YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Jie Liu,Xiaojun Tong,Zhu Wang,Miao Zhang,Jing Ma

DOI: https://doi.org/10.1109/access.2020.2976753

IF: 3.9

2020-01-01

IEEE Access

Abstract:Constrained by the limited resource, high-latency and high bit error rate, the existing group key management schemes for the space network are inefficient. To solve this problem, we proposed a centralized and identity-based key management scheme by using McEliece public-key cryptosystem (PKC). In this scheme, the node identity is used as the parameter to generate the public key. Therefore, the authentication can be embedded into the verification of the public key without needing the PKI. The group key is distributed with the protection of the public key so that the group key management scheme can be implemented safely. Furthermore, the McEliece public-key cryptosystem can resist the quantum attack and provide error correction capacity. It improves the efficiency of the group key distribution over the noisy channel. The proposed key management scheme is simulated on OPNET. The security of public-key generation, forward secrecy, backward secrecy and performance are analyzed. The results show that our scheme can provide confidentiality, integrity, authentication, non-repudiation, failure tolerance and error correction. In addition, the computation overhead and rounds of interaction are lower than former work.

Jun Zheng,Zhifu Chen,Jinrong Xue,Fan Wu

DOI: https://doi.org/10.2991/nceece-15.2016.194

2016-01-01

Abstract:In recent years, the rapid development and wide usage of wireless sensor networks, makes it a research hotspot at home and abroad. Wireless sensor network is an open network, the sensor nodes can easily be captured or tampered. Ensuring network security is a prerequisite for communication. So, establishing session key between adjacent nodes is critical in key management scheme for wireless sensor networks. In order to save cost and control node size, nodes in sensor networks typically have characteristics of weak storage capacity, low communication bandwidth and limited computing ability. Therefore, ordinary key management mechanism cannot be applied to the sensor networks directly. In consideration of these features of sensor nodes, a CPK-based key management scheme for wireless sensor networks is proposed in this paper based on the complexity of solving elliptic curve discrete logarithm problem. Analysis shows that our scheme performs better than some existing scheme in security, storage efficiency, calculation cost and other aspects, so it can be applied to large-scale wireless sensor networks.

Jiang XingHao,Sun TanFeng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.12.063

2006-01-01

Abstract:The paper firstly analyses kinds of security problems of RFID, including conventional security and indi- vidual privacy. Then, presents Xingxin Gao's secure RFID system. At last, proposes a new secure RFID system based on mutual authentication. Combining mutual authentication mechanism and randomized read access control, the RFID sys- tem proposed in the paper can prevent kinds of conventional attacks effectively, especially repay attack. It can also protect the individual privacy. Additional, by encrypting the user's information with the digital certification, the commu- nication between the RFID tag and RFID reader becomes safer.

Zehua Chen,Linsen Li,Yue Wu,Xinglei Zhang

DOI: https://doi.org/10.1109/ICEICE.2012.448

2012-01-01

Abstract:As the RFID technology and application in many different fields continue to evolve and mature, the security and privacy issues about RFID application also become more and more important. However, the traditional unidirectional ECDLP-based authentication protocol cannot satisfy the security demands under various attacks on the RFID system. In this paper, we present a mutual authentication improvement proposal for traditional unidirectional ECDLP-Based RFID Authentication protocols by using the Diffie-Hellman key exchange and the randomized key method. The randomized key method is our former research on this research direction. Our security analysis shows that the proposed improved protocols get better security and privacy performance respectively.

Wang Yi,Gu Dawn,Bai Yingcai

2002-01-01

Abstract:With the development of mobile telecommunication system and the appearance of new requirements, conventional key management using secret-key cryptosystem is facing great challenge. In order to adapt to new application environment, public-key cryptosystem (PKC) based key management scheme is suggested to solve this problem. Standing on this point, this paper first introduces the possibility of future applications on public-key cryptosystem in mobile telecommunication system. Then through investigating a basic authentication scheme using PKC, we propose an improved one that is stronger and can be used in wider range. Finally, the features of new scheme are discussed.

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

Fagen Li,Xiangjun Xin,Yupu Hu

DOI: https://doi.org/10.1504/ijmc.2007.011491

2006-01-01

International Journal of Mobile Communications

Abstract:As various applications of ad hoc network have been proposed, security issues have become a central concern and are increasingly important. In this paper, we propose a distributed key management approach by using the self-certified public key system and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organising way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The using of self-certified public key system has the following advantages: (1) the storage space and the communication overheads can be reduced in that the certificate is unnecessary; (2) the computational costs can be decreased since it requires no public key verification; (3) there is no key escrow problem since the Certificate Authority (CA) does not know the users' private keys. As compared with the previous works, which were implemented with the certificate-based public key system and identity-based (ID-based) public key system, the proposed approach is more secure and efficient.

FU Yongping,ZHAO Yinliang,ZHONG Shenghai,FU Zhengfang

2006-01-01

Abstract:In this paper, the author researched the character of Campus Networks, designed a Campus Networks security System based on Public key Infrastructure (PKI) and implemented the system based on JAVA.

Zhi-guo Ding,Li Guo,Yu-jie Wang

2009-01-01

Abstract:As RFID becomes more and more popular, it is imperative to design authentication protocols to resist all possible attacks and threats. In order to overcome counterfeits of readers, a new authentication protocol is proposed based on key array. The new protocol can deal with the synchronization of key update by adding flags of key update. It can resist several possible attacks, including reply, tracking, blocking, proofing and inner attacks. Compared with other authentication protocols, the new protocol can improve the security of RFID systems effectively and does not increase the complexity of protocol.

FY Miao,Y Xiong,SB Yang,XF Wang

IF: 1.019

2005-01-01

Chinese Journal of Electronics

Abstract:The distribution and autonomy of Mobile ad hoc network (Manet) exclude the deployment of the Public key infrastructure (PKI) with an online Trusted third party (TTP). Allowing for the characteristics of Manet such as transience, distribution and autonomy, the paper proposes a one-way hash chain based Public key infrastructure for manet (PKIM). In the scheme, a node, before coming into a Manet, first acquires a certificate offline from its manufacturer, and then the certificate can be initialized at any time to use, refreshed and revoked by the node itself based on time synchronization and one-way hash chain. Discussions show that the PKIM can exempt any support of TTP and manufacturer, and remove the limitation of life period on certificate if parameters are properly selected. Thus, the scheme is secure, TTP-free, flexible and suitable for Manet.

张诚,葛建华,俞晖

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.26.066

2008-01-01

Abstract:RFID is now widely deployed in various areas,such as manufacture,military,logistics and daily life. But the information is transmitted by air,which issues a great challenge on privacy and security of RFID system. Based on the overview of the former RFID security mechanism,this paper proposes a bi-directional authentication with aliaes mechanism. This mechanism provides both forward and backward security,and is easy to implement with low cost. The paper also analyzes the system performance from security,computation complexity,resource requirement,all of which indicate that this is an applicable RFID security solution.

Hoang Nam Nguyen,Hiroaki Morino

DOI: https://doi.org/10.1007/11596042_93

2005-01-01

Abstract:Providing secure communications is a crucial task for the success of future ubiquitous mobile communication systems. Using public key infrastructure (PKI) is considered as a good solution to fulfill the task. However, as mobile ad hoc networks (MANET) inherit unique characteristics such as dynamic topology, non-infrastructure architecture, centralized PKI architectures are not suitable for dynamic MANET. The use of distributed PKI models is more appropriate but requires additional modifications to adapt with network changes. In this paper, we introduce a novel key management scheme for MANET, which exploits advantages of threshold cryptography. The major innovative aspect of this scheme is the use of temporal substitute certificate authorities (SCA), which form a PKI model of multi SCA groups. Performance results obtained by computer simulation show that the proposed key management scheme can reduce the latency of authentication, certificate update delay and the signaling load.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

CHEN Zhi-jun,SHI Xing-rong,YUAN Ping-bo

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.09.069

2007-01-01

Abstract:Key management is an essential technique to secure communication, particularly in the tactical environments. In this paper a multilevel key management scheme is proposed, which has the characteristics of reliability, high efficiency, convenient management, easy implementation.

Zeng Hui,Jiang Xinghao,Sun Tanfeng

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.06.075

2012-01-01

Abstract:Aiming at such problems in traditional EPC network structure as not enough consideration on EPC data security as well as difficulty in access control detailed implementation etc.,the paper presents a PKI-based improved EPC network model.The model,established on traditional EPC network structure,introduces a simplified light-weight PKI module to realize such services in communication process as authentication,encrypted transmission,etc.Meanwhile,the EPCIS interactive process is ameliorated by incorporating the TM-server(Trusted Middle server) to achieve access control during the communication process.The data returned back to users are encrypted with keys and redirected via TM-server in order to attain the objective of segregating users from EPCIS servers for trustful transmission.Finally,the paper attempts to import RBAC model.Analytical results show that the proposed architecture can effectively realize access control of EPC data and promote the security of EPC network.