Yuanyuan Zhang,Jianhua Chen,Baojun Huang

DOI: https://doi.org/10.1002/dac.2612

2014-01-01

International Journal of Communication Systems

Abstract:SUMMARYRecently, Chang et al. proposed an authentication and key agreement protocol for satellite communications, and they claimed that their scheme could withstand various attacks. However, in this paper, we will show that their scheme is vulnerable to the denial of service attack and the impersonation attack. Moreover, we also point out that the adversary could compute the session key through the intercepted message. The analysis shows the scheme of Chang et al. is not secure for practical applications. Copyright © 2013 John Wiley & Sons, Ltd.

Yuanyuan Zhang,Zhibo Zhai

DOI: https://doi.org/10.1371/journal.pone.0250205

IF: 3.7

2021-01-01

PLoS ONE

Abstract:Satellite communication has played an important part in many different industries because of its advantages of wide coverage, strong disaster tolerance and high flexibility. The security of satellite communication systems has always been the concern of many scholars. Without authentication, user should not obtain his/her required services. Beyond that, the anonymity also needs to be protected during communications. In this study, we design an efficient and provably secure key agreement scheme for satellite communication systems. In each session, we replace user's true identity by a temporary identity, which will be updated for each session, to guarantee the anonymity. Because the only use of lightweight algorithms, our proposed scheme has high performance. Furthermore, the security of the proposed scheme is proved in the real-or-random model and the performance analysis shows that the proposed scheme is more efficient than some other schemes for satellite communication systems.

Yuanyuan Zhang,Jianhua Chen,Baojun Huang

DOI: https://doi.org/10.1002/sat.1079

2015-01-01

International Journal of Satellite Communications and Networking

Abstract:Recently, Lee et al. proposed a simple and efficient authentication scheme for mobile satellite communication systems. However, we find that their scheme is vulnerable to the smart card loss attack, the denial of service attack and the replay attack. To overcome the weaknesses of Lee et al.'s scheme, we proposed an authentication scheme for mobile satellite communication systems to improve security. The proposed scheme possesses the essential properties and security requirements, which should be considered for the authentication scheme of mobile satellite communication systems. Copyright © 2014 John Wiley & Sons, Ltd.

Xinghua Wu,Aixin Zhang,Jianhua Li,Weiwei Zhao,Yuchen Liu

DOI: https://doi.org/10.1007/978-3-319-54705-3_12

2016-01-01

Abstract:Although many authentication and key agreement (AKA) schemes for the mobile satellite communication system have been proposed nowadays, the security performance of the existing schemes is still unable to satisfy the requirements of satellite communications. In 2015, Zhang et al. proposed an improved AKA scheme for satellite communication and they claimed that their scheme satisfied all the security requirements. However through a detailed analysis, in this paper we find that to some extent their scheme is vulnerable to replay attack, injection attack and verification table stolen attack. We further propose a new lightweight AKA scheme based on the synchronization mechanism of user’s temporary identity. The SVO logic is used to provide a formal security analysis. We also give an overall comparison of computation overhead and security performance among several related AKA schemes. Meanwhile a Java program is developed to test the time delay caused by the scheme on the user and NCC’s sides. All the results show that the proposed scheme has the advantages of high computation efficiency, good security performance and low time delay.

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1002/sat.1385

2020-01-01

International Journal of Satellite Communications and Networking

Abstract:SummaryRecently, Altaf et al. proposed a novel authentication and key‐agreement scheme for satellite communication network. In this paper, we will prove that Altaf et al.'s scheme cannot provide perfect forward secrecy and resist the off‐line password guessing attack and user impersonation attack. To overcome these weaknesses, we propose an enhanced dynamic authentication scheme for mobile satellite communication systems, making use of the advantages of one‐way hash function and the discrete logarithm problem. We formally prove the security of the proposed scheme under the widely used BPR adversary model, and the heuristic discussion shows that the new scheme has good security and can resist all kinds of known malicious attacks. In addition, by comparing with other related schemes, we find that our scheme has better performance.

Mingping Qi,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1002/sat.1279

2019-01-01

Abstract:AbstractSummaryRecently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.This paper demonstrates that Liu et al's scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, and then presents a new scheme. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience. View Figure

Izwa Altaf,Muhammad Arslan Akram,Khalid Mahmood,Saru kumari,Hu Xiong,Muhammad Khurram Khan

DOI: https://doi.org/10.1002/ett.3894

IF: 3.6

2020-02-18

Transactions on Emerging Telecommunications Technologies

Abstract:<p>In these days, satellite communication networks are playing a significant role in facilitating the crucial infrastructural services that include environmental monitoring, electronic surveillance, public safety, intelligence operations for law enforcement, government agencies, and the military. However, security researchers have uncovered that many protocols for these satellite communication networks have some vulnerabilities and flaws that can allow remote attackers to intercept, block, and manipulate critical communication over the network. Therefore, in this article, we introduce an efficient and simple authentication key agreement protocol for securing mobile satellite communication systems. Our proposed protocol resists against denial of service, smart‐card stolen, replay, user impersonation, and stolen verifier attack. Furthermore, our protocol provides various functionality features like perfect‐forward secrecy, mutual‐authentication, dynamic identity, and session‐key agreement. Moreover, the performance analysis of our protocol shows that the communication and computation cost of the proposed protocol is far less than the existing protocols. Hence, our proposed protocol offers simple, efficient, secure authentication, and key agreement for mobile satellite systems.</p>

telecommunications

Shuishuai Xu,Xindong Liu,Mimi Ma,Jianhua Chen

DOI: https://doi.org/10.1002/sat.1309

2019-01-01

Abstract:AbstractSummaryAs the mobile network progresses fast, mobile communications have a far‐reaching influence in our daily life. In order to guarantee the communication security, a myriad of experts introduced many authentication protocols. Recently, Qi et al presented an enhanced authentication with key agreement protocol for satellite communications, and they proclaimed that their protocol could defend various attacks and support varied security requirements. Regrettably, in this paper, we prove that their protocol was fruitless in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it gets possession of faultless security properties and overcomes the flaws in the protocol of Qi et al perfectly. Thus, our improved protocol can be appropriated for the mobile communications.In this paper we prove that Qi et al.'s protocol was unsuccessful in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it has faultless security properties and overcomes the flaws in Qi et al.'s protocol perfectly. View Figure

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1002/dac.4508

2020-01-01

International Journal of Communication Systems

Abstract:The rapid development of satellite communications has brought great convenience to people's lives, as well as huge security challenges. In order to guarantee the security of users, a large number of authentication protocols have been proposed. Recently, Xu et al. proposed an improved mutual authentication protocol based on perfect forward secrecy for satellite communications. In this paper, we will point out that Xu et al.'s protocol cannot resist the offline password guessing attack and the replay attack and fails to provide user untraceability. To overcome these weaknesses, we propose a robust three-factor-based authentication protocol for satellite communication systems and analyze its correctness using Burrows-Abadi-Needham logic. In addition, the descriptive security analysis shows that our protocol is safe and robust against various attacks. By comparing with other related protocols, we find that our protocol has better performance.

Yuanyuan Yang,Jin Cao,Xiongpeng Ren,Ben Niu,Yinghui Zhang,Hui Li

DOI: https://doi.org/10.1016/j.comcom.2022.10.028

IF: 5.047

2022-11-05

Computer Communications

Abstract:As a supplement to terrestrial networks, satellite communication networks have a lot of advantages, such as wide coverage, large communication capacity, reliable communication quality, and seamless global connectivity, which are highly competitive with traditional communication technologies. However, there are still many security issues and efficiency problems in satellite networks due to the characteristics of satellite communications, such as highly exposed satellite links, dynamical topology, and the limited computational power and storage resources of satellites. Therefore, it is a crucial issue to design a lightweight and secure authentication mechanism to ensure the security of satellite-to-satellite communication (S2S). This paper proposes a lightweight authentication and key agreement scheme for S2S communication based on the symmetric cryptographic system and the satellite location key (LK) constructed by satellite orbital parameters and location information. The formal verification tool Scyther is employed to evaluate the proposed scheme's security. The security analysis results show that it has good performance in providing security properties and resistance to typical attacks, such as replay attacks, impersonation attacks, and Man-In-The-Middle (MITM) attacks. In addition, the performance analysis results demonstrate that our scheme has desired efficiency in terms of signaling overhead, computational overhead, and bandwidth overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yajuan Shi,Han Shen,Yuanyuan Zhang,Jianhua Chen

DOI: https://doi.org/10.14257/ijseia.2015.9.5.25

2015-01-01

International Journal of Software Engineering and Its Applications

Abstract:To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user's privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can't provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

Weiwei Zhao,Aixin Zhang,Jianhua Li,Xinghua Wu,Yuchen Liu

DOI: https://doi.org/10.1109/milcom.2016.7795299

2016-01-01

Abstract:With the development of mobile communication technology, space information network plays an essential role in meeting the increasing demands of mobile communications. As a basic and powerful security mechanism, authentication protocol provides primary protection. In 2012, Zheng et al. proposed an efficient four-phase authentication scheme for space information network. But we observed that it is vulnerable to various attacks, such as the identity spoofing attack, malicious service request attack and denial of service attack. In this paper, we analyze the protocol in detail. Then an improved authentication scheme based on the self-renewal and timeout retransmission mechanism of user's temporary identity is proposed. The formal verification with SVO logic proves that the proposed authentication protocol is secure.

Yang Liu,Leiqing Ni,Mugen Peng

DOI: https://doi.org/10.1109/jiot.2022.3152900

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The satellite-terrestrial networks (STNs) network has the characteristics of open links, node movement, dynamic network topology, and diverse collaborative algorithms, which will lead to frequent passive handovers and continuous reauthentication of user equipment (UE). This causes a waste of valuable computing and storage resources in the STNs network and seriously affects the user’s network experience. To address this, we propose an access authentication protocol with user anonymity and traceability to reduce the communication delay and signaling cost of access authentication. In addition, we also propose a hierarchical group key distribution scheme to implement cross-domain handover authentication between different groups of UE, thereby effectively avoiding reauthentication. We take strict security analysis to prove that the authentication protocol we propose is secure. Compared with the three-related existing arts, our protocol can greatly reduce the communication interaction delay and improve the efficiency of initial access and handover authentication of UE.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saru Kumari,Muhammad Khurram Khan,Xiong Li

DOI: https://doi.org/10.1016/j.compeleceng.2014.05.007

IF: 4.152

2014-01-01

Computers & Electrical Engineering

Abstract:In distributed systems, user authentication schemes based on password and smart card are widely used to ensure only authorized access to the protected services. Recently, Chang et al. presented an untraceable dynamic-identity-based user authentication scheme with verifiable-password-update. In this research, we illustrate that Chang et al.'s scheme violates the purpose of dynamic-identity contrary to authors' claim. We show that once the smart card of an arbitrary user is lost, passwords of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system. In addition, its password change phase has loopholes and is misguiding. The scheme has no provision for session key agreement and the smart card lacks any verification mechanism. Then we come-up with an improved remote user authentication scheme with the session key agreement, and show its robustness over related schemes.

XUE Kaiping,MA Yongjin,HONG Jia'nan,XU Jie,YANG Qingyou

DOI: https://doi.org/10.11959/j.issn.1000-436x.2018076

2018-01-01

Abstract:Aiming at the problem of prolongation and instability of satellite and terrestrial physical communication links in the space-earth integration network, a two-way token based roaming authentication scheme was proposed. The scheme used the characteristics of the computing capability of the satellite nodes in the network to advance the user authentica-tion process from the network control center (NCC) to the access satellite. The satellite directly verified the token issued by the NCC to verify the user's identity. At the same time, the token mechanism based on the one-way accumulator achieved the user's dynamic join, lightweight user self-service customization and billing,and the introduction of Bloom Filter enabled effective user revocation and malicious access management. Compared with the existing scheme, the scheme can guarantee the security of roaming authentication and significantly reduce the calculation and communication overhead of the authentication and key negotiation process.

Fang Song,Jianhua Chen,Debiao He

2014-01-01

Abstract:With advancement of computer community, people can obtain their service through the mobile devices. The number of service servers providing Internet applications is usually more than one. As a result, users generally need multiple servers to provide different services. It has become a big challenge to design a secure and efficient authentication for remote user under multi-server architecture. In 2013, Jiang et al. proposed an anonymous user authentication with key agreement scheme without pairings for multi-server architecture using self-certified public keys (SCPKs). They claimed that their scheme can satisfy all of the requirements needed for achieving secure authentication in multi-server environments. However, in this paper, we will show that Jiang et al.'s scheme cannot withstand password guessing attack, impersonation attack and insider attack. Therefore, we present a more secure authentication based on SCPKs.

Azeem Irshad,Saru Kumari,Xiong Li,Fan Wu,Shehzad Ashraf Chaudhry,Hamed Arshad

DOI: https://doi.org/10.1007/s11277-017-4601-9

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:The Session Initiation Protocol (SIP) provides a way to control the wired and wireless Voice over Internet Protocol-based communication over an insecure channel. The SIP protocol is not secure due to relying on an intrinsically open text-based communication, which further stresses the strengthening of SIP authentication protocols. Many solutions have been put forward in the last few years to design the secure and efficient SIP authentication protocols for multimedia. Recently, Zhang et al. proposed a SIP authentication protocol with an enhanced feature that enables the server authenticate the users on the basis of biometric verification. However, after a careful observation, one can witness few limitations regarding privileged insider attack, session specific temporary attack, De-synchronization attack; denial-of-service attack, inefficient password modification and lack forward secrecy compromise. We have proposed a secure scheme countering the identified flaws of Zhang et al. and other contemporary schemes. We also demonstrate the security strength of proposed scheme by employing the formal security analysis under BAN logic.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Wenxia Zhu,Jianhua Chen,Debiao He

DOI: https://doi.org/10.1504/ijesdf.2015.072176

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Providing a security and efficiently key agreement for session initiation protocol SIP is so important to protect communication sessions on the internet. An authentication should be finished before a user utilises the SIP service provided by a server. However, there are some security problems with SIP authentication. Recently, Tu et al. improved Zhang et al.'s authenticated key agreement protocol. They also claimed that their protocol could be resistant to kinds of attacks. In our paper, we show that their protocol is susceptible to the server spoofing attack, user impersonation attack. We also proposed an enhanced protocol which can be more secure and flexible here.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1016/j.jnca.2013.02.034

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Smart card based password authentication is one of the simplest and efficient authentication mechanisms to ensure secure communication in insecure network environments. Recently, Chen et al. have pointed out the weaknesses of some password authentication schemes and proposed a robust smart card based remote user password authentication scheme to improve the security. As per their claims, their scheme is efficient and can ensure forward secrecy of the session key. However, we find that Chen et al.'s scheme cannot really ensure forward secrecy, and it cannot detect the wrong password in login phase. Besides, the password change phase of Chen et al.'s scheme is unfriendly and inefficient since the user has to communicate with the server to update his/her password. In this paper, we propose a modified smart card based remote user password authentication scheme to overcome the aforementioned weaknesses. The analysis shows that our proposed scheme is user friendly and more secure than other related schemes.