CQ Li,S Li,D Zhang,G Chen

DOI: https://doi.org/10.1049/ip-vis:20045234

2006-01-01

IEE Proceedings - Vision Image and Signal Processing

Abstract:A voice-over-Internet protocol technique with a new hierarchical data security protection (HDSP) scheme using a secret chaotic bit sequence has been recently proposed. Some insecure properties of the HDSP scheme are pointed out and then used to develop known/chosen-plaintext attacks. The main findings are: given n known plaintexts, about (100 - (50/2(n)))% of secret chaotic bits can be uniquely determined; given only one specially-chosen plaintext, all secret chaotic bits can be uniquely derived; and the secret key can be derived with practically small computational complexity when only one plaintext is known (or chosen). These facts reveal that HDSP is very weak against known/chosen-plaintext attacks. Experiments are given to show the feasibility of the proposed attacks. It is also found that the security of HDSP against the brute-force attack is not practically strong. Some countermeasures are discussed for enhancing the security of HDSP and several basic principles are suggested for the design of a secure encryption scheme.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Biao He,An Liu,Nan Yang,Vincent K. N. Lau

DOI: https://doi.org/10.1109/jsac.2017.2725698

IF: 16.4

2016-01-01

IEEE Journal on Selected Areas in Communications

Abstract:This paper proposes a new design of non-orthogonal multiple access (NOMA) under secrecy considerations. We focus on a NOMA system, where a transmitter sends confidential messages to multiple users in the presence of an external eavesdropper. The optimal designs of decoding order, transmission rates, and power allocated to each user are investigated. Considering the practical passive eavesdropping scenario where the instantaneous channel state of the eavesdropper is unknown, we adopt the secrecy outage probability as the secrecy metric. We first consider the problem of minimizing the transmit power subject to the secrecy outage and quality of service constraints, and derive the closed-form solution to this problem. We then explore the problem of maximizing the minimum confidential information rate among users subject to the secrecy outage and transmit power constraints, and provide an iterative algorithm to solve this problem. We find that the secrecy outage constraint in the studied problems does not change the optimal decoding order for NOMA, and one should increase the power allocated to the user whose channel is relatively bad when the secrecy constraint becomes more stringent. Finally, we show the advantage of NOMA over orthogonal multiple access in the studied problems both analytically and numerically.

Zheng Ming,Wu Jianping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.10.003

2012-01-01

Abstract:Anonymous communication is a very effective measure for privacy protection.However,the attacks against anonymous communication are also increasing at the time of the development of anonymous communication.In this paper,we first analyse the method and the process of attack against low-latency anonymous communication by malicious attacker and present some defense methods.According to those methods,we then propose a protocol of anonymous communication over invisible mix rings(AMIMR),which utilises the extended source address.We analyse the features of nodes,structure,topology and function in AMIMR.Our analysis on attack tolerance of AMIMR shows that this protocol has strong attack tolerance in blocking attack process and resisting passive attacks and active attacks.Simulation indicates that AMIMR still has high anonymity even in circumstance of quite high malicious node rate.The limitation of AMIMR is that part of its nodes may be restricted by the rule of networks where it is.

Lunzhi Deng

DOI: https://doi.org/10.1007/s00500-019-04375-8

IF: 3.732

2019-09-24

Soft Computing

Abstract:In community management services, it is a common requirement for management centers to send the same encrypted message to some units and individuals in the community, while avoiding the leakage of personal information of the user. In order to achieve this goal safely and efficiently, the multi-receiver encryption is a good option. In the setting, a sender generates the ciphertext for a designed group of receivers. Any receiver in the group can obtain the plaintext by decrypting the ciphertext using his own private key, and the true identity of the receiver is kept secret to anyone including other receivers. Recently, several certificateless multi-receiver encryption (CLMRE) schemes have been introduced, and all of them are proved to be secure in the random oracles model (ROM). ROM is a simulation of the hash function and can not replace the real hash function computation. In this paper, a new CLMRE scheme is constructed and it is proved to be secure based on decision bilinear Diffie–Hellman problem in the standard model (SM). It achieves the anonymity of the receivers and is suitable for smart community management systems.

computer science, artificial intelligence, interdisciplinary applications

YX Jiang,C Lin,MH Shi,XM Shen

DOI: https://doi.org/10.1109/glocom.2005.1577941

2005-01-01

Abstract:A novel authentication protocol for teleconference service is proposed. The main features of the proposed protocol include identity anonymity, one-time PID (pseudonym identity) renewal and location intractability. Identity anonymity is achieved by concealing the real identity of a mobile conferee in a prearranged pseudonym identity. One-time PID renewal mechanism, in which the mobile conferee's PID is frequently updated communicating with the network centre, is introduced to offer location intractability. It is shown that the security has been significantly enhanced, while the computation complexity is similar to the existing one appeared in the literature.

Salman Shamshad,Minahil Rana,Khalid Mahmood,Muhammad Khurram Khan,Mohammad S. Obaidat

DOI: https://doi.org/10.1007/s11277-021-09338-7

IF: 2.017

2021-11-15

Wireless Personal Communications

Abstract:With the rapidly growing user experience and traffic growth requirements in the Mobile Edge Computing (MEC) environment, the conventional security protocols are no longer capable of meeting the modern demand. In order to cope with this demand, novel security solution such as identity-based cryptography, which does not require complex calculations, has attracted great attention from the research community. Recently, Li et al. (IEEE Syst J 1937–9234, 2021, https://doi.org/10.1109/JSYST.2020.2979006) devised an identity-based protocol for the MEC environment. They claimed that their protocol offers efficient and secure communication among the involved entities. Nevertheless, after performing a careful analysis of their protocol, we discovered that their protocol is vulnerable to MEC server and mobile user impersonation attacks. Similarly, their protocol has no provision of mobile user anonymity and untraceability. Furthermore, it has incorrectness in the authentication phase. Given these limitations, we have suggested a suitable remedy, which counters all the said vulnerabilities and limitations.

telecommunications

Jianhong Zhang,Peirong Ou

DOI: https://doi.org/10.3390/s19153370

IF: 3.9

2019-07-31

Sensors

Abstract:Nowadays, the widely deployed and high performance Internet of Things (IoT) facilitates the communication between its terminal nodes. To enhance data sharing among terminal devices and ensure the recipients’ privacy protection, a few anonymous multi-recipient broadcast encryption (AMBE) proposals are recently given. Nevertheless, the majority of these AMBE proposals are only proven be securely against adaptively chosen plain-text attack (CPA) or selectively chosen ciphertext attack (CCA). Furthermore, all AMBE proposals are subjected to key escrow issue due to inherent characteristics of the ID-based public cryptography (ID-PKC), and cannot furnish secure de-duplication detection. However, for cloud storage, it is very important for expurgating duplicate copies of the identical message since de-duplication can save the bandwidth of network and storage space. To address the above problems, in the work, we present a privacy-preserving multi-receiver certificateless broadcast encryption scheme with de-duplication (PMCBED) in the cloud-computing setting based on certificateless cryptography and anonymous broadcast encryption. In comparison with the prior AMBE proposals, our scheme has the following three characteristics. First, it can fulfill semantic security notions of data-confidentiality and receiver identity anonymity, whereas the existing proposals only accomplish them by formalizing the weaker security models. Second, it achieves duplication detection of the ciphertext for the identical message encrypted with our broadcast encryption. Finally, it also avoids the key escrow problem of the AMBE schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ding WANG,Wen-Ting LI,Ping WANG

DOI: https://doi.org/10.13328/j.cnki.jos.005361

2018-01-01

Journal of Software

Abstract:The design of secure and efficient user authentication protocols for multi-server environment is becoming a hot research topic in the cryptographic protocol community. Based on the widely accepted adversary model, this paper analyzes three representative, recently proposed user authentication schemes for multi-server environment. The paper reveals that: 1) Wan et al.’s scheme is subject to offline password guessing attack as opposed to the authors’ claim, and it also cannot provide user anonymity and forward secrecy; 2) Amin et al.’s scheme cannot withstand offline password guessing attack, cannot preserve user anonymity and is vulnerable to two kinds o f forward secrecy issues; 3) Reedy et al.’s scheme cannot resist against user impersonation attack and offline password guessing attack, and  基金项目: 国家自然科学基金(61472016); 国家重点研发计划(2016YFB0800603, 2017YFB1200700) Foundation item: National Natural Science Foundation of China (61472016); National Key Research and Development Plan (2016YFB0800603, 2017YFB1200700) 本文由“面向隐私保护的新型技术与密码算法”专题特约编辑黄欣沂教授推荐. 收稿时间: 2017-05-30; 修改时间: 2017-07-13; 采用时间: 2017-08-22; jos 在线出版时间: 2017-10-17 CNKI 网络优先出版: 2017-10-17 13:38:05, http://kns.cnki.net/kcms/detail/11.2560.TP.20171017.1338.008.html 1938 Journal of Software 软件学报 Vol.29, No.7, July 2018 also falls short of user un-traceability. The paper highlights three principles for designing more robust anonymous multi-factor authentication schemes: Public key principle, user anonymity principle and forward secrecy principle, explaining the essential reasons for the security flaws of the above protocols. It further proposes some amendments for the identified secur ity flaws.

Yixin Jiang,Chuang Lin,Minghui Shi,Xuemin Sherman Shen

DOI: https://doi.org/10.1504/IJSN.2006.011779

2006-01-01

Abstract:A novel authentication protocol for teleconference service is proposed. The main features of the proposed protocol include identity anonymity, one-time Pseudonym Identity (PID) renewal and location intracability. Identity anonymity is achieved by concealing the real identity of a mobile conferee in a prearranged PID. One-time PID Renewal mechanism, in which the mobile conferee's PID is frequently updated communicating with the network centre, is introduced to offer location untracability. It is shown that the security has been significantly enhanced, while the computation complexity is similar to the existing ones appeared in the literature.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11496137_23

2005-01-01

Abstract:The Canetti-Krawczyk (CK) model uses resuable modular components to construct indistinguishability-based key exchange protocols. The reusability of modular protocol components makes it easier to construct and prove new protocols when compared with other provably secure approaches. In this paper, we build an efficient anonymous and authenticated key exchange protocol for roaming by using the modular approach under the CK-model. Our protocol requires only four message flows and uses only standard cryptographic primitives. We also propose a one-pass counter based MT-authenticator and show its security under the assumption that there exists a MAC which is secure against chosen message attack.

Daojing He,Chun Chen,Maode Ma,Jiajun Bu

DOI: https://doi.org/10.1002/sec.284

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:To allow many users to hold a secure teleconference in mobile networks, a secure conference scheme with dynamic participation is necessary. However, designing a secure and efficient conference scheme is a difficult task because wireless networks are susceptible to attacks and wireless devices have limited resources. Recently, a lightweight and secure conference scheme has been suggested. Later, it has been found that this solution has security weaknesses and a modified version to overcome them has been presented. Compared with other conference schemes, these two schemes have many advantages. In this short paper, security study of these conference schemes in mobile networks has been performed with the following findings: (1) both the original scheme and the modified version are still vulnerable to our proposed impersonation attack; (2) they lack a mechanism to confirm the delivery of relevant messages, leading to protocol disruption. Therefore, these two schemes cannot be deployed for the real world applications without further development. Then, some efficient countermeasures are given for enhancing the security of both schemes. Further, the security properties of the improved protocol are formally validated by a model checking tool called AVISPA. Finally, several basic principles are suggested for the design of a secure conference scheme. Copyright (C) 2011 John Wiley & Sons, Ltd.

Zhaoman Liu,Yanbo Chen,Jianting Ning,Yunlei Zhao

DOI: https://doi.org/10.1016/j.tcs.2024.114464

IF: 1.002

2024-01-01

Theoretical Computer Science

Abstract:In the multicast communication scenario, compared with broadcast encryption, broadcast signcryption or multi-receiver signcryption has additional ability to authenticate the source of the message. With the enhanced awareness of privacy preservation, ordinary users pay more attention to the identity leakage in the communication process. The primitive of anonymous broadcast signcryption has been proposed to solve this problem, which provides additional anonymity compared with the existing broadcast signcryption. However, most anonymous broadcast signcryption schemes only ensure the sender's identity concealment but ignore the anonymity of the receiver set. In this paper, we present a fully anonymous identity-based broadcast signcryption scheme, which meets insider unforgeability, outsider confidentiality, identity concealment of sender and full anonymity of the receiver set. In addition, our scheme has two further desirable characteristics. One is public verifiability which means any third party can verify the validity of the message source without knowing the private key provided by the receiver. The other is statelessness which means the user does not need to update the private key due to the join or revocation of other users. Moreover, our scheme has constant-size public parameters and private key as well as constant decryption complexity, which makes the scheme more suitable for deployment in devices with limited storage or low computing power such as IoT devices.

Yuh-Min Tseng,Tung-Tso Tsai,Sen-Shan Huang,Ting-Chieh Ho

DOI: https://doi.org/10.1109/access.2024.3368442

IF: 3.9

2024-03-02

IEEE Access

Abstract:By side-channel attacks, a fraction part of secret keys used in cryptographic schemes could be leaked to adversaries. Recently, adversaries have realized practical side-channel attacks so that these existing cryptographic schemes could be broken. Indeed, researchers have invested and proposed a good approach to withstand such attacks, called as leakage-resilient cryptography. Very recently, several leakage-resilient anonymous multi-receiver encryption (LR-AMRE) schemes based on various public-key systems were also proposed. However, these LR-AMRE schemes are not suitable for a heterogeneous public-key environment under which an authorized receiver group includes heterogeneous receivers under various PKS settings and these receivers have various types of secret/public key pairs. In this article, we propose the leakage-resilient anonymous heterogeneous multi-receiver hybrid encryption (LR-AHMR-HE) scheme for the heterogeneous public-key system settings. A new framework and associated adversary games of the LR-AHMR-HE scheme are defined. In the adversary games, adversaries are admitted to continuously intercept a fraction part of secret keys. Under the adversary games, formal security proofs are provided to show that the proposed scheme is secure against two types of adversaries (illegitimate user and malicious authority). Comparisons with several related previous schemes are demonstrated to present the merits of our scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dapeng Cheng,Jinsong Han,Mo Li,Baijian Yang

DOI: https://doi.org/10.1109/ICCCAS.2006.284966

2006-01-01

Abstract:Privacy and anonymity have become an increasing requirement in today's wireless networks. However, current mobile peer-to-peer architectures have not taken into account anonymity, especially the mutual anonymity between two nodes. In this paper, we propose a secure-information-dispersal-algorithm-based mutual anonymity protocol (SIDAM), for mobile P2P networks. SIDAM achieves mutual anonymity in mobile P2P networks. We simulate SIDAM in a prototyped test-bed and initiate comprehensive attacks on our protocol. The simulation results indicate that SIDAM provides high anonymity with a low cryptography processing overhead

Ping Wang,Zijian Zhang,Ding Wang

DOI: https://doi.org/10.1007/978-3-030-01950-1_50

2018-01-01

Abstract:Revealing the security flaws of existing cryptographic protocols is the key to understanding how to achieve better security. At ICICS’17, Xu et al. proposed an efficient two-factor authentication scheme for multi-server environment to cope with the vulnerabilities in Amin et al.’s scheme. However, in this paper, we reveal that Xu’s new scheme actually is as vulnerable as Amin et al.’s scheme: anyone can impersonate any legitimate user. At FC’17, Wu et al. also developed an improvement over Irshad et al.’s scheme and this improved scheme is alleged to be practical and have a number of appealing merits. Yet, Wu et al.’s scheme still fails to achieve truly two-factor security (which is the most important goal of a two-factor scheme), and the leakage of a session-specific parameter will lead to the leakage of the user’s long-term secret key.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Zhen Yan,Haipeng Qu,Xiaoshuai Zhang,Jian-Liang Xu,Xi-Jun Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102950

IF: 5.836

2023-07-22

Journal of Systems Architecture

Abstract:Cloud-based anonymous messaging systems have been widely utilized in covert conversations to enable people to anonymously exchange encrypted data in public using cryptographic techniques. Recently, Ateniese et al . proposed the identity-based matchmaking encryption (IB-ME) which provides confidentiality, anonymity and authenticity in a logical single step for such systems. However, there are two crucial and practical issues in IB-ME. On the one hand, the existing IB-MEs only achieve indistinguishability under adaptive chosen identity and plaintext attacks (IND-ID-CPA). How to structure the IB-ME with indistinguishability under adaptive chosen identity and ciphertext attacks (IND-ID-CCA) is still an open problem. On the other hand, the computational cost of the receiver is considerable when using IB-ME since the ciphertext leaks no information about its sender's and specified receiver's identities. Thus, the receiver has to attempt to match "all" ciphertexts one by one with its own decryption key and "all" potential senders' identities. To reduce such a cost of the receiver in IB-ME, it is desired for the receiver to delegate the decryption ability with respect to the potential senders to some proxies. With the proxy keys, these proxies can match the ciphertexts parallelly. Nonetheless, an obvious challenge is how to delegate such ability to a proxy without losing anonymity and authenticity to protect the privacy of both the sender and the receiver. In this paper, we propose a novel CCA-secure solution, called identity-based proxy matchmaking encryption (IB-PME) for cloud-based anonymous messaging systems, to address the foregoing issues. The security analysis and the performance evaluation demonstrate that our proposed IB-PME is highly practical.

computer science, software engineering, hardware & architecture

Jian-bin Hu,Hu Xiong,Zhong Chen

2012-01-01

Abstract:Seamless roaming is highly desirable for wireless communications, and security such as authentication and privacy preserving of mobile users is challenging. Recently, Wu et al. and Wei et al. proposed two authentication schemes that guarantee user anonymity in wireless communications, respectively. However, Kang et al. pointed out some security flaws of Wu et al.’s and Wei et al.’s authentication schemes and showed how to overcome the problems regarding anonymity and the forged login messages. In this paper, we will show that Kang et al.’s improved scheme still did not provide user anonymity as they claimed and give a further improvement to fix the problem without losing any features of the original scheme.