Cong Wang,Maode Ma,Lei Zhang

DOI: https://doi.org/10.1109/access.2017.2706738

IF: 3.9

2017-01-01

IEEE Access

Abstract:The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme, the customer premises equipment and the target secondary user base station can accomplish a seamless handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal verification by automated validation of Internet security protocols and applications, we conclude that the proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments. The results show that the EPW scheme provides a lower computation delay than that mandated by the security scheme regulation of the IEEE 802.22 standard.

Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.1002/sec.1041

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:Traditional centralized approaches toward mobility management such as MIPv6 and its variants suffer because of the performance issues like single-point failure, non-optimal routing, low scalability, authentication latency, and signaling messages overhead of the mobility protocols. In this paper, we propose a novel network-based Distributed Mobility and Authentication Mechanism DMAM to focus on these issues. DMAM decomposes centralized mobility functions into Home Address Allocation, mobility routing MR, and location management LM. A new entity is introduced in DMAM, called Location and Mobility Manager that distributes MR and LM among multiple routers to which mobile node can be attached. Furthermore, DMAM offers strong authentication mechanism based on symmetric cryptographic and collision-free one-way hash function. The performance of proposed scheme is analyzed and compared with existing approaches in terms of handover latency, handover blocking probability, packet loss, communication overhead, and computational cost. The conducted numerical results demonstrate that DMAM outperforms the existing approaches. Copyright © 2014 John Wiley & Sons, Ltd.

Hung-Min Sun,Yue-Hsun Lin,Shuai-Min Chen,Yi-Chung Shen

DOI: https://doi.org/10.1109/tencon.2007.4428890

2007-01-01

Abstract:802.16/WiMAX is going to be the most popular technology in wireless communications. In 2006, IEEE 802.16e has been proposed for mobility issue. In order to maintain security, re-authentication should be considered when the mobile station handovers. However, re-authentication often takes latency and consumes power. On the other hand, several fast authentication schemes have been proposed based on pre-authentication concept in 802.11/WLAN networks. These schemes provide different methods to enhance the efficiency and security of re-authentication procedure. By using the pre-authentication concept, we propose a pre-authentication scheme for WiMAX infrastructures in this paper. Due to flexibility and security, the proposed scheme is combined with the PKI architecture. It provides a secure and fast re-authentication procedure during macro-handover in 802.16/WiMAX networks.

Jianqing Fu,Xiaoning Jiang,Lingdi Ping,Rong Fan

DOI: https://doi.org/10.1109/icime.2009.14

2009-01-01

Abstract:In this paper, we identify a vulnerability of IEEE 802.11 wireless Mesh LANs in which a compromised mesh point can still receive data from other mesh points. Then we propose a new protocol that can counter this attack by considering the effective period of both the mesh points (MPs) when decide the lifetime of the key shared between them. We also amend 802.11s draft in order not to bring about a fundamental change to the whole key hierarchy, and propose a protocol to refresh the shared key when it expired. Then we prove the security of the protocol using protocol composition logic (PCL).

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Amit Kumar Roy,Vijayakumar Varadaranjan,Keshab Nath

DOI: https://doi.org/10.1016/j.jisa.2024.103806

IF: 4.96

2024-08-01

Journal of Information Security and Applications

Abstract:Wireless Mesh Network (WMN) has become the most favorable choice among various networking options due to its distributed nature. It offers continuous Internet services, in comparison with other conventional networks, through a self-healing and self-configuration approach. Due to the high mobility of mesh clients, handover authentication is an operation that demands significant attention in WMNs. Through the exchange of messages, mesh clients (MCs) and mesh routers (MRs) initiate the operation, allowing the client to authenticate itself with the foreign mesh router (FMR). In existing protocols, these messages were shared in plaintext format, making it easy for an attacker to breach their integrity. Therefore, a secure communication method should be established between MCs and MRs for message exchange. In this paper, we propose a protocol that offers efficient authentication while preserving message integrity during the handover operation. The experimental results show that our proposed protocol performs better and overcomes the limitations present in the existing protocols.

computer science, information systems

Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

jianqing fu,chunming wu,jian chen,rong fan,lingdi ping

DOI: https://doi.org/10.1109/ICNIT.2010.5508544

2010-01-01

Abstract:In IP Multimedia Subsystem(IMS) of UMTS, IMS information is delivered through the general packet radio service(GPRS) transport network, before a user equipment (UE) can access the IMS service, it must performance both packet-switch domain and IMS authentication. It is inefficient that almost all involved steps in IMS authentication are duplicated. Hence, some one-pass IMS authentications were proposed to increase the efficiency of the IMS authentication. Unfortunately, these protocols have some problems which make them unfeasible. Therefore, we proposed a lightweight one-pass IMS authentication protocol to reduce signaling traffic. Through analysis, we found that it has minimal impact on the network functionality and will not influent the succeeding IMS re-authentication, which makes it more feasible.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Hung-Min Sun,Shih-Ying Chang,Yue-Hsun Lin,Shin-Yan Chiou

DOI: https://doi.org/10.1109/isda.2008.330

2008-01-01

Abstract:Mobile WiMAX is the next generation of broadband wireless network. It allows users to roam over the network under vehicular speeds. However, when a mobile station changes from one base station to another, it should be authenticated again. This may lead to delay in communication, especially for real-time applications, such as VoIP and Pay-TV systems. In this paper, we propose two efficient schemes to enhance the performance of authentication during handover in mobile WiMAX. The first scheme adopts, instead of the standard EAP method used in handover authentication, an efficient shared key-based EAP method. The second one, skips the standard EAP method, does the authentication in SA-TEK three-way handshake in PKMv2 process. In addition, the security proofs of our schemes are provided in this paper.

Song-Hua HUANG,Yu-Xing SUN,Hao HUANG,Gui-Hai CHEN

DOI: https://doi.org/10.3724/SP.J.1016.2009.00531

2009-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Performance is always the bottleneck for deploying network mobility (NEMO), and the delay resulting from existing authentication mechanism makes it even worse. This paper in-troduces an efficient authentication method for access router (AR) mesh of multihomed and nes-ted mobile networks, with path selection and fast handover support to promote whole perform-ance of mobile networks, especially to reduce the delay. First a mutual authentication method is presented based on fixed AAA infrastructure and dynamic trusted neighbors, integrated with a behavior evaluation mechanism. And based on this authentication method the algorithms for opti-mal path selection and recovery of access failure are proposed. In the solution, security associa-tion (SA) transfer is to cut down the authentication delay; multi-angular routing and tunnel-in-tunnel problem in nested situation can be eliminated through the Care-of-Address (CoA) configu-ration of mobile router based on top-level AR prefix; temporary tunnel and reverse routing header (RRH) may be borrowed to leave out the binding procedure in handover; AR evaluation will pro-duce an optimal path to the Internet. Analysis shows that, with efficient SA establishment be-tween mobile networks and the foreign networks, expected node behavior evaluation, and opti-mized route, the solution in this paper is more efficient than the counterparts in terms of through-put, packet delay and handover delay.

Daojing He,Jiajun Bu,Sammy Chan,Chun Chen

DOI: https://doi.org/10.1109/TC.2011.258

IF: 3.183

2013-01-01

IEEE Transactions on Computers

Abstract:Existing mechanisms for handover authentication mainly focus on designing a secure authentication module, little attention has been paid to protect users' privacy when they are authenticated by the access points for data access. Further, most existing approaches do not support user revocation. In this paper, we present a secure and efficient authentication protocol named Handauth. Similar to the mechanisms of this field, Handauth provides user authentication and session key establishment. However, compared to other well-known approaches, Handauth not only enjoys both computation and communication efficiency, but also achieves strong user anonymity and untraceablility, forward secure user revocation, conditional privacy-preservation, AAA server anonymity, access service expiration management, access point authentication, easily scheduled revocation, dynamic user revocation and attack resistance. Experimental results show that the proposed approach is feasible for real applications.

Amit Kumar Roy,Keshab Nath,Gautam Srivastava,Thippa Reddy Gadekallu,Jerry Chun-Wei Lin

DOI: https://doi.org/10.3390/s22051958

IF: 3.9

2022-03-02

Sensors

Abstract:Presently, lightweight devices such as mobile phones, notepads, and laptops are widely used to access the Internet throughout the world; however, a problem of privacy preservation and authentication delay occurs during handover operation when these devices change their position from a home mesh access point (HMAP) to a foreign mesh access point (FMAP). Authentication during handover is mostly performed through ticket-based techniques, which permit the user to authenticate itself to the foreign mesh access point; therefore, a secure communication method should be formed between the mesh entities to exchange the tickets. In two existing protocols, this ticket was not secured at all and exchanged in a plaintext format. We propose a protocol for handover authentication with privacy preservation of the transfer ticket via the Diffie–Hellman method. Through experimental results, our proposed protocol achieves privacy preservation with minimum authentication delay during handover operation.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kaiping Xue,Changsha Ma,Peilin Hong,Rong Ding

DOI: https://doi.org/10.1016/j.jnca.2012.05.010

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks.

Zhiguo Wan,Kui Ren,Bo Zhu,Bart Preneel,Ming Gu

DOI: https://doi.org/10.1109/tvt.2009.2028892

IF: 6.8

2009-01-01

IEEE Transactions on Vehicular Technology

Abstract:As a combination of ad hoc networks and wireless local area network (WLAN), the wireless mesh network (WMN) provides a low-cost convenient solution to the last-mile network-connectivity problem. As such, existing route protocols designed to provide security and privacy protection for ad hoc networks are no longer applicable in WMNs. On the other hand, little research has focused on privacy-preserving routing for WMNs. In this paper, we propose two solutions for security and privacy protection in WMNs. The first scheme relies on group signatures, together with user credentials, to deliver security and privacy protection. By enforcing access control using user credentials, the user's identity has to be disclosed to mesh routers. To avoid this, our second scheme employs pairwise secrets between any two users to achieve stronger privacy protection. In the second scheme, the user is kept anonymous to mesh routers. Finally, we analyze these two schemes in terms of security, privacy, and performance.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Qing Ding,Ming Jiang,Xi Li,Xuehai Zhou

DOI: https://doi.org/10.1109/ncm.2009.419

2009-01-01

Abstract:Wireless Mesh Network (WMN) is a promising wireless technology that received more and more researchers’ attention recently. These networks comprise of stationary mesh routers, which essentially serves as the wireless mesh backbone to provide connectivity between the mobile Mesh Clients. Classical routing protocols developed for typical ad hoc networks, which mainly concentrate on mobility and energy conservation, may incur some problems in the WMN. Many optimizations and extensions of existed protocols are proposed. However, few deal with the characteristics of secure routing. In this paper, we assume WMN is self-policing and the mesh routers are autonomous and selfish. Based on this assertion, a reputation-based proactive routing protocol for the wireless mesh backbone is presented. We propose an extension version of OLSR, which adopts a reputation function as the routing metric. An adaptive reputation management framework is designed and we show how to store, collect and query reputation values in an accurate, secure and efficient manner. The simulation results show that our model performs well in terms of routing performance, end-to-end delay metrics.

HE Yuan,XU Li,HUANG Xin-yi

DOI: https://doi.org/10.3969/j.issn.1000-5277.2013.02.005

2013-01-01

Abstract:It presents an anonymous authentication scheme based on blind signature and a scheme based on partially blind signature,in order to improve user anonymity,protect user's identity privacy and pseudonym based location privacy from Wireless mesh networks(WMNs) infrastructure respectively.Users can select an anonymous set determined by the service provider and the times to authenticate anonymously according to their needs.

Anmin Fu,Gongxuan Zhang,Yan Yu,Zhenchao Zhu

DOI: https://doi.org/10.3837/tiis.2014.09.017

2014-01-01

Abstract:Integrated WiMAX and WiFi networks is of great potential for the future due to the wider coverage of WiMAX and the high data transport capacity of WiFi. However, seamless and secure handover (HO) is one of the most challenging issues in this field. In this paper, we present a novel vertical HO authentication scheme with privacy preserving for WiMAX-WiFi heterogeneous networks. Our scheme uses ticket-based and pseudonym-based cryptographic methods to secure HO process and to achieve high efficiency. The formal verification by the AVISPA tool shows that the proposed scheme is secure against various malicious attacks and the simulation result indicates that it outperforms the existing schemes in terms of communication and computation cost.