YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1007/s11227-022-04378-7

IF: 3.3

2022-01-01

The Journal of Supercomputing

Abstract:Supersingular isogeny-based cryptography is now seen as one of the most promising candidates that can be secure against the upcoming quantum computer attacks. This article aims to present a provably secure post-quantum authenticated key exchange (AKE) protocol from supersingular isogenies under the extended Canetti–Krawczyk (eCK) security model, and provide an alternative for protecting communications over open channels from being attacked in the near future post-quantum era. Thus, the expected post-quantum AKE protocol from supersingular isogenies is presented in this article using the well-known SIDH and SIKE as its building blocks. The new post-quantum AKE protocol is formally proved secure under the strong eCK security model, which actually can also be formally proved secure in the CK^+ security model. In addition, the relatively time-consuming encapsulation algorithm can be performed in advance in the new AKE protocol, so in practice, the new AKE protocol may gain efficiency advantage over some existing AKE protocols from supersingular isogenies. So, considering the overall security and computation efficiency, it can be said that the presented post-quantum AKE protocol may be a good choice in the upcoming post-quantum era.

Fagen Li,Jiye Wang,Yuyang Zhou,Chunhua Jin,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11276-018-1839-4

IF: 2.701

2018-01-01

Wireless Networks

Abstract:In a mobile client–server environment, a low-power mobile device wants to access a strong server to get some kind of services. User authentication and key establishment are two basic security requirements for this environment. Without the user authentication, an unauthorized user can access the server and gets the services. Without the key establishment, the communication between the user and the server will be disclosed. Recently, some user authentication and key establishment protocols were designed. However, all of them are homogeneous since the client and the server belong to the same cryptosystem. That is, both the client and the server belong to public key infrastructure or identity-based cryptosystem or self-certified cryptosystem. Such design does not comply with the characteristic of mobile client–server application. In this paper, we design a heterogeneous user authentication and key establishment protocol using a signcryption scheme. In this protocol, the client uses identity-based cryptosystem and the server uses the public key infrastructure. As compared with existing works, our protocol has the lowest cost in computation and communication.

Liu-Jun Wang,Kai-Yi Zhang,Jia-Yong Wang,Jie Cheng,Yong-Hua Yang,Shi-Biao Tang,Di Yan,Yan-Lin Tang,Zhen Liu,Yu Yu,Qiang Zhang,Jian-Wei Pan

DOI: https://doi.org/10.1038/s41534-021-00400-7

IF: 10.758

2021-05-06

npj Quantum Information

Abstract:Abstract Quantum key distribution (QKD) can provide information theoretically secure key exchange even in the era of quantum computers. However, QKD requires the classical channel to be authenticated, the current method for which is pre-sharing symmetric keys. For a QKD network of n users, this method requires $${C}_{n}^{2}=n(n-1)/2$$ C n 2 = n ( n − 1 ) / 2 pairs of symmetric keys to realize pairwise interconnection. In contrast, with the help of a mature public key infrastructure (PKI) and post-quantum cryptography (PQC) with quantum-resistant security, each user only needs to apply for one digital certificate from a certificate authority (CA) to achieve efficient and secure authentication for QKD. We need to assume only the short-term security of the PQC algorithm to achieve long-term security of the distributed keys. Here, we experimentally verified the feasibility, efficiency, and stability of the PQC algorithm in QKD authentication, and demonstrated the advantages when new users join the QKD network. Using the PQC public-key infrastructure, the nodes need to mutually trust only the CA to authenticate each other. QKD combined with PQC authentication will greatly promote and extend the application prospects of quantum-safe communication.

physics, condensed matter, applied, atomic, molecular & chemical,quantum science & technology

Li Yang,Rui-Rui Zhou

DOI: https://doi.org/10.48550/arXiv.1305.5640

2013-06-21

Abstract:We investigate the post-quantum security of the encrypted key exchange(EKE) protocols based on some basic physical parameters of ion-trap quantum computer, and show that the EKE protocol with a 40-bit password will be secure against a quantum adversary with several ion-trap quantum computers. We present a password encrypted no-key protocol to resist middle-man attack, and prove that it is also with the post-quantum security. The analysis presented here is probably of general meaning for the security evaluation of various hybrid cryptosystems.

Quantum Physics,Cryptography and Security

Alzubair Hassan,Rafik Hamza,Fagen Li,Awad Ali,Mohammed Bakri Bashir,Samar M. Alqhtani,Tawfeeg Mohmmed Tawfeeg,Adil Yousif

DOI: https://doi.org/10.1109/ACCESS.2022.3186683

IF: 3.9

2022-01-01

IEEE Access

Abstract:Mobile devices have become very important for our daily needs. The user authentication protocols with the key agreement are required to deal with the security issues that arise from the use of mobile devices through Internet applications. However, existing user authentication protocols are only suitable if the client and the server use a similar cryptographic approach. Therefore, it is important to develop an authentication protocol for mobile environments with heterogeneous cryptographic approaches. In this paper, an efficient user authentication and key agreement protocol is proposed for a heterogeneous client-server mobile environment. The security of the proposed scheme is formally proved under the q-strong Diffie-Hellman problem (q-SDH), the q-bilinear Diffe-Hellman inversion problem (q-BDHI), and the modified bilinear Diffie-Hellman inversion problem (mBDHI), respectively. Our scheme has reasonable processing costs and communication costs on the client and server sides. Moreover, our scheme is suitable for applications that use different cryptographic approaches. In particular, the proposed protocol can work when the client applies the identity-based cryptosystem and the server applies the certificateless cryptosystem.

D. He,J. Chen,J. Hu

DOI: https://doi.org/10.15837/ijccc.2011.2.2174

IF: 2.635

2011-01-01

International Journal of Computers Communications & Control

Abstract:All the current public-key cryptosystems will become insecure when size of a quantum register is sufficient. An authenticated key agreement protocol, which is against the attack of quantum computer, is proposed. The proposed protocol can provide the security properties known session key security, forward security, resistance to key-compromise impersonation attack and to unknown key-share attack, key control. We also prove its security in a widely accepted model.

Komal Pursharthi,Dheerendra Mishra

DOI: https://doi.org/10.1016/j.jisa.2024.103754

IF: 4.96

2024-04-08

Journal of Information Security and Applications

Abstract:Mobile device communication enables mobile devices to connect with each other, exchange data, and access services, where security is a crucial aspect to protect sensitive data and privacy. The authenticated key agreement (AKA) protocols ensure authorized and secure communication in such environments. As the security of current AKA protocols relies on the hardness of discrete logarithmic or factorization, it will lead to a greater threat in the post-quantum world. Consequently, Ding et al. created a lattice-based AKA scheme for the quantum world. Although the protocol is simple for mobile devices, it is susceptible to insider attacks. Moreover, the scope of efficiency enhancement of this protocol needs to be explored. Therefore, to provide a secure and efficient solution, a new lattice-based AKA scheme has been proposed in this paper. It is designed with the idea of zero knowledge-based authentication. Further, our protocol resists key mismatch, and signal leakage attacks and supports the reuse of the private key of the server, perfect forward secrecy, and anonymity features. Additionally, we have talked about how our protocol stacks up in terms of computing complexity when compared to competing with other zero knowledge-based authenticated key agreement systems.

computer science, information systems

Hwayean Lee,Jongin Lim,HyungJin Yang

DOI: https://doi.org/10.48550/arXiv.quant-ph/0510144

2005-10-18

Quantum Physics

Abstract:We propose a quantum key distribution protocol with quantum based user authentication. Our protocol is the first one in which users can authenticate each other without previously shared secret and then securely distribute a key where the key may not be exposed to even a trusted third party. The security of our protocol is guaranteed by the properties of the entanglement.

Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Song Wang,Yuanzhi Li,Jinhui Ma,Bin Xu,Yuxiang Bian,Wei Chen

DOI: https://doi.org/10.1007/978-981-99-9243-0_38

2024-01-01

Abstract:Quantum identity authentication protocols are designed to address the security weaknesses existing in traditional identity authentication protocols, such as cryptographic attacks and impersonation. Arindam et al. proposed a quantum authentication protocol based on ping-pong technology. This paper is inspired by the work of Arindam et al., an improved quantum identity authentication protocol based on quantum secure direct communication (QSDC) which utilizes the principle that qubits cannot be cloned to realize the secure transmission of qubits sequences is proposed. The authentication process between the two sides of the communication is implemented by ping-pong technology. With longer authentication code and richer measurement bases, the security of our protocol is strengthened. Moreover, the proposed protocol is based on single-particle sequence, it has better operability and simple implementation. Finally, we analyze two cases of attacks against the authentication process, to show whether it is for eavesdropper attack of forged identity or stealing authentication code and then sending attack, the protocol proposed has higher security.

Guihua Zeng,Xinmei Wang

1998-01-01

Abstract:The security of the previous quantum key distribution (QKD) protocols, which is guaranteed by the nature of physics law, is based on the legitimate users. However, impersonation of the legitimate communicators by eavesdroppers, in practice, will be inevitable. In fact, the previous QKD protocols is unsecure without authentication in practical communication. In this paper, we proposed an improved QKD protocol that can simultaneously distribute the quantum secret key and verify the communicators' identity. This presented authentication scheme is provably secure.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.1016/j.inffus.2011.01.001

IF: 18.6

2012-01-01

Information Fusion

Abstract:Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks and can not provide provable security. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. The proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. The scheme also provides the known session key security, the perfect forward secrecy, the no key-compromise impersonation, the no unknown key-share and the no key control. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices. We also give a security proof under the random oracle.

Guihua Zeng,Guangcan Guo

2000-01-01

Abstract:In this letter, we proposed a quantum authentication protocol. The authentication process is implemented by the symmetric cryptographic scheme with quantum effects.

Chong-Qiang Ye,Jian Li,Xiu-Bo Chen,Yanyan Hou,Zhuo Wang

DOI: https://doi.org/10.1140/epjqt/s40507-023-00180-3

IF: 6.9997

2023-06-22

EPJ Quantum Technology

Abstract:Semi-quantum protocols serve as a bridge between quantum users and "classical" users with limited quantum capabilities, providing support for application scenarios that cannot afford the excessively high cost of quantum resources. In this paper, we present a semi-quantum key distribution (SQKD) protocol based on Bell states and single particles, which is designed for key distribution between different types of users. The protocol enables simultaneous key distribution between quantum and classical users, as well as key establishment between two classical users. The security analysis demonstrates that the protocol can reach the same level of security as the full quantum protocol. Furthermore, we extrapolate the proposed protocol to other semi-quantum protocols, such as semi-quantum key agreement and semi-quantum private comparison protocols. Compared with previous similar ones, our SQKD protocol and its extended versions can fulfill the requirements of their respective counterparts individually. Therefore, our SQKD protocol has the potential for broader applications in practical scenarios.

optics,physics, atomic, molecular & chemical,quantum science & technology

Roayat Ismail Abdelfatah

DOI: https://doi.org/10.1016/j.jksuci.2024.102062

IF: 9.006

2024-05-19

Journal of King Saud University - Computer and Information Sciences

Abstract:A significant problem facing cybersecurity is that most client/server identity authentication schemes depend on computational complexity which is recently challenged by the super exponential computational abilities of quantum computers. Quantum cryptography with its quantum mechanics principles solves this problem and provides mathematically un-hackable secure communication for the quantum computers epoch. Biometric authentication has a big challenge related to its protection as it has to be submitted and stored in encrypted form. Unfortunately, most existing biometric cryptosystems rely on classical cryptography, so they are insecure in quantum era. This problem is solved in this paper by introducing a novel three-factor biometric quantum identity authentication scheme combining something you know (password), something you produce (client's voice), and something you are (client's face image) is proposed. The scheme consists of two phases: client enrollment and client login/authentication. The methodology is to use in the enrollment phase, two layers of quantum encryption for the client's voice signal. Each layer consists of two simple quantum circuits of SWAP and C-NOT quantum gates respectively using a different pseudorandom key obtained from a cellular automata (CA) pseudorandom generator. The proposed scheme has many merits. Firstly, it introduces a new design of muti-factors quantum biometric authentication scheme as the biometric voice data is processed, transmitted, and stored at the server database in an encrypted unconditionally secure quantum form which provides parallel processing, real-time communications, inherent level of security against attacks, tamper-proof security and exponential powerful storage capability due to the quantum properties. Secondly, the proposed scheme achieves double-layers security by combing quantum voice encryption and quantum secure direct communication in one process such that the quantum channel eavesdropper cannot obtain any valuable information in case of information leakage. Thirdly , the distribution and management of encryption key problem is solved as there is no need for key exchange prior to communication. Fourthly, it achieves high communication efficiency as although it is a three-factor biometric identity authentication, only one biometric data is sent in quantum encrypted form to the server . Fifthly , the numerical simulations showed that the proposed scheme has large key space, high key sensitivity and more robust performance against different types of attacks compared to other existing classical and quantum voice encryption schemes. Finally, as an identity authentication method, the proposed scheme achieves identification accuracy of 100% with zero False Rejection Rate (FRR) and zero False acceptance rate (FAR) which is perfect.

computer science, information systems

Cong Peng,Jianhua Chen,Sherali Zeadally,Debiao He

DOI: https://doi.org/10.1109/mitp.2019.2943136

2019-01-01

IT Professional

Abstract:Recent advances in quantum computing have made existing public key cryptosystems vulnerable to enormous security threats. Therefore, numerous efforts have been exploring post-quantum cryptographic techniques to address the emergence of quantum computing. We focus on one promising post-quantum cryptography known as "isogeny-based cryptography," first by reviewing some concepts of the elliptic curve isogeny, and then, we present three major methods for constructing isogeny-based difficult problems. Then, we present some existing isogeny-based cryptographic primitives, such as signature and key exchange, and analyze their advantages and disadvantages. Finally, we discuss a few major challenges of isogeny research that, we hope, will attract more attention to isogeny-based cryptography.

Jie Lin,Hoi-Kwong Lo,Jacob Johannsson,Mattia Montagna,Manfred von Willich

2024-07-31

Abstract:Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.

Cryptography and Security,Quantum Physics

Diksha Chawla,Pawan Singh Mehra

DOI: https://doi.org/10.1002/ett.4957

IF: 3.6

2024-03-13

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract The constant evolution of the Internet of Things (IoT) concept involves the idea that all elements in the global network communication are reachable without the need for human intervention. In this context, the paramount concern is security, aiming to safeguard IoT communication against unauthorized access. According to the analysis, the security of the IoT communication framework relies on traditional cryptographic schemes like the RSA algorithm. Nevertheless, the latest developments in quantum computing and information processing pose a significant threat to these established schemes. Motivated by this fact, in this article, we proposed a novel quantum authentication and key agreement (QAKA) protocol that provides unconditional security against any classical and futuristic quantum threats. Our protocol ensures secure key agreement and mutual authentication based on quantum hashing with quantum passwords and quantum key distribution. The proposed scheme utilizes quantum teleportation and Greenberger–Horne–Zeilinger states for secure data transfer among entities. Our work is simulated using the Automated Validation of Internet Security Protocols and Applications tool to prove our protocol's formal correctness and security. The Burrows, Abadi, and Needham logic is applied to prove the goal of our protocol. Random oracle model for formal security analysis is presented in our work. Our protocol is also informally analyzed, considering the characteristics such as correctness, security against repudiation and the impossibility of cloning. The proposed protocol is compared with the related protocols in terms of various security features such as replay attacks, man‐in‐middle attacks and futuristic quantum attacks. Finally, the performance of the proposed protocol is presented, revealing superior efficacy when compared with classical authentication schemes and quantum protocols.

telecommunications