YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Kaiping Xue,Xinyi Luo,Yongjin Ma,Jian Li,Jianqing Liu,David S. L. Wei

DOI: https://doi.org/10.1109/tvt.2022.3148303

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:Secure and real-time communication is an essential condition in mobile vehicular networks, and this requires secure authentication and seamless access enabled by roaming services. As a security inspector, roaming authentication ensures that legitimate users can access the network securely. However, today’s roaming authentication protocols authenticate users with the help of centralized authentication servers, leading to the risk of the single point of failure and roaming fraud. The massive device access in 5G networks further exacerbates the losses when problems occur. In light of it, we propose a decentralized fraud-proof roaming authentication framework based on blockchain. We leverage smart contracts to implement a roaming authentication protocol, including user/AP registration, authentication, and revocation. For higher efficiency, we utilize the Bloom filter for the revocation process. In addition, we design an unforgeable and undeniable billing scheme based on hash chain technology. Security and performance analysis show that the proposed roaming authentication scheme can provide the required security features while incurring an acceptable authentication delay.

Guomin Yang,Qiong Huang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/twc.2010.01.081219

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:A secure roaming protocol allows a roaming user.. to visit a foreign server.. and establish a session key in an authenticated way such that.. authenticates.. and at the same time convinces.. that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves Strong User Anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain ( home or foreign) that.. is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting Strong User Anonymity. Our solutions can be applied in various kinds of roaming networks such as Cellular Networks and interconnected Wireless Local Area Networks.

Chaosheng Feng,Bin Liu,Zhen Guo,Keping Yu,Zhiguang Qin,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2021.3113321

IF: 10.6

2022-04-15

IEEE Internet of Things Journal

Abstract:While 5G can facilitate high-speed Internet access and make over-the-horizon control a reality for unmanned aerial vehicles (UAVs; also known as drones), there are also potential security and privacy considerations, for example, authentication among drones. Centralized authentication approaches not only suffer from a single point of failure but they are also incapable of cross-domain authentication. This complicates the cooperation of drones from different domains. To address these limitations, a blockchain-based cross-domain authentication scheme for intelligent 5G-enabled Internet of drones is proposed in this article. Our approach employs multiple signatures based on threshold sharing to build an identity federation for collaborative domains. This allows us to support domain joining and exiting. Reliable communication between cross-domain devices is achieved by utilizing smart contract for authentication. The session keys are negotiated to secure subsequent communication between two parties. Our security and performance evaluations show that the proposed scheme is resistant to common attacks targeting Internet of Things (IoT) devices (including drones), as well as demonstrating its effectiveness and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Daojing He,Chun Chen,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1387

2012-01-01

International Journal of Communication Systems

Abstract:SUMMARYWhen one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network‐enabled devices into secure roaming over wireless networks is of essential importance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy‐preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authentication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd.

Cong Nguyen,Diep Nguyen,Hoang Thai Dinh,Anh Hoang Pham,Nguyen Tuong Huynh,Yong Xiao,Eryk Dutkiewicz

DOI: https://doi.org/10.1109/tmc.2021.3065672

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile service providers (MSPs) are particularly vulnerable to roaming frauds, especially ones that exploit the long delay in the data exchange process of the contemporary roaming management systems, causing multi-billion dollars loss each year. In this paper, we introduce BlockRoam, a novel blockchain-based roaming management system that provides an efficient data exchange platform among MSPs and mobile subscribers. Utilizing the Proof-of-Stake (PoS) consensus mechanism and smart contracts, BlockRoam can significantly shorten the information exchanging delay, thereby addressing the roaming fraud problems. Through intensive analysis, we show that the security and performance of such PoS-based blockchain network can be further enhanced by incentivizing more users (e.g., subscribers) to participate in the network. Moreover, users in such networks often join stake pools (e.g., formed by MSPs) to increase their profits. Therefore, we develop an economic model based on Stackelberg game to jointly maximize the profits of the network users and the stake pool, thereby encouraging user participation. We also propose an effective method to guarantee the uniqueness of this game's equilibrium. The performance evaluations show that the proposed economic model helps the MSPs to earn additional profits, attracts more investment to the blockchain network, and enhances the network's security and performance.

computer science, information systems,telecommunications

Zhiguo Wan,Kui Ren,Bart Preneel

DOI: https://doi.org/10.1145/1352533.1352544

2008-01-01

Abstract:Roaming services in wireless networks provide people with preferable flexibility and convenience. However, such advantages should be offered with both security and privacy in mind. With consideration on privacy protection during roaming in wireless networks, we proposed a hierarchical ID-based roaming protocol in this paper. In our scheme, we use a 2-layer hierarchical ID-based cryptosystem in which a trusted party acts as the root authority, each domain server acts as the second-layer authority, and the roaming user is the end user. With the hierarchical ID-based cryptosystem, we can avoid involvement with home network, and keep the roaming the user's identity private. Furthermore, not only the root authority is relieved from management of a large amount of private/public key pairs, but the domain servers are free to generate key pairs for their registered users. At the same time, we use hash chains together with ID-based signatures to achieve non-repudiation for service payment.

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.

Daojing He,Sammy Chan,Chun Chen,Jiajun Bu,Rong Fan

DOI: https://doi.org/10.1007/s11277-010-0033-5

IF: 2.017

2010-01-01

Wireless Personal Communications

Abstract:Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.

Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.

Weichuan Ni,Shitong Ye,Zhiming Xu,Zhiping Wan,Shaojiang Liu

DOI: https://doi.org/10.1109/ACCESS.2020.2967469

IF: 3.9

2020-01-17

IEEE Access

Abstract:With the increasing and diversified Internet of Things (IoT) devices, more IoT heterogeneous wireless networks have emerged, providing more network services for IoT devices, especially mobile phones and other roaming devices. However, there are also some malicious users who use different means to attack the security of the network, so that more users begin to pay attention to the identity authentication and privacy protection of the Internet of Things. This paper designs an IoT node roaming authentication model, which is used to enhance the security authentication capability of the Internet of Things to roaming devices. In order to effectively prevent malicious nodes from connecting to the network, this paper proposes a roaming authentication protocol based on heterogeneous fusion mechanism (HFM-IoT). The authentication protocol uses the remote authentication server in the local and remote areas to perform interactive authentication on the roaming device, which increases the difficulty of attacking or infecting multiple network areas by malicious nodes. According to the security analysis, the protocol can protect against multiple network attacks, and it can be seen from the experimental simulation results that the protocol has lower energy burden and authentication delay.

Engineering,Computer Science

Yao Cheng,Li Yue,Naixia Duan,Chenglong Li

DOI: https://doi.org/10.1155/2022/5426288

2022-03-09

Wireless Communications and Mobile Computing

Abstract:An anonymous roaming scheme of mobile Internet was discussed in this paper aiming to improve the traditional authentication protocol that cannot satisfy the demand of user’s identity authentication when the mobile terminal is roaming in mobile Internet. The authentication server of remote network will complete the identity legitimacy verification of mobile terminal with the help of the home network authentication server. A temporary identity is used to prevent user’s anonymity protection from being tracked and eavesdropped, as well as other attacks, which can improve the confidential of user’s identity and location considerably. This anonymous roaming scheme can achieve a high-level of safety efficiently. This will also satisfy the development of the network technology.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hadi Ghaemi,Dariush Abbasinezhad-Mood,Arezou Ostad-Sharif,Zakieh Alizadehsani

DOI: https://doi.org/10.1016/j.jnca.2024.103843

IF: 7.574

2024-04-01

Journal of Network and Computer Applications

Abstract:In mobility networks, users can receive desired services from foreign agents securely by means of a roaming authentication protocol. During the past decade, scholars have attempted to propose efficient and secure protocols. Nevertheless, careful observation of related works demonstrates that previously-proposed protocols have the following limitations. First, the home agent involvement is required for each key exchange between foreign agent and user, and if, for some reasons, home agent goes down, users of that home agent could no longer get services. Second, in these protocols, authors have assumed that home and foreign agents have a pre-shared key without discussing how this key can be generated, shared, or updated. Third, since in these protocols, the foreign agent needs to send any request from a user to his/her home agent, the number of messages and communication overhead are pretty high. In conclusion, in this paper, by suggesting a novel blockchain-assisted protocol, we intend to cover the above-mentioned crucial gaps. That is to say, our protocol is fault-tolerant, is free from the home agent involvement, and does not require any pre-shared key. Further, it has less overall latency and time compared to the related works. All of these merits have been achieved by a comparable computational cost and better communication overhead, which are demonstrated through our comparisons. More specifically, compared to all related protocols, the proposed one demonstrates at least 37% decrease in the communication overhead.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Jingnan Dong,Guangxia Xu,Chuang Ma,Jun Liu,Uchani Gutierrez Omar Cliff

DOI: https://doi.org/10.1109/jiot.2023.3296506

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1109/TWC.2007.06020042

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:User privacy is a notable security issue in wireless communications. It concerns about user identities from being exposed and user movements and whereabouts from being tracked. The concern of user privacy is particularly signified in systems which support roaming when users are able to hop across networks administered by different operators. In this paper, we propose a novel construction approach of anonymous and authenticated key exchange protocols for a roaming user and a visiting server to establish a random session key in such a way that the visiting server authenticates the user's home server without knowing exactly who the user is. A network eavesdropper cannot find out the user's identity either (user anonymity). In addition, visited servers cannot track the roaming user's movements and whereabouts even they collude with each other (user untraceability). Our construction approach is generic and built upon provably secure two-party key establishment protocols. Merits of our generic protocol construction include eliminating alias synchronization between the user and the home server, supporting joint key control, and not relying on any special security assumptions on the communication channel between the visiting server and the user's home server. Our protocol can also be implemented efficiently. By piggybacking some message flows, the number of message flows between the roaming user and the visiting server is only three. As of independent interest, we describe a new practical attack called deposit-case attack and show that some previously proposed protocols are vulnerable to this attack.

Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen,Minghui Shi

DOI: https://doi.org/10.1109/twc.2006.05063

IF: 10.4

2006-01-01

IEEE Transactions on Wireless Communications

Abstract:Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved

Minghui Shi,Humphrey Rutagemwa,Xuemin (Sherman) Shen,Jon W. Mark,Yixin Jiang,Chuang Lin

DOI: https://doi.org/10.1007/978-0-387-33112-6_11

2007-01-01

Abstract:A wireless LAN service integration architecture based on current wireless LAN hotspots is proposed to make migrating to new service cost effective. The AAA (Authentication, Authorization and Accounting) based mobile terminal registration signaling process is discussed. An application layer end-to-end authentication and key negotiation protocol is proposed to overcome the open air connection problem existing in wireless LAN deployment. The protocol provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign networks. A functional demonstration of the protocol is also given. The research results should contribute to rapid deployment of wireless LANs hotspot service.

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

Ding Wang,Ping Wang,Jing Liu

DOI: https://doi.org/10.1109/WCNC.2014.6953015

2014-01-01

Abstract:User authentication is an important security mechanism that allows mobile users to be granted access to roaming service offered by the foreign agent with assistance of the home agent in mobile networks. While security-related issues have been well studied, how to preserve user privacy in this type of protocols still remains an open problem. In this paper, we revisit the privacy-preserving two-factor authentication scheme presented by Li et al. at WCNC 2013. We show that, despite being armed with a formal security proof, this scheme actually cannot achieve the claimed feature of user anonymity and is insecure against offline password guessing attacks, and thus, it is not recommended for practical applications. Then, we figure out how to fix these identified drawbacks, and suggest an enhanced scheme with better security and reasonable efficiency. Further, we conjecture that under the non-tamper-resistant assumption of the smart cards, only symmetric-key techniques are intrinsically insufficient to attain user anonymity.

Siwei Li,Hui Zhang,Hui Shi,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/s11227-024-06262-y

IF: 3.3

2024-06-04

The Journal of Supercomputing

Abstract:The distributed authentication of a large number of resource-constrained power terminal devices (PTDs) is crucial for ensuring the security of the power IoT communication. However, existing solutions are inadequate in terms of security (such as vulnerability to single point failures or insider attacks) and communication costs, which do not meet the requirements of the power IoT environment. Therefore, we propose a zero-trust-based mutual authentication scheme in cloud-edge-end collaboration power IoT environment based on blockchain technology. The proposed solution involves deploying a distributed multi-point zero-trust engine around dense PTDs to collect real-time identity information. Through the maintenance of an alliance blockchain, the edge server securely shares and traces identity information, preventing tampering and effectively blocking threats related to lost terminals during authentication. Additionally, a lightweight ECC key management scheme ensures the security of authentication information. The proposed scheme effectively defends against common attacks such as replay attacks and identity forgery attacks through informal security analysis, while its security is evaluated using the Canetti and Krawczyk (CK) adversary models. Performance evaluation results demonstrate that the proposed scheme achieves effectiveness without the compromising required security attributes, which obtains up to 58% improvement 58% improvement in computation delay and a 56.9% improvement in communication costs over previous state-of-the-art methods.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture