YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Kui Ren,Kai Zeng,Wenjing Lou,Patrick J. Moran

DOI: https://doi.org/10.1109/twc.2007.060255

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:Broadcast authentication is a critical security service in wireless sensor networks (WSNs), since it enables users to broadcast the WSN in an authenticated way. Symmetric key based schemes such as muTESLA and multilevel muTESLA have been proposed to provide such services for WSNs; however, these schemes all suffer from serious DoS attacks due to the delay in message authentication. This paper presents several effective public key based schemes to achieve immediate broadcast authentication and thus overcome the vulnerability presented in the muTESLA-like schemes. Several cryptographic techniques, including Merkle hash tree and identity-based signature scheme, are adopted to minimize the scheme overhead regarding the costs on both computation and communication. A quantitative energy consumption analysis of the proposed schemes is given in detail. We believe that this paper can serve as the start point towards fully solving the important multisender broadcast authentication problem in WSNs.

Chen Lyu,Dawu Gu,Yunze Zeng,Prasant Mohapatra

DOI: https://doi.org/10.1109/tdsc.2015.2399297

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In vehicular networks, broadcast communications are critically important, as many safety-related applications rely on single-hop beacon messages broadcast to neighbor vehicles. However, it becomes a challenging problem to design a broadcast authentication scheme for secure vehicle-to-vehicle communications. Especially when a large number of beacons arrive in a short time, vehicles are vulnerable to computation-based Denial of Service (DoS) attacks that excessive signature verification exhausts their computational resources. In this paper, we propose an efficient broadcast authentication scheme called Prediction-Based Authentication (PBA) to not only defend against computation-based DoS attacks, but also resist packet losses caused by high mobility of vehicles. In contrast to most existing authentication schemes, our PBA is an efficient and lightweight scheme since it is primarily built on symmetric cryptography. To further reduce the verification delay for some emergency applications, PBA is designed to exploit the sender vehicle's ability to predict future beacons in advance. In addition, to prevent memory-based DoS attacks, PBA only stores shortened re-keyed Message Authentication Codes (MACs) of signatures without decreasing security. We analyze the security of our scheme and simulate PBA under varying vehicular network scenarios. The results demonstrate that PBA fast verifies almost 99 percent messages with low storage cost not only in high-density traffic environments but also in lossy wireless environments.

Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.1142/9789812833495_0015

2009-01-01

Abstract:Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Previous solutions on broadcast authentication are mostly symmetric-key-based solutions such as μTESLA and multilevel μTESLA. These schemes are usually efficient; however, they all suffer from severe energy-depletion attacks resulted from the nature of delayed message authentication. Being aware of the security vulnerability inherent to existing solutions, we present several efficient public-key-based schemes in this chapter to achieve immediate broadcast authentication with significantly improved security strength. Our schemes are built upon the unique integration of several cryptographic techniques, including the Bloom filter, the partial message recovery signature scheme and the Merkle hash tree. We prove the effectiveness and efficiency of the proposed schemes by a comprehensive quantitative analysis of their energy consumption regarding both computation and communication. Index: Security, Wireless Sensor Networks, Broadcast Authentication, Multi-user Encyclopedia on Ad Hoc and Ubiquitous Computing, edited by Dharma Agrawal and Bin Xie, World Scientific, 2009

Yixin Jiang,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1201/9781420068405.ch21

2009-01-01

Abstract:In this chapter, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and intracability, one-way session key/identity refreshment, and data privacy. The reliability features include efficient denial-of-service (DoS) tolerance for forged refreshment messages and fault tolerance for lost messages recovery. The theoretical and the simulative results demonstrate that the proposed protocol is robust and efficient under severe DoS attack and poor wireless channel quality.

Haomiao Yang,Hyunsung Kim,Hongwei Li,Eunjun Yoon,Xiaofen Wang,Xuefeng Ding

DOI: https://doi.org/10.3837/tiis.2013.10.013

2013-01-01

KSII Transactions on Internet and Information Systems

Abstract:As a cornerstone of the next generation air traffic management (ATM), automatic dependent surveillance-broadcast (ADS-B) system can provide continual broadcast of aircraft position, identity, velocity and other messages over unencrypted data links to generate a common situational awareness picture for ATM. However, since ADS-B messages are unauthenticated, it is easy to insert fake aircrafts into the system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, we propose an efficient broadcast authentication scheme with batch verification for ADS-B messages which employs an identity-based signature (IBS). Security analysis indicates that our scheme can achieve integrity and authenticity of ADS-B messages, batch verification, and resilience to key leakage. Performance evaluation demonstrates that our scheme is computationally efficient for the typical avionics devices with limited resources, and it has low communication overhead well suitable for low-bandwidth ADS-B data link.

Haomiao Yang,Hongwei Li,Xuemin Sherman Shen

DOI: https://doi.org/10.1007/978-3-031-07021-1_3

2022-01-01

Abstract:Since the ADS-B communication protocol does not have an inherent message authentication mechanism, ADS-B messages are vulnerable to message injection and modification attacks, so the authenticity and integrity of ADS-B broadcast messages cannot be guaranteed. Some broadcast authentication schemes have been proposed to ensure such authenticity and integrity, but they are not suitable for ADS-B communication scenarios where ADS-B transponders are resource-limited and ADS-B data links are low bandwidth. Specifically, most of the existing broadcast authentication schemes are certificate-based, and the verification and transmission of the certificate chain require a lot of computing and communication resources. Therefore, non-certificate-based broadcast authentication schemes are essential to achieve the authenticity and integrity of ADS-B messages with less verification time and lower communication bandwidth.

Mikaëla Ngamboé,Xiao Niu,Benoit Joly,Steven P Biegler,Paul Berthier,Rémi Benito,Greg Rice,José M Fernandez,Gabriela Nicolescu

2024-02-13

Abstract:The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology that becomes mandatory in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band's activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.

Cryptography and Security

Yang Haomiao,Huang Rongshun,Wang Xiaofen,Deng Jiang,Chen Ruidong

DOI: https://doi.org/10.1016/j.cja.2014.04.028

2014-01-01

Abstract:Automatic dependent surveillance-broadcast (ADS-B) systems can broadcast satellite-based aircraft position, identification, etc., periodically, and are now on track to replace radar to become the backbone of next-generation air traffic management (ATM) systems. However, ADS-B systems suffer severe cyber-security problems due to the broadcast-type data link and the lack of designed-in security measures. Especially, since ADS-B messages are unauthenticated, it is easy to insert fake aircraft into a system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, based on identity-based signature with message recovery (IBS-MR), an efficient broadcast authentication scheme for ADS-B messages is proposed. The security analysis demonstrates that the scheme can achieve authenticity and integrity of ADS-B broadcast messages, as well as adaptive evolution of broadcasters’ private keys. The performance evaluation shows that the scheme is computationally efficient for typical avionics devices with limited resources. Furthermore, the scheme achieves low communication overhead since broadcast messages can be recovered from signatures, and thus it is suitable for low-bandwidth ADS-B data link.

Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.4108/icst.bodynets.2013.253689

2013-01-01

Abstract:Wireless Body Area Networks (WBANs) are the core of components of future m-Health system and is playing a crucial role in healthcare applications. A key requirement for such applications is secure communications between body sensors. This paper presents a novel key agreement scheme which allows wireless body sensors in WBANs to share a common key generated using wireless channel information. Unlike traditional biometric based security approach, the proposed key agreement does not need extra hardware, which can secure data communications in a plug-n-play manner. Our experimental results show that the proposed scheme is feasible for WBANs.

Tao Jin,Triet Vo-Huu,Erik-Oliver Blass,Guevara Noubir

DOI: https://doi.org/10.48550/arXiv.1301.5928

2013-01-28

Abstract:Today's increasing demand for wirelessly uploading a large volume of User Generated Content (UGC) is still significantly limited by the throttled backhaul of residential broadband (typically between 1 and 3Mbps). We propose BaPu, a carefully designed system with implementation for bunching WiFi access points' backhaul to achieve a high aggregated throughput. BaPu is inspired by a decade of networking design principles and techniques to enable efficient TCP over wireless links and multipath. BaPu aims to achieve two major goals:1) requires no client modification for easy incremental adoption; 2) supports not only UDP, but also TCP traffic to greatly extend its applicability to a broad class of popular applications such as HD streaming or large file transfer. We prototyped BaPu with commodity hardware. Our extensive experiments shows that despite TCP's sensitivity to typical channel factors such as high wireless packet loss, out-of-order packets arrivals due to multipath, heterogeneous backhaul capacity, and dynamic delays, BaPu achieves a backhaul aggregation up to 95% of the theoretical maximum throughput for UDP and 88% for TCP. We also empirically estimate the potential idle bandwidth that can be harnessed from residential broadband.

Networking and Internet Architecture

Na Ruan,Mengyuan Li,Jie Li

DOI: https://doi.org/10.1007/s12083-016-0493-9

IF: 3.488

2016-01-01

Peer-to-Peer Networking and Applications

Abstract:Internet of Vehicles (IoVs) is coming and will grow in next few years, VANETs (Vehicular Ad Hoc Networks) is evolving into the era of IoVs. Inevitably, VANETs need to communicate with WSNs (Wireless Sensor Networks). Real-time data transmission between vehicles and road-side sensor nodes has many application scenarios. However, due to different characteristics of VANETs and WSNs, real-time traffic data transmission is too complicated and slow when emergencies occurred in many RSUs-sparse (Road Side Units) areas. In this paper, we propose a broadcast authentication protocol, namely Paralleling Broadcast Authentication Protocol (PBAP), aiming at enhancing energy efficiency and providing network security in the direct communication between vehicles and WSNs. The simulation results demonstrate that the protocol can effectively extend lifetime of WSNs by improving the utilization rate of the keys and show nice properties in different channel loss ratio and different degrees of DoS attacks. The protocol can work well even in the area without RSUs.

CHEN Xiao,GUO Dawei,ZHANG Guoqing,LI Jiawei

2009-01-01

Abstract:Broadcast authentication is the important guarantee that can keep wireless sensor networks working normally.Because of its cost-effective encryption and authentication framework,μTESLA protocol is to be in line with the characteristic and security needs of wireless sensor networks to some extent.In this paper,the implementation procedure of μTESLA protocol was researched deeply.Then the concept of "Authentication Drift" and threshold-based multiple authentication mechanism(M-μTESLA)were put forward,against the common problem that the broadcast packets might not be authenticated normally in the junction of cycles.The research result indicates that the performance of μTESLA protocol could be improved by this mechanism effectively.

Myrto Arapinis,Ábel Kocsis,Nikolaos Lamprou,Liam Medley,Thomas Zacharias

DOI: https://doi.org/10.48550/arXiv.2305.06468

2023-07-21

Abstract:Simultaneous broadcast (SBC) protocols [Chor et al., FOCS 1985] constitute a special class of broadcast channels which have proved extremely useful in the design of various distributed computing constructions (e.g., multiparty computation, coin flipping, e-voting, fair bidding). As with any communication channel, it is crucial that SBC security is composable, i.e., it is preserved under concurrent protocol executions. The work of [Hevia, SCN 2006] proposes a formal treatment of SBC in the Universal Composability (UC) framework [Canetti, FOCS 2001] and a construction secure assuming an honest majority. In this work, we provide a comprehensive revision of SBC in the UC setting and improve the results of [Hevia, SCN 2006]. In particular, we present a new SBC functionality that captures both simultaneity and liveness by considering a broadcast period such that (i) within this period all messages are broadcast independently and (ii) after the period ends, the session is terminated without requiring participation of all parties. Next, we employ time-lock encryption (TLE) over a standard broadcast channel to devise an SBC protocol that realizes our functionality against any adaptive adversary corrupting up to all-but-one parties. In our study, we capture synchronicity via a global clock [Katz et al., TCC 2013], thus lifting the restrictions of the original synchronous communication setting used in [Hevia, SCN 2006]. As a building block of independent interest, we prove the first TLE protocol that is adaptively secure in the UC setting, strengthening the main result of [Arapinis et al., ASIACRYPT 2021]. Finally, we formally exhibit the power of our SBC construction in the design of UC-secure applications by presenting two interesting use cases: (i) distributed generation of uniform random strings, and (ii) decentralized electronic voting systems, without the presence of a special trusted party.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Mengyuan Li,Na Ruan,Haojin Zhu,Jie Li,Xiang Li

DOI: https://doi.org/10.1109/msn.2014.15

2014-01-01

Abstract:Since the era of Internet of Vehicles (IoVs) is coming in next few years, real-time data transmission between vehicles and road-side sensor nodes has many application scenarios. However, due to different characteristics of IoVs and WSNs (Wireless Sensor Networks), real-time traffic data transmission is too complicated and slow when emergencies occurred in many RSUs-sparse (Road Side Units) areas. We build a simple integrated network model and propose a broadcast authentication protocol, namely Paralleling Broadcast Authentication Protocol (PBAP), aiming at enhance energy efficiency and providing network security in the direct communication between vehicles and WSNs. The simulation results demonstrate that the protocol can effectively extend lifetime of WSNs by improving the utilization rate of the keys and show nice properties in different channel loss ratio and different degrees of DOS attacks.

H. Wen,P. -H. Ho,C. Qi,G. Gong

DOI: https://doi.org/10.1049/iet-ifs.2009.0197

2013-01-01

Abstract:The paper introduces a novel message authentication framework over broadcast channels, where a symmetric cryptography-based physical layer assisted message authentication (PLAA) scheme is introduced in wireless networks. The proposed framework integrate the conventional message authentication schemes and the physical layer authentication mechanisms by taking advantage of temporal and spatial uniqueness in physical layer channel responses, aiming to achieving fast authentication while minimising the packet transmission overhead. Our claims through extensive analysis and simulation will be verified via comparing with public key infrastructure-based PLAA scheme and traditional upper layer authentication schemes.

Zheng Gong,Pieter Hartel,Svetla Nikova,Shao-Hua Tang,Bo Zhu

DOI: https://doi.org/10.1007/s11390-013-1411-8

IF: 1.871

2014-01-01

Journal of Computer Science and Technology

Abstract:A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBCMAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

Zhi Li,Qibin Sun,Yong Lian

DOI: https://doi.org/10.1109/ISCAS.2006.1693277

2006-01-01

Abstract:This paper presents a new notion of authenticating degraded multimedia content streamed over wireless networks - unequal authenticity protection (UAP). Multimedia content differs from other data in that the importance of different bits within a bitstream often varies. Therefore, given limited resources, a natural solution is to apply better authenticity protection to more important bits, and vice versa. In this paper, a quantitative relationship between the optimal authentication probability and the given resource budget is firstly derived, followed by a proposed authentication graph which realizes the idea of UAP. Simulation results further confirm the validity of the proposal

Yun Zhou,Xiaoyan Zhu,Yuguang (Michael) Fang

DOI: https://doi.org/10.1109/TMC.2010.37

IF: 6.075

2010-01-01

IEEE Transactions on Mobile Computing

Abstract:Conventional block-based multicast authentication schemes overlook the heterogeneity of receivers by letting the sender choose the block size, divide a multicast stream into blocks, associate each block with a signature, and spread the effect of the signature across all the packets in the block through hash graphs or coding algorithms. The correlation among packets makes them vulnerable to packet loss, which is inherent in the Internet and wireless networks. Moreover, the lack of Denial of Service (DoS) resilience renders most of them vulnerable to packet injection in hostile environments. In this paper, we propose a novel multicast authentication protocol, namely MABS, including two schemes. The basic scheme (MABS-B) eliminates the correlation among packets and thus provides the perfect resilience to packet loss, and it is also efficient in terms of latency, computation, and communication overhead due to an efficient cryptographic primitive called batch signature, which supports the authentication of any number of packets simultaneously. We also present an enhanced scheme MABS-E, which combines the basic scheme with a packet filtering mechanism to alleviate the DoS impact while preserving the perfect resilience to packet loss.

radeep B.H,Sanjay Singh

DOI: https://doi.org/10.48550/arXiv.1208.1712

2012-08-09

Abstract:In ubiquitous computing devices, users tend to store some valuable information in their device. Even though the device can be borrowed by the other user temporarily, it is not safe for any user to borrow or lend the device as it may result the private data of the user to be public. To safeguard the user data and also to preserve user privacy we propose the technique of ownership authentication transfer. The user who is willing to sell the device has to transfer the ownership of the device under sale. Once the device is sold and the ownership has been transferred, the old owner will not be able to use that device at any cost. Either of the users will not be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The proposed protocol has been modeled and verified using Automated Validation of Internet Security Protocols and Applications (AVISPA) and is found to be safe.

Cryptography and Security