Cossi Blaise Avoussoukpo,Chunxiang Xu,Marius Tchenagnon

DOI: https://doi.org/10.1109/ICCT.2018.8600239

2018-01-01

Abstract:Opportunistic Networks, with users as a vital component, appears as a natural evolution of mobile Ad Hoc Networks field, and to some extent, an example of how the Internet of Things work. So, Opportunistic Networks due to their characteristics, need users- centric considerations when it comes to design Opportunistic Networks' routing, privacy, and authentications schemes. However, most mutual authentication schemes proposed for Opportunistic Networks do not consider, on the one hand, the gregarious aspect of users, and on the other hand, the parameter that pre-established contacts could be used in a mutual authentication process. Considering the factors pre-established contacts, Seed OppNet Identity, and traditional cryptography's principles, this paper proposes a realistic multiple levels authentication scheme for short-term and limited-time wireless network environment. The proposed scheme is realistic and achieves anonymity and privacy.

WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

Cossi Blaise Avoussoukpo,Chunxiang Xu,Marius Tchenagnon

2020-01-01

Abstract:The Opportunistic Communication main goal is to use short-term, simple, easy, convenient, and quick actions to communicate when limited or no traditional Communications infrastructure is available. For users’ altruism represents the heart of any OppNets, using Communications Technologies such as Bluetooth, Wi-Max, or WiFi to communicate poses not only routing challenges but also users privacy challenges. However, most researches on OppNets domain, focus more on routing security than users mutual authentication and privacy. This work provides a review of the state of the art proposals on users privacy and mutual authentication techniques with three main contributions. First, it clarifies the concept of OppNets. Second, it Points out the differences between OppNets and some communications models that emerged from Mobile Ad hoc Networks research. Third, it succinctly reviews the main existing techniques proposed for users mutual authentication and privacy protection in OppNets, organising them in a taxonomy. Finally, it discusses, the limits of the techniques studied.

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1109/INCoS.2011.151

2011-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Shouhuai Xu,Xiaohu Li,T. Paul Parker

DOI: https://doi.org/10.1145/1368310.1368358

2008-01-01

Abstract:ABSTRACTDigital signatures are an important security mechanism, especially when non-repudiation is desired. However, non-repudiation is meaningful only when the private signing keys and functions are adequately protected --- an assumption that is very difficult to accommodate in the real world because computers (and thus cryptographic keys and functions) could be relatively easily compromised. One approach to resolving, or at least alleviating, this problem is to use threshold cryptography. But how should such techniques be employed in the real world? In this paper we propose exploiting social networks whereby average users take advantage of their trusted ones to help secure their cryptographic keys. While the idea is simple from an individual user's perspective, we aim to understand the resulting systems from a whole-system perspective. Specifically, we propose and investigate two measures of the resulting systems: attack-resilience, which captures the security consequences due to the compromise of some computers and thus the compromise of the cryptographic key shares stored on them; availability, which captures the effect when computers are not always responsive (due to the peer-to-peer nature of social networks).

Hu Xiong,Zhi Guan,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2012.07.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:An aggregate signature scheme enables an algorithm to aggregate n signatures of n distinct messages from n users into a single short signature. This primitive is useful in resource-constrained environment since they allow bandwidth and computational savings. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we present an efficient certificateless aggregate signature scheme with constant pairing computations. The security of the proposed scheme can be proved to be equivalent to the standard computational Diffie–Hellman problem in the random oracle with a tight reduction. Furthermore, our scheme does not require synchronization for aggregating randomness, which makes it more suitable for ad hoc networks.

Hu Xiong,Qianhong Wu,Zhong Chen

2012-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures on n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme. Compared with up-to-date certificateless aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model; (2) the security is proven in the strongest security model so far; (3) the signers do not need to be synchronized; and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Kang Li,Man Ho Au,Wang Hei Ho,Yi Lei Wang

DOI: https://doi.org/10.1007/978-3-030-31919-9_4

2019-01-01

Abstract:Vehicular ad hoc networks (VANETs) are fundamental components of building a safe and intelligent transportation system. However, due to its wireless nature, VANETs have serious security and privacy issues that need to be addressed. The conditional privacy-preserving authentication protocol is one important tool to satisfy the security and privacy requirements. Many such schemes employ the certificateless signature, which not only avoids the key management issue of the PKI-based scheme but also solves the key escrow problem of the ID-based signature scheme. However, many schemes have the drawback that the computational expensive bilinear pairing operation or map-to-point hash function are used. In order to enhance the efficiency, certificateless signature schemes for VANETs are usually constructed to support signature aggregation or online/offline computation. In this paper, we propose an efficient conditional privacy-preserving authentication scheme using an online/offline certificateless aggregate signature, which does not require bilinear pairing or map-to-point hash function, to address the security and privacy issues of VANETs. Our proposed scheme is proven to be secure with a rigorous security proof, and it satisfies all the security and privacy requirements with a better performance compared with other related schemes.

Xin Ye,Gencheng Xu,Xueli Cheng,Yuedi Li,Zhiguang Qin

DOI: https://doi.org/10.1155/2021/6677137

2021-01-01

Abstract:Development of Internet of Vehicles (IoV) has aroused extensive attention in recent years. The IoV requires an efficient communication mode when the application scenarios are complicated. To reduce the verifying time and cut the length of signature, certificateless aggregate signature (CL-AS) is used to achieve improved performance in resource-constrained environments like vehicular ad hoc networks (VANETs), which is able to make it effective in environments constrained by bandwidth and storage. However, in the real application scenarios, messages should be kept untamed, unleashed, and authentic. In addition, most of the proposed schemes tend to be easy to attack by signers or malicious entities which can be called coalition attack. In this paper, we present an improved certificateless-based authentication and aggregate signature scheme, which can properly solve the coalition attack. Moreover, the proposed scheme not only uses pseudonyms in communications to prevent vehicles from revealing their identity but also achieves considerable efficiency compared with state-of-the-art work, certificateless signature (CLS), and CL-AS schemes. Furthermore, it demonstrates that when focused on the existential forgery on adaptive chosen message attack and coalition attack, the proposed schemes can be proved secure. Also, we show that our scheme exceeds existing certification schemes in both computing and communication costs.

Haojin Zhu,Xiaodong Lin,Rongxing Lu,Xuemin Shen,Dongsheng Xing,Zhenfu Cao

DOI: https://doi.org/10.1109/INFCOM.2010.5462166

2010-01-01

Abstract:Bundle Authentication is a critical security service in Delay Tolerant Networks (DTNs) that ensures authenticity and integrity of bundles during multi-hop transmissions. Public key signatures, which have been suggested in existing bundle security protocol specification, achieve bundle authentication at the cost of an increased computational, transmission overhead and a higher energy consumption, which is not desirable for energy-constrained DTNs. On the other hand, the unique ``store-carry-and-forward'' transmission characteristic of DTNs implies that bundles from distinct/common senders can be buffered opportunistically at some common intermediate nodes. This ``buffering'' characteristic distinguishes DTN from any other traditional wireless networks, for which an intermediate cache is not supported. To exploit such a buffering characteristic, in this paper, we propose an Opportunistic Batch Bundle Authentication Scheme (OBBA) to achieve efficient bundle authentication. The proposed scheme adopts batch verification techniques, allowing a computational overhead to be bounded by the number of opportunistic contacts instead of the number of messages. Furthermore, we introduce a novel concept of a fragment authentication tree to minimize communication cost by choosing an optimal tree height. Finally, we implement OBBA in a specific DTN scenario setting: packet-switched networks on campus. The simulation results in terms of computation time, transmission overhead and power consumption are given to demonstrate the efficiency and effectiveness of the proposed schemes.

Oday A. Hassen,Ansam A. Abdulhussein,Saad M. Darwish,Zulaiha Ali Othman,Sabrina Tiun,Yasmin A. Lotfy

DOI: https://doi.org/10.3390/sym12101699

2020-10-15

Symmetry

Abstract:Blockchain technology has been commonly used in the last years in numerous fields, such as transactions documenting and monitoring real assets (house, cash) or intangible assets (copyright, intellectual property). The internet of things (IoT) technology, on the other hand, has become the main driver of the fourth industrial revolution, and is currently utilized in diverse fields of industry. New approaches have been established through improving the authentication methods in the blockchain to address the constraints of scalability and protection in IoT operating environments of distributed blockchain technology by control of a private key. However, these authentication mechanisms do not consider security when applying IoT to the network, as the nature of IoT communication with numerous entities all the time in various locations increases security risks resulting in extreme asset damage. This posed many difficulties in finding harmony between security and scalability. To address this gap, the work suggested in this paper adapts multimodal biometrics to strengthen network security by extracting a private key with high entropy. Additionally, via a whitelist, the suggested scheme evaluates the security score for the IoT system with a blockchain smart contract to guarantee that highly secured applications authenticate easily and restrict compromised devices. Experimental results indicate that our system is existentially unforgeable to an efficient message attack, and therefore, decreases the expansion of infected devices to the network by up to 49 percent relative to traditional schemes.

Yan XU,Liu-sheng HUANG,Miao-miao TIAN,Hong ZHONG,Jie CUI

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.011

2016-01-01

Abstract:Aggregate signature schemes are particularly useful for authentication in resource-constrained wireless net-works for realizing batch verification.Certificateless cryptosystems can resolve the certificate management problem or key es-crow problem in aggregate signature schemes.This paper firstly analyzed a certificatelss aggregate signature(CLAS)scheme. Then,a more efficient CLAS scheme that requires less bilinear paring operations was provided.The security analysis showed that this scheme can resist the forgery attack under the random oracle model,the security was equal to resolve CDH problem.

Biying Wang,Zheng Chang,Shancang Li,Timo Hamalainen

DOI: https://doi.org/10.1109/taes.2022.3187389

IF: 3.491

2022-01-01

IEEE Transactions on Aerospace and Electronic Systems

Abstract:Recently, integrating satellite networks (e.g., low-Earth-orbit (LEO) satellite constellation) into the Internet of Things (IoT) ecosystem has emerged as a potential paradigm to provide more reliable, ubiquitous, and seamless network services. The LEO satellite networks serves as a key enabler to transform the connectivity across industries and geographical border. Despite the convenience brought from the LEO satellite networks, it arises security concerns, in which the essential one is to secure the communication between the IoT devices and the LEO satellite network. However, some challenges inheriting from the LEO satellite networks need to be considered, which are: the dynamic topology; the resource-constraint satellites; the relative long latency; and multiple beams authentication. In particular, the centralized authentication schemes are no longer suitable for the emerging LEO satellite-assisted IoT ecosystem. In this article, we first introduce the architecture of the LEO satellite network-assisted IoT ecosystem. Then, we propose an efficient and privacy-preserving blockchain-based authentication scheme. The proposed authentication scheme takes the advantages of certificateless encryption and consortium blockchain to provide lightweight key pair computation without appealing devices’ information and efficient signature querying and verification. In addition, a fast authentication mechanism is implemented in the scheme in order to reduce the time complexity from querying a certain record for the authentication within a satellite among multiple beams. With the analysis of the storage and computation complexity, the performance evaluation demonstrates the effectiveness of the proposed scheme.

Y. Rajkumar,S. V. N. Santhosh Kumar

DOI: https://doi.org/10.1007/s12083-024-01636-8

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:Traffic data generated by the vehicles are often transported in a wide open wireless communication channel which poses several security and privacy vulnerabilities. In case of any malicious or illicit behavior exhibited by the vehicles, it is difficult to trace back the original identity. Hence message authentication and traceability plays a major role in achieving the stability of the network. To address the objectives of message authentication and traceability, a lightweight privacy preserving distributed certificate-less aggregate signature authentication technique has been proposed. The proposed work utilized pseudo-identity and partial private keys which are distributed to perform mutual authentication and key revocation in case of legal proceedings that incurs computations which are lightweight. Formal and informal security analysis has been provided to demonstrate the strength of the authentication scheme using random-oracle model. In this work, the experiment has been carried by utilizing MIRACL C + + cryptographic library and by OMNET + + Simulator. The proposed scheme performs mutual authentication using certificate-less scheme thereby reducing the computational cost of 2.0284 ms with a reduction in the verification delay around 90% when compared with the other existing authentication schemes.

computer science, information systems,telecommunications

Marc Saideh,Jean-Paul Jamont,Laurent Vercouter

DOI: https://doi.org/10.3390/s24144621

2024-07-18

Abstract:Communication between connected objects in the Internet of Things (IoT) often requires secure and reliable authentication mechanisms to verify identities of entities and prevent unauthorized access to sensitive data and resources. Unlike other domains, IoT offers several advantages and opportunities, such as the ability to collect real-time data through numerous sensors. These data contains valuable information about the environment and other objects that, if used, can significantly enhance authentication processes. In this paper, we propose a novel idea to building opportunistic sensor-based authentication factors by leveraging existing IoT sensors in a system of systems approach. The objective is to highlight the promising prospects of opportunistic authentication factors in enhancing IoT security. We claim that sensors can be utilized to create additional authentication factors, thereby reinforcing existing object-to-object authentication mechanisms. By integrating these opportunistic sensor-based authentication factors into multi-factor authentication schemes, IoT security can be substantially improved. We demonstrate the feasibility and effectivenness of our idea through illustrative experiments in a parking entry scenario, involving both mobile robots and cars, achieving high identification accuracy. We highlight the potential of this novel method to improve IoT security and suggest future research directions for formalizing and comparing our approach with existing techniques.

Cryptography and Security

Daniele Raffo,Cédric Adjih,Thomas Clausen,Paul Mühlethaler,C�dric Adjih,Paul M�hlethaler

DOI: https://doi.org/10.1145/1029102.1029106

2004-01-01

Abstract:In this paper we investigate security issues related to the Optimized Link State Routing Protocol -- one example of a proactive routing protocol for MANETs. We inventory the possible attacks against the integrity of the OLSR network routing infrastructure, and present a technique for securing the network. In particular, assuming that a mechanism for routing message authentication (digital signatures) has been deployed, we concentrate on the problem where otherwise "trusted" nodes have been compromised by attackers, which could then inject false (however correctly signed) routing messages. Our main approach is based on authentication checks of information injected into the network, and reuse of this information by a node to prove its link state at a later time. We finally synthetize the overhead and the remaining vulnerabilities of the proposed solution.

Fagen Li,Di Zhong,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/wcl.2012.091312.120488

IF: 6.3

2012-01-01

IEEE Wireless Communications Letters

Abstract:Authentication is an important security requirement for wireless sensor networks. Digital signature plays a crucial role to provide integrity, authentication and non-repudiation of data. In this letter, we propose a practical identity-based online/offline signature scheme for wireless sensor networks. Our scheme splits the signature generation into two phases: offline phase and online phase. In the offline part, most heavy computations are done without the knowledge of a message. In the online stage, only light computations are done when the message is known. As compared with the existing four pairing-based identity-based online/offline signature schemes, our scheme has the lowest computational cost.

Miao He,Xiangman Li,Jianbing Ni,Haomiao Yang

DOI: https://doi.org/10.1109/PST52912.2021.9647772

2021-01-01

Abstract:In this paper, we investigate the efficiency of network access control with the co-existence of multiple network operators and propose an efficient and secure network access control architecture (ESNAC) that offers fast identity authentication and access authorization in space-air-ground integrated networks. The major challenge lies in enabling multiple independent network operators to authorize and authenticate mobile users for network access in a secure and efficient way, even they are not mutually trusted. To address this challenge, we introduce an aggregate anonymous credential mechanism to enable a mobile user to present network access authorization of a group of network operators based on the consolidated anonymous credential that is aggregated from the partial anonymous credentials of the network operators. In addition, the efficient authentication of packet delivery is provided based on a sequential aggregate signature that allows each network operator to sign network packets for authentication and sequentially aggregate signatures for communication efficiency. Finally, we discuss the desired security properties of ESNAC and demonstrate its computational and communication efficiency by comparing with the conventional scheme without aggregation.

Wei Feng,Zheng Yan,Haomeng Xie

DOI: https://doi.org/10.1109/access.2017.2679980

IF: 3.9

2017-01-01

IEEE Access

Abstract:Pervasive social networking (PSN) supports instant social activities anywhere and at any time with the support of heterogeneous networks, where privacy preservation is a crucial issue. One of the effective methods to achieve privacy preservation is anonymous authentication on trust. However, few literatures pay attention to it. In this paper, we propose an anonymous authentication scheme based on group signature for authenticating trust levels rather than identities of nodes in order to avoid privacy leakage and guarantee secure communications in PSN. The scheme achieves secure anonymous authentication with anonymity and conditional traceability with the support of a trusted authority (TA). We also provide a mechanism to guarantee communications among nodes when TA is not available for some nodes. In addition, the utilization of batch signature verification further improves the efficiency of authenticity verification on a large number of messages. Performance analysis and evaluation further prove that the proposed scheme is effective with regard to privacy preservation, computation complexity, communication cost, flexibility, reliability, and scalability.

Huai Wu,Chunxiang Xu,Jiang Deng

DOI: https://doi.org/10.1109/INCoS.2013.95

2013-01-01

Abstract:Fast signature verification is desirable in many applications, especially for numerous low computation scenarios such as RFID, wireless network. Up to now, many techniques have been suggested to reduce the computational load. For example, server-aided verification aims at saving computational overhead and aggregated signatures have been used for saving the bandwidth by compressing a list of signatures into a single signature. Therefore, it is interesting to study how to combine these two tricks together, namely server-aided aggregate verification signature, to achieve both short signature length and secure server-aided verification. The contribution of this paper is three folds. Firstly, we formalize a new security model of server-aided aggregate verification signature scheme (SAAV-?). Secondly, we propose a concrete server-aided aggregate verification signature scheme based BGLS signature scheme. Finally, we show that our construction is secure in our model.