Cong Wang,Maode Ma,Lei Zhang

DOI: https://doi.org/10.1109/access.2017.2706738

IF: 3.9

2017-01-01

IEEE Access

Abstract:The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme, the customer premises equipment and the target secondary user base station can accomplish a seamless handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal verification by automated validation of Internet security protocols and applications, we conclude that the proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments. The results show that the EPW scheme provides a lower computation delay than that mandated by the security scheme regulation of the IEEE 802.22 standard.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/wcnc.2013.6554840

2013-01-01

Abstract:The increasing demands for improving transmission reliability and efficiency have brought us a wide interest in smart grid. In current smart grid research, one of challenges is its security issue. If the security is not well addressed, the concept of smart grid cannot be widely accepted. In this paper, in order to simultaneously resolve the security and efficiency challenges in smart grid communications, we propose an efficient aggregate authentication protocol, called EATH, which is characterized by eliminating the Map-To-Hash hash and reducing the pairing operations in aggregation and verification to improve the computational efficiency. Detailed security analysis has shown that the proposed EATH protocol is secure in terms of source authentication and data integrity in smart grid communications. In addition, performance evaluation also demonstrates its efficiency in terms of low computation and communication overheads.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.

Yanfei Fan,Bin Lin,Yixin Jiang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2008.ecp.891

2008-01-01

Abstract:In this paper, we propose an efficient privacy-preserving scheme for secure packet transmission at wireless link layer. The proposed scheme is constructed by using hash values in reverse hash chains as interface identifiers. It can successfully and efficiently resist the Media Access Control (MAC) address based attacks, such as flow tracking and traffic analysis, which are launched by either outside or even inside attackers. In addition, some optimization techniques are also introduced to further improve the efficiency of the proposed scheme. The extensive analysis and simulations demonstrate the enhanced security and efficiency of the proposed scheme.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Jun Lei,Xiaoming Fu,Dieter Hogrefe,Jianrong Tan

DOI: https://doi.org/10.1016/j.cose.2007.01.001

IF: 5.105

2007-01-01

Computers & Security

Abstract:IEEE 802.11 wireless LAN has become one of the hot topics on the design and development of network access technologies. In particular, its authentication and key exchange (AKE) aspects, which form a vital building block for modern security mechanisms, deserve further investigation. In this paper we first identify the general requirements used for WLAN authentication and key exchange (AKE) methods, and then classify them into three levels (mandatory, recommended, and additional operational requirements). We present a review of issues and proposed solutions for AKE in 802.11 WLANs. Three types of existing methods for addressing AKE issues are identified, namely, the legacy, layered and access control-based AKE methods. Then, we compare these methods against the identified requirements. Based on the analysis, a multi-layer AKE framework is proposed, together with a set of design guidelines, which aims at a flexible, extensible and efficient security as well as easy deployment.

K Ren,H Lee,K Han,J Park,K Kim

DOI: https://doi.org/10.1109/ICON.2004.1409206

2004-01-01

Abstract:In this paper, an enhanced lightweight identity authentication protocol for access control in IEEE 802.11 networks are presented. The proposed protocol is nicely integrated with the current MAC frame structure and takes the most advantage of the redundancy bits inside the MAC frame header to convey the authentication information, as well as the synchronization information in case of synchronization loss happening. A much more efficient and fault-tolerant synchronization algorithm is given at the same time, which significantly improved the performance of the proposed protocol as compared to the previous ones. The proposed protocol is highly effective as evaluated via a thorough mathematical analysis. A quantitive attack detection framework is also established based on the evaluation result. Finally, the proposed protocol is well suited in a wireless constrained environment for its low communication and computation overheads, requiring only several additional bits (less than 8) for transmission and random bit generating operation.

Daoshun Wang

2006-01-01

Abstract:Firstly a comprehensive analysis on the current security and authentication technology used in WLAN is introduced.Based on all related problems,an enforced Access Point(AP)design scheme is proposed.The design and implementation of a prototype AP system,its security and authentication architecture is briefly discussed according to 802.11i framework,AES and EAP-TTLS.

Yao Zhao,Chuang Lin,Hao Yin

DOI: https://doi.org/10.1109/aina.2006.300

2006-01-01

Abstract:With the development of wireless Internet, the interworking of the Third Generation (3G) wide area wireless networks and Wireless Local Area Networks (WLAN) has become a focus of research. 3G systems have their advantages in charging management, roaming, and security facilities, and WLAN systems have the advantages of high bandwidth and low investment cost. Interworking of 3G-WLAN offers characteristics that complement each other perfectly. Several authentication protocols have been proposed to improve security. In this paper, we firstly introduce the architectures of 3G-WLAN interworking and discuss existing problems related to authentication and key agreement procedures. Then, we present two schemes by applying authentication based on EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) and EAP-TTLS (Tunneled TLS) into integrated 3G and WLAN to achieve high end-to-end security and authentication for the users. Finally, we conduct a series of performance evaluation on the energy consumption and latency of standard authentication protocols.

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Xin Liu,Zhenbin Guo,Jun Ma,Yuchen Song

DOI: https://doi.org/10.1109/jiot.2021.3097996

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:Wireless sensor networks (WSNs) are widely implemented in military, intelligent medical, intelligent transportation, space exploration, and other fields. However, the authentication and communication of WSNs are carried out in the harsh external environment via a public channel, which is more vulnerable to various attacks than the traditional networks. Authentication is the key technology of security measures, but a common authentication scheme is not suitable for WSNs due to limitations of memory, computing, and energy consumption. Therefore, designing a secure and efficient authentication scheme is essential in WSNs. In recent years, several studies proved that the dynamic authentication credential (DAC) is efficient for enhancing the security of the authentication scheme. This article designs a secure authentication scheme for WSNs based on DAC and Intel software guard extensions (SGX). Compared with other DAC authentication schemes, our scheme provides the confirmation action of DAC rotation, which can effectively prevent the asynchronous update problem caused by packet loss. In order to resist the privileged user attack and the authentication table leakage attack, we choose the SGX, which can protect the data in use, as the trusted execution environment in the gateway node, and we adopt SGX to store the master key for protecting the authentication table. Finally, the security of our authentication scheme is verified by BAN logic, the simulation tool AVISPA, and informal security analysis. Through the consumption overhead analysis, the NS3 simulation result, and detailed comparison with other recent schemes, we conclude that our scheme is practical and achieves better security with less overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic

Minghui Shi,Humphrey Rutagemwa,Xuemin (Sherman) Shen,Jon W. Mark,Yixin Jiang,Chuang Lin

DOI: https://doi.org/10.1007/978-0-387-33112-6_11

2007-01-01

Abstract:A wireless LAN service integration architecture based on current wireless LAN hotspots is proposed to make migrating to new service cost effective. The AAA (Authentication, Authorization and Accounting) based mobile terminal registration signaling process is discussed. An application layer end-to-end authentication and key negotiation protocol is proposed to overcome the open air connection problem existing in wireless LAN deployment. The protocol provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign networks. A functional demonstration of the protocol is also given. The research results should contribute to rapid deployment of wireless LANs hotspot service.

Fengyin Li,Xinying Yu,Yang Cui,Siqi Yu,Yuhong Sun,Yilei Wang,Huiyu Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.01.019

IF: 5.047

2022-01-01

Computer Communications

Abstract:Wireless Sensor Networks (WSNs) play an indispensable role in the application of smart homes, smart healthcare, and precision agriculture. However, WSNs confront privacy risks that hinder its practical applications. The leakage of privacy is one of the key factors to restrict the development of WSNs. Hence, in this paper, we propose an Anonymous Authentication and Key Agreement protocol (AAKA) to accomplish identity authentication and privacy protection. Based on the dynamic sequence number, the shared secret value, and the dynamic random number, the AAKA protocol implements a two-way authentication and keys negotiation among users, gateway, and sensors, which achieves the secure access control of legitimate users to WSNs and ensures the confidential transmission of data over the public channel. We perform the security proof with BAN logic for security evaluation. The performance analysis demonstrates that compared with other WSNs authentication schemes, the AAKA protocol obtained better security features, smaller storage, and more efficient communication. Therefore, it is more suitable for applications in smart living.

Daojing He,Jiajun Bu,Sammy Chan,Chun Chen

DOI: https://doi.org/10.1109/TC.2011.258

IF: 3.183

2013-01-01

IEEE Transactions on Computers

Abstract:Existing mechanisms for handover authentication mainly focus on designing a secure authentication module, little attention has been paid to protect users' privacy when they are authenticated by the access points for data access. Further, most existing approaches do not support user revocation. In this paper, we present a secure and efficient authentication protocol named Handauth. Similar to the mechanisms of this field, Handauth provides user authentication and session key establishment. However, compared to other well-known approaches, Handauth not only enjoys both computation and communication efficiency, but also achieves strong user anonymity and untraceablility, forward secure user revocation, conditional privacy-preservation, AAA server anonymity, access service expiration management, access point authentication, easily scheduled revocation, dynamic user revocation and attack resistance. Experimental results show that the proposed approach is feasible for real applications.

Yi Li,Yuling Tian

DOI: https://doi.org/10.1109/jsyst.2022.3152561

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In recent years, wireless sensor networks (WSNs) have been extensively used in many fields, which provide great convenience for peoples daily work and life. With the popularity of WSNs, peoples demands for related authentication protocols are developing in a comprehensive and perfect direction, and relevant designs are focusing more on two aspects: security and performance. However, current research cannot avoid the problem that security and efficiency are not compatible. Some studies use time-consuming cryptographic structures for security, while most lightweight schemes are designed without considering certain security properties, such as perfect forward secrecy, the resistance to known session-specific temporary information attack, etc. In our view, this conflict can be resolved by using lightweight cryptography primitives with special attention to protocol vulnerabilities and ever-evolving security requirements of people. By abandoning all unnecessary cryptographic structures, we propose a comprehensive lightweight three-factor authentication protocol with various security requirements, including adaptive privacy preservation, which is suitable for the user-friendly scenario in the WSN. Through security analysis, real-or-random (ROR) model proof, Automated Validation of Internet Security Protocols and Applications experimental verification, and security aspect comparison, it is proved that our protocol is superior in the security aspect. The performance experiment under MIRACL library shows that this study has advantages in performance compared with other recent research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Benfeng Chen,Zhizhong Tan,Wenyong Wang,Yan Liu,Tai Io San,Mudi Xu,Lei Wang,Shan Chen,Sou Wang Fong,Jing Feng

DOI: https://doi.org/10.3390/app14135593

2024-06-27

Applied Sciences

Abstract:In the current context of rapid Internet of Things (IoT) and cloud computing technology development, the Single Packet Authorization (SPA) protocol faces increasing challenges, such as security threats from Distributed Denial of Service (DDoS) attacks. To address these issues, we propose the Advanced Network-Hiding Access Control (AHAC) framework, designed to enhance security by reducing network environment exposure and providing secure access methods. AHAC introduces an independent control surface as the access proxy service and combines it with a noise generation mechanism for encrypted access schemes, replacing the traditional RSA signature method used in SPA protocols. This framework significantly improves system security, reduces computational costs, and enhances key verification efficiency. The AHAC framework addresses several limitations inherent in SPA: users need to know the IP address of resources in advance, exposing the resource address to potential attacks; SPA’s one-way authentication mechanism is insufficient for multi-level authentication in dynamic environments; deploying the knocking module and protected resources on the same host can lead to resource exhaustion and service unavailability under heavy loads; and SPA often uses high-overhead encryption algorithms like RSA2048. To counter these limitations, AHAC separates the Port Knocking module from the access control module, supports mutual authentication, and implements an extensible two-way communication mechanism. It also employs ECC and ECDH algorithms, enhancing security while reducing computational costs. We conducted extensive experiments to validate AHAC’s performance, high availability, extensibility, and compatibility. The experiments compared AHAC with traditional SPA in terms of time cost and performance.

Computer Science,Engineering

Yubo Song,Bing Chen,Tianqi Wu,Tianyu Zheng,Hongyuan Chen,Junbo Wang

DOI: https://doi.org/10.1155/2021/2993019

2021-11-17

Wireless Communications and Mobile Computing

Abstract:Wi-Fi device authentication is crucial for defending against impersonation attacks and information forgery attacks. Most of the existing authentication technologies rely on complex cryptographic algorithms. However, they cannot be supported well on the devices with limited hardware resources. A fine-grained device authentication technology based on channel state information (CSI) provides a noncryptographic method, which uses the CSI fingerprints for authentication since CSI can uniquely identify the devices. But long-term authentication based on CSI fingerprints is a challenging work. First, the CSI fingerprints are environment-sensitive, which means that the local authenticator should be updated to adapt to the changing channel state. Second, the local authenticator trained with old CSI fingerprints is outdated when users reconnect to the network after being offline for a long time, thus, it needs to be retrained in the access phase with new fingerprints. To tackle these challenges, we propose a CSI-based enhancing Wi-Fi device authentication protocol and an authentication framework. The protocol helps to collect new CSI fingerprints for authenticator’s training in access phase and performs the fingerprints’ dispersion analysis for authentication. In the association phase, it provides packet-level authentication and updates the authenticator with valid CSI fingerprints. The authenticator consists of an ensemble of small-scale autoencoders, which has high enough time efficiency for packet-level authentication and authenticator’s update. Experiments show that the accuracy of the framework is up to 98.7%, and the authenticator updating method can help the framework maintains high accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic