Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Feng Xu,Yuqi Zhu,Hongxu Ma,Bin Cai

DOI: https://doi.org/10.1080/10798587.2012.10643269

2012-01-01

Intelligent Automation & Soft Computing

Abstract:This paper studies the proper threat of mobile Ad Hoc network, and proposes a threshold authentication scheme without the trusted center based on bilinear pairings. The cost of storage and computational capacity, requiring of each node, can be effectively reduced and security problems such as inner nodes attack, passive attack can be solved. Compared with the existent protocol, this scheme is faster in generating certificate and has lower complexity of computing.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1504/ijesdf.2015.069611

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

Daojing He,Chun Chen,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1109/twc.2011.110811.111240

IF: 10.4

2012-01-01

IEEE Transactions on Wireless Communications

Abstract:Seamless handover over multiple access points is highly desirable to mobile nodes, but ensuring security and efficiency of this process is challenging. This paper shows that prior handover authentication schemes incur high communication and computation costs, and are subject to a few security attacks. Further, a novel handover authentication protocol named PairHand is proposed. PairHand uses pairing-based cryptography to secure handover process and to achieve high efficiency. Also, an efficient batch signature verification scheme is incorporated into PairHand. Experiments using our implementation on laptop PCs show that PairHand is feasible in real applications.

Yuezhi Zhou

2012-01-01

Abstract:Certificateless public key cryptography has appealing features,namely it does not require the use of certificates and does not have a private key escrow feature.This paper describes a certificateless key agreement protocol based on bilinear pairings.The identity authentication in the protocol depends on a digital signature scheme.This paper proves the security of the signature scheme.The results show that in the random oracle model with the discrete logarithm assumption,the signature scheme resists existential forgeries against adaptive chosen-message attacks.The results farther show that the protocol preserves the desired security properties,including known-key security,unknown key-share resilience,perfect forward secrecy,key-compromise impersonation resilience and leakage of ephemeral private key resilience.The protocol requires much lower computation overhead than related protocols,since it uses fewer bilinear pairing operations and no modular exponentiation.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ETCS.2010.437

2010-01-01

Abstract:User authentication is very important mechanism in computer network systems for preventing unauthorized network access. In recent years, the bilinear pairings have been found to be very useful in various applications in cryptography and have allowed us to construct new cryptographic primitives. In 2006, Das et al. proposed an identity-based remote user authentication scheme with smart cards using bilinear pairings. Unfortunately, their scheme is insecure against forgery attack. In this paper, we propose a (t, n) threshold distributed authentication scheme using the bilinear pairings with smart cards which needs at least t authentication servers to collaboratively authenticate the remote user. Our scheme makes some improvements from Das's scheme and is expanded to a multi-server environment in distributed networks. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and identity attack under the random oracle model.

Fangguo Zhang,Shengli Liu,Kwangjo Kim

2002-01-01

Abstract:With various applications of Weil pairing (Tate pairing) to cryptography, ID-based encryption schemes, digital signature schemes, blind signature scheme, two-party authenticated key agreement schemes, and tripartite key agreement scheme were proposed recently, all of them using bilinear pairing (Weil or Tate pairing). In this paper, we propose an ID-based one round authenticated tripartite key agreement protocol. The authenticity of the protocol is assured by a special signature scheme, so that messages carrying the information of two ephemeral keys can be broadcasted authenticly by an entity. Consequently, one instance of our protocol results in eight session keys for three entities. Security attributes of our protocol are presented, and the computational overhead and band- width of the broadcast messages are analyzed as well.

LIU Tao,XIONG Yan,HUANG Wenchao,LU Qiwei,GONG Xudong

DOI: https://doi.org/10.3724/sp.j.1087.2013.01842

2013-01-01

Journal of Computer Applications

Abstract:Concerning the vulnerability to attack from external and internal nodes and node failure due to openness and limited resources in Wireless Sensor Network(WSN),an efficient,secure trusted authentication scheme was proposed.The theory of identity-based and bilinear pairings was adopted in the authentication key agreement and update.The node trust value was computed by node behavior reputation management based on Beta distribution.The symmetric cryptosystem combined with message authentication code was used in certification process between trusted nodes which were identified by the trust value.The scheme not only can prevent eavesdropping,injection,replay,denial of service and other external attacks,but also is able to withstand internal threats such as the selective forwarding,Wormhole attack,Sinkhole attack and Sybil attack.The analysis and comparison with SPINS scheme show that the scheme can achieve longer network lifetime,smaller certification delay,greater security and scalability in the same network environment.The scheme has good application value in unattended WSN with high safety requirements.

Fagen Li,Jiaojiao Hong,Anyembe Andrew Omala

DOI: https://doi.org/10.1007/s11276-016-1317-9

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Pervasive computing environments allow users to get services anytime and anywhere. Security has become a great challenge in pervasive computing environments because of its heterogeneity, openness, mobility and dynamicity. In this paper, we propose two heterogeneous deniable authentication protocols for pervasive computing environments using bilinear pairings. The first protocol allows a sender in a public key infrastructure (PKI) environment to send a message to a receiver in an identity-based cryptography (IBC) environment. The second protocol allows a sender in the IBC environment to send a message to a receiver in the PKI environment. Our protocols admits formal security proof in the random oracle model under the bilinear Diffie–Hellman assumption. In addition, our protocols support batch verification that can speed up the verification of authenticators. The characteristic makes our protocols useful in pervasive computing environments.

LIU Wen-hao,XU Chun-xiang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.11.078

2010-01-01

Abstract:A few of certificateless key agreement schemes have been proposed in recent years,all of them need pairing operations,what's more,most of them are vulnerable to the key compromise impersonation attack and resistance to leakage of ephemeral keys.The provably secure certificateless key agreement protocol was proposed by Lippold in 2009,but their protocol suffered from computation burden.In order to solve the above-mentioned problem,this paper proposed a new pairing-free certificateless two party key agreement scheme (CL-KA) and presened its security properties.The new scheme was secure as long as each party had at least one uncompromised secret.Thus,the new scheme was secure even if the key generation centre learned the ephemeral secrets of both parties.The new scheme achieves efficiency in computational cost when compared with Lippold's protocol.

Congcong Li,Xi Zhang,Haiping Wang,Dongfeng Li

DOI: https://doi.org/10.3390/s18010194

2018-01-11

Abstract:Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

Liang Ni,Gongliang Chen,Jianhua Li

DOI: https://doi.org/10.1109/ncis.2011.49

2011-01-01

Abstract:The session initiation protocol (SIP) is widely used as a signaling protocol based on the challenge-response exchange mode for handling multimedia sessions in both wire line and wireless world. The original authentication mechanism of SIP is HTTP digest based authentication, which is vulnerable to many forms of known attacks and therefore can not provide security at an acceptable level. In this paper, we propose an identity-based authenticated key agreement mechanism which can be used in SIP to solve the security problems existing in its original authentication procedure. The proposed scheme uses Elliptic Curve Cryptography and does not require expensive bilinear pairing operations, which makes it computationally much more efficient than previous identity-based and Certificateless schemes using pairings. We show the security of our proposal under the Canetti-Krawczky model. Our scheme captures many desirable security properties and can prevent various possible attacks induced by open networks and the standard of SIP message. Furthermore, through introducing some design ideas from Certificateless cryptography, our proposal avoids not only the requirement of a large Public Key Infrastructure but also key escrow problem.

Debiao He,Yitao Chen,Jianhua Chen,Rui Zhang,Weiwei Han

DOI: https://doi.org/10.1016/j.mcm.2011.08.004

2011-01-01

Abstract:Certificateless public key cryptography (CLPKC), which can simplify the complex certificate management in the traditional public key cryptography and resolve the key escrow problem in identity-based cryptography, has been widely studied. As an important part of CLPKC, certificateless two-party authenticated key agreement (CTAKA) protocols have also received considerable attention. Recently, many CTAKA protocols using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. To improve the performance, several CTAKA protocols without pairings have been proposed. In this paper, we will show a latest CTAKA protocol is not secure against a type 1 adversary. To improve the security and performance, we also propose a new CTAKA protocol without pairing. At last, we show the proposed protocol is secure under the random oracle model.

H. Wen,P. -H. Ho,C. Qi,G. Gong

DOI: https://doi.org/10.1049/iet-ifs.2009.0197

2013-01-01

Abstract:The paper introduces a novel message authentication framework over broadcast channels, where a symmetric cryptography-based physical layer assisted message authentication (PLAA) scheme is introduced in wireless networks. The proposed framework integrate the conventional message authentication schemes and the physical layer authentication mechanisms by taking advantage of temporal and spatial uniqueness in physical layer channel responses, aiming to achieving fast authentication while minimising the packet transmission overhead. Our claims through extensive analysis and simulation will be verified via comparing with public key infrastructure-based PLAA scheme and traditional upper layer authentication schemes.

Wenying Zheng,Ziyuan Gui,Dengzhi Liu,Xiong Li,Bing Chen

DOI: https://doi.org/10.3966/160792642018121907025

2018-01-01

Abstract:User authentication and key agreement in smart cards is a critical issue due to the open and complex wireless communication environment. In order to protect the user's privacy and sensitive data in smart cards, many two-factor authentication protocols have been proposed, yet most of them cannot withstand various attacks. In this paper, we summarize the security requirements for smart cards and propose a secure lightweight certificateless authentication protocol with password change. Moreover, the proposed protocol satisfies anonymity, mutual authentication and session key agreement as well as resists many attacks. The performance analysis demonstrate that the proposed protocol is secure and highly practical.

Jiaqing Mo,Hang Chen

DOI: https://doi.org/10.1155/2019/2136506

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Wireless sensor networks (WSNs) have great potential for numerous domains of application because of their ability to sense and understand unattended environments. However, a WSN is subject to various attacks due to the openness of the public wireless channel. Therefore, a secure authentication mechanism is vital to enable secure communication within WSNs, and many studies on authentication techniques have been presented to build robust WSNs. Recently, Lu et al. analyzed the security defects of the previous ones and proposed an anonymous three-factor authenticated key agreement protocol for WSNs. However, we found that their protocol is vulnerable to some security weaknesses, such as the offline password guessing attack, known session-specific temporary information attack, and no session key backward secrecy. We propose a lightweight security-improved three-factor authentication scheme for WSNs to overcome the previously stated weaknesses. In addition, the improved scheme is proven to be secure under the random oracle model, and a formal verification is conducted by ProVerif to reveal that the proposal achieves the required security features. Moreover, the theoretical analysis indicates that the proposal can resist known attacks. A comparison with related works demonstrates that the proposed scheme is superior due to its reasonable performance and additional security features.

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Qianna Xie,Fagen Li

DOI: https://doi.org/10.1080/1206212x.2016.1188564

2015-01-01

Abstract:Deniable authenticate is a different and attractive authenticate mechanism compared with the traditional authentication. It allows the appointed receiver to identify the identity of the sender, but not to prove the source of a given message to a third party even if the appointed receiver is willing to reveal its private key. Certificateless public key cryptography can solve both the public key certificate management problem of public key infrastructure-based cryptography and the key escrow problem of identity-based cryptography. In this paper, we first define a security model for certificateless deniable authentication protocols. Then we propose a non-interactive certificateless deniable authentication protocol. In addition, we prove its security in the random oracle model. Our protocol can be applied in many actual application scenarios, such as electronic voting, electronic tendering, and online shopping.

Han LIU,Da-wu GU,Qing-zu SHI

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.029

2005-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:The wireless local area network (WLAN) security standard made by China (WAPI)——uses public key certificates mechanism to implement two-way authentication and private communication. It provides good security solution for large-scale WLAN. However, the system based on WAPI is complex and has security flaws. The identity-based cryptosystem was adopted in WLAN to implement key agreement and two-way authentication. This scheme simplifies the system architecture and is more feasible in small-scale or middle-scale WLAN. It also overcomes the security flaws in WAPI. By the performance analysis, security analysis and contrast to WAPI, the new scheme is proved to be more suitable for small-scale or middle-scale WLAN.