Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Cong Tang,Ruichuan Chen,Zhuhua Cai,Anmin Xie,Jian-bin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1145/1529282.1529298

2009-01-01

Abstract:Compared with the public key infrastructure (PKI) technique, identity based cryptography (IBC) can simplify the key management process in peer-to-peer (P2P) networks significantly. The identity of a peer (e.g., peer identifier or peer geometric coordinate) in P2P overlay networks is used to create its public key, thus avoiding the use of any certificates. These IBC-based systems are scalable, simple to administer, and each user can carry out anytime/anywhere encryption, establish secure communication channels, prove its identity to other nodes, verify protected messages and produce a form of signature with non-repudiation properties.

Cong Tang,Ruichuan Chen,Zhuhua Cai,Anming Me,Jianbin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1109/icns.2009.64

2009-01-01

Valencia

Abstract:Identity based cryptography (IBC) was introduced into peer-to-peer (P2P) networks recently for identity verification and authentication purposes. However current IBC-based solutions could not address the problem of secure private key issuing. In this paper we propose SKIP: a novel secure key issuing scheme for P2P networks using IBC. We present an IBC infrastructure setup phase, a peer registration solution using Shamir's (k, n) secret sharing scheme, and a secure key issuing scheme, which adopts key generate center (KGC) and key privacy authorities (KPAs) to issue private keys to peers securely in order to enable the IBC systems to be more acceptable and applicable in real-world P2P networks. Furthermore, to maintain the security of KPAs, we develop a scheme to authenticate KPAs using Byzantine fault tolerance protocol. The theoretical analysis and experimental results show that SKIP performs effectively and efficiently, and is able to support large scale networks.

Xiuli Chai,Qinghua Xiong,Junyang Yu,Zhihua Gan,Yakun Ma,Yushu Zhang

DOI: https://doi.org/10.1109/jiot.2024.3509644

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The rapid development of social networks, coupled with the proliferation of Internet of Things image-capture devices, has made sharing images easier but also raised concerns about privacy leakage. For this reason, image content privacy protection has attracted great attention and focused research. However, existing schemes suffer from participants inability to self-manage privacy, poor visual usability of protected images, and risks of key theft during transmission. To address these challenges, this paper proposes a self-managed privacy control and sharing scheme (SMPCS) based on thumbnail-preserving and elliptic curve Diffie-Hellman (ECDH) for social networks. In SMPCS, we first design a key generation and sharing scheme supporting multi-key distribution based on ECDH and public key authentication. This scheme generates a secure data block for each participant, containing their facial codes and the owner’s public key, to ensure the security of key transmission. Next, the sensitive areas in social image are encrypted using the designed adaptive thumbnail-preserving encryption based on sensitive area (ATPE-SA), ensuring that the encrypted social image maintains visual usability. Moreover, utilizing the designed adaptive blocking module, participants can balance the privacy and usability of encrypted images by adjusting privacy parameters to meet diverse wishes. Finally, participants can choose whether to reconstruct social images according to their privacy wishes, achieving autonomous privacy control. Extensive experimental analyses and comparisons with state-of-the-art schemes demonstrate the superiority of the proposed SMPCS in terms of autonomous privacy control, usability and security.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

Ruihui Zhao,Mingjie Ding,Keiichi Koyanagi,Yuanliang Sun,Liang Zhou

DOI: https://doi.org/10.48550/arXiv.1706.01324

2017-06-05

Abstract:Online Social Networks (OSNs) have become one of the most important activities on the Internet, such as Facebook and Google+. However, security and privacy have become major concerns in existing C/S based OSNs. In this paper, we propose a novel scheme called a Privacy-preserving Community-based P2P OSNs Using Broadcast Encryption Supporting Recommendation Mechanism (PCBE) that supports cross-platform availability in stringent privacy requirements. For the first time, we introduce recommendation mechanism into a privacy-preserving P2P based OSNs, in which we firstly employ the Open Directory Project to generate user interest model. We firstly introduce broadcast encryption into P2P community-based social networks together with reputation mechanism to decrease the system overhead. We formulate the security requirements and design goals for privacy- preserving P2P based OSNs supporting recommendation mechanism. The RESTful web-services help to ensure cross-platform availability and transmission security. As a result, thorough security analysis and performance evaluation on experiments demonstrate that the PCBE scheme indeed accords with our proposed design goals.

Cryptography and Security

Xin Sun,Jiajia Han,Bang Lv,Changhua Sun,Cheng Zeng

DOI: https://doi.org/10.1371/journal.pone.0312690

IF: 3.7

2024-10-31

PLoS ONE

Abstract:With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

multidisciplinary sciences

Ruichuan Chen,Wenjia Guo,Liyong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-540-85451-7_64

2008-01-01

Abstract:Peer-to-Peer (P2P) communication model has the potential to harness huge amounts of resources. However, due to the self-organizing and self-maintaining nature, current P2P networks suffer from various kinds of attacks. Public key authentication can provide a fundamental building block for P2P communication security. In this paper, we propose a scalable Byzantine fault tolerant public key authentication scheme for P2P networks, in which each participating peer dynamically maintains a trusted group to perform distributed challenge-response authentication without centralized infrastructure. To guarantee the authentication correctness, we additionally present a complementary trusted group maintenance scheme. The experimental results demonstrate that our authentication scheme can work in various different P2P scenarios effectively and efficiently.

Shuo Zhang,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.3390/s20236962

IF: 3.9

2020-12-05

Sensors

Abstract:Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users’ computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Gao Liu,Hao Li,Ning Wang,Tao Xiang,Yining Liu

DOI: https://doi.org/10.1109/tdsc.2024.3359240

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Group-based content push can be widely applied in integrated networks, where group key management is crucial for the push's security. Existing group key management methods mainly include symmetric group key agreement, broadcast encryption, asymmetric group key agreement, and attribute-based encryption. However, most of them do not consider user equipment (UE) identity privacy and unlinkability, cannot support flexibility and efficiency due to each UE maintaining group keys, and lack the trustworthiness of UE and group key management, which hinders the widespread adoption of group-based content push in trustless environments like integrated networks. In this paper, we investigate a novel decentralized group key management (DeGKM) scheme for group-based content push in integrated networks, where different operators manage pseudonyms and group keys across domains in a decentralized manner. In particular, our scheme adopts verifiable shuffling to establish a unified and trustworthy inter-domain pseudonym management approach that can preserve UE identity privacy and pseudonym unlinkability without relying on a trusted third party, and introduces a unified inter-domain group key management method based on Chinese remainder theorem and blockchain that significantly guarantees the flexibility, efficiency and trustworthiness. We formally prove the security of DeGKM and show its efficiency through simulations and comparisons with related works.

computer science, information systems, software engineering, hardware & architecture

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Yuejian Fang,Zilong Wen,Qingni Shen,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-981-10-0421-6_7

2015-01-01

Abstract:Today's online social networking services (OSN) such as Facebook, Twitter are centralized. Users' information may be leaked by these service providers, which results in potential privacy problems. Decentralized online social networking (DOSN) is provided to solve the problems. This paper presents a secure decentralized online social networking framework named SEDOSN. A peer-to-peer (p2p) online networking system is designed, and attribute-based encryption (ABE) technique is used. Different to existing ABE schemes which relies on a single authority or several authorities to authorize users and generating decryption keys for uses, we firstly proposed an ABE scheme with discretionary authorization. In our system, each user can authorize his friend, and generate decryption keys for his friend based on his friend's attributes. We give our implementation and experiment results in the paper.

Wen-Kai Yu,Ying Yang,Ya-Xin Li,Ning Wei,Shuo-Fei Wang

DOI: https://doi.org/10.3390/s22113994

2022-05-25

Abstract:In existing cryptographic key distribution (CKD) protocols based on computational ghost imaging (CGI), the interaction among multiple legitimate users is generally neglected, and the channel noise has a serious impact on the performance. To overcome these shortcomings, we propose a multi-party interactive CKD protocol over a public network, which takes advantage of the cascade ablation of fragment patterns (FPs). The server splits a quick-response (QR) code image into multiple FPs and embeds different "watermark" labels into these FPs. By using a CGI setup, the server will acquire a series of bucket value sequences with respect to different FPs and send them to multiple legitimate users through a public network. The users reconstruct the FPs and determine whether there is an attack in the public channel according to the content of the recovered "watermark" labels, so as to complete the self-authentication. Finally, these users can extract their cryptographic keys by scanning the QR code (the cascade ablation result of FPs) returned by an intermediary. Both simulation and experimental results have verified the feasibility of this protocol. The impacts of different attacks and the noise robustness have also been investigated.

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

Shiwei Xu,Ao Sun,Zhengwei Ren,Yizhi Zhao,Qiufen Ni,Yan Tong

DOI: https://doi.org/10.1007/s10878-023-01047-0

Abstract:Consortium blockchains offer privacy for members while allowing supervision peers access to on-chain data under certain circumstances. However, current key escrow schemes rely on vulnerable traditional asymmetric encryption/decryption algorithms. To address this issue, we have designed and implemented an enhanced post-quantum key escrow system for consortium blockchains. Our system integrates NIST post-quantum public-key encryption/KEM algorithms and various post-quantum cryptographic tools to provide a fine-grained, single-point-of-dishonest-resistant, collusion-proof and privacy-preserving solution. We also offer chaincodes, related APIs, and invoking command lines for development. Finally, we perform detailed security analysis and performance evaluation, including the consumed time of chaincode execution and the needed on-chain storage space, and we also highlight the security and performance of related post-quantum KEM algorithms on consortium blockchain.

Xiali Hei,Xiaojiang Du,Binheng Song

DOI: https://doi.org/10.1109/icc.2012.6364197

2012-01-01

Communications

Abstract:In Peer-to-Peer (P2P) networks, security is a challenging issue due to decentralization. In this paper, we propose an effective distributed login framework for P2P networks. User profile availability is a critical issue in P2P networks. Within the distributed login framework, we propose a new Reed-Solomon erasure code scheme leveraging the Pascal matrix that can guarantee user profile availability. Our performance and security analyses show that: (1) the distributed login framework provides high availability and low redundancy rate; and (2) the new erasure code has low computation and memory overheads.