YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

XU Chuan,LIU Yuan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.08.004

2011-01-01

Abstract:Based on a combination of elliptic curve cryptography Combined Public Key(CPK) technology and using self-certification approach identifies,the paper proposes a new authentication protocol,which applies to Wireless Mesh Networks(WMNs) roaming scenarios and supports large scale application.Analysis results show that this protocol completes mutual authentication and establishes a shared key with fewer interact times,and it proves Universally Composable security(UC).

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fajiang Yu,Tong Li,Yang Lin,Huanguo Zhang

DOI: https://doi.org/10.1007/978-3-642-23496-5_11

2011-01-01

Abstract:PKI-based trusted computing platform (TCP) requires platform users to apply for multiple Platform Identity Key (PIK) certificates to provide remote attestation, users must pay the fee of digital certificates, which increases users' economic burdens and leads there is hardly any TCP has really performed the core function of trusted computing, platform remote attestation, so the application of TCP is not very wide. This paper presents a trusted computing cryptography scheme based on Hierarchical Combined Public Key (HCPK), which can reduce the risk of single Private Key Generator (PKG), and let the verifier authenticate TCP directly without third party, so platform users do not need to apply additional digital certificates. This scheme can reduce users' cost of using TCP, and encourage the development of TCP application.

Zhijie Jerry Shi,Bing Wang,Fan Zhang

DOI: https://doi.org/10.1142/9789812837318_0016

2010-01-01

Abstract:Because of limited resources at sensor nodes, sensor networks typically adopt symmetric-key algorithms to provide security functions such as protecting communications between nodes. In order to use symmetric-key algorithms, two nodes need to establish a secret session key first. In this chapter, we describe a novel chord-based key establishment (CBKE) protocol that allows any pair of nodes in a sensor network to establish a secret session key. CBKE is a generalized deterministic key establishment scheme that provides great flexibility for balancing memory overhead, reliability, and communication cost. We also analyze the properties of CBKE and explore the performance trade-os using simulation.

Wen-Kai Yu,Ying Yang,Ya-Xin Li,Ning Wei,Shuo-Fei Wang

DOI: https://doi.org/10.3390/s22113994

2022-05-25

Abstract:In existing cryptographic key distribution (CKD) protocols based on computational ghost imaging (CGI), the interaction among multiple legitimate users is generally neglected, and the channel noise has a serious impact on the performance. To overcome these shortcomings, we propose a multi-party interactive CKD protocol over a public network, which takes advantage of the cascade ablation of fragment patterns (FPs). The server splits a quick-response (QR) code image into multiple FPs and embeds different "watermark" labels into these FPs. By using a CGI setup, the server will acquire a series of bucket value sequences with respect to different FPs and send them to multiple legitimate users through a public network. The users reconstruct the FPs and determine whether there is an attack in the public channel according to the content of the recovered "watermark" labels, so as to complete the self-authentication. Finally, these users can extract their cryptographic keys by scanning the QR code (the cascade ablation result of FPs) returned by an intermediary. Both simulation and experimental results have verified the feasibility of this protocol. The impacts of different attacks and the noise robustness have also been investigated.

Xin Sun,Jiajia Han,Bang Lv,Changhua Sun,Cheng Zeng

DOI: https://doi.org/10.1371/journal.pone.0312690

IF: 3.7

2024-10-31

PLoS ONE

Abstract:With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

multidisciplinary sciences

Huifang Chen,Linlin Ge,Lei Xie

DOI: https://doi.org/10.3390/s150717057

IF: 3.9

2015-01-01

Sensors

Abstract:The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

Yi Chen,Ai-dong Xu,Hong Wen,Yi-xin Jiang,Teng-yue Zhang

DOI: https://doi.org/10.12783/dteees/icepe2019/28912

2019-01-01

Abstract:Because of heavy cost, using of the traditional Public Key Infrastructure (PKI) authentication schemes is limited for the energy-constrained intelligent devices such as the power edge computing system, in which lightweight secure authentication schemes are urgent needed. In this paper, we propose a lightweight mutual authentication scheme supported by the edge computing, which is a novel cross-layer secure authentication program with asymmetric resources. The novel scheme combines lightweight symmetric cipher and physical-layer Channel State Information (CSI) to provide two-way authentication between terminals and edge devices. Experimental results show that the proposed scheme can significantly reduce the access authentication latency compared with the traditional PKI authentication scheme.

Ping Zhang,Yamin Li,Muhua Liu,Youlin Shang,Zhumu Fu

DOI: https://doi.org/10.1155/2022/1977798

2022-04-13

Wireless Communications and Mobile Computing

Abstract:Aiming at the security problems of wireless communication network and the shortcomings of Elliptic Curve Digital Signature Algorithm (ECDSA), this paper designed a forward secure digital signature scheme and proved that the scheme has forward security and unforgeability in the random oracle model. Experimental simulations are done in this paper, and the results show that the proposed scheme has the highest efficiency compared with the ECDSA scheme and the three existing forward secure schemes. This scheme not only meets the forward security and protects the users’ privacies but also reduces the requirement of computing power of the user in the wireless communication network.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

Lu Wei,Jie Cui,Yan Xu,Jiujun Cheng,Hong Zhong

DOI: https://doi.org/10.1109/tifs.2020.3040876

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Owing to the development of wireless communication technology and the increasing number of automobiles, vehicular ad hoc networks (VANETs) have become essential tools to secure traffic safety and enhance driving convenience. It is necessary to design a conditional privacy-preserving authentication (CPPA) scheme for VANETs because of their vulnerability and security requirements. Traditional CPPA schemes have two deficiencies. One is that the communication or storage overhead is not sufficiently low, but the traffic emergency message requires an ultra-low transmission delay. The other is that traditional CPPA schemes do not consider updating the system secret key (SSK), which is stored in an unhackable Tamper Proof Device (TPD), whereas side-channel attack methods and the wide usage of the SSK increase the probability of breaking the SSK. To solve the first issue, we propose a CPPA signature scheme based on elliptic curve cryptography, which can achieve message recovery and be reduced to elliptic curve discrete logarithm assumption, so that traffic emergency messages are secured with ultra-low communication overhead. To solve the second issue, we design an SSK updating algorithm, which is constructed on Shamir's secret sharing algorithm and secure pseudo random function, so that the TPDs of unrevoked vehicles can update SSK securely. Formal security proof and analysis show that our proposed scheme satisfies the security and privacy requirements of VANETs. Performance analysis demonstrates that our proposed scheme requires less storage size and has a lower transmission delay compared with related schemes.

computer science, theory & methods,engineering, electrical & electronic

Changyuan Luo,Duan Li,Muhammad Saad Khan

DOI: https://doi.org/10.1038/s41598-024-77992-5

IF: 4.6

2024-11-09

Scientific Reports

Abstract:Certificateless public key infrastructure (PKI) avoids the key escrow problem associated with identity-based PKI and has recently been widely employed in anonymous communication schemes for vehicular adhoc networks (VANETs). In existing certificateless anonymous signcryption schemes for VANETs, vulnerabilities such as potential attacks involving the substitution of pseudonyms and the forging of pseudonymous public-private key pairs exist due to the lack of "identity-key binding" and "non-linearity processing of public-private key pairs." To address this issue, we propose an improved certificateless anonymous signcryption scheme based on elliptic curve cryptography. The scheme incorporates bilinear pairing as one of the authentication mechanisms, designs pseudonym generation algorithms and public-private key pair structures, and introduces a pseudonym verification mechanism. The correctness of the scheme is proven under the random oracle model, and its security is extensively demonstrated through detailed discussions on its confidentiality, authentication, unforgeability, anonymity, and traceability. Furthermore, the time and space complexity of the scheme are calculated. By comparing with recently published certificateless signcryption schemes, it is shown that the proposed scheme offers higher security with smaller computational and communication overheads. This certificateless vehicular network signcryption algorithm provides an efficient encryption solution for anonymous communication in vehicular networks, thereby ensuring the rapid development of secure technology for intelligent connected vehicle super terminals.

multidisciplinary sciences

Yi Chen,Hong Wen,Jinsong Wu,Huanhuan Song,Aidong Xu,Yixin Jiang,Tengyue Zhang,Zhen Wang

DOI: https://doi.org/10.3390/s19081926

IF: 3.9

2019-01-01

Sensors

Abstract:In this paper, we propose a clustering based physical-layer authentication scheme (CPAS) to overcome the drawback of traditional cipher-based authentication schemes that suffer from heavy costs and are limited by energy-constrained intelligent devices. CPAS is a novel cross-layer secure authentication approach for edge computing system with asymmetric resources. The CPAS scheme combines clustering and lightweight symmetric cipher with physical-layer channel state information to provide two-way authentication between terminals and edge devices. By taking advantage of temporal and spatial uniqueness in physical layer channel responses, the non-cryptographic physical layer authentication techniques can achieve fast authentication. The lightweight symmetric cipher initiates user authentication at the start of a session to establish the trust connection. Based on theoretical analysis, the CPAS scheme is secure and simple, but there is no trusted party, while it can also resist small integer attacks, replay attacks, and spoofing attacks. Besides, experimental results show that the proposed scheme can boost the total success rate of access authentication and decrease the data frame loss rate, without notable increase in authentication latencies.

Liwei Xu,Han Wu,Jianguo Xie,Qiong Yuan,Ying Sun,Guozhen Shi,Shoushan Luo

DOI: https://doi.org/10.3390/e25050760

IF: 2.738

2023-05-07

Entropy

Abstract:The Space–Air–Ground Integrated Network (SAGIN) expands cyberspace greatly. Dynamic network architecture, complex communication links, limited resources, and diverse environments make SAGIN's authentication and key distribution much more difficult. Public key cryptography is a better choice for terminals to access SAGIN dynamically, but it is time-consuming. The semiconductor superlattice (SSL) is a strong Physical Unclonable Function (PUF) to be the hardware root of security, and the matched SSL pairs can achieve full entropy key distribution through an insecure public channel. Thus, an access authentication and key distribution scheme is proposed. The inherent security of SSL makes the authentication and key distribution spontaneously achieved without a key management burden and solves the assumption that excellent performance is based on pre-shared symmetric keys. The proposed scheme achieves the intended authentication, confidentiality, integrity, and forward security, which can defend against masquerade attacks, replay attacks, and man-in-the-middle attacks. The formal security analysis substantiates the security goal. The performance evaluation results confirm that the proposed protocols have an obvious advantage over the elliptic curve or bilinear pairings-based protocols. Compared with the protocols based on the pre-distributed symmetric key, our scheme shows unconditional security and dynamic key management with the same level performance.

physics, multidisciplinary

Xiangyang Wang,Chunxiang Gu,Siqi Lu,Xi Chen

DOI: https://doi.org/10.1117/12.2628502

2022-04-22

Abstract:This paper studies the password-based strong authentication key exchange protocol in the cross-domain scenario, and gives an end-to-end highly secure C2C-PAKE protocol, in which the server shares a password with the client and also has a pair of private/public keys. In contrast, the client has the shared password and the server's public-key. Specifically, we combine the ECQV implicit certificate scheme with the ECDH key exchange protocol to give a highly secure cross-domain protocol. Considering the application of the ECQV implicit certificate scheme in the Internet of Things (IoT), we give an analysis the possibility of the proposed protocol applied in the cross-domain scenario of the IoT. Finally, based on some common attacks, we show a security analysis of our protocol, which achieves perfect forward security and resists dictionary attacks, KCI attacks, replay attacks, Insider-Assisted attacks, and so on.

Yu Wang,Wenfang Zhang,Xiaomin Wang,Muhammad Khurram Khan,Pingzhi Fan

DOI: https://doi.org/10.1109/tits.2023.3307453

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The Software Defined Network (SDN)-based space-ground integrated railway communication networks have attracted widespread attention from academia and industry. In such environments, the security of initial authentication and handover authentication for moving trains are two important challenges that need to be addressed. In this paper, a secure and efficient authentication key agreement scheme is proposed for the SDN-based space-ground integrated railway networks. Specifically, a lightweight mutual authentication mechanism based on the Number Theory Research Unit (NTRU) is proposed for the initial authentication process, which effectively prevents the unauthorized On-Board Unit (OBU) accessing networks. Then, according to the predictable path, we propose a key generation algorithm based on the hash chain and a fast key distribution mechanism based on the Chinese Remainder Theorem (CRT), which greatly reduce the calculation and communication burden of the key transmission process. On this basis, we adopt a hash-based message authentication code to achieve unified handover authentication in heterogeneous integrated railway networks. The Burrows-Abadi-Needham (BAN) logic proof and informal security analysis demonstrate that the proposed scheme can provide several robust security properties, including forward/backward security, universality, traceability, and resistance against quantum attacks. The performance evaluations show that our scheme outperforms other related schemes in computation cost, communication overhead, and performance under unknown attacks while guaranteeing higher security.

engineering, electrical & electronic,transportation science & technology, civil

Jinyong Chang,Yanyan Ji,Bilin Shao,Maozhi Xu,Rui Xue

DOI: https://doi.org/10.1109/TNET.2020.3013902

2020-12-15

IEEE/ACM Transactions on Networking

Abstract:Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. As a public key cryptographic primitive, it also encounters the same problem of how to confirm the relationship between some public key $pk$ and the identity $ID$ of its owner. In the setting of distributed network coding, the intermediate and destination nodes need to use the public key of source node S to check the validity of vector-signature pairs. Therefore, the binding of S and its corresponding public key becomes crucial. The popular and traditional solution is based on certificates which are issued by a trusted certification authority (CA) center. However, the generation and management of certificates is extremely cumbersome. Hence, in recent work, Lin et al. proposed a new notion of identity-based homomorphic signature, which intends to avoid using certificates. But the key escrow problem is inevitable for identity-based primitives. In this article, we propose another new notion (for network coding): certificateless homomorphic signature (CLHS), which is a compromise for the above two techniques. In particular, we first describe the definition and security model of certificateless homomorphic signature. Then based on bilinear map and the computational Diffie-Hellman (CDH) assumption, give a concrete implementation and detailedly analyze its security. Finally, performance analysis illustrates that our construction is practical.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Kai Lei,Zhongjie Wang

DOI: https://doi.org/10.1109/iccse.2012.6295245

2012-01-01

Abstract:Content-Centric Networking (CCN) is a predominant substitute of the current TCP/IP networking and it is proposed to be the next generation Internet foundation. The evident characteristic of this network architecture is caching and indexing contents by the inner nodes - the routers, so as to reduce the redundant transmission and thereby shorten the distance between user and content. In this paper, we propose and implement a user authentication scheme over CCN. We adopt the trust model based on certificate authority (CA) to provide the service of binding certificate with user's identity, and help user determine the authenticity and reliability of the publisher of the network content. Also the specialized CA we designed for CCN takes advantage of the decentralization characteristic and cache mechanism of CCN to distribute the certificates and certificate revocation list (CRL) into the network, and it reduces the load of the CA central server when retrieving and verifying certificates. Besides, we propose a timeline-based method to segment the CRL with certificate issue date, thereby making the retrieval of CRL more effective.