Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Emmanuel Ahene,Yuanfeng Guan,Zhiwei Zhang,Fagen Li

DOI: https://doi.org/10.1007/978-981-15-0818-9_5

2019-01-01

Abstract:Pervasive computing environments permits users to get the services they require at anywhere and anytime. Security turns to be a major challenge in pervasive computing environments due to its heterogeneity, dynamicity, mobility and openness. In this paper, we propose a new heterogeneous deniable authentication scheme called CLIBDA for pervasive computing environments utilizing bilinear pairings. The proposed CLIBDA scheme permits a sender in certificateless cryptography (CLC) setting to transmit a message securely to a receiver in an identity based cryptography (IBC) setting. Detailed security analysis shows that the CLIBDA scheme is secure in the random oracle model (ROM) under the bilinear Diffie–Hellman assumption. Additionally, CLIBDA supports batch verification which is necessary for the speed up of the verification of authenticators. This characteristic makes the CLIBDA scheme suitable in pervasive computing environments.

Fagen Li,Pan Xiong,Chunhua Jin

DOI: https://doi.org/10.1007/s00607-013-0321-5

2013-01-01

Computing

Abstract:Deniable authentication is an important security requirement for ad hoc networks. However, all known identity-based deniable authentication (IBDA) protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we propose a non-interactive IBDA protocol using bilinear pairings. Our protocol admits formal security proof in the random oracle model under the bilinear Diffie-Hellman assumption. Our protocol is faster than all known IBDA protocols of its type. In addition, our protocol supports batch verification that can speed up the verification of authenticators. This characteristic makes our protocol useful in ad hoc networks.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1504/ijesdf.2015.069611

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

Weifeng Wu,Fagen Li

DOI: https://doi.org/10.3837/tiis.2015.05.020

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Qianna Xie,Fagen Li

DOI: https://doi.org/10.1080/1206212x.2016.1188564

2015-01-01

Abstract:Deniable authenticate is a different and attractive authenticate mechanism compared with the traditional authentication. It allows the appointed receiver to identify the identity of the sender, but not to prove the source of a given message to a third party even if the appointed receiver is willing to reveal its private key. Certificateless public key cryptography can solve both the public key certificate management problem of public key infrastructure-based cryptography and the key escrow problem of identity-based cryptography. In this paper, we first define a security model for certificateless deniable authentication protocols. Then we propose a non-interactive certificateless deniable authentication protocol. In addition, we prove its security in the random oracle model. Our protocol can be applied in many actual application scenarios, such as electronic voting, electronic tendering, and online shopping.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ETCS.2010.437

2010-01-01

Abstract:User authentication is very important mechanism in computer network systems for preventing unauthorized network access. In recent years, the bilinear pairings have been found to be very useful in various applications in cryptography and have allowed us to construct new cryptographic primitives. In 2006, Das et al. proposed an identity-based remote user authentication scheme with smart cards using bilinear pairings. Unfortunately, their scheme is insecure against forgery attack. In this paper, we propose a (t, n) threshold distributed authentication scheme using the bilinear pairings with smart cards which needs at least t authentication servers to collaboratively authenticate the remote user. Our scheme makes some improvements from Das's scheme and is expanded to a multi-server environment in distributed networks. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and identity attack under the random oracle model.

Daojing He,Chun Chen,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1109/twc.2011.110811.111240

IF: 10.4

2012-01-01

IEEE Transactions on Wireless Communications

Abstract:Seamless handover over multiple access points is highly desirable to mobile nodes, but ensuring security and efficiency of this process is challenging. This paper shows that prior handover authentication schemes incur high communication and computation costs, and are subject to a few security attacks. Further, a novel handover authentication protocol named PairHand is proposed. PairHand uses pairing-based cryptography to secure handover process and to achieve high efficiency. Also, an efficient batch signature verification scheme is incorporated into PairHand. Experiments using our implementation on laptop PCs show that PairHand is feasible in real applications.

Tianjie Cao,Dongdai Lin,Rui Xue

DOI: https://doi.org/10.1109/AINA.2005.100

2005-01-01

Abstract:Deniability is a privacy property that ensures protocol participants can later deny taking part in a particular protocol run. A deniable authentication protocol enables an intended receiver to identify the source of a given message, but not prove the identity of the sender to a third party even if the intended receiver is willing to reveal his secret-key. In this paper, we present an efficient ID-based deniable authentication protocol from pairings. The proposed protocol satisfies the correctness, authentication and deniability properties.

Ting Chen,Huiqun Yu,Wei Chen

DOI: https://doi.org/10.1109/NSWCTC.2010.67

2010-01-01

Abstract:One of the objectives of trusted computing is to provide remote attestation method that is able to confirm the status of remote platform or application. Existing property-based attestation is based on the strong-RSA assumption and the required key length is too long. What's more, a considerable number of RSA-length operations having to be performed which lead to low computational efficiency. Bilinear parings-Based Attestation model, which based on elliptic curve discrete logarithm bilinear paring, can shorten the required key length and reduce bandwidth usage at the same premise of safety performance requirements, as well as ensure platform configurations not to be exposed to the platform while improving operating efficiency. On the other hand, the model includes many trusted computing platform parameters in order to resist replay attacks, and take use of information hiding technology to hide certificates and effectively preventing anyone with a source of certificate misuse of the certificate.

Dusko Pavlovic,Catherine Meadows

DOI: https://doi.org/10.48550/arXiv.0910.5745

2009-10-29

Cryptography and Security

Abstract:As mobile devices pervade physical space, the familiar authentication patterns are becoming insufficient: besides entity authentication, many applications require, e.g., location authentication. Many interesting protocols have been proposed and implemented to provide such strengthened forms of authentication, but there are very few proofs that such protocols satisfy the required security properties. The logical formalisms, devised for reasoning about security protocols on standard computer networks, turn out to be difficult to adapt for reasoning about hybrid protocols, used in pervasive and heterogenous networks. <p> We refine the Dolev-Yao-style algebraic method for protocol analysis by a probabilistic model of guessing, needed to analyze protocols that mix weak cryptography with physical properties of nonstandard communication channels. Applying this model, we provide a precise security proof for a proximity authentication protocol, due to Hancke and Kuhn, that uses a subtle form of probabilistic reasoning to achieve its goals.

Chengyu Fan,Shijie Zhou,Fagen Li

DOI: https://doi.org/10.1109/ispa.2009.113

2009-01-01

Abstract:A deniable authentication allows the receiver to identify the source of the received messages but cannot prove it to any third party. However, the deniability of the content, which is called restricted deniability in this paper, is concerned in electronic voting and some other similar application. At present, most non-interactive deniable authentication protocols cannot resist weaken key-compromise impersonation (W-KCI) attack. To settle this problem, a non-interactive identity-based restricted deniable authentication protocol is proposed. It not only can resist W-KCI attack but also has the properties of communication flexibility. It meets the security requirements such as correctness, restricted deniability as well. Therefore, this protocol can be applied in electronic voting.

xu chongxiang,fan lei,li jianhua

DOI: https://doi.org/10.3969/j.issn.1002-0802.2002.04.022

2002-01-01

Abstract:A deniable authentication protocol is proposed in this paper.This proto col is based on public key algorithm,Hash function and common key encryption are used.T his protocol can make the re-ceiver assure the source of a given me ssage,but others cannot do that.At t he same time,this protocol can resist Person -In -the -Middle(PIM)attack.deniable authentication,public -key algorithm,person -in -the -middl e attack

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1007/s11036-006-0008-7

2006-01-01

Mobile Networks and Applications

Abstract:In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.

Debiao He,Sherali Zeadally,Baowen Xu,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2015.2473820

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:By broadcasting messages about traffic status to vehicles wirelessly, a vehicular ad hoc network (VANET) can improve traffic safety and efficiency. To guarantee secure communication in VANETs, security and privacy issues must be addressed before their deployment. The conditional privacy-preserving authentication (CPPA) scheme is suitable for solving security and privacy-preserving problems in VANETs, because it supports both mutual authentication and privacy protection simultaneously. Many identity-based CPPA schemes for VANETs using bilinear pairings have been proposed over the last few years to enhance security or to improve performance. However, it is well known that the bilinear pairing operation is one of the most complex operations in modern cryptography. To achieve better performance and reduce computational complexity of information processing in VANET, the design of a CPPA scheme for the VANET environment that does not use bilinear paring becomes a challenge. To address this challenge, we propose a CPPA scheme for VANETs that does not use bilinear paring and we demonstrate that it could supports both the mutual authentication and the privacy protection simultaneously. Our proposed CPPA scheme retains most of the benefits obtained with the previously proposed CPPA schemes. Moreover, the proposed CPPA scheme yields a better performance in terms of computation cost and communication cost making it be suitable for use by the VANET safety-related applications.

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tvt.2006.877704

2005-01-01

Abstract:Privacy and security are two important but seemingly contradict objectives in pervasive computing environments (PCEs). On the one hand, service providers want to authenticate service users and make sure they are accessing only authorized services in a legitimate way. On the other hand, users want to maintain necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper we propose a novel privacy enhanced authentication and access control scheme to secure the interactions between mobile users and services in PCEs. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication between a user and a service, while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups.

Ting Chen,Huiqun Yu

DOI: https://doi.org/10.4304/jcp.6.2.297-304

2011-01-01

Abstract:One of the objectives of trusted computing is to provide remote attestation method that is able to confirm the status of remote platform or application. Existing property-based attestation is based on the strong-RSA assumption and the required key length is too long. What’s more, a considerable number of RSA-length operations having to be performed which lead to low computational efficiency. Bilinear parings-Based Attestation model, which based on elliptic curve discrete logarithm bilinear paring, can shorten the required key length and reduce bandwidth usage at the same premise of safety performance requirements, as well as ensure platform configurations not to be exposed to the platform while improving operating efficiency. On the other hand, the model includes many trusted computing platform parameters in order to resist replay attacks, and take use of information hiding technology to hide certificates and effectively preventing anyone with a source of certificate misuse of the certificate.