YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Aiqun HU,Tao LI,Mingfu XUE

DOI: https://doi.org/10.3969/j.issn.1009-6868.2011.01.006

2011-01-01

Abstract:As mobile networks become high speed and attain an all IP structure,more and more services are possible.This brings about many new security requirements that traditional security programs cannot adapt to.This paper analyzes security threats and the needs of 3G/4G mobile networks.It proposes a novel protection scheme for mobile networks encompassing the whole structure of the mobile network.Trusted computing is built into mobile terminals—a scheme in which software validity verification is combined with access control,and validity and integrity are checked in the security management center in order to secure the mobile terminal.In this way,terminals and the network as a whole is secured to a much greater extent.This paper also highlights problems to be addressed in future research and development.

Satish Narayana Srirama,Anton Naumenko

DOI: https://doi.org/10.48550/arXiv.1007.3649

2010-07-21

Abstract:It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Chao Huo,Licheng Wang,Jingsai Li

DOI: https://doi.org/10.1109/imcec.2018.8469504

2018-01-01

Abstract:W300 rapid development of large scale services from a great number of terminals in Energy Internet, current services access control approaches of LTE (Long Term Evolution) private wireless network of electric power system face great challenges, where time delay, collision rate and utilization rate together result in problem on stability and real-time performance. Aimed to solve these problems, an energy-internet data acquisition oriented services access control scheme is proposed in this paper. Firstly, the electric energy data acquisition oriented power-grid private wireless network system architecture is depicted. Then, wireless services access control model is built and analyzed combining with characteristics of intelligent electric power distribution and utilization services, followed by the simulation evaluation. Finally, the simulation result shows that this proposed scheme is able to improve services efficiency and reliability of the power-grid private wireless network.

Jun-jun Wu,Ming-wei Fang,Xinfang Zhang,Tongyang Wang

DOI: https://doi.org/10.4304/jnw.7.9.1341-1348

2012-01-01

Journal of Networks

Abstract:Technologies make the mobile terminals such as smart phones, PDAs and handsets much more powerful to access mobile network in recent years. Especially with the widely use of mobile terminals, mobile network now becomes a primary tool for daily and business interactions. However, the proliferation of mobile terminals also draws mobile malware’s attention which will do damage to the mobile terminal and further affect the security of mobile network. But the traditional access control and authentication mechanism cannot resolve such security issues. On the basis of trusted computing technology, we proposed a mobile trusted network architecture by extending the trusted network connection in mobile environment. And an improvement EAP-EHash method is used in the proposed architecture to implement authentication. We defined two service scenarios in the authentication scheme, home network authentication and roaming network authentication. The process of each scenario is described in detail. By introducing the pseudonym mechanism, our scheme can protect user identity. And the connection status not only depends on the identification process, but also the trust status of the platform. The analysis shows that our scheme benefits the properties of user identity anonymity, mutual authentication, fake agent resistance, platform integrity verification, EAP and TNC Compatible. And the ciphersuite negotiation makes our scheme more suitable for resource limited mobile terminals.

Shuhong Wang,Yingjiu Li,Bo Zhu,Nan Hu

2005-01-01

Abstract:Mobile services have been growing fast to facilitate business in wireless network environment. It is both critical and challenging to maintain security and anonymity so as to provide high quality services. In this paper, we propose a ticket-based architecture and a generic protocol for controlling access to mobile services. Our protocol has the following properties. First, it is a genetic solution independent of cryptographic algorithms and service models. Second. it is secure against various malicious attacks on mobile services. Third, it provides identity anonymity for customers and/or service providers depending on business requirements. Fourth. it is flexible in dynamic environments where customers and/or service providers are cross multiple domains. We also show an efficient implementation option of this generic protocol based on elliptic curve digital signature algorithm.

Dingguo Yu,Nan Chen,Chengxiang Tan

DOI: https://doi.org/10.1109/etcs.2009.559

2007-01-01

Journal of Computer Applications

Abstract:With the rapid development of mobile networks technology and popularization of mobile device, people can access Internet by mobile device and wireless connection covering the entire mobile communication network (GSM/GPRS/CDMA/3G/802.11etc) at any moment. Business system based on mobile network has been becoming hotspot. Compare with traditional business system, the security risk of business system based on mobile network is more popular and grave. However, the traditional mobile communication technology does not provide the security services such as authentication, confidentiality, and integrity etc. To solve this security problem, in this paper, we designed and implemented a mobile security access system (MSAS) using SSL VPN, CA and smart card technology. It establishes a complete authentication mechanism based on smart card and X. 509 certificates, and uses SSL VPN tunnel to protect the security of a message transmission on the Internet and mobile communication network. It will help some commercial companies and government authorities, who need confidential information transmitted over the air, such as banks providing mobile bank service, policemen exchanging data of criminals, etc, to build secure communications channel, and some secure business system based on fixed-IP network extend to mobile network.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Yingjie Xia,Li Kuang,Kuang Mao

DOI: https://doi.org/10.1007/978-3-642-22418-8_9

2011-01-01

Abstract:This paper proposes an efficient and secure inner network access approach which is based on a heterogeneous Diffie-Hellman key exchange protocol in an unsecured network. The inner and outer network structure is commonly applied in various areas, such as different departments of government, enterprises. As the wireless communication network boosts up, the users in outer network try to use PDA, smart phone to access the inner network to acquire necessary information. Due to the limitation of the storage and computational capability of these mobile terminals, traditional secure inner network access approach which uses special cable to do the access is not suitable for this case. Therefore, we design a heterogeneous key exchange protocol for the mobile terminal in outer network and application server in inner network to negotiate the communication shared key. The gateway between inner and outer network can be protected from the third party attack by the trusted computing. The experimental results show that the heterogeneous key exchange protocol is efficient and secure for inner network access.

Junqi Zhang,Yan Wang,Vijay Varadharajan

DOI: https://doi.org/10.1109/soca.2007.29

2007-01-01

Abstract:Mobile agent technology and Web service technology compensate each other and play very important roles in e-service applications. The mechanism of Web services technology naturally provides a platform for deploying mobile agent technology. Therefore, the integration of the mobile agent technology and Web Service technology has been actively investigated in recent years. On the other hand, the security issues of the integration system have not drawn much attention. In this paper, we present a new security architecture for the integration of mobile agent and the Web services technology. This architecture provides a new authentication scheme for Web service provider to verify the mobile agent owner's identity by employing an identity-based signature protocol without using the username/password pair, which is infeasible for mobile agent. We also propose a new Web services and mobile agent system confidentiality protocol, which provides an alternative method to current security mechanisms without using certification authorities (CA) based public key infrastructure. With this scheme, it can simplify the key management and reduce the computation load particularly for group-oriented web services. In addition, this scheme also inherently has the non-repudiation property.

Tao Li,Aiqun Hu

DOI: https://doi.org/10.3969/j.issn.1001-0505.2011.03.016

2011-01-01

Abstract:Based on the theory of trusted computing and by adding mobile trusted module, security service provider and security software to the existing mobile network, the unified security protection system is established to provide security services to users. This scheme efficiently utilizes the functions of operating system, and makes combination of role-based access control with trust authentication. So the trusted chain transmission is accomplished efficiently. Software and courses without legal certificates are unable to run in the protected system so as to ensure the system security. The certificate is totally managed by security service provider and software provider. Experiments of files reading and writing and network access indicate that the scheme may cause a system performance decrease of 6% to 16%. The scheme can be applied in building a high efficiency holistic security system for mobile communications.

Mingfu Xue,Aiqun Hu

DOI: https://doi.org/10.1109/wicom.2011.6040174

2011-01-01

Abstract:As the mobile network migrates to an all-IP network with increasing speed, many new security requirements emerge. We analyze security threats and requirements of 3GPP/4G mobile networks and discuss various kinds of existing security measures. We argue that merely improving security mechanisms and protocols to protect the security of air interface is insufficient. The mobile network security must rely on the secure terminal environment. We also analyze the weaknesses of terminal protection by virus scanning, and propose a novel protection scheme for mobile networks based on security services and trusted terminals. By building a trusted computing environment at the mobile terminal, the proposed scheme combines verifying validity of software with access control, and checks the validity and the integrity of software in the security service provider. Under our scheme, the security ability supplied to the terminals and the whole network is much better.

Chen Tianzhou,Huang Yu,Chen Feng,Hu Wei

2006-01-01

Abstract:There are many security defects in existing mobile communication systems, such as unidirectional authentication and cipher key transmission in plaintext. With the expansion of the mobile communication services, the mobile security becomes more and more important, but the existing communication systems can not prevent hostile attacks to supply high-quality service because of their defects in security. To solve these problems, we propose a new Security Architecture for Mobile Communication (SAMC), which employs new authentication protocols, chooses different encryption algorithms for different requirements and implements integrity control mechanism. Good security is developed in an open environment with the collaboration of experts. It has the robust security and the outstanding performance, just a slight and acceptable loss.

Li Tao,Hu Aiqun

DOI: https://doi.org/10.1109/ncis.2011.129

2011-01-01

Abstract:Mobile services are pervasive in wireless network and are one of the crucial components needed for various applications and services. Security problems related to mobile phones directly influence credibility of these applications and services. Trusted Computing technology provides powerful support for the solution to security issues of mobile device in mobile network. This paper proposes a Holistic Security Service System for mobile network. It consists of a Security Service Provider, a Software Provider and a Mobile Trusted Terminal. A hardware and software solution of trusted mobile device is also proposed, and a trusted software running mechanism based on certificate access control is discussed. Our security analysis and experimental results prove that both the Holistic Security Service System and mobile trusted mechanism can be used in mobile networks.

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Ling Xiong,Fagen Li,Mingxing He,Zhicai Liu,Tu Peng

DOI: https://doi.org/10.1109/tcc.2020.3029878

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this article constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Daqing Zhang,Abdallah Mhamed,Mounir Mokhtari

DOI: https://doi.org/10.1145/1378063.1378106

2007-01-01

Abstract:Wireless hotspots are permeating our workplace, home and public places bringing interesting services and spontaneous connectivity to mobile users. While it's ideal to enable the mobile clients to discover services automatically with the device-to-hand across the augmented physical spaces, it's equally important to guarantee the security and privacy of the mobile clients and service providers. In this paper, we propose a trustworthy framework that can support impromptu service discovery with mobile devices in WLAN enabled environments. Different from the existing service discovery approaches, the framework requires no specialized hardware or software installation in mobile client devices, it can preserve the privacy of mobile users during the authentication process by not requesting their identities. We prototyped a set of assistive services in a shopping mall which can be spontaneously discovered and accessed by a disabled person from his WLAN enabled mobile device, we show how both the security and privacy are achieved in a unified manner using trusted computing platforms.

Xiang Feng,Yonghe Wu,Xueqiang Yan

DOI: https://doi.org/10.1109/sere-c.2013.24

2013-01-01

Abstract:Copyright attacks on mobile application is a critical issue for mobile network operators (MNOs) and application and content providers who have deployed AS. This paper proposes a solution for this issue that leverages 3G security architecture. A trusted mobile software runtime is designed to control the execution of the mobile application. A dynamic Software ID and security key are created and deployed on both the application store and mobile device for authorization of software execution requests and to invoke web services. The Software ID will be updated each time the mobile application is executed and will be stored on the server side. The mobile software protection model, which is protected by a universal integrated circuit card will be stored on the client side. The proposed solution enables a trusted computing environment that leverages the existing resources and capability of mobile network operators for developers and stakeholders. Thus it can prevent several types of mobile application crack issues including redistribution of the application to unauthorized devices, modification of the application, copy application to other devices through cracking the UICC and unauthorized action to obtain web service URLs to consume the web service.