Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Mengxia Shuai,Nenghai Yu,Hongxia Wang,Ling Xiong

DOI: https://doi.org/10.1016/j.cose.2019.06.002

IF: 5.105

2019-01-01

Computers & Security

Abstract:Smart home is an emerging paradigm of the Internet of Things (IoT), which facilitates an individual to operate the smart home appliances remotely through the internet. Since the user and the smart devices communicate over insecure communication channels, the transmitted sensitive data collected by the smart devices may be intercepted and altered easily by a malicious adversary. Therefore, there is a great need to design an effective and anonymous authentication scheme to guarantee secure communications in smart home environment. In the past decade, extensive research has been carried out on this security issue, but most of them are not secure. As a step towards this direction, in this paper, we propose an efficient and anonymous authentication scheme for smart home environment using Elliptic Curve Cryptography (ECC). The proposed scheme avoids keeping the verification table for authentication purposes. In addition, random number method is adopted to resist replay attack, and it can avoid the clock synchronization problem. The rigorous formal proof and heuristic analysis show that the proposed scheme provides the desired security features and resists against all the possible attacks. Compared with the most representative related schemes, the proposed scheme achieves a delicate balance between security and efficiency, and it is more suitable for realistic environments.

Muhammad Adil,Mian Ahmad Jan,Spyridon Mastorakis,Houbing Song,Muhammad Mohsin Jadoon,Safia Abbas,Ahmed Farouk

DOI: https://doi.org/10.48550/arXiv.2105.07711

2021-05-17

Abstract:Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash- MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics.

Cryptography and Security,Networking and Internet Architecture

Binbin Yu,Hongtu Li

DOI: https://doi.org/10.1177/1550147719879379

IF: 1.938

2019-09-01

International Journal of Distributed Sensor Networks

Abstract:Home-based multi-sensor Internet of Things, as a typical application of Internet of Things, interconnects a variety of intelligent sensor devices and appliances to provide intelligent services to individuals in a ubiquitous way. As families become more and more intelligent, complex, and technology-dependent, there is less and less need for human intervention. Recently, many security attacks have shown that Internet home-based Internet of Things have become a vulnerable target, leading to personal privacy problems. For example, eavesdroppers can acquire the identity of specific devices or sensors through public channels, which is not secure, to infer individual public life in the home area network. Authentication is the essential portion of many secure systems processing of verifying and declaring identity. Before providing confidential information, home-based-Internet of Things service authenticates users and devices. The communication and processing capabilities of intelligent devices are limited. Therefore, in home-based Internet of Things, lightweight authentication and key agreement technology are very important to resist known attacks. This article proposes an anonymous authenticated key agreement protocol using pairing-based cryptography. The protocol proposed in this article provides lightweight computation and ensures the security of communication between home-based multi-sensor Internet of Things network and Internet network.

computer science, information systems,telecommunications

Guanjie Cheng,Junqin Huang,Yewei Wang,Jun Zhao,Linghe Kong,Shuiguang Deng,Xueqiang Yan

DOI: https://doi.org/10.1109/tifs.2023.3314211

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the emergence of the sixth-generation (6G) communication technologies, the Internet of Vehicles (IoV) is rapidly developing with the coordination between intelligent networked vehicles, road infrastructures, and the cloud. However, the openness and dynamic nature of the IoV raise significant security and privacy concerns, highlighting the need for efficient authentication schemes. Conventional authentication schemes are no longer suitable for 6G-enabled IoV due to high latency, single point of failure, and heavy management costs. Additionally, existing literature on multi-domain authentication mainly investigates vehicle mobility, ignoring the challenges posed by vehicle heterogeneity. To fill this gap, we propose a multi-domain authentication scheme with conditional privacy preservation (MACPP) that considers administrative domains ( AD ) and geographic domains ( GD ) in the IoV. In MACPP, we design a novel identity-based signature scheme without requiring bilinear pairing for efficient authentication. Additionally, we propose a blockchain-assisted pseudonym management scheme (BAPM) to further improve system security by designing a dynamical sparse Merkle tree structure (DSMT). We demonstrate that the proposed MACPP satisfies the security requirements through an in-depth security analysis. Moreover, the experimental results demonstrate the effectiveness and efficiency of both MACPP and BAPM.

Nassoro M. R. Lwamo,Liehuang Zhu,Chang Xu,Kashif Sharif,Ximeng Liu,Chuan Zhang

DOI: https://doi.org/10.1016/j.ins.2018.10.037

IF: 8.1

2018-01-01

Information Sciences

Abstract:The rapid increase in user base and technological penetration has enabled the use of a wide range of devices and applications. The services are rendered to these devices from single-server or highly distributed server environments, irrespective of their location. As the information exchanged between servers and clients is private, numerous forms of attacks can be launched to compromise it. To ensure the security, privacy, and availability of the services, different authentication schemes have been proposed for both single-server and multi-server environments. The primary performance objective of such schemes is to prevent most (if not all) attacks, with minimal computational costs at the server and user ends. To address this challenge, this paper presents a secure user authentication scheme with anonymity (SUAA) for single-server and multi-server environments. It works on 3-factor authentication, involving passwords, smart cards, and biometric data. We use symmetric and asymmetric encryption for single-server and multi-server architectures respectively, to reduce the computational costs. Through a comprehensive security analysis, we show that the proposed scheme is reliable through mutual authentication, and is resilient to attacks addressed by state of the art solutions. Time cost analysis also shows less time required to complete the authentication process.

Shufen Niu,Qi Liu,Wei Liu,Runyuan Dong,Peng Ge

DOI: https://doi.org/10.1016/j.jisa.2023.103589

IF: 4.96

2023-11-01

Journal of Information Security and Applications

Abstract:Network slicing is a logical network function that supports communication service requirements for specific usage scenarios or business models. It has become an essential factor in solving future network architecture. In recent years, heterogeneous network slicing between multiple autonomous domains has emerged, with significant limitations compared to single-domain networks. Data sharing in heterogeneous network slices challenge the confidentiality of sensitive data significantly. Preventing sensitive data from leaking and protecting core data have become urgent problems to be solved. Therefore, we propose a multi-party (multi-sender to multi-receiver) anonymous authentication scheme on certificateless cryptography(CLC) and identity-based cryptosystem(IBC) institutional domain Internet of Vehicles(IoV) to smart healthcare. Our scheme realizes heterogeneous communication between multiple senders and multiple receivers, and uses different system parameters for heterogeneous cryptographic systems. In this work, the limitation of one-to-many or many-to-one communication in existing heterogeneous networks is broken through. The proposed work utilizes the pseudo-identity generated by the trusted authority to communicate in IoV slices, ensuring the anonymity of the sender; The authorization Center TA can uniquely determine the true identity of the vehicle through pseudo-random values for traceability. What is more, the Lagrange interpolation formula is employed to prevent the leakage of the identities of smart healthcare slices, ensuring the anonymity of the receiver. Under the random oracle model, the proposed scheme has proved to satisfy unforgeability, confidentiality, and anonymity under the computational Diffie–Hellman problem. Experimental results indicate that our proposal achieves better performance than existing schemes.

computer science, information systems

Hui Qiao,Xuewen Dong,Yulong Shen

DOI: https://doi.org/10.1007/s10916-019-1442-y

IF: 4.92

2019-10-07

Journal of Medical Systems

Abstract:The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.

health care sciences & services,medical informatics

Hang Xu,Chingfang Hsu,Lein Harn,Janqun Cui,Zhuo Zhao,Ze Zhang

DOI: https://doi.org/10.1109/tsc.2023.3257569

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the increasing popularity and wide application of the Internet, the users (such as managers and data consumers) in the Industrial Internet of Things (IIoT) can remotely analyze and control real-time data collected by various smart sensor devices. However, there are many security and privacy issues in the process of transmitting collected data through public channels in IIoT environment. In order to against the illegal access by opponents, a novel anonymous user authentication and key agreement scheme based on hash and elliptic curve encryption is proposed in this paper, which not only uses a pseudonym tuple database in control nodes to realize the functions of user dynamic joining and anonymity protection, but also resists key loss and device capture attacks through fuzzy biometric extraction technology. In addition, the formal secure analysis of the proposed scheme is carried out using the BAN logic model and ROR model, which proves the security of the proposed scheme. Meanwhile, we also prove the scheme can against the described existing attacks and meet the design goals by a detailed informal security discussion. Compared with the latest similar IIoT authentication proposals, our solution has a very obvious advantage in communication efficiency and realizes more functions. Hence, our scheme is more suitable for the IIoT environment, and can also generate greater benefits.

computer science, information systems, software engineering

Qianmin Du,Jianhong Zhou,Maode Ma

DOI: https://doi.org/10.3390/s24165376

IF: 3.9

2024-08-22

Sensors

Abstract:Vehicle Ad-hoc Networks (VANETs) have experienced significant development in recent years, playing a crucial role in enhancing the driving experience by enabling safer and more efficient inter-vehicle interactions through information exchange. Vehicle-to-Vehicle (V2V) communication is particularly vital as it not only helps to prevent collisions and improve traffic efficiency but also provides essential situational awareness to drivers or autonomous driving systems. Communication is typically supported by roadside units (RSUs); however, in practical applications, vehicles may exceed the communication range of RSUs, thus exposing them to various malicious attacks. Additionally, considering the limited computational resources of onboard units (OBUs) in vehicles, there is a high demand for designing lightweight security protocols that support V2V communication. To address this issue, this paper proposes an efficient anonymous V2V identity-authentication protocol tailored for scenarios that lack RSU support. The proposed protocol was formally assessed using the Scyther tool, demonstrating its capability to withstand major typical malicious attacks. Performance evaluations indicate that the proposed protocol is efficient in terms of communication and computational overhead, making it a viable solution for V2V communication.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qianmin Du,Jianhong Zhou,Maode Ma

2024-06-07

Abstract:Vehicle Ad-hoc Networks (VANETs) have experienced significant development in recent years, playing a crucial role in enhancing the driving experience by enabling safer and more efficient inter-vehicle interactions through information exchange. Vehicle-to-vehicle (V2V) communication is particularly vital as it not only helps to prevent collisions and improve traffic efficiency but also provides essential situational awareness to drivers or autonomous driving systems. Communication is typically supported by Roadside Units (RSUs); however, in practical applications, vehicles may exceed the communication range of RSUs, thus exposing them to various malicious attacks. Additionally, considering the limited computational resources of onboard units (OBUs) in vehicles, there is a high demand for designing lightweight security protocols that support V2V communication. To address this issue, this paper proposes an efficient anonymous V2V identity authentication protocol tailored for scenarios that lack RSU support. The proposed protocol has been formally assessed using the Scyther tool, demonstrating its capability to withstand major typical malicious attacks. Performance evaluations indicate that the proposed protocol is efficient in terms of communication and computational overhead, making it a viable solution for V2V vehicle communication.

Cryptography and Security

Zuowen Tan,Jintao Jiao,Mengjiang Yu

DOI: https://doi.org/10.1155/2022/9919089

IF: 1.968

2022-10-18

Security and Communication Networks

Abstract:Nowadays, the industrial Internet of Things (IIoT) is playing a promising role in the optimization of industrial systems. IIoT devices generate a great amount of data that could be used for different applications. Due to the untrusted nature of machine-to-machine (M2M) communication channels, data authenticity and integrity are an important issue that must be addressed. Especially, it is challenging to deal with the privacy disclosure that the heterogeneity of IIoT brings about. In this paper, we propose a privacy-preserving scheme for authenticity in heterogeneous IIoT systems. Our authentication schemes support many kinds of IIoT devices with multicryptographic configurations such as RSA-based, DL-based, ECC-based, and lattice-based cryptosystems. We provide the formalized proof of the unforgeability and privacy of the proposed schemes in the random oracle model. The experimental simulation demonstrates that the proposed schemes are feasible in the heterogeneous IIoT environment.

computer science, information systems,telecommunications

Hsiao-Ling Wu,Chin-Chen Chang,Long-Sheng Chen

DOI: https://doi.org/10.1016/j.pmcj.2020.101177

IF: 3.848

2020-09-01

Pervasive and Mobile Computing

Abstract:<p>The Internet of Things technology allows devices automatically connect with others or a server for the purposes of exchanging data. People can conveniently integrate data from those devices for a smart home, vehicular ad-hoc network, e-Health, etc. In 2017, Wang et al. proposed a simple authentication scheme for the Internet of Things. Although they formally proved that their scheme is secure, they did not consider the privacy of devices and stolen verifier attack. In this paper, we first demonstrate the weaknesses of Wang et al.'s scheme. Accordingly, we present a higher security level authentication scheme to resist the above weaknesses.</p>

computer science, information systems,telecommunications

Salman Shamshad,Minahil Rana,Khalid Mahmood,Muhammad Khurram Khan,Mohammad S. Obaidat

DOI: https://doi.org/10.1007/s11277-021-09338-7

IF: 2.017

2021-11-15

Wireless Personal Communications

Abstract:With the rapidly growing user experience and traffic growth requirements in the Mobile Edge Computing (MEC) environment, the conventional security protocols are no longer capable of meeting the modern demand. In order to cope with this demand, novel security solution such as identity-based cryptography, which does not require complex calculations, has attracted great attention from the research community. Recently, Li et al. (IEEE Syst J 1937–9234, 2021, https://doi.org/10.1109/JSYST.2020.2979006) devised an identity-based protocol for the MEC environment. They claimed that their protocol offers efficient and secure communication among the involved entities. Nevertheless, after performing a careful analysis of their protocol, we discovered that their protocol is vulnerable to MEC server and mobile user impersonation attacks. Similarly, their protocol has no provision of mobile user anonymity and untraceability. Furthermore, it has incorrectness in the authentication phase. Given these limitations, we have suggested a suitable remedy, which counters all the said vulnerabilities and limitations.

telecommunications