YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Inshil Doh,Jiyoung Lim,Shi Li,Kijoon Chae

DOI: https://doi.org/10.2298/csis130922065d

2014-01-01

Computer Science and Information Systems

Abstract:In the ubiquitous environment, more and more devices are deployed in our daily life, and need to communicate with one another. M2M (Machine-to-Machine) communication is considered to be one of the major issues in future networks. M2M is expected to bring various benefits in wireless communications when it is interconnected with cellular networks. Considering the characteristics of cellular M2M networks, traditional security solutions are not proper to be applied to cellular M2M networks because the M2M network itself is vulnerable to various attacks. We consider security aspects for cellular M2M communications and propose a key management mechanism including the pairwise key and group key establishment. Our proposal could provide reliability and efficiency for the cellular M2M communication network in the secure manner.

Inshil Doh,Jiyoung Lim,Shi Li,Kijoon Chae

DOI: https://doi.org/10.1109/IMIS.2013.102

2013-01-01

Abstract:M2M(Machine-to-Machine) communication is considered to be one of the major issues in future network. Especially, M2M will bring various benefits in wireless communications when it is interconnected with cellular network. Considering the characteristics of cellular M2M network, traditional security solutions are not practical to apply because the cellular M2M network is more vulnerable to various attacks. In this work, we consider security aspects for cellular M2M communication and propose a key management. Our proposal can provide reliability and efficiency for secure cellular M2M communication network.

Chen Tianzhou,Mao Haixia,Dai Hongjun

2006-01-01

Abstract:This paper briefly analyzes the security mechanisms of GSM/UMTS and finds their security defects, such as unidirectional authentication and cipher key transmission without encryption. For these defects, existing mobile communication systems can not prevent hostile attacks to satisfy high-level security demands. To solve these problems, we propose the robust Middleware Architecture for Mobile Communication Security (MAMCS), which employs new Authentication and Key Agreement (AKA) protocols, chooses different encryption algorithms for different applications and implements integrity control mechanism. In the end, we analyze the performance of MAMCS and show that MAMCS gets a 200%~2% improvement in security only at the cost of 1.51% descent in bandwidth and 18.14 ms extra latency.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Muath Obaidat,Joseph Brown,Suhaib Obeidat,Majdi Rawashdeh

DOI: https://doi.org/10.3390/s20154212

2020-07-29

Abstract:A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client-server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client-server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Mengxia Shuai,Nenghai Yu,Hongxia Wang,Ling Xiong

DOI: https://doi.org/10.1016/j.cose.2019.06.002

IF: 5.105

2019-01-01

Computers & Security

Abstract:Smart home is an emerging paradigm of the Internet of Things (IoT), which facilitates an individual to operate the smart home appliances remotely through the internet. Since the user and the smart devices communicate over insecure communication channels, the transmitted sensitive data collected by the smart devices may be intercepted and altered easily by a malicious adversary. Therefore, there is a great need to design an effective and anonymous authentication scheme to guarantee secure communications in smart home environment. In the past decade, extensive research has been carried out on this security issue, but most of them are not secure. As a step towards this direction, in this paper, we propose an efficient and anonymous authentication scheme for smart home environment using Elliptic Curve Cryptography (ECC). The proposed scheme avoids keeping the verification table for authentication purposes. In addition, random number method is adopted to resist replay attack, and it can avoid the clock synchronization problem. The rigorous formal proof and heuristic analysis show that the proposed scheme provides the desired security features and resists against all the possible attacks. Compared with the most representative related schemes, the proposed scheme achieves a delicate balance between security and efficiency, and it is more suitable for realistic environments.

Yue Lai,Jiawen Kang,Rong Yu

DOI: https://doi.org/10.1155/2013/849572

IF: 1.938

2013-01-01

International Journal of Distributed Sensor Networks

Abstract:In recent years, M2M networking is an active research topic in both academic and industrial fields. Home M2M networks, as an important branch of M2M networks, have attracted wide concerns for home application. In this paper, we first present a brief overview of home M2M networks. Then we introduce a hierarchical architecture of home M2M networks and describe the approach of devices management and services discovery. After that, we focus on the security authentication with centralized node and an improved method of available bandwidth measurement. With the centralized node, our system is more efficient and secure, because of efficient resource management and users' anonymity protection. Compared to existing bandwidth measurement methods, our method takes up less additional bandwidth, saves more time, and has a higher accuracy for measurement. Experiments are carried out to demonstrate the effectiveness and accuracy of the proposed scheme.

Chien-Ming Chen,King-Hang Wang,Tsu-Yang Wu,Jeng-Shyang Pan,Hung-Min Sun

DOI: https://doi.org/10.1109/tifs.2013.2270106

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The man-in-the-middle (MITM) attack is the major threat for handheld devices to agree on a session key in which they do not share any prior secret in advance, even if these devices are physically located in the same place. Apart from insecurely typing passwords into handheld devices or comparing long hexadecimal keys displayed on the devices' screens, many other human-verifiable protocols have been proposed in the literature to solve the problem. Unfortunately, most of these schemes are unscalable to more users. Even when there are only three entities attempting to agree on a session key, these protocols need to be rerun three times. In this paper, we present a bipartite and a tripartite authentication protocol using a temporary confidential channel. Besides, we further extend the system into a transitive authentication protocol that allows multiple handheld devices to establish a conference key securely and efficiently. In addition, we provide a formal proof to our protocol to demonstrate our scheme is indeed secure. We also implement the prototype of the system on a mobile phone with satisfying performance.

Jie Wang,Shengbao Wang,Kang Wen,Bosen Weng,Xin Zhou,Kefei Chen

DOI: https://doi.org/10.3390/electronics13061109

IF: 2.9

2024-03-19

Electronics

Abstract:Dynamic wireless charging emerges as a promising technology, effectively alleviating range anxiety for electric vehicles in transit. However, the communication between the system's various components, conducted over public channels, raises concerns about vulnerability to network attacks and message manipulation. Addressing data security and privacy protection in dynamic charging systems thus becomes a critical challenge. In this article, we present an authentication protocol tailored for dynamic charging systems. This protocol ensures secure and efficient authentication between vehicles and roadside devices without the help of a trusted center. We utilize a physical unclonable function (PUF) to resist physical capture attacks and employ the elliptic curve discrete logarithm problem (ECDLP) to provide forward security protection for session keys. We validated the security of our proposed scheme through comprehensive informal analyses, and formal security analysis using the ROR model and formal analysis tool ProVerif. Furthermore, comparative assessments reveal that our scheme outperforms other relevant protocols in terms of efficiency and security.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chen Tianzhou,Huang Yu,Chen Feng,Hu Wei

2006-01-01

Abstract:There are many security defects in existing mobile communication systems, such as unidirectional authentication and cipher key transmission in plaintext. With the expansion of the mobile communication services, the mobile security becomes more and more important, but the existing communication systems can not prevent hostile attacks to supply high-quality service because of their defects in security. To solve these problems, we propose a new Security Architecture for Mobile Communication (SAMC), which employs new authentication protocols, chooses different encryption algorithms for different requirements and implements integrity control mechanism. Good security is developed in an open environment with the collaboration of experts. It has the robust security and the outstanding performance, just a slight and acceptable loss.

Salem AlJanah,Ning Zhang,Siok Wah Tay

2023-07-07

Abstract:Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks.

Cryptography and Security

Run-Fa Liao,Hong Wen,Jinsong Wu,Fei Pan,Aidong Xu,Huanhuan Song,Feiyi Xie,Yixin Jiang,Minggui Cao

DOI: https://doi.org/10.1109/access.2019.2934122

IF: 3.9

2019-01-01

IEEE Access

Abstract:In this paper, we investigate the security threats in mobile edge computing (MEC) of Internet of things, and propose a deep-learning (DL)-based physical (PHY) layer authentication scheme which exploits channel state information (CSI) to enhance the security of MEC system via detecting spoofing attacks in wireless networks. Moreover, three gradient descent algorithms are adopted to accelerate the training of deep neural networks, which enables smaller computation overheads and lower energy consumptions. In addition, the maximum likelihood function of multi-user authentication method is derived, which explains why cross entropy is chosen as the loss function. The vectorization cost function is also derived. The mini batch scheme and ℓ 2 regularization are adopted to improve training accuracy and avoid over-fitting, respectively. Moreover, the simulation and experimental results show that the DL-based PHY-layer authentication approaches can distinguish multiple legitimate edge nodes from malicious nodes and attacker by CSIs, effectively. Our proposed method supports a better performance compared with the traditional hypothesis test based method.

Chi-Chun Lo,Yu-Jen Chen

DOI: https://doi.org/10.1109/30.809184

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

telecommunications,engineering, electrical & electronic

Kehe Wu,Rui Cheng,Wenchao Cui,Wei Li

DOI: https://doi.org/10.1016/j.aej.2020.09.008

IF: 6.626

2021-02-01

Alexandria Engineering Journal

Abstract:With the increasing openness of smart grids, a large quantity of power terminals will be widely applied in systems of smart grids by various access modes (wired, wireless, satellite). In order to ensure the integrity and confidentiality of the data and the security of the communications between power terminals and the smart grid intranet, a lightweight security authentication and key agreement scheme is proposed in this article. The scheme provides mutual authentication based on the SM2 algorithm and key agreement which can prevent various attacks. Furthermore experimental evaluation and comparative analysis is conducted to indicate that the proposed scheme can resist many types of attacks with lower amounts of total computational resources and lower communications bandwidth. The analysis shows that the proposed scheme is suitable for smart grid.

engineering, multidisciplinary

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Ting Liu,Yang Liu,Yashan Mao,Yao Sun,Xiaohong Guan,Weibo Gong,Sheng Xiao

DOI: https://doi.org/10.1109/TSG.2013.2264537

2014-01-01

Abstract:Integrating information network into power system is the key for realizing the vision of smart grid, but also introduces many security problems. Wireless communication offers the benefits of low cost, rapid deployment, shared communication medium, and mobility; at the same time, it causes many security and privacy challenges. In this paper, the concept of dynamic secret is applied to design an encryption scheme for smart grid wireless communication. Between two parties of communication, the previous packets are coded as retransmission sequence, where retransmitted packet is marked as “1” and the other is marked as “0.” During the communication, the retransmission sequence is generated at both sides to update the dynamic encryption key. Any missing or misjudging in retransmission sequence would prevent the adversary from achieving the keys. In our experiments, a smart grid platform is built, employing the ZigBee protocol for wireless communication. And a dynamic secret-based encryption demo system is designed based on this platform. The experiment results show that the retransmission and packet loss in ZigBee communication are inevitable and unpredictable, and it is impossible for the adversary to track the updating of the dynamic encryption key.

Congcong Shi,Miao Du,Weidong Lu,Sanglu Lu

DOI: https://doi.org/10.1109/globecom38437.2019.9013998

2019-01-01

Abstract:With the rapid development of machine-to-machine (M2M) mobile smart terminals, M2M services can be used in a wide range of industries, including such as telemedicine, remote meter reading and public security. Since different industries and enterprise users have different requirements for M2M specific applications, the security identity authentication of M2M mobile terminals is particularly worthy of attention. Existing methods can effectively solve the unsustainable problem of one-time verification, however they cannot address the dynamic relevance characteristics of user behavior sufficiently. Thus, the accuracy of user identity authentication needs to be further improved. In this paper, we propose a terminal identity authentication technology based on user association behavior analysis. In order to identify the abnormal login during each behavior process of authenticated user, we take largest coincident part of the user behavior sequence and short coincide into consideration. In addition, we propose a Similarity-based Behavior Sequence Similarity Algorithm (BCS-SSA) based on the traditional sequence pattern of Behavior Common Subsequence. The experimental results demonstrate that the proposed method can effectively improve the accuracy of user's behavioral sequence, and prove the uniqueness of different sequences on the other hand.