this paper, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and location intracability, periodic one-way session key and pseudonym identity refreshment with implicit authentication, dynamic joining and leaving an in-progress communication session, and data encryption. The reliability features include efficient Denial of Service tolerance for broadcasting refreshment messages, fault-tolerance for recovering lost refreshment messages, robustness for resisting the clock skews among member nodes and seamless key switch without disrupting ongoing data transmissions. The performance and security analysis show that the communication and computation overhead of the proposed protocol is similar to the existing one, while the security can be enhanced significantly. The simulation results demonstrate the robustness of the proposed protocol under severe Denial of Service attack and poor wireless channel quality.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/s10623-006-9022-9

IF: 1.4

2006-01-01

Designs Codes and Cryptography

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

Nassoro M. R. Lwamo,Liehuang Zhu,Chang Xu,Kashif Sharif,Ximeng Liu,Chuan Zhang

DOI: https://doi.org/10.1016/j.ins.2018.10.037

IF: 8.1

2018-01-01

Information Sciences

Abstract:The rapid increase in user base and technological penetration has enabled the use of a wide range of devices and applications. The services are rendered to these devices from single-server or highly distributed server environments, irrespective of their location. As the information exchanged between servers and clients is private, numerous forms of attacks can be launched to compromise it. To ensure the security, privacy, and availability of the services, different authentication schemes have been proposed for both single-server and multi-server environments. The primary performance objective of such schemes is to prevent most (if not all) attacks, with minimal computational costs at the server and user ends. To address this challenge, this paper presents a secure user authentication scheme with anonymity (SUAA) for single-server and multi-server environments. It works on 3-factor authentication, involving passwords, smart cards, and biometric data. We use symmetric and asymmetric encryption for single-server and multi-server architectures respectively, to reduce the computational costs. Through a comprehensive security analysis, we show that the proposed scheme is reliable through mutual authentication, and is resilient to attacks addressed by state of the art solutions. Time cost analysis also shows less time required to complete the authentication process.

Yan Zhang,Dengguo Feng,Zhengfeng Zhang,Liwu Zhang

DOI: https://doi.org/10.1007/978-3-642-38631-2_28

2013-01-01

Abstract:In CT-RSA 2011, Maji et.al proposed an attribute-based signature (ABS) scheme, which is the most efficient ABS scheme that supports general predicates until now. They claimed that their ABS scheme is unforgeable under generic group model. Unfortunately, we found a forgery attack on this ABS scheme. In this paper, we firstly give a forgery example, then analyze the reason cause this attack and gives the conditions this attack worked. We found this attack is fatal to Maji et.al's ABS scheme. © 2013 Springer-Verlag.

Yangyang Liu,Qi Xia,Xiong Li,Jianbin Gao,Xiaosong Zhang

DOI: https://doi.org/10.1016/j.sysarc.2023.102935

IF: 5.836

2023-07-08

Journal of Systems Architecture

Abstract:Cybersecurity is a hot issue in our times. People try to keep digital attacks away from cyberspace, to finish the task of cybersecurity. A vehicular ad hoc network (VANET) with drone assistance is an important part of cyberspace, which can be used in disastrous or rural areas. The data produced on the vehicle side should go through different channels to the central server for processing. However, various attacks may occur in communication, and the tasks of data security in VANETs attract researchers to solve them. Although, researchers have come up with various solutions to overcome the flaws; however, the various security loopholes are still there to be addressed. In this paper, we present a new and secure signature-based scheme for UAV-assisted VANETs, which can ensure that the produced data on the vehicles are transmitted securely. Also, the identities of vehicles can be tracked, if they should be monitored by police. We present the formal and informal security analysis of the proposed scheme to prove its security against well-known security attacks. The formal security analysis is presented based on the widely used random oracle model. The informal analysis is presented using the assumptions of the threat model. Also, Proverif is used to illustrate the security of our scheme under Dolev-Yao model. Furthermore, we present a detailed performance analysis of the proposed protocol along with a simulation to show that the proposed scheme is practical.

computer science, software engineering, hardware & architecture

Hu Xiong,Zhiqing Kang,Jinhao Chen,Junyi Tao,Chen Yuan,Saru Kumari

DOI: https://doi.org/10.1109/jsyst.2020.2983198

IF: 4.802

2021-06-01

IEEE Systems Journal

Abstract:As the indispensable part of the security demand in a distributed system, a variety of online services need to be protected from unauthorized access. Multiserver authentication (MA) is one of the most effective and promising approaches to guarantee one party the authenticity of its partner in the distributed system. In this article, we first elaborate the problem of scalability for MA protocol. After that, a two-level framework for multiserver environment is proposed to convert single-server authentication to MA with provable security and perfect scalability. Also, we give an instance of our novel infrastructure by adopting the idea of proxy resignature to achieve strong anonymity. Furthermore, the security analysis and performance evaluation show that our protocol is secure and practical.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science