Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Dong Xie,Jinghua Yang,Bin Wu,Weixin Bian,Fulong Chen,Taochun Wang

DOI: https://doi.org/10.1109/tifs.2024.3362589

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:In a mobile edge computing environment, the computing tasks of resource-constrained IoT devices are often offloaded to mobile edge computing servers for processing. In order to ensure the security of the task offloading process, both parties need to perform mutual authentication and negotiate a session key first. The security defenses in the existing authentication schemes are often only aimed at external attackers, while ignoring the possible malicious behaviors of semi-trusted servers. Furthermore, they cannot effectively take into account the device-side lightweight and security, as well as the load problem of a single registry. In this paper, we propose a new anonymous authentication key agreement scheme that fully considers the resource constraints of terminal devices and the security risks of semi-trusted servers. In the scheme, we use the method of generating pairing information during registration to avoid the server-side directly contacting the user's private information, and support trusted third parties not to participate in the authentication process. In addition, by setting up authentication servers to outsource computing tasks, the device-side can avoid blindly selecting a computing server for task offloading, achieve accurate task assignment and efficient execution of authentication. We use Real-Or-Random model and BAN logic to demonstrate the security of the proposed scheme, and use the ProVerif tool to verify its authenticated reachability and confidentiality. Compared with other schemes with the same structure, this scheme is superior to similar schemes, and has higher security on the basis of ensuring the least amount of computation on the device-side.

computer science, theory & methods,engineering, electrical & electronic

Zhiguo Wan,Kui Ren,Wenjing Lou,Bart Preneel

DOI: https://doi.org/10.1109/WCNC.2008.459

2008-01-01

Abstract:Popularity of group oriented applications motivates research on security and privacy protection for group communications. A number of group key agreement protocols exploiting ID based cryptosystem have been proposed for this objective. Though bearing beneficial features like reduced management cost, private key delegation from ID based cryptosystem, they have not taken into account privacy issues during group communication. In wireless networks, the privacy problem becomes more crucial and urgent for mobile users due to the open nature of radio media. In this paper, we proposed an anonymous ID based group key agreement protocol for wireless networks. Based on ID based cryptosystem, our protocol not only benefits from the desirable features of ID based cryptosystem, but also provides privacy protection for mobile users. More important, in the proposed protocol, the computation cost for each group member is largely reduced to meet the computation capability restriction of mobile devices.

Fengyin Li,Xinying Yu,Yang Cui,Siqi Yu,Yuhong Sun,Yilei Wang,Huiyu Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.01.019

IF: 5.047

2022-01-01

Computer Communications

Abstract:Wireless Sensor Networks (WSNs) play an indispensable role in the application of smart homes, smart healthcare, and precision agriculture. However, WSNs confront privacy risks that hinder its practical applications. The leakage of privacy is one of the key factors to restrict the development of WSNs. Hence, in this paper, we propose an Anonymous Authentication and Key Agreement protocol (AAKA) to accomplish identity authentication and privacy protection. Based on the dynamic sequence number, the shared secret value, and the dynamic random number, the AAKA protocol implements a two-way authentication and keys negotiation among users, gateway, and sensors, which achieves the secure access control of legitimate users to WSNs and ensures the confidential transmission of data over the public channel. We perform the security proof with BAN logic for security evaluation. The performance analysis demonstrates that compared with other WSNs authentication schemes, the AAKA protocol obtained better security features, smaller storage, and more efficient communication. Therefore, it is more suitable for applications in smart living.

Zahid Mahmood,Ata Ullah,Huansheng Ning

DOI: https://doi.org/10.1109/access.2018.2840131

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the inclusion of mobile devices and ubiquitous connectivity of smart devices in Internet of Things, secure key management is mandatory to ensure privacy for information exchange. In this regard, the multiparty key establishment schemes achieve better security strength by taking shared parameters from neighboring member nodes to calculate the key. The similar multiparty mechanism can be adopted among other hierarchical nodes, including head node, server and gateway node. Moreover, session keys can also be set up in a similar manner. The main problem in multiparty password-based authentication schemes is the computation of extensively hard problem that limits it to three parties and N-party is quite more complex or infeasible. This paper presents a novel distributed multiparty keying scheme where chaotic maps are used to provide one-way hashing and Chebyshev polynomial are used for establishing a common multiparty key. In this paper, Phase-I covers keying among trusted server and group heads and Phase-II elaborates the key establishment among smart devices and their group heads. The scheme is verified through the formal specification and security analysis using Rubin Logic for inter-group key establishment scenario. We have validated the intra-group and inter-group key establishment by doing extensive simulations in NS 2.35. Moreover, a test bed is setup for group head to server level authentication and key establishment. Results prove the supremacy of our scheme as compared with preliminaries in terms of computation cost, communication cost, and resilience.

computer science, information systems,telecommunications,engineering, electrical & electronic

P. Vijayakumar,Victor Chang,L. Jegatha Deborah,Bharat S. Rawal Kshatriya

DOI: https://doi.org/10.1016/j.future.2018.03.027

IF: 7.307

2018-07-01

Future Generation Computer Systems

Abstract:With the computing systems becoming more and more pervasive and ubiquitous due to the invention of cloud computing and mobile phone based applications, secure data transmission is the pressing need for a real time perspective of the technologies. Examples of the need for secure key management and distribution environments include secure transmission of health related SMS, telecare medicine provisioning for critical applications such as heart disorders, secure agriculture monitoring, data transmission in surveillance scenarios, secure military networks, etc. In the context of key exchange for secure group communication, the computational complexities need to be addressed in particular due to the advent of resource constrained mobile phones, sensors and other embedded devices. This special issue introduces some of the novel approaches for enabling secure group communication in the contexts related to cloud and mobile computing.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/TWC.2007.06020042

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user is. A network eavesdropper cannot find out the user's identity either (user anonymity). In addition, visited servers cannot track the roaming user's movements and whereabouts even they collude with each other (user untraceability). Our construction approach is generic and built upon provably secure two-party key establishment protocols. Merits of our generic protocol construction include eliminating alias synchronization between the user and the home server, supporting joint key control, and not relying on any special security assumptions on the communication channel between the visiting server and the user's home server. Our protocol can also be implemented efficiently. By piggybacking some message flows, the number of message flows between the roaming user and the visiting server is only three. As of independent interest, we describe a new practical attack called deposit-case attack and show that some previously proposed protocols are vulnerable to this attack.

Yanxia Fu,Yanli Ren,Guorui Feng,Xinpeng Zhang,Chuan Qin

DOI: https://doi.org/10.3390/electronics10202464

IF: 2.9

2021-10-11

Electronics

Abstract:The popularity of mobile devices in Internet of Things has brought great convenience to the lives of the people. Massive data generated in the IoT are outsourced and stored on cloud platforms so that data aggregation and analysis can be performed on the massive data. However, these data often contain sensitive information of mobile devices, so effective protection of mobile user privacy is the primary condition for further development of IoT. Most of the current data aggregation schemes require a lot of interactions between users, and thus this paper designs a non-interactive secure multidimensional data aggregation scheme. This scheme adopts an additive secret sharing technique to mask the shared data and send it to two non-colluding servers, and then the servers aggregate the ciphertext respectively. Different from the existing schemes, our proposed scheme achieves non-interaction between users, and the aggregation result is kept confidential to the server and supports mobile users offline. Finally, we perform an experimental evaluation which proves the effectiveness of our scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

张斌,邬江兴

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.08.013

2003-01-01

Abstract:The anonymity of mobile user must be considered sufficiently during the authentication of user in a mobile com-puting environment.In this paper,we present a classificationscheme of anonymity of mobile user,give three methods of solv-ing the anonymity of mobile user including shared key method,public key method and hybrid method.Then we analyze these methods,point out the existing problems and propose some im-provement to overcome the constraint of homeless authentica-tion protocol.

Jinsong Han,Yanmin Zhu,Yunhao Liu,Jianfeng Cai,Lei Hu

DOI: https://doi.org/10.1109/ICDCSW.2005.114

2005-01-01

Abstract:Nowadays privacy and anonymity have become an increasing requirement in wireless networks. However, current mobile peer-to-peer architectures have not taken into account anonymity, especially the mutual anonymity between two nodes. In this paper, we propose a mutual anonymity protocol, calledSecret-sharing-based Mutual Anonymity Protocol (SMA), for mobile P2P networks. Our simulation results show that SMA achieves mutual anonymity in mobile P2P networks with a low cryptography processing overhead.

Yuan Cheng,Yanan Liu,Zheng Zhang,Yanxiu Li

DOI: https://doi.org/10.3390/s23146460

IF: 3.9

2023-07-18

Sensors

Abstract:Wireless sensor networks are usually applied in hostile areas where nodes can easily be monitored and captured by an adversary. Designing a key distribution scheme with high security and reliability, low hardware requirements, and moderate communication load is crucial for wireless sensor networks. To address the above objectives, we propose a new key distribution scheme based on an ECC asymmetric encryption algorithm. The two-way authentication mechanism in the proposed scheme not only prevents illegal nodes from accessing the network, but also prevents fake base stations from communicating with the nodes. The complete key distribution and key update methods ensure the security of session keys in both static and dynamic environments. The new key distribution scheme provides a significant performance improvement compared to the classical key distribution schemes for wireless sensor networks without sacrificing reliability. Simulation results show that the proposed new scheme reduces the communication load and key storage capacity, has significant advantages in terms of secure connectivity and attack resistance, and is fully applicable to wireless sensor networks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Tao Yang,Liyong Tang,Lingbo Kong,Zhong Chen

DOI: https://doi.org/10.1109/fskd.2012.6233869

2012-01-01

Abstract:Recently, distributed online social networks (OSNs) are developed to address the security and privacy issues in centralized OSNs. Identity based cryptography (IBC) was introduced into distributed OSNs recently for better identity verification and authentication purposes. However, current IBC-based solutions in OSNs could not address the problem of secure private key issuing. In this paper we propose PEKING: a novel Pivacy Enhanced Key IssuiNG scheme for distributed online social networks using IBC. Our scheme adopts key generate center (KGC) and key privacy assistants (PAs) to issue keys to peers securely. In the scheme, PAs can be selected from users' friends. Neither KGC nor PAs can impersonate the users to obtain the private keys. Furthermore, to maintain the security of PAs, we develop a scheme to authenticate PAs using Byzantine fault tolerance protocol. The experimental results show that PEKING performs effectively and efficiently, and is able to support large scale networks.

Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen,Minghui Shi

DOI: https://doi.org/10.1109/twc.2006.05063

IF: 10.4

2006-01-01

IEEE Transactions on Wireless Communications

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved

Yingbo Hua

2024-10-04

Abstract:Two or more mobiles users can continuously superimpose sequences of bits chosen from different packets or files already exchanged and authenticated between themselves to continuously renew a secret key for continuous strengthening of their privacy and authentication. This accumulative, adaptable and additive (AAA) method is discussed in this paper. The equivocation to Eve of any bit in the generated key by the AAA method equals to the probability that not all corresponding independent bits exchanged between the users are intercepted by Eve. This performance, achieved without using any knowledge of non-stationary probabilities of bits being intercepted by Eve, is compared to an established capacity achievable using that knowledge. A secrecy robustness of the AAA method against some correlations known to Eve is also discussed.

Cryptography and Security,Signal Processing

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Wenming Wang,Haiping Huang,Fu Xiao,Qi Li,Lingyan Xue,Jiansheng Jiang

DOI: https://doi.org/10.1016/j.sysarc.2021.102215

IF: 5.836

2021-09-01

Journal of Systems Architecture

Abstract:<p>Smart healthcare plays an important role in contemporary society while its security and privacy issues remain inevitable challenges. Authenticated key agreement (AKA) mechanism, as the foundation of secure communication, has been recognized as an important measure for solving this problem. Most existing AKA protocols utilize cloud-based centralized architecture, data privacy and security can be exposed easily once the centralized authority is attacked. In addition, most past solutions require the online registration center to assist mutual authentication and consume considerable amounts of resources. To address these drawbacks, a computation-transferable authenticated key agreement protocol without an online registration center for smart healthcare is designed. Specifically, the proposed protocol can realize mutual authentication and key agreement without the need for an online registration center, as well as being able to satisfy security and privacy protection requirements. By transferring partial computation tasks to the server, the proposed scheme incurs lower computation and communication overhead on the user side. Moreover, the proposed scheme adopts certificateless public key cryptography, which can solve the problems of certificate management and key escrow. Performance analysis indicates that the proposal reduces 9.9% of the computation overhead on the resource-limited terminal, which is suitable for low-power IoT applications, including smart healthcare.</p>

computer science, software engineering, hardware & architecture

Mei Sun,Yuyan Guo,Dongbing Zhang,MingMing Jiang

DOI: https://doi.org/10.1155/2021/5526412

IF: 2.3

2021-05-04

Complexity

Abstract:Vehicular ad hoc network (VANET) is a multihop mobile wireless communication network that can realize many vehicle-related applications through multitop communication. In the open wireless communication environment, security and privacy protection are important contents of VANET research. The most basic method of VANET privacy protection is anonymous authentication. Even through, there are many existing schemes to provide anonymous authentication for VANETs. Many existing schemes suffer from high computational cost by using bilinear pairing operation or need the assistance of the trust authorities (TAs) during the authentication process or rely on an ideal tamper-proof device (TPD), which requires very strong security assumption. In this study, an anonymous authentication and key negotiation scheme by using private key and group key is proposed, which is based on pseudonym using the nonsingular elliptic curve. In this scheme, there is no third party trust center to participate in the authentication, there is no need to query the database, and there is no need of the local database to save the identity information of many vehicles, which reduce the storage space and the authentication time compared with other schemes. The proposed scheme only needs realistic TPDs. In the proposed scheme, TPDs do not need to preinstall the system key as many other schemes do; hence, the failure of a single TPD does not affect the security of the entire system. The security of the scheme is proved under the random oracle model. Compared with the related schemes using bilinear pairings, the computational cost and communication cost of the proposed scheme are reduced by 82% and 50%, respectively.

mathematics, interdisciplinary applications,multidisciplinary sciences