XIE Qi,WU JiYi,WANG GuiLin,CHEN DeRen,YU XiuYuan

2012-01-01

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing.In 2011,Juang et al.proposed a first authentication scheme based on proxy signature.The advantage of the scheme is that the user only needs to register on his home service cloud(HSC),and can pass through the authentication of the public cloud with the help of his HSC.However, their scheme has three weaknesses:1)the user’s HSC needs to update the user’s public key in each session to protect the user’s privacy;2)HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously;and 3)a secret key should be shared between HSC and visiting cloud.To overcome these weaknesses,a provably secure convertible proxy signcryption for privacy preserving is proposed.Based on this scheme,a novel one-round authentication protocol is proposed,which the user only needs to register on his HSC,and can pass through the authentication of the visiting cloud without the help of his HSC.On the other hand,the proposed protocol can provide some nice properties,such as user privacy protection, non-repudiation,without updating the user’s public key,and secret key does not have to be shared between HSC and visiting cloud.In addition,the proposed scheme is provably secure in the random oracle model,and is more efficient than Juang et al.’s scheme.

ZHANG Fei,CHEN Zi-chen,XIONG Li

DOI: https://doi.org/10.3969/j.issn.1006-5911.2006.10.012

2006-01-01

Abstract:To improve the performance and network security of collaborative commerce chain system and to deal with shortcomings of existing solution to electronic commerce,Mobile Agent technology was introduced into the modeling of network-based collaborative commerce chain system.Based on Mobile Agent properties,problems of security and network security confronted with Mobile Agent in the transaction process of network-based collaborative commerce chain were analyzed.Finally,a prototype system between the customer Agent and the supplier Agent was used to expatiate security negotiation bargain procedure based on Mobile Agent under the public key infrastructure and certification authority.Research results showed that Agent's submission permit to the supplier server during authentication process could enhance the network bargain security of the collaborative commerce chain system.

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Changwu Wang,Xiuxian Zheng,Yali Si,Wenyuan Liu

2011-01-01

Abstract:Mobile agent is identified as a programming paradigm that allows exible structuring of distributed computation. However, their adoption is largely hampered by the security issues. In this paper, by using environmental key propagation and execution tracing technology, an enhanced-security fair payment protocol based on mobile agent is proposed. This protocol can protect the confidentiality of sensitive payment information carried by mobile agent better than existing ones. At the same time, by ameliorating the using of the theory of cross validation, mobile agent is able to avoid malicious merchant's attack when it validates the product. So the security is enhanced. Moreover, the trusted third patty is offline unless someone is misbehaving or prematurely aborting. © 2011 ISSN 1881-803X.

Qingshui Xue,Fengying Li,Guojian Ge,Jiachen Shen,Zhenfu Cao

DOI: https://doi.org/10.1109/ICCChina.2015.7448606

2015-01-01

Abstract:Position-based cryptography has attracted lots of researchers' attentions. In mobile Internet, there are lots of position based security applications. For the first time, one new conception, position-based proxy signcryption is proposed. Based on a secure positioning protocol, one model of position-based proxy signcryption is proposed. In the model, positioning protocol is tightly bound to proxy signcryption, not loosely. Further, we propose one concrete position-based proxy signcryption scheme, its correctness is proved, and its security is also analyzed. As far as we know, it is the first position-based proxy signcryption scheme.

Ye JIN,Zhenfu CAO

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.02.053

2006-01-01

Abstract:With the development of the mobile agent, the security problems related to it are receiving an increasing attention. How to protect the mobile agent from the malicious agent platforms is an important nevertheless tough task. This paper argues the problem of how a mobile agent can sign a signature on behalf of its owner in a hostile environment without revealing its owner’s secret key. A new digital signature scheme is proposed here with improved efficiency in time and space cost. What’s more, the new scheme is provably secure in the Random Oracle Model.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Ying Sun,Chunxiang Xu,Fagen Li,Yong Yu

DOI: https://doi.org/10.1109/ias.2009.166

2009-01-01

Abstract:A new concept called multi-proxy multi-signcryption is introduced in this paper. In a multi-proxy multi-signcryption scheme, a group of original signcrypters can authorize a group of proxy signcrypters under the agreement of all signcrypters in the original group. Then only the cooperation of all signcrypters in the proxy group could generate a multi-proxy multi-signcryption. We propose a multi-proxy multi-signcryption scheme based on bilinear pairings. The proposed scheme has the following characteristics: (i) the size of multi-proxy multi-signcryption is independent of the number of original and proxy signcrypters. (ii) it provides the fair protection for the original signcrypter group and the proxy group.(iii) the key management problem is simplified because of using ID-based cryptography. Finally, we give an application of the proposed scheme in electronic commerce.

Negalign Wake Hundera,Qian Mei,Hu Xiong,Dagmawit Mesfin Geressu

DOI: https://doi.org/10.3837/tiis.2020.01.025

2020-01-01

KSII Transactions on Internet and Information Systems

Abstract:As a user in modern societies with the rapid growth of Internet environment and more complicated business flow processes in order to be effective at work and accomplish things on time when the manager of the company went for a business trip, he/she need to delegate his/her signing authorities to someone such that, the delegatee can act as a manager and sign a message on his/her behalf. In order to make the delegation process more secure and authentic, we proposed a secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS), which provides a secure privilege delegation mechanism for a person to delegate his/her signcryption privilege to his/her proxy agent. Our scheme allows the manager of the company to delegate his/her signcryption privilege to his/her proxy agent and the proxy agent can act as a manager and generate signcrypted messages on his/her behalf using special information called "proxy key". Then, the proxy agent uploads the signcrypted ciphertext to a cloud service provider (CSP) which can only be downloaded, decrypted and verified by an authorized user at any time from any place through the Internet. Finally, the security analysis and experiment result determine that the proposed scheme outperforms previous works in terms of functionalities and computational time.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

FaGen Li,Masaaki Shirase,Tsuyoshi Takagi

DOI: https://doi.org/10.1007/s11432-010-4012-y

2010-01-01

Science China Information Sciences

Abstract:In a proxy signature scheme, an original signer is allowed to delegate his signing power to a designated person, called the proxy signer and the proxy signer is able to sign the messages on behalf of the original signer. Recently, Lu, Dong and Cao proposed two proxy signature schemes for mobile communication (see Sci China Ser F-Inf Sci, 2008, 51(2): 183–195). Although they proved that their schemes are secure in the random oracle model, we disprove their claim and show that their schemes are not secure.

Hung-Min Sun,Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Chia-Hsien Lin,Huaxiong Wang

DOI: https://doi.org/10.1016/j.ins.2015.01.037

IF: 8.1

2015-01-01

Information Sciences

Abstract:Secure group communication over an untrusted open network is a continuing problem, especially in mobile environments. With the development of 3G networks and mobile computing technology, the number of group-oriented applications is increasing rapidly. Although these applications are convenient, achieving secure group communication to protect user privacy is a major concern. This study presents an authenticated group key agreement protocol for mobile environments. By using certificateless public key cryptography, the protocol reduces the cost of managing the certificates and avoids the key escrow problem. Instead of a fully-trusted server, the protocol uses a semi-trusted server, which helps users communicate but does not learn about the group key. The analytical results indicate that the proposed protocol provides good security in mobile environments.

JZ Dai,XH Yang,JX Dong

DOI: https://doi.org/10.1109/icsmc.2003.1243846

2003-01-01

Abstract:Proxy signature is the solution to delegation of signing capabilities in electronic world. Proxy signatures are signature schemes that an original signer delegates his signing capability to a proxy signer, and the proxy signer creates signatures on behalf of the original signer. To avoid the misuse of proxy signatures, the original signer hopes that he can restrict the signing capability delegated to the proxy signers. In this paper, a designated-receiver proxy signature scheme is proposed. In this scheme, an original signer nominates a person as signature receiver when he delegates his signing capability to a proxy signer, and the proxy signer can generate valid proxy signature on behalf of the original signer which none but the nominated receiver can verify and accept, thus the misuse of proxy signature is avoided. The security of the proposed signature scheme is analyzed. The scheme will be applied in e_commerce and other fields.

Jianguo DING,Yingcai BAI,Huilipg LIU,Hansheng CHEN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.02.030

2001-01-01

Abstract:Mobile agent and its security are analyzed in this paper. Before the mobile agents are brought to actual application, enough security is meeded. A security authentication method is provided and a detail description is given in the paper. And further research about security for mobile agent is pointed out.

Yousra Berguig*,Jalal Laassiri,Sanae Hanaoui,Salah-ddine Krit,,,,

DOI: https://doi.org/10.35940/ijitee.l3438.1081219

2019-10-10

International Journal of Innovative Technology and Exploring Engineering

Abstract:Mobile agent system is a satisfying solution for the implementation and maintenance of applications distributed over large-scale networks, this solution is very used in solving complex problems since they are autonomous, Intelligent, robust and faulttolerant. Mobile agents have the capacity to migrate from one node to another all over the network allowing reduction in communication costs. Although they possess all these advantages, using them in distributed environment increases the threat to mobile agent security and during their mobility they can face different types of attacks such as of attacks like Replay attack, man-in-the-middle attack, Cookie theft attack, Offline password guessing attack, Stolen-verifier attack. In this paper we investigate the security of distributed mobile agent system. We propose a solution based on a secure Elliptic Curve Cryptography (ECC) protocol to ensure mutual authentication and protect the agent from different known attacks. The implementation of the proposed solution is obtained using Java Agent Development Framework (JADE). Also, Binary serialization is used to establish a flexible portability of the agent. Finally, we present security and performance analysis, for our solution to secure mobile agent in distributed systems.

Wang Wenbing,Qiu Weidong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.06.019

2008-01-01

Abstract:Security for mobile agent system is always a much concerned issue,especially now the study on the attack against mobile agent from malicious hosts is just start.In the paper three problems of the protocol presented in reference[1] were analyzed and the corrections were proposed.Amongst them the most important one is that it is the first time to integrate Group signature into MA system.The improved secure routing protocol decreased the possibility that malicious hosts group bypass wittingly a host which shall be visited,eliminates the futile links to offline hosts or to those rejecting services.Meanwhile it also reduced the number of public keys of other hosts held by each host and the time for authenticating the validity of MA,thus the efficiency the MA owners searching DoS attackers during the tracing process was raised.

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

Dea Saka Kurnia Putra,Mohamad Ali Sadikin,Susila Windarta

DOI: https://doi.org/10.1109/QIR.2017.8168487

2018-09-14

Abstract:Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.

Cryptography and Security