YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Ruichuan Chen,Wenjia Guo,Liyong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-540-85451-7_64

2008-01-01

Abstract:Peer-to-Peer (P2P) communication model has the potential to harness huge amounts of resources. However, due to the self-organizing and self-maintaining nature, current P2P networks suffer from various kinds of attacks. Public key authentication can provide a fundamental building block for P2P communication security. In this paper, we propose a scalable Byzantine fault tolerant public key authentication scheme for P2P networks, in which each participating peer dynamically maintains a trusted group to perform distributed challenge-response authentication without centralized infrastructure. To guarantee the authentication correctness, we additionally present a complementary trusted group maintenance scheme. The experimental results demonstrate that our authentication scheme can work in various different P2P scenarios effectively and efficiently.

Gaoxiang Chen,Huifang Chen,Lei Xie,Gelian Song

DOI: https://doi.org/10.1109/icct.2010.5688868

2010-01-01

Abstract:Since peers can exchange information with each other directly, the identity authentication plays an important role towards the security issue of a peer-to-peer (P2P) network. Moreover, due to the inherent characteristics of wireless networks, the existing identity authentication schemes proposed for the traditional P2P networks are not suited for wireless P2P. Hence, we propose an identity authentication scheme for the wireless P2P network in this paper. In the proposed scheme, we apply a hybrid P2P topology and tickets issued by super peers to perform the user mutual authentication. And we also present a quick re-authentication method dealing with temporary broken down link to simplify the authentication procedure and improve the efficiency. Security analysis results show that our proposed scheme can resist most malicious attacks effectively.

Cong Tang,Ruichuan Chen,Zhuhua Cai,Anmin Xie,Jian-bin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1145/1529282.1529298

2009-01-01

Abstract:Compared with the public key infrastructure (PKI) technique, identity based cryptography (IBC) can simplify the key management process in peer-to-peer (P2P) networks significantly. The identity of a peer (e.g., peer identifier or peer geometric coordinate) in P2P overlay networks is used to create its public key, thus avoiding the use of any certificates. These IBC-based systems are scalable, simple to administer, and each user can carry out anytime/anywhere encryption, establish secure communication channels, prove its identity to other nodes, verify protected messages and produce a form of signature with non-repudiation properties.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Zuoqi Jiang,Jiangtao Luo,Fei Zhang,Chen He,Mengnan Wang,Yanyong Zhang

DOI: https://doi.org/10.1109/hoticn48464.2019.9063215

2019-01-01

Abstract:The current data-centric security architecture for the Information Centric Network (ICN) does not provide efficient user authentication mechanisms, thus causing undesirable issues such as interest flooding a ttacks (IFA). I no rder to address them, this paper proposes a pseudonym authentication scheme on network layer based on the system of identity-based cryptography (IBC). In the proposed approach, each consumer needs to be authenticated before sending Interest packets into the network. After successful authentication, the consumer will be assigned a temporary nickname to be used in later data request. During the procedure, IBC is adopted to protect real names of consumers and verify the interest origin. As a result, this approach can complete user authentication and protect his real identity simultaneously. The proposed approach is case studied in IFA depression and expected results are achieved.

Li Lu,Jinsong Han,Lei Hu,Jinpeng Huai,Yunhao Liu,Lionel M. Ni

DOI: https://doi.org/10.1109/ipdps.2007.370284

2007-01-01

Abstract:Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called pseudo trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on zero-knowledge proof is designed so peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the levels of security and anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype implementation. The strengths of pseudo trust include the lack of need for a centralized trusted party or CA, high scalability and security, low traffic and cryptography processing overheads, and man-in-middle attack resistance. We aim for the pseudo trust design to be included in the P2P trust and anonymity context.

Zhong CHEN,Hongwei MENG,Zhi GUAN

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.02.004

2016-01-01

Abstract:The characteristics of intrinsic security in the future Internet architecture have been used to conquer the secu-rity problems of current Internet. Self-certifying addresses are introduced in future Internet architecture (FIA) to enable the intrinsic security properties. However, without PKI, these approaches in FIA miss the intrinsic binding between user-level descriptor, network-level identifier and correspondent public key. To this end, a naming scheme of Self-Certifying Identi-fier in FIA based on Combined Public Key (CPK), named as SCI-CPK, is proposed in this paper. The use cases of identity authentication based on SCI-CPK in FIA designs are also given, including XIA, MobilityFirst and NDN. The analysis shows that the proposed method is benefit of ubiquitous access and vast mobility scenario in the future Internet.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

ZhiXin Sun,BingQing Luo,YaDang Chen,Kai Bu

DOI: https://doi.org/10.1007/s11432-012-4618-3

2013-01-01

Science China Information Sciences

Abstract:Distributed search and routing algorithms based on the DHT (distributed hash table) protocol have attracted considerable attention in structured P2P (peer-to-peer) research as a result of favorable properties such as distribution, self-organization, and high scalability. Compared with a traditional C/S (client/server) network, the probability of peers initiating malicious behavior increases dramatically because of their self-governing and dynamic characteristics, which also make it harder to satisfy the peers’ security required by DHT. In this paper, we propose a new secure DHT protocol based on a multidimensional mapping mechanism. This mechanism maps peers to a multidimensional space by dividing the identifiers into groups. Moreover, a series of secure methods and routing algorithms are provided to achieve secure DHT in smaller spaces. Compared with state-of-the-art approaches, the theoretical analysis and experimental results show that the multidimensional mapping mechanism can effectively improve the average success rate of a resource search by inhibiting malicious behavior.

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

Cong Tang,Ruichuan Chen,Zhuhua Cai,Anming Me,Jianbin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1109/icns.2009.64

2009-01-01

Valencia

Abstract:Identity based cryptography (IBC) was introduced into peer-to-peer (P2P) networks recently for identity verification and authentication purposes. However current IBC-based solutions could not address the problem of secure private key issuing. In this paper we propose SKIP: a novel secure key issuing scheme for P2P networks using IBC. We present an IBC infrastructure setup phase, a peer registration solution using Shamir's (k, n) secret sharing scheme, and a secure key issuing scheme, which adopts key generate center (KGC) and key privacy authorities (KPAs) to issue private keys to peers securely in order to enable the IBC systems to be more acceptable and applicable in real-world P2P networks. Furthermore, to maintain the security of KPAs, we develop a scheme to authenticate KPAs using Byzantine fault tolerance protocol. The theoretical analysis and experimental results show that SKIP performs effectively and efficiently, and is able to support large scale networks.

Kai Lei,Zhongjie Wang

DOI: https://doi.org/10.1109/iccse.2012.6295245

2012-01-01

Abstract:Content-Centric Networking (CCN) is a predominant substitute of the current TCP/IP networking and it is proposed to be the next generation Internet foundation. The evident characteristic of this network architecture is caching and indexing contents by the inner nodes - the routers, so as to reduce the redundant transmission and thereby shorten the distance between user and content. In this paper, we propose and implement a user authentication scheme over CCN. We adopt the trust model based on certificate authority (CA) to provide the service of binding certificate with user's identity, and help user determine the authenticity and reliability of the publisher of the network content. Also the specialized CA we designed for CCN takes advantage of the decentralization characteristic and cache mechanism of CCN to distribute the certificates and certificate revocation list (CRL) into the network, and it reduces the load of the CA central server when retrieving and verifying certificates. Besides, we propose a timeline-based method to segment the CRL with certificate issue date, thereby making the retrieval of CRL more effective.

Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.2007.15881

2021-09-16

Abstract:Password-authenticated identities, where users establish username-password pairs with individual servers and use them later on for authentication, is the most widespread user authentication method over the Internet. Although they are simple, user-friendly, and broadly adopted, they offer insecure authentication and position server operators as trusted parties, giving them full control over users' identities. To mitigate these limitations, many identity systems have embraced public-key cryptography and the concept of decentralization. All these systems, however, require users to create and manage public-private keypairs. Unfortunately, users usually do not have the required knowledge and resources to properly handle their cryptographic secrets, which arguably contributed to failures of many end-user-focused public-key infrastructures (PKIs). In fact, as for today, no end-user PKI, able to authenticate users to web servers, has a significant adoption rate. In this paper, we propose Password-authenticated Decentralized Identities (PDIDs), an identity and authentication framework where users can register their self-sovereign username-password pairs and use them as universal credentials. Our system provides global namespace, human-meaningful usernames, and resilience against username collision attacks. A user's identity can be used to authenticate the user to any server without revealing that server anything about the password, such that no offline dictionary attacks are possible against the password. We analyze PDIDs and implement it using existing infrastructures and tools. We report on our implementation and evaluation.

Cryptography and Security

Xiali Hei,Xiaojiang Du,Binheng Song

DOI: https://doi.org/10.1109/icc.2012.6364197

2012-01-01

Communications

Abstract:In Peer-to-Peer (P2P) networks, security is a challenging issue due to decentralization. In this paper, we propose an effective distributed login framework for P2P networks. User profile availability is a critical issue in P2P networks. Within the distributed login framework, we propose a new Reed-Solomon erasure code scheme leveraging the Pascal matrix that can guarantee user profile availability. Our performance and security analyses show that: (1) the distributed login framework provides high availability and low redundancy rate; and (2) the new erasure code has low computation and memory overheads.

Li Lu,Jinsong Han,Yunhao Liu,Lei Hu,Jinpeng Huai,Lionel M. Ni,Jian Ma

DOI: https://doi.org/10.1109/tpds.2008.15

IF: 5.3

2008-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle attack resistance.

Li Lu,Jinsong Han

2006-01-01

Abstract:Technical Report TR 2006-10 Abstract— Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer’s identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the levels of security and anonymity in PT, and evaluate its performance using trace-driven simulations. A prototype Pseudo Trust-enabled P2P network is running in our labs at CAS Beijing, Hong Kong UST, and other sites. The strengths of Pseudo Trust include the lack of need for a centralized trusted party or CA, high scalability and security, low traffic and cryptography processing overheads, and man-in-the-middle attack resistance. We aim for the Pseudo Trust design to be included in the P2P trust and anonymity context.

Wu Liu,HaiXin Duan,Hong Zhang,Jianping Wu

2008-01-01

Abstract:The trust mechanism was introduced to dynamically evaluate user's behavior in P2P network, and bind user's reputation with its access control privilege in the network. In addition, the trust based dynamic access control mechanism and key algorithm was proposed and implemented. With the trust based network security management system implemented based on the trust mechanism, a malicious user will be kicked out from the network system and refused from accessing resources of the network automatically when the user's reputation is lower than some threshold.